Story image

Microsoft, DigiCert, Utimaco tackle quantum computing threats

13 Feb 2019

Microsoft Research, DigiCert and hardware security module provider Utimaco have successfully piloted an algorithm that could bring the world one step closer to a secure internet of things.

The three companies ran a test implementation of the ‘Picnic’ algorithm, which also incorporated digital certificates for IoT encryption, authentication and integrity.

This could be the start of a full solution that will protect IoT from threats that quantum computing could pose to widely-used cryptographic algorithms.

Most IoT devices currently use RSA and ECC as security measures to protect confidentiality, integrity, and authenticity for device identities and communication.

According to Microsoft Research’s Dr Brian LaMacchia, large-scale quantum computers will soon be able to break RSA and ECC public key cryptography within 10-15 years. 

That’s not actually very far down the track, particularly when critical infrastructure like connected cities, smart homes, connected medical devices and other technologies will last longer than that, and they may take longer to update.

"The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” says LaMacchia. 

“Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats."

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. 

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

For enterprises, it means they will be able to deploy IoT solutions that are future-proofed against quantum computing threats. The goal is to keep sensitive information and high-value assets safe.

Utimaco CTO Dr Thorsten Grötker says the successful test implantation is a fundamental building block for quantum-safe solution implantation.

"Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats."

DigiCert Labs head Avesta Hojjati adds, "DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow's problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash.”

"Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection."

Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.