The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data. Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the existing Internet infrastructure.
The rapid growth in IOT devices, however will offer new opportunities for hacking, identity theft, disruption, and other malicious activities affecting the people, infrastructures and economy. Some incidents have already happened, FDA issued an alert about a connected hospital medicine pump that could be compromised and have its dosage changed. Jeep Cherokee was sensationally remote-controlled by hackers in 2015. The implementation of IoT in military domain shall also make military systems and networks vulnerable to cyber and other attacks from adversaries, hackers, and terrorists. There is threat of unauthorized monitoring or even seizure and control of vital networks critical to military operations.
Cryptography is an important part of how the internet keeps secret information (such as your credit card number) hidden from potential thieves. Random numbers serve as foundation in many security applications including encryption, authentication, signing, key wrapping and other cryptographic applications. Your encryption system is thus only as strong as your cryptographic key is unpredictable. A truly random number generator will provide impenetrable encryption for communications – be they military transmissions, secure banking, or online purchasing – that underpin the modern connected world,” noted Dr. Sussman. The weakness of random number generators can be exploited by Hackers to steal or guess keys.
Quantum mechanics could help cryptographers generate keys that are truly random and completely unique. A hacker can never write an algorithm to predict the key, because it is impossible for any algorithm to predict nature. Not just that, but the moment a hacker tries to observe the key, it changes the properties of the quantum system. This is how the observation principle could be exploited to design an alarm system that alerts users that a hacking attempt has been made. Thus quantum random generator can improve the security of classical cryptography,
Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. A unique aspect of quantum cryptography is that Heisenberg’s uncertainty principle ensures that if Eve attempts to intercept and measure Alice’s quantum transmissions, her activities must produce an irreversible change in the quantum states that are retransmitted to Bob. These changes will introduce an anomalously high error rate in the transmissions between Alice and Bob, allowing them to detect the attempted eavesdropping.
QKD provides a method of provably secure communication even under quantum computer attacks. Many QKD systems, including commercial systems, have been developed during the last 30 years, and important elements such as secret key rates and maximum transmission have continuously improved. QKD is suitable for use in any key distribution application that has high security requirements including financial transactions, electoral communications, law enforcement, government, and military applications.
IoT devices require “lightweight” cryptography to secure themselves as they don’t have the processing capability of traditional devices. Therefore Companies are creating cryptographic tools and protocols that require less energy or less software code to execute.
However, utilizing QKD for IoT still have some challenges. First because of sensitivity to environmental disturbances and fiber attenuation, the maximum length of point to point quantum communication link is limited to 400 kms. Additionally, QKD protocols are limited to only two connected devices. Again, this is not ideal for applications in the IoT, in which multiple devices need to exchange secure information with each other, often over a complex network.
Finally, the vast majority of the world’s electronic and IoT infrastructure is silicon-based. Although some chipmakers have made great advances in silicon photonics—the type of chips that integrate photon signals with standard silicon chips—this technology is still considered prohibitively expensive to employ on a larger scale. “There are some companies trying to miniaturize it using silicon photonics,” said Shahram Mossayebi, CEO and Founder of Crypto Quantique , “but those can be very expensive, not really scalable, and won’t be easily integrated into existing semiconductors. Pretty much you cannot use QKD in the real world yet.”
Quantique has build a hybrid solution, engineers use some sort of quantum tech, like quantum random number generators, and combine them with classical modern cryptographic algorithms. Hybrid solutions provide a far more realistic way forward that still manages to exploit the most important benefits of quantum cryptography. To devise a hybrid system, Mossayebi built a security chip that generates a unique quantum key for each and every IoT device within a network. The key lives inside the IoT device, and is only exchanged with the central hub during the onboarding process.
Qrpt will use ORNL’s QRNG based on collective statistics of photons for post quantum cryptography
Qrypt will incorporate ORNL’s quantum random number generator, or QRNG, into the company’s existing encryption platform, using inherent quantum randomness to create unique and unpredictable encryption keys enabling virtually impenetrable communications.
The advent of quantum computing offers a fundamentally new approach to solving some of the world’s most difficult and pressing problems. However, quantum computing will also render current encryption methods obsolete and require a reimagined, quantum-based approach to protecting data. “The cryptography we have developed is based on true quantum sources of entropy and is mathematically proven to be unbreakable–even in theory,” said Denis Mandich, Qrypt’s chief technology officer at the company’s New York City office.
