CNXSoft: This is a guest post by Avishay Shraga, Sr. Director (CTO), Head of Security Technologies at Sony Semiconductor Israel, discussing IoT security as quantum computing draws near.
The key to modern asymmetric cryptography is to create an equation that is easy to solve in one direction but difficult to reverse by an adversary in the other direction. Traditionally, this was done through modular arithmetic, where a large prime modulus and a generator were used to generate a key, although there are multiple methods to do so.
The strength of this one-way function is measured by the time and computing power needed to reverse it. ECC 256, considered by many to be one of the gold standards in modern cryptography, would take millions of years to crack using current computing and capabilities. Today’s encryption standards are more than adequate in securing real-time and historical data in IoT devices.
However, as we glance ahead into the future, that will change. The US National Institute of Science & Technology (NIST) and the European Union are preparing for the first Quantum computers to be available in the early 2030s. Quantum computers are a completely new type of machine that leverages the principles of quantum mechanics to solve complex problems that are currently beyond the scope of today’s computers. Once considered science fiction, the quantum computer is moving ever closer to reality, with IBM and Google among the companies leading the charge.
That’s great news for drug manufacturers, chemists, material scientists, and others who will use quantum computing to push for advances in their field. However, it is bad news for IoT and security professionals who expect to see modern cryptography, like that of the ECC-256, cracked in just days by quantum computers.
Has the Time Come for IoT Security to Prepare for Quantum Computers?
Today’s LPWA IoT chipsets have a 15-year battery life. Smart meters and other smart devices that are being deployed today should have some overlap with the quantum computer era. In all likelihood, devices deployed in five years will have to contend with quantum computers. That expected overlap would make it seem prudent to integrate encryption solutions today that are capable of withstanding the power of quantum computers.
Unfortunately, it’s not that simple. There is a significant amount of research being done on cryptography for a post-quantum world by government institutions like NIST, universities such as MIT and Stanford, private companies including IBM, and others. Those solutions may make sense for some types of connected devices, such as automotive, which support high throughputs and have refillable power sources. However, many low-end LPWA IoT devices lack the memory, power, and throughput required to support these proposed methods. Adding those capabilities today for an issue that is 15 years down the road will significantly increase the size and cost of the chips.
A second challenge relates to the solutions themselves. The market is not familiar with post-quantum cryptography. Any new cryptographic methods under development today that are based on different mathematics may be found to have vulnerabilities and open attack vectors.
To further complicate this issue, there is the question of urgency. We don’t know when quantum computers will actually be developed with a sufficient number of Qubits available to crack a complex encryption. Once they are developed, they will be owned by governments and universities, and using them could cost tens of thousands of dollars an hour. Considering all those factors, is there really a risk that people will use those resources to hack into LPWA IoT devices like water and electricity meters, which most likely will have a negative return on investment for the hacker?
Finding the Right Approach
Organizations are currently evaluating one of two approaches. The first approach is to develop products that can be upgraded when quantum computers become a threat. This crypto-agility, which will be required to deal with post-quantum cryptography methods, allows manufacturers to continue developing devices while controlling costs.
A second approach is to integrate and start using advanced cryptographic functions that are considered to be secure in the face of a quantum computer. However, that approach will have repercussions in many areas. For example, if a water meter or tracking device is equipped with futuristic encryption, the computers and devices attempting to legitimately access those devices must have it well. This is a significant upgrade for the entire ecosystem.
Taking a Pragmatic View
If history is our guide, it is highly likely that cryptographic functions will evolve. Threat actors often find a way to crack encryption after they are approved, which leads to advancements in cryptography. This means there is a significant risk in moving forward with a method today. Device costs will increase, making them more difficult to sell, especially since their security mechanism is a solution to a problem that is non-existent today. It also means companies may spend millions of dollars building future-ready devices only to find that their quantum security method is faulty.
Encryption is also not a one-size-fits-all solution. The type of data and type of device matter. There is little value in historical water meter data, while a patient’s health records may hold a great deal of value. A real-time tracker in a child’s school bag, in most cases, requires a higher degree of security than simply protecting against the future threat of quantum computers decrypting stored, encrypted location data to reveal the child’s historical movements.
These challenges suggest that – at this time – the best approach may be to begin developing products that are upgrade-ready and support crypto agility. They should minimize investment in future cryptographic methods, while ensuring that their hardware and software have the memory, throughput, and performance capabilities to support future methods.
At the same time, the industry must continue to investigate the risks and challenges of a post-quantum world. The long-term viability of connected devices requires solutions that are LPWA-friendly and are developed while keeping the ecosystem and commercial needs top of mind. Together, those tasked with securing the (LPWA) IoT device will create a global standard that allows users to maintain their confidence in the security of a connected world in the post-quantum era.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
The S in IoT stands for Security.
Off-topic: Should I consider AES-256 quantum safe? Will we be switching to something else within a few decades?
the result (from the deleted comment) of the above video
– they unlocked the entire LPWA network in Bulgaria
– a seminar was held then with over 200 developers in attendance
– Olimex sold several thousand boards
– the module was sold in several hundred thousand units
– the developers learned to work with LPWA NB/CAT M