SlideShare une entreprise Scribd logo

Quantum threat: How to protect your optical network

ADVA
ADVA

At NetNordic, Vincent Sleiffer explored the looming quantum threat and asked whether there are quantum-safe network technologies that can be applied today to protect sensitive information against dangers including data harvesting.

Technologie
1  sur  27
Quantum threat 23 September 2022, Dr. Vincent Sleiffer MSc, senior systems consultant How to protect your optical network
© 2022 ADVA. All rights reserved. 2 POP POP POP Location 2 Location N Location 1 The big picture Making networks secure with multi-layer encryption Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC
© 2022 ADVA. All rights reserved. 3 Can you access data in an optical fiber? © 2022 ADVA. All rights reserved. 3
© 2022 ADVA. All rights reserved. 4 Fiber tapping Fiber tap Transmitter Receiver Hacker
© 2022 ADVA. All rights reserved. 5 Sumitomo, OFC 2019 Does this really protect your sensitive data? Physical layer protection https://lumenisity.com/core smart-unique-nanf- hollowcore-technology/ https://www.wirestrander.com/blog/submarine Carrying the sensitive data Noise
© 2022 ADVA. All rights reserved. 6 https://www.profitap.com/fiber-taps/ Amplification and MUX points Network monitoring points Encrypt your sensitive data!
© 2022 ADVA. All rights reserved. 7 Optical fibers traverse hostile locations Detecting tapping using OTDR technology
© 2022 ADVA. All rights reserved. 8 © 2022 ADVA. All rights reserved. 8 Encrypt all your data, and then you’re done … Right?
© 2022 ADVA. All rights reserved. Setting up the cryptography (AES256) Key exchange
© 2022 ADVA. All rights reserved. 10 Alice Bob How to protect confidential information? Confidential Confidential • Uses a different, separate protocol • Secure delivery: privacy, integrity, assurance • Needs to be handed to the rightful recipient Key exchange protocol Secure transport
© 2022 ADVA. All rights reserved. 11 Symmetrical encryption algorithms are fast and efficient Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Session key Secret Plaintext Ciphertext Plaintext Alice Bob Session key
© 2022 ADVA. All rights reserved. 12 Present crypto-systems are resistant to computing attacks using large prime numbers Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
© 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. What’s the danger with this approach?
© 2022 ADVA. All rights reserved. 14 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
© 2022 ADVA. All rights reserved. 15 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key Source: https://quantum-computing.ibm.com/composer/docs/iqx/guide/shors-algorithm Shor’s algorithm -> fast factorization (find prime numbers)
© 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. Time to prepare for quantum era Why care about future quantum computers? The quantum computer threat Minutes Hours Days Months Years Millenniums High-performance computer (2018) Quantum computer (202x) Cracking time
© 2022 ADVA. All rights reserved. 17 Solutions Two possible solutions Post-quantum cryptography (PQC) Quantum-key distribution (QKD) Solution 1 Solution 2 Based on physics! Based on very complex math
© 2022 ADVA. All rights reserved. 18 Quantum key distribution (QKD) is securing key exchange by quantum transport Solution 1: Quantum transmission for key sharing Alice Bob recognizes the observation Session key Session key Quantum channel Quantum key processing Quantum transport And others emerging
© 2022 ADVA. All rights reserved. 19 © 2022 ADVA. All rights reserved. 19 Quantum physics: detection collapses state Eavesdropper will be detected due to increasing QBER One photon per quantum bit: how to cope with fiber (+other) losses?
© 2022 ADVA. All rights reserved. 20 Identifying attacks against key exchange Multivendor solution utilizing open key exchange interfaces Quantum-safe encryption of DWDM user traffic Integrated into live network of major CSP First quantum-safe network with public service providers Financial institution Quantum key distribution Quantum safe cryptography: QKD Cambridge Adastral Park, Ipswich Quantum channel Encrypted data channels <40km point-to-point link
© 2022 ADVA. All rights reserved. 21 Code- and lattice-based asymmetrical encryption algorithms are quantum-safe Solution 2: Quantum-safe key exchange Alice Bob Session key Session key Quantum-safe key exchange protocol Quantum-safe key exchange protocol Key exchange NIST, July 2022: Standardization candidate: CRYSTALS-Kyber. Round 4 candidates: BIKE, Classic McEliece, HQC and SIKE BSI, August 2020: Classic McEliece and FrodoKEM, a.o., in a hybrid solution
© 2022 ADVA. All rights reserved. 22 One of the last of these three models was Rainbow, a signature system that has a secret key that is only known by the user and that can be verified by the recipient. Ward Beullens cracked the access system in a little less than a weekend and using only a laptop. Source: https://english.elpais.com/science-tech/2022-03-24/using-just-a-laptop-an-encryption- code-designed-to-prevent-a-quantum-computer-attack-was-cracked-in-just-53-hours.html The team, from Computer Security and Industrial Cryptography group (CSIS) at KU Leuven, were able to crack the algorithm SIKE — or Supersingular Isogeny Key Encapsulation (SIKE) — using a mathematical approach to understand SIKE’s encryption and then predict and steal its encryption keys. Source: https://thequantuminsider.com/2022/08/05/nist-approved-post- quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
© 2022 ADVA. All rights reserved. 23 • Field upgradable with firmware images digitally signed by ADVA • Updates enable crypto agility for addition of new algorithms and deletion of undesired algorithms • Hardware-ready for quantum safe public key exchanges (e.g., classic McEliece) Field upgradable to enable crypto agility Crypto submodule (CSM)
© 2022 ADVA. All rights reserved. 24 ADVA protects EU research network against quantum attacks Quantum-safe key exchange using McEliece algorithm 100G user payload is protected by quantum-resistant AES-256 cipher Joint demo with regional research network providers and super-computing centers Quantum safe cryptography: post-quantum ciphers
© 2022 ADVA. All rights reserved. 25 Quantum-safe cryptography options Future-proof security • New cryptographic algorithms, e.g., McEliece or Frodo, thought to be secure against cyber attacks by quantum computers • The security of the encryption relies on the computational difficulty • Reach limitation based on optical interface Post-quantum cryptography (PQC) Session key Session key Quantum safe key exchange protocol Quantum-safe key exchange protocol Key exchange • Use quantum physics for secure key exchange: A try to eavesdrop introduces detectable anomalies in quantum states • The security of the encryption relies on the foundations of quantum mechanics. • Limited reach due to fiber loss Quantum-key distribution (QKD) Session key Session key Quantum channel Key exchange Solution 1 Solution 2
© 2022 ADVA. All rights reserved. 26 Post-quantum security with PQC and QKD Plaintext Plaintext Alice Bob AES encryption AES encryption Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Ciphertext Session key PQC PQC Key exchange QKD QKD Key distribution Future-proof data security and flexibility Protection against quantum computers attacks
© 2022 ADVA. All rights reserved. 27 Dr. Vincent Sleiffer MSc Senior Systems Consultant +46 76 795 32 57 VSleiffer@adva.com Linkedin.com/in/VSleiffer Getting access to data inside the fiber is possible. Therefore it is necessary to encrypt your sensitive data Quantum computers are going to be able to break current key exchange methods (RSA, Diffie-Hellman, elliptic curve cryptography) Protect your data now against the quantum threat by using quantum key distribution (QKD) and post-quantum cryptography (PQC)! Further listening: Quantum threat: How to protect your optical network Takeaways

