The final IoT Security Foundation webinar of 2024 brought together experts to discuss pressing topics regarding the future of cryptography, particularly in the context of quantum computing. This session featured Jeremy B from the UK’s National Cyber Security Centre (NCSC) discussing post-quantum cryptography and its implications for cybersecurity.
The Role of the NCSC
Jeremy B introduced the NCSC, emphasizing its authority in cyber security and cryptography within the UK government. The NCSC is tasked with providing guidance, consultancy, and assurance related to cryptographic practices. It plays a vital role in shaping the cybersecurity landscape and ensuring that robust cryptographic standards are upheld across various sectors.
Understanding Quantum Computing
Jeremy explained the fundamental principles of quantum computing, which leverages the unique properties of quantum mechanics, such as superposition and entanglement. Unlike classical bits, which are either 0 or 1, quantum bits (qubits) can exist in multiple states simultaneously, allowing for more complex computations.
The Threat of Quantum Computing to Cryptography
As quantum computing technology matures, it poses significant risks to traditional cryptographic systems. Current public key cryptographic methods, such as RSA and elliptic curve cryptography, rely on mathematical problems that are computationally hard for classical computers. However, these problems can be efficiently solved by quantum computers using algorithms like Shor’s algorithm.
Understanding Post-Quantum Cryptography (PQC)
Post-quantum cryptography refers to cryptographic algorithms that are secure against both classical and quantum attacks. Jeremy emphasized the need for a transition to PQC to safeguard sensitive data against future quantum threats. The NCSC’s position is clear: the solution lies in adopting cryptographic algorithms that are based on hard mathematical problems, which are believed to be resistant to quantum attacks.
Current Developments in PQC
The NIST (National Institute of Standards and Technology) has been at the forefront of developing and standardizing post-quantum cryptographic algorithms. Recently, they released standards for key encapsulation mechanisms and digital signatures, which are crucial for secure communications in a quantum future.
Migration Challenges
Transitioning to post-quantum cryptography is not a straightforward process. Organizations need to plan carefully, considering factors such as budget constraints and the potential need for hardware upgrades. Jeremy highlighted that the migration is not merely a technical challenge but also requires a strategic approach to integrate PQC into existing systems.
Steps for Effective Migration
- Conduct a Cryptographic Discovery: Organizations must understand their current cryptographic landscape, including what data they have, where it is stored, and how it is protected.
- Inventory Existing Cryptography: Keeping track of the validity of certificates and the lifespan of signing keys is essential for a smooth transition.
- Plan for Future Protocol Standards: Organizations should wait for established standards before rushing into migration to ensure compatibility and security.
Engaging with Supply Chains
Jeremy stressed the importance of understanding supply chain dynamics. Organizations should be aware of their suppliers’ plans for migrating to post-quantum cryptography, as these partnerships can significantly affect their own security posture.
Conclusion
The discussion concluded with a call to action for organizations to begin planning their transition to post-quantum cryptography. By integrating PQC into their cybersecurity strategies, organizations can better prepare for the challenges posed by quantum computing and ensure the security of their data and systems.
Final Thoughts
This webinar served as a vital platform for discussing the future of cryptography in the face of evolving technological challenges. As we move closer to a post-quantum world, proactive measures in adopting new cryptographic standards and enhancing IoT device security will be essential for maintaining trust in digital ecosystems.
The full version of this webinar is available on our members-only platform. It also features the BSI’s the BSI’s Mustanir Ali talking about the upcoming changes to the Radio Equipment Directive for IoT devices.