sb-as logo
Story image

Microsoft, DigiCert, Utimaco tackle quantum computing threats

13 Feb 2019

Microsoft Research, DigiCert and hardware security module provider Utimaco have successfully piloted an algorithm that could bring the world one step closer to a secure internet of things.

The three companies ran a test implementation of the ‘Picnic’ algorithm, which also incorporated digital certificates for IoT encryption, authentication and integrity.

This could be the start of a full solution that will protect IoT from threats that quantum computing could pose to widely-used cryptographic algorithms.

Most IoT devices currently use RSA and ECC as security measures to protect confidentiality, integrity, and authenticity for device identities and communication.

According to Microsoft Research’s Dr Brian LaMacchia, large-scale quantum computers will soon be able to break RSA and ECC public key cryptography within 10-15 years. 

That’s not actually very far down the track, particularly when critical infrastructure like connected cities, smart homes, connected medical devices and other technologies will last longer than that, and they may take longer to update.

"The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” says LaMacchia. 

“Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats."

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. 

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

For enterprises, it means they will be able to deploy IoT solutions that are future-proofed against quantum computing threats. The goal is to keep sensitive information and high-value assets safe.

Utimaco CTO Dr Thorsten Grötker says the successful test implantation is a fundamental building block for quantum-safe solution implantation.

"Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats."

DigiCert Labs head Avesta Hojjati adds, "DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow's problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash.”

"Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection."

Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More