Categories
whitepaper

Achieve Unconditional Security of VPN Communication with Quantum key exchange

whitepaper

Achieve Unconditional Security of VPN Communication With Quantum Key Exchange

QNU VPN WP
whitepaper

Achieve Unconditional Security of VPN Communication with Quantum key exchange

QNU VPN WP
overview

With the COVID-19 pandemic, enterprises have seen a steady increase of attacks and this has been a new learning to the CIO’s in the organisations. Though digital transformation creates opportunities for new technologies, it also introduces new security concerns. Today’s enterprises use VPN with End-to-End encryption and consider them as the safest means of communicating critical data. However, these do have vulnerabilities leading to gaps in security which is an alarming issue.

This whitepaper details on how to achieve End-to-End security of your VPN communication using Quantum Keys without any changes to the existing infrastructure. The proposed solution in the whitepaper ensures that the encryption keys are not available with anyone outside of your own infrastructure.

What you get from this Whitepaper:
  • Where VPNs Are Posing Threat
  • Vulnerabilities in End-to-End Security
  • How Do You Implement Quantum Keys in VPN
  • Benefits of VPN With Quantum Keys
  • How Quantum Key Distribution (Armos) Works and More

Download the whitepaper

Categories
blog

Threat to National Security and Country’s Economy with Imminent arrival of Quantum Computers

Threat to National Security and Country's Economy with Imminent arrival of Quantum Computers

Threat to National Security with Imminent arrival of Quantum Computers

The world is at the threshold of a Quantum Revolution. Unlike in the past, perhaps for the first time in history, we have a case where all world major nations and corporations are actively pursuing one technology and pouring in billions of dollars.

Google announced crossing the Quantum Supremacy Threshold of 53 Qubits. This essentially means that a Quantum Computer (QC) of 53 Qubits can perform some operations faster than the most advanced supercomputers today. In the last one year, the performance of quantum computers has gone up by 5-7 times which has made even the biggest skeptics eat their words. Recently, Rigetti has announced it will release a 128 Qubit QC this year. They have already released a fab lab designed for speedy creation of better quantum circuits and a quantum computing cloud service that provides early hands-on experience with writing and testing software.

The potential benefits of quantum computing, from advances in cancer research, gene studies to unlocking the mysteries of the universe, are limitless. But that same computing power can be used to unlock different kinds of secrets—from one’s personal financial or health records to corporate research projects and classified government intelligence.

The greatest impact of the Quantum Revolution will be felt on Cryptography. A sufficiently large QC running existing Shor’s algorithm can crack an RSA or Diffie Hellman system of encoding in seconds as opposed to millions of years by brute force method today.

Symmetric key systems such as Advanced Encryption Standard, Triple Data Encryption Algorithm, etc. which are used for end to end bulk encryptors are more resilient but even these can be cracked in relatively quicker time frames by running Grover’s Algorithm on a Quantum Computer. Even these systems use Diffie Hellman for key exchange which will become completely insecure. The only solution against this is to evolve a new breed of Post Quantum cryptographic systems resilient to algorithmic simulations. Another aspect is that no matter what encryption system you use, its security is limited by the security of its key.

Even in the present, the threat is very real as an adversary can easily tap an optical fiber link and store the data for cracking later when QC resources become available in 12 to 18 months. Thus, forward security is very important today and window (time of implementing Quantum safe security solutions and the arrival of powerful enough QCs) is shrinking as we read this note.

With our increasing dependence on digital, it is becoming increasingly lucrative to obtain the key and loss of keys by treason also becomes a distinct possibility. The only technological solution today is Quantum Key Distribution (QKD) which guarantees complete secrecy of the key and facilitates the rapid change of keys, as frequent as one per minute, to frustrate any attempts at hacking. QKD solution makes QC toothless as an exploit kit in the hands-on hackers.

Everyone has seen the damage individual hackers can do when they infiltrate a system. Imagine a nation-state intercepting the encrypted financial data that flows across the globe and being able to read it as easily as you are reading this.

From academics to the National Security Agency, there is a widespread agreement that is gaining momentum that quantum computers will rock current security protocols that protect global financial markets and the inner workings of government.

Already, intelligence agencies around the world are archiving intercepted communications transmitted with encryption that’s currently all but unbreakable, in the hopes that in the future computing advances will turn what’s gibberish now into potentially valuable intelligence. Rogue states may also be able to leverage the power of quantum to attack the banking and financial systems at the heart of western capitalism.