Recommandé

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
pixiejen
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
ADVA
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Samy Shehata
 
Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)
deepu427
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Priya Winsome
 

Recommandé

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
pixiejen
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
ADVA
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Samy Shehata
 
Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)
deepu427
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Priya Winsome
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
NARESHGOTMAL
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
Shivangi Saxena
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
sahilnarvekar
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Himanshu Shekhar
 
Quantum Cryptography & Key Distribution.pptx
Quantum Cryptography & Key Distribution.pptxQuantum Cryptography & Key Distribution.pptx
Quantum Cryptography & Key Distribution.pptx
Daniel938043
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Martins Okoi
 
The security of quantum cryptography
The security of quantum cryptographyThe security of quantum cryptography
The security of quantum cryptography
wtyru1989
 
Seminar Report on Quantum Key Distribution
Seminar Report on Quantum Key DistributionSeminar Report on Quantum Key Distribution
Seminar Report on Quantum Key Distribution
Shahrikh Khan
 
Naman quantum cryptography
Naman quantum cryptographyNaman quantum cryptography
Naman quantum cryptography
namanthakur
 
Cryptopresentationfinal
CryptopresentationfinalCryptopresentationfinal
Cryptopresentationfinal
skadyan1
 
quantumcrypto
quantumcryptoquantumcrypto
quantumcrypto
nit jalandhar
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic security
Kamal Diwakar
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Anisur Rahman
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
Bise Mond
 
Quantum Cryptography abstract
Quantum Cryptography abstractQuantum Cryptography abstract
Quantum Cryptography abstract
Kalluri Madhuri
 
Quantum Key Distribution
Quantum Key DistributionQuantum Key Distribution
Quantum Key Distribution
Shahrikh Khan
 
Quantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdfQuantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdf
RonSteinfeld1
 
ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...
ADVA
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
MyNOG
 

