Protection from today’s security threats has been a focus of security mechanisms, such as encryption algorithms and key management. Even so, entities must also protect data from future threats.
In existing communications networks, optical fibers can be tapped with the contents recorded and stored for years. This stored, encrypted data could someday become vulnerable to quantum computer decryption attacks as with exponentially increased processing speed, quantum computers will be able to crack protocols too computationally difficult to unravel today.
Indeed, all currently available standards-based public key agreement encryption schemes will be susceptible to this type of attack. If the effective key strength is not strong enough, they will become vulnerable.
In addition, more stringent key strength requirements are being recommended by standards bodies. For example, the National Security Agency (NSA) and National Institute of Standards and Technology (NIST) have already recommended a key strength of 192 bits for classified and top-secret information.
To counter the threat of quantum computer attacks, entities can protect today’s encoded data by:
- Employing strong keys resistant to future quantum attacks. This approach is particularly applicable where the encryption algorithm and key strength can mitigate the brute force speedup of quantum computers. This also protects against the prediction of the next key. The table indicates that the AES-256 cipher provides significant resistance to an expected quantum computer attack but key agreement using either RSA or ECC does not.
- Using quality keys generated from physical entropy. A random number generator based on unpredictable physical and analogic phenomena, including photon states, atmospheric, thermal, clock drift or a combination of these that generate low-level, statistically random noise signals, is justified by the theories of chaos and unstable dynamic systems. Their output cannot be predicted in practice because it depends on the sensitive micro-details of the initial conditions of each.
- Relying on symmetric key distribution having no mathematical structure to prevent exploitation by future quantum computers. All current standardized asymmetric algorithms rely on either the difficulty of factoring integers or calculating discrete logarithms which future quantum computers will use to crack and thus should be avoided. In addition, symmetric key encryption travels the operations management plane and follows a completely different routing path than the encrypted data connection.
- Preventing everyone, including state-sponsored actors, from the ability to “tap and store” data. The use of optical monitoring can reduce the number of taps going undetected even though tapping technology continues to improve. By using optical time domain reflectometer (OTDR) technology, any intrusions along the optical fiber can be pinpointed.
Encryption systems exist at the application, IP, and Ethernet layers. At each layer, the implementation of public key agreement uses the same routing path as that used by the encrypted data using the key. However, this poses a security problem as the keying information traverses the same path as the data it is intended to protect.
This “same routing path” principle used by asymmetric key agreement means an attacker need only tap a single fiber pair to detect the key agreement sequence and use a quantum computer to decrypt the AES-ciphered data stream. Using different paths avoids this issue. This is analogous to why internet-based applications increasingly send text messages with authentication codes to mobile phones instead of sending these codes through the Internet.
Optical networks that separate the management plane from the data plane enable higher security, as well as a more straightforward implementation of symmetric key distribution and management. From a cryptographic perspective, symmetric key distribution is the only standards-based approach available today providing quantum attack resistance. Moreover, symmetric key distribution can provide this protection without having to wait for the standardization of quantum key distribution (QKD) technology.
Quantum-resistant public key encryption will take years to be standardized as much time and effort will be needed to design the new algorithms and prove there are no serious vulnerabilities. Standardization and certification create confidence that solutions meet strictly defined security requirements validated by third-party organizations.
Until standardized quantum resistant public key agreement algorithms are available, it is prudent to add Layer 1 symmetric key encryption to the transmitted data. For the time being, if a fiber is tapped and the corresponding data has been protected by Layer 1 symmetric key encryption with 256 bits, the stored data will remain useless and invulnerable to a quantum computer encryption attack. And since the encryption is performed at Layer 1, all data at the higher layers is not discernable and thus is also protected.
As part of a defense-in-depth strategy, the addition of Layer 1 secure transport with strong, high-quality keys and symmetric key distribution provides an efficient, low-cost first line of defense against quantum attacks. The Layer 1 encryption protects the encryption at the higher layers as the traffic passes through all network locations, thus complementing existing network investments in capital and deployment of encryption systems at the different layers of the network.