IoT security: Are we ready for a quantum world?

By Sam Bocetta

The computer security industry has grown to become one of the largest industries due to our ever more connected world. 

Not only are we making use of a higher variety of connected devices that can include phones, laptops, tablets, and even smart or IoT devices, but we’re also connecting via private as well as public networks, over WiFi, and Bluetooth. 

The multiple connection points leave us open to a variety of hacking techniques that includes viruses, trojans, worms, phishing campaigns, and other malware. Some malware has also been found to damage computer hardware and other electronic data sources. The rising popularity of IoT devices has led to the convergence of multiple technologies such as machine learning and automation, all embedded into historically non-internet-enabled devices. 

Having such widespread applications leaves our IoT devices extremely vulnerable. As such it is of utmost importance that we take safety precautions to heart and that we protect our sensitive and private information by ensuring the connectivity or connection safety and security of all our connected devices.

IoT gadgets are notorious for their poor security, in part due to their lack of computing power.

 

IoT Security Issues

We’ve come full circle to the technology of the future. Every part of our lives has become intertwined and interconnected by the IoT, from entertainment to health, shopping to education, the myriad of services offered to us has in many ways simplified almost every task in our daily lives. But all of our connectivity benefits come with a certain amount of risk. The technology hasn’t matured yet and we are in dire need of powerful cryptographic and security algorithms in order to get its safety and security up to standard.

Although it has been suggested that complex datasets cannot be fully anonymized anymore, our online anonymity remains one of the biggest challenges today, especially as it relates to all our connected devices. 

The entire industry, from the manufacturers to the users still has several challenges to overcome such as global manufacturing standards, update management, and user awareness and knowledge. IoT system’s diverse security issues include:

  • Data breaches – IoT applications collect a lot of user data, and most of it sensitive or personal, in order to operate and function correctly. As such, it needs encryption protection.
  • Data authentication – Some devices may have adequate encryption in place but it can still be open to hackers if the authenticity of the data that is communicated to and from the IoT device can not be authenticated.
  • Side-channel attacks – Certain attacks focus on the data and information it can gain from a system’s implementation rather than vulnerabilities in the implementation’s algorithms. 
  • Irregular updates – Due to the rapid advances in the IoT industry, a device that may have been secure on its release may not be secure anymore if its software does not get updated regularly. 
  • Malware and ransomware – Malware refers to the multitude of malicious programs that typically infects a device and influences its functioning whereas ransomware has the capabilities to lock a user out of their device, usually requesting a “ransom” in order to gain full use back again.

 

Where quantum cryptography comes in

Quantum cryptography implements the rules of quantum mechanics to create secure cryptosystems. A cryptosystem is short for a “cryptographic system”. The idea behind the technology is incorporated in the same way we may use a virtual private network (VPN) into a system to ensure its safety. A safe and secure link gets established between two points on a network via a variety of encryption methods, allowing the end-users or devices to safely interact.

These systems are believed to be the safest as they consist of a set of algorithms that encrypts and decrypts messages securely by employing cryptography – a method of safeguarding information or data through the use of codes – ensuring that only those for whom a message is intended can access and read it. 

Quantum cryptography’s strength lies in the fact that it uses the smallest possible particles that exist in nature, photons, in its algorithms. Photons can exist in more than one state at any given time, changing only when they are measured. 

This property makes quantum cryptography’s algorithms almost unbreakable as changes in the state of the photons get picked up immediately by the sender/receiver if any malicious entity tries to intercept the data. This could be of particular value to banks, just think of the Capital One data breach, as well as government organizations. Popular techniques include:

  • Shor’s Algorithm – Arguably one of the most well-known algorithms in quantum computing, Shor’s algorithm efficiently factors large non-prime numbers in polynomial time which would take a very long time if performed classically.
  • Quantum Key Distribution (QKD) – QKD implements a mathematical cryptographic protocol that involves quantum mechanics components by enabling two parties to produce a shared random key which only they have access to, that can be enforced to encrypt and decrypt messages.
  • Device-independent quantum cryptography – This technique goes beyond conventional quantum cryptography by adding additional security layers that work independently from the security of the underlying physical devices.
Can the IoT security dilemma be solved through quantum cryptography?

 

IoT security through quantum cryptography

We believe quantum cryptography may be the ultimate solution to any IoT security woes if we can first address their current limitations. Looking at quantum key distribution or QKD as outlined above, its best feature is the ability to detect any eavesdroppers within a system’s architecture. Although there are several variations of the protocol available, its main problem lies in the physical implementation as there are limitations on the distance the photons can travel. 

As photons are essentially light particles, they are easily distorted, especially if looking at the long distances they would have to travel in an IoT network that can range over cities or countries. Quantum devices are also big and bulky and may not be easily affordable. The current QKD is designed to function between two devices, which would not be ideal in an actual IoT system where hundreds of devices need to be connected safely.

One solution has been proposed where we would keep the current semiconductor chips but use quantum techniques to create unique, encrypted keys for each connected device. One way to achieve this goal would be by using quantum random number generation (QRNG), a technique that makes use of random numbers in combination with a high source of entropy. The ability to create and generate such numbers at high speeds would be a walk in the park for quantum computing. In this way, each key will be intricate enough and each device’s key will be unique. 

As such, the key will be secure and the data completely safe. Device-independent-cryptography specifically can be employed to ensure that manufactured devices conform to the set standards and that they are trustworthy.

Conclusively, it would be safe to say that we have reached the stage where quantum computing and quantum cryptography have evolved to a point where we can start considering their use in commercial systems. But some refinement will have to take place. 

Most of the algorithms in use today are an advanced version of QKD, but to make quantum systems commercially viable for IoT use we will have to look into its affordability and scalability in an IoT network environment. By resolving these minor issues, we can successfully apply quantum cryptography to IoT systems, gaining this way access to the most secure networks and systems to date.

About the Author

Sam Bocetta is a former security analyst for the DoD, having spent 30+ years bolstering network security protocols for the U.S. Navy’s dock landing ships. He is now semi-retired, and educates the public about security and privacy technology.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here