Contenu connexe

Tendances

The security of quantum cryptography
The security of quantum cryptographyThe security of quantum cryptography
The security of quantum cryptography
wtyru1989
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic security
Kamal Diwakar
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
Bise Mond
 

Tendances (20)

Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Quantum Cryptography & Key Distribution.pptx
Quantum Cryptography & Key Distribution.pptxQuantum Cryptography & Key Distribution.pptx
Quantum Cryptography & Key Distribution.pptx
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
 
The security of quantum cryptography
The security of quantum cryptographyThe security of quantum cryptography
The security of quantum cryptography
 
Seminar Report on Quantum Key Distribution
Seminar Report on Quantum Key DistributionSeminar Report on Quantum Key Distribution
Seminar Report on Quantum Key Distribution
 
Naman quantum cryptography
Naman quantum cryptographyNaman quantum cryptography
Naman quantum cryptography
 
Cryptopresentationfinal
CryptopresentationfinalCryptopresentationfinal
Cryptopresentationfinal
 
quantumcrypto
quantumcryptoquantumcrypto
quantumcrypto
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic security
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
 
Quantum Cryptography abstract
Quantum Cryptography abstractQuantum Cryptography abstract
Quantum Cryptography abstract
 
Quantum Key Distribution
Quantum Key DistributionQuantum Key Distribution
Quantum Key Distribution
 
Quantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdfQuantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdf
 

Similaire à Quantum threat: How to protect your optical network

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
 
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
PawachMetharattanara
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Gilles Callebaut
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 

Similaire à Quantum threat: How to protect your optical network (20)

ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quantum-safe data center interconnects
Quantum-safe data center interconnectsQuantum-safe data center interconnects
Quantum-safe data center interconnects
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport Systems
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
ADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdfADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdf
 
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the Future
 
Ethernet basics
Ethernet basicsEthernet basics
Ethernet basics
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Secure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data CentersSecure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data Centers
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assurance
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 

Plus de ADVA

ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
ADVA
 

Plus de ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Quantum threat: How to protect your optical network