“Until recently, this class of technology was unavailable at the scale required to encrypt Internet-sized datasets,” Mandich said. “Simply relying on increasing the complexity of cryptographic algorithms has again proven to be a failing bet.” ORNL’s research is integral to Qrypt’s hybrid approach: combining quantum physics hardware with post-quantum cryptographic algorithms and software.
To harness quantum’s perfect randomness, ORNL coinventor Raphael Pooser and his colleagues from the lab’s quantum sensing, computing, and communications teams developed a quantum random number generator that detects the presence and characteristics of electro-magnetic waves, called photons, streaming from a light source.
“A field of quadrillions of photons are produced and pass through a beam splitter,” Pooser said. “Different from other QRNG technologies, our method does not require that we wait for a single photon to appear, but allows us to use the collective statistics of large numbers of them.” The ORNL device can detect and measure the quantum statistics of photons present in the field and use each one as the basis for creating truly unique encryption keys that are impossible to decipher or predict.
ORNL’s scientific achievement can be proven based on quantum entropy, a purely probabilistic effect, he said. “Many competing technologies advertise true randomness and pass modern statistical testing, yet there is no guarantee they do not have a pattern discoverable in the future,” said Mandich.
“Historically, patterns, predictability and repetition are a critical flaw for many crypto systems, allowing them to fall to basic cryptanalysis,” he added. Qrypt will incorporate ORNL’s technology into a suite of quantum-resistant encryption techniques and technologies, including a card or chip enabling quick encryption of vast datasets. Data protected by this technology will be secure against attack by quantum computers or any future computational device and developments in the mathematics of cryptanalysis.
Crypto Quantique unveils ‘first quantum-driven secure chip’
Crypto Quantique company has developed what it claims is “the world’s first quantum driven secure chip (QDSC)” on silicon, which, when combined with cryptographic APIs, it says is capable of providing any connected device with a highly scalable, integratable, easy-to-implement and seamless end-to-end security for any connected device. Due to built-in legacy issues with technology, IoT security has always been a bolt on – until now. Our product can either be an integrated part of the development process or be retrofitted into any connected device.
There are security complexities in IoT, many stakeholders, including OEMs, manufacturers, integrators and designers are involved in developing and implementing the IoT,” Shahram Mossayebi, co-founder of Crypto Quantique, told techcrunch. “Each stakeholder is faced with different threat vectors and thus has different security requirements and produces devices based on very different architectures. Currently there is no clear approach to securing the IoT, which is also impacted by the lack of basic security tools that would allow stakeholders to build their own security solutions.” To that end, he explained that security must start from the device, then travel through the network and finally reach the IoT device’s backend services. In other words, proper end-to-end security is required to protect IoT devices and infrastructure.
At the heart of this is “root of trust” — the ability for a device to authenticate itself and be a trusted member of a network — which, conversely, is also the weakest link. Data traveling throughout the network also needs strong encryption, of course. Finally, with IoT devices being in the billions, there’s an issue of cost: any secure solution can’t be prohibitively expensive to implement on a per device basis or be fragmented across multiple third-party providers.
Each chip generates a large number of unique, unclonable and tamper-evident cryptographic keys by harnessing quantum processes in nano-devices on silicon.Because of the uniqueness and way in which the keys are generated, there is no requirement to store the keys on the device because the keys can be retrieved on demand. This eliminates secure storage requirements and leakage of sensitive information. Once a QDSC is placed in a device it links directly to the owner system (i.e. public or private cloud) through CQ’s cryptographic APIs, where it is managed automatically and remotely while the device is in the field. This is the most advanced security product for the IoT, enabling new industrial revolutions such as Industry 4.0”.
“Every day, millions of devices are sent to facilities around the world to have secret keys ‘injected’ into them. We completely eliminate this huge cost and security overhead,” says Mossayebi. In addition to building the chip, Crypto Quantique also provides the cryptographic APIs and manages the end to end security to remove the multiple parties involved in the security chain and provide an all-in-one solution. This means there are no ‘open windows’ in connectivity when it comes to security.
Mossayebi says Crypto Quantique is aimed at any connected device that needs to stay secure, from traffic lights to a SCADA machine used in critical infrastructure. “Currently, we are working with leaders in different fields such as defence, aerospace, energy, industrial IoT manufacturers and enterprise hardware appliance manufacturers. The applications vary from securing satellites and drones to securing energy grids, sensors in critical infrastructure and data centres,” he says.