It took more than five years and nearly half a trillion dollars for companies and governments to prepare for Y2K, which resulted in a non-event for most people. But, we are not ready for what experts call Y2Q (Years to Quantum), and the time to prepare is now. Even in a pre-quantum era, the need for quantum-safe encryption is real. Banks, government agencies, insurers, hospitals, utilities, and airlines all need to be thinking now about how to implement security and encryption that will withstand a quantum attack.

India’s story in this situation: Opportunity in front of us?

Technology cycles come once in a few decades and bring about vast changes in economies generating completely new lines of employment and business. India has been a fringe participant in all past revolutions. Despite much strategizing during the IT revolution and becoming a key software outsourcing destination, several opportunities were foregone in chip manufacturing, hardware assembly, software products market, due to lack of foresight and organised support at a national level.

With the current budget outlaying Rs 8000 crore over 5 years for the National Mission on Quantum Technologies and Application,
India is gearing up to be the digital hub offering Quantum-Safe Security solutions as an indigenized solution for developing countries who are re-building their nations and economy on the wings of IT technology. 
In the interest of national security and economy, the following are some of the possible initiatives that require immediate attention:

         * Undertake large scale R & D projects through defence / DRDO for new age cryptographic initiatives especially to secure strategic     Communications like backbone networks, communications to Island territories, Naval ships, etc.

* Set up a Post Quantum Cryptography commission which will initiate result-oriented R&D through National Scientific organizations,

   industry   and academia. It can also provide grants and funding to “India Make” products and solutions in Quantum Security Space.

* Drive encryption policy changes to make the critical infrastructure of banking/finance/stock exchanges, power grids, smart cities and     communications for essential services, etc. Quantum secure.

* Build a national “Quantum Network” connecting metros through quantum-safe optical links and let the high-value critical data use the     quantum network for data exchange between the cities.

 

                                                                                                                                                     The author is Chairman of QNu Labs Pvt. Ltd

 

Further Reading- Refer Deloitte Article

Categories
blog

Dark Side of Quantum Computers – A Lurking Threat to National Security

Dark Side of Quantum Computers – A Lurking Threat to National Security

Dark Side of Quantum Computers

Quantum computing has long promised the next major leap forward in computing power. However, there is a darker side to it. It has the potential to undermine the foundations of internet privacy and commerce.

Cryptosystems are designed to cope with the worst-case scenarios: an adversary with infinite computing resources can get access to plaintext/ciphertext pairs (and thus could study the relationship between each pair) and know the encryption and decryption algorithms; and can thereby choose plaintext or ciphertext values at will.

The only element not accessible to this adversary is the secret key; thus, the security of a cryptosystem depends solely on the security of the key. This is a long-standing design philosophy first enunciated by Auguste Kerckhoff in 1883 which states: “The security of a cryptosystem must not depend on keeping the crypto-algorithm a secret. The security depends only on keeping the key a secret. 

Today’s encryption (secret) keys are highly vulnerable due to many reasons such as weak randomness, advances to CPU power, new attack strategies, emergence of new algorithms such as Shor’s, which when run on quantum computers will ultimately render much of today’s encryption unsafe. Recent news and disclosures have shown the stark reality and the ugly face of data security.

  • Snowden disclosed in 2013 that the Government Communications Headquarters (GCHQ), a British agency, had been copying 20 petabytes of data every day off optical fibers around the world under a secret project “Tempora” and had been passing on the encrypted data to the National Security Agency (NSA).
  • A Reuters report in 2013 mentioned that NSA paid $10 million to put its backdoor in RSA encryption such that, the programme had a random number generator, but there were a number of fixed, constant numbers built into the algorithm that could function as a kind of skeleton key. Anyone who knew the right numbers could decipher the resulting crypto text.
  • Another recent news with an interesting title, ‘The intelligence coup of the century’ shook the world. For decades, the CIA and the West German intelligence had been reading the encrypted communications of over 60+ countries, including allies and adversaries for decades.There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments.

While the bright side of powerful Quantum Computers (QCs) will help solve lot of problems for humanity and give a huge boost to the discovery of drugs, new materials and space research, at the same time the dark side of QCs will accelerate the maturation of three of the top ten global risks, namely: cyber-attacks, data theft or fraud and breakdown of information infrastructure. These global risks will create another sort of havoc by exposing and threatening the leakage of national defence secrets.

A definite concern is that data encrypted today can be intercepted and stored by state-sponsored hackers or other well-funded hackers for decryption in future by quantum computers. This is known as the “Harvest Now Decrypt Later” attack.