  • 1. Quantum threat 23 September 2022, Dr. Vincent Sleiffer MSc, senior systems consultant How to protect your optical network
  • 2. © 2022 ADVA. All rights reserved. 2 POP POP POP Location 2 Location N Location 1 The big picture Making networks secure with multi-layer encryption Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC
  • 3. © 2022 ADVA. All rights reserved. 3 Can you access data in an optical fiber? © 2022 ADVA. All rights reserved. 3
  • 4. © 2022 ADVA. All rights reserved. 4 Fiber tapping Fiber tap Transmitter Receiver Hacker
  • 5. © 2022 ADVA. All rights reserved. 5 Sumitomo, OFC 2019 Does this really protect your sensitive data? Physical layer protection https://lumenisity.com/core smart-unique-nanf- hollowcore-technology/ https://www.wirestrander.com/blog/submarine Carrying the sensitive data Noise
  • 6. © 2022 ADVA. All rights reserved. 6 https://www.profitap.com/fiber-taps/ Amplification and MUX points Network monitoring points Encrypt your sensitive data!
  • 7. © 2022 ADVA. All rights reserved. 7 Optical fibers traverse hostile locations Detecting tapping using OTDR technology
  • 8. © 2022 ADVA. All rights reserved. 8 © 2022 ADVA. All rights reserved. 8 Encrypt all your data, and then you’re done … Right?
  • 9. © 2022 ADVA. All rights reserved. Setting up the cryptography (AES256) Key exchange
  • 10. © 2022 ADVA. All rights reserved. 10 Alice Bob How to protect confidential information? Confidential Confidential • Uses a different, separate protocol • Secure delivery: privacy, integrity, assurance • Needs to be handed to the rightful recipient Key exchange protocol Secure transport
  • 11. © 2022 ADVA. All rights reserved. 11 Symmetrical encryption algorithms are fast and efficient Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Session key Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 12. © 2022 ADVA. All rights reserved. 12 Present crypto-systems are resistant to computing attacks using large prime numbers Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 13. © 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. What’s the danger with this approach?
  • 14. © 2022 ADVA. All rights reserved. 14 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 15. © 2022 ADVA. All rights reserved. 15 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key Source: https://quantum-computing.ibm.com/composer/docs/iqx/guide/shors-algorithm Shor’s algorithm -> fast factorization (find prime numbers)
  • 16. © 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. Time to prepare for quantum era Why care about future quantum computers? The quantum computer threat Minutes Hours Days Months Years Millenniums High-performance computer (2018) Quantum computer (202x) Cracking time
  • 17. © 2022 ADVA. All rights reserved. 17 Solutions Two possible solutions Post-quantum cryptography (PQC) Quantum-key distribution (QKD) Solution 1 Solution 2 Based on physics! Based on very complex math
  • 18. © 2022 ADVA. All rights reserved. 18 Quantum key distribution (QKD) is securing key exchange by quantum transport Solution 1: Quantum transmission for key sharing Alice Bob recognizes the observation Session key Session key Quantum channel Quantum key processing Quantum transport And others emerging
  • 19. © 2022 ADVA. All rights reserved. 19 © 2022 ADVA. All rights reserved. 19 Quantum physics: detection collapses state Eavesdropper will be detected due to increasing QBER One photon per quantum bit: how to cope with fiber (+other) losses?
  • 20. © 2022 ADVA. All rights reserved. 20 Identifying attacks against key exchange Multivendor solution utilizing open key exchange interfaces Quantum-safe encryption of DWDM user traffic Integrated into live network of major CSP First quantum-safe network with public service providers Financial institution Quantum key distribution Quantum safe cryptography: QKD Cambridge Adastral Park, Ipswich Quantum channel Encrypted data channels <40km point-to-point link
  • 21. © 2022 ADVA. All rights reserved. 21 Code- and lattice-based asymmetrical encryption algorithms are quantum-safe Solution 2: Quantum-safe key exchange Alice Bob Session key Session key Quantum-safe key exchange protocol Quantum-safe key exchange protocol Key exchange NIST, July 2022: Standardization candidate: CRYSTALS-Kyber. Round 4 candidates: BIKE, Classic McEliece, HQC and SIKE BSI, August 2020: Classic McEliece and FrodoKEM, a.o., in a hybrid solution
  • 22. © 2022 ADVA. All rights reserved. 22 One of the last of these three models was Rainbow, a signature system that has a secret key that is only known by the user and that can be verified by the recipient. Ward Beullens cracked the access system in a little less than a weekend and using only a laptop. Source: https://english.elpais.com/science-tech/2022-03-24/using-just-a-laptop-an-encryption- code-designed-to-prevent-a-quantum-computer-attack-was-cracked-in-just-53-hours.html The team, from Computer Security and Industrial Cryptography group (CSIS) at KU Leuven, were able to crack the algorithm SIKE — or Supersingular Isogeny Key Encapsulation (SIKE) — using a mathematical approach to understand SIKE’s encryption and then predict and steal its encryption keys. Source: https://thequantuminsider.com/2022/08/05/nist-approved-post- quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
  • 23. © 2022 ADVA. All rights reserved. 23 • Field upgradable with firmware images digitally signed by ADVA • Updates enable crypto agility for addition of new algorithms and deletion of undesired algorithms • Hardware-ready for quantum safe public key exchanges (e.g., classic McEliece) Field upgradable to enable crypto agility Crypto submodule (CSM)
  • 24. © 2022 ADVA. All rights reserved. 24 ADVA protects EU research network against quantum attacks Quantum-safe key exchange using McEliece algorithm 100G user payload is protected by quantum-resistant AES-256 cipher Joint demo with regional research network providers and super-computing centers Quantum safe cryptography: post-quantum ciphers
  • 25. © 2022 ADVA. All rights reserved. 25 Quantum-safe cryptography options Future-proof security • New cryptographic algorithms, e.g., McEliece or Frodo, thought to be secure against cyber attacks by quantum computers • The security of the encryption relies on the computational difficulty • Reach limitation based on optical interface Post-quantum cryptography (PQC) Session key Session key Quantum safe key exchange protocol Quantum-safe key exchange protocol Key exchange • Use quantum physics for secure key exchange: A try to eavesdrop introduces detectable anomalies in quantum states • The security of the encryption relies on the foundations of quantum mechanics. • Limited reach due to fiber loss Quantum-key distribution (QKD) Session key Session key Quantum channel Key exchange Solution 1 Solution 2
  • 26. © 2022 ADVA. All rights reserved. 26 Post-quantum security with PQC and QKD Plaintext Plaintext Alice Bob AES encryption AES encryption Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Ciphertext Session key PQC PQC Key exchange QKD QKD Key distribution Future-proof data security and flexibility Protection against quantum computers attacks
  • 27. © 2022 ADVA. All rights reserved. 27 Dr. Vincent Sleiffer MSc Senior Systems Consultant +46 76 795 32 57 VSleiffer@adva.com Linkedin.com/in/VSleiffer Getting access to data inside the fiber is possible. Therefore it is necessary to encrypt your sensitive data Quantum computers are going to be able to break current key exchange methods (RSA, Diffie-Hellman, elliptic curve cryptography) Protect your data now against the quantum threat by using quantum key distribution (QKD) and post-quantum cryptography (PQC)! Further listening: Quantum threat: How to protect your optical network Takeaways