Story image

Microsoft, DigiCert, Utimaco tackle quantum computing threats

13 Feb 2019

Microsoft Research, DigiCert and hardware security module provider Utimaco have successfully piloted an algorithm that could bring the world one step closer to a secure internet of things.

The three companies ran a test implementation of the ‘Picnic’ algorithm, which also incorporated digital certificates for IoT encryption, authentication and integrity.

This could be the start of a full solution that will protect IoT from threats that quantum computing could pose to widely-used cryptographic algorithms.

Most IoT devices currently use RSA and ECC as security measures to protect confidentiality, integrity, and authenticity for device identities and communication.

According to Microsoft Research’s Dr Brian LaMacchia, large-scale quantum computers will soon be able to break RSA and ECC public key cryptography within 10-15 years. 

That’s not actually very far down the track, particularly when critical infrastructure like connected cities, smart homes, connected medical devices and other technologies will last longer than that, and they may take longer to update.

"The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” says LaMacchia. 

“Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats."

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. 

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

For enterprises, it means they will be able to deploy IoT solutions that are future-proofed against quantum computing threats. The goal is to keep sensitive information and high-value assets safe.

Utimaco CTO Dr Thorsten Grötker says the successful test implantation is a fundamental building block for quantum-safe solution implantation.

"Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats."

DigiCert Labs head Avesta Hojjati adds, "DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow's problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash.”

"Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection."

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.