Quantum safe technology needs to be adopted to safeguard the hacking of encryption keys. A technology that can address the practical difficulties such as the generation of long random keys, distribution of keys to recipients and, the synchronisation of the sender and receiver to make sure the same keys are used for the same message, thereby ensuring that the keys are never reused.

Dark side of Quantum Computing

Need Of The Hour

Quantum Key Distribution (QKD) is one such technology that addresses all of the above mentioned challenges. It is a key establishment and distribution protocol which creates a shared symmetric key material by using quantum properties of light to transfer information from Alice to Bob in a manner that will highlight any eavesdropping by an adversary. This can be used to derive a key, and the resultant key material can then be used to encrypt plaintext using a one-time pad encryption or AES to provide unconditional security. QKD is especially good at creating long random keys from a short input – key extension functionality, which could be invaluable for OTPs.

QKD is a unique weapon in the cryptographer’s toolbox, albeit potentially powerful, empowering our defence and intelligence organisations with detection and prevention capabilities in case of any attempt of eavesdropping. Defence can leverage the power of quantum secure solutions in the following applications:

  • QKD for backbone bulk connectivity: Dynamic and effective key changes on important backhaul of OFC (Optical Fiber Communication) links and even tactical bulk communication media in the field.
  • Secure OFC ring networks: Development of static internet communication networks especially optical fibre ring networks in cantonments and other sensitive areas.
  • Secure internet-based services: The growing dependency on internet-based service is a potential security threat and the use of strong encryption with QKD presents a viable solution.
  • Generation of large number of highly random keys: The keys must be truly random to be effective. True entropy can be achieved by using a quantum source for entropy, called ‘Quantum Random Number Generator (QRNG)’.
  • Network-based encryption key distribution and management: Replacement of out-dated manual key management systems with real time key distribution and management using QKD.

QNu Labs is India’s one and only quantum secure communication company offering quantum safe internet and cloud security solutions. QNu Labs offers two products – Tropos (Quantum Random Number Generator) and Armos (Quantum Key Distribution System). These offerings make security of critical data unconditional and future proof. Our quest has been to offer crypto agility to organisations where the existing infrastructure can be upgraded to be quantum secure in a seamless manner without any disruption in the business and any wastage of existing investments. QNu Labs has achieved this by replacing the vulnerable core of data security that relies on the complexity of mathematical algorithms with the unique principles of quantum physics.

QNu Labs is highly passionate and motivated about its mission of accelerating the world’s transition to quantum safe security solutions to protect critical data from an imminent Y2Q (Years to Quantum Computers) event, which will bring a “crypto apocalypse”. The company was selected by MoD (Ministry of Defence) to present its unique offering in the India Pavilion of DefExpo 2020 and we chose to showcase a use case of “Quantum Channel-based Real-time Key Distribution” along with BEL (Bharat Electronics Limited). We saw a good footfall with some of the top Indian and foreign defence personnel visiting our booth to discuss the possible solutions of leveraging QNu’s technology in order to create a quantum safe secure network.

                                                                                                                            –The author is Co-founder and CEO, QNu Labs Pvt. Ltd

Categories
news

With Quantum First approach, the company will play a key role in building an ecosystem and making the country self-reliant in quantum technologies

How IIT Madras-incubated QNu Labs uses the power of light to protect data over the internet

If you are a Star Trek fan, then you will know the meaning of “to boldly go where no man has gone before”. The thrill of discovering the unknown, thinking out of the box, or addressing a pain point that no one has done before is what encourages intrepid entrepreneurs to start up.

Look at the internet, it is an ever-expanding universe in itself. Taking the Star Trek reference a little further, unlike the Federation, not everything from the internet comes in peace. While there are security solutions to protect information, once the information hits the network, it is as vulnerable as the space it travels through. The crowded information superhighway of today is susceptible to breaches because the current standards of encryption – no matter how stringent – are inadequate.

Today’s Black Hat hackers use super computers or the power of a network of computers by hacking in to millions of computers to use their compute power to break in and steal sensitive information.

Watch this video to get a detailed idea of what QNu Labs does.
Play Video
This is where QNu Labs, a startup from Bengaluru, steps up to the challenge. It uses quantum cryptography to obfuscate data and provides keys to fight hackers.

“Quantum cryptography uses photon light, or Qbits, to ensure that the data is protected and that the keys are constantly changing for any attacker to open a piece of information,” explains Sunil Gupta, Co-Founder and CEO of QNu Labs.

This means that the current mathematical keys used in securing data are challenged by this new way of securing information: neither the person sending the data, nor the recipient have any ideas as to what the key is. In fact, the key is decided by the key management system only when it knows the party is ready to receive it.

(L-R): Sunil Gupta, Dr Anil Prabhakar, Prithvi Kini and Mark Mathias

Started in IIT Madras in 2016, but now based in Bengaluru, QNu Labs was founded by Srinivasa Rao Aluri, Sunil Gupta, Mark Mathias and Dr Anil Prabhakar. The founders are all scientists and technocrats who have more than three decades each of corporate experience and knew each other through common friends.

The story QNu Labs began when, in 2015, the Government of India asked these technology stalwarts to build a new level of data security using photon lights. The company did not want to divulge its investment numbers. But the founders did share that they spent the first two years just building the technology. Now it has five potential clients and a business revenue pipeline of Rs 12 crore.

To understand what QNu Labs does, it is imperative to understand the difference between quantum cryptography and quantum computing.

Essentially, quantum cryptography is based on the fundamental and unchanging principles of quantum mechanics. In fact, quantum cryptography rests on two pillars of twentieth-century quantum mechanics: the Heisenberg Uncertainty principle and the principle of photon polarisation.

According the Heisenberg Uncertainty principle, it is not possible to measure the quantum state of any system without disturbing that system. Thus, the polarisation of a photon or light particle can only be known at the point when it is measured.

Simply put, the photons will not let the hacker duplicate the information because it is in quantum bits. So a hacker would have to duplicate information for every Qbit, and that is considered a physically impossible task.

There are several detailed definitions of quantum computing available. A simple one from Microsoft defines quantum computing as a branch of computing science that applies the properties of quantum physics to process information.

Operating with nanoscale components at temperatures colder than intergalactic space, quantum computing has the potential to solve some of the world’s toughest challenges.

A fully functional quantum computer would take only days or hours to solve problems that would potentially take billions of years using today’s computers.

What’s more, quantum computers will enable new discoveries in the areas of healthcare, energy, environmental systems, smart materials, and more.

Unfortunately, the principles of quantum computing are being used to steal information too.

“Today most attacks are state-sponsored and if you look at the future, there are bots that harvest now and encrypt later. The attacks are getting better as we enter the new age of computing,” adds Sunil.

QNu labs has a solution for making encryption hack-proof and future-proof by using the principles of quantum physics.

With its Quantum Key Distribution and Quantum Random Number Generator, QNu has ensured that data security has now entered the age of quantum safety.

The product sits in a hardware box and is connected to network servers or routers. It is sold to corporates or any large organisation wanting to protect its information.

Categories
whitepaper

Guide for Implementing Quantum Safe Cryptography

whitepaper

Guide for Implementing
Quantum Safe Cryptography

Guide To QSC Qnu
whitepaper

Guide for Implementing
Quantum Safe Cryptography

Guide To QSC Qnu
overview

The world is evolving towards the Quantum Era and so are your cyber attackers. Classical encryptions are no longer safe to secure your data. What can you do?

Conventional methods will not help in building Quantum-safe cryptography.Here quantum physics equips us with not only the required principles to battle with future quantum cryptography, but will make the whole cryptosystem unbreakable.

What you get from this guide:
  • The biggest threat
  • Present-day problem
  • Need of the hour
  • Making encryption quantun-safe
  • Why Quantum Key Distribution (QKD)?
  • Working of QKD – Armos and use cases
  • Cryptoagility and Mosca inequality
  • Quantum risk assessment framework and More

Download the whitepaper

Categories
news

QNu Labs uses the power of light to protect the data over the internet

How IIT Madras-incubated QNu Labs uses the power of light to protect data over the internet

If you are a Star Trek fan, then you will know the meaning of “to boldly go where no man has gone before”. The thrill of discovering the unknown, thinking out of the box, or addressing a pain point that no one has done before is what encourages intrepid entrepreneurs to start up.

Look at the internet, it is an ever-expanding universe in itself. Taking the Star Trek reference a little further, unlike the Federation, not everything from the internet comes in peace. While there are security solutions to protect information, once the information hits the network, it is as vulnerable as the space it travels through. The crowded information superhighway of today is susceptible to breaches because the current standards of encryption – no matter how stringent – are inadequate.

Today’s Black Hat hackers use super computers or the power of a network of computers by hacking in to millions of computers to use their compute power to break in and steal sensitive information.

Watch this video to get a detailed idea of what QNu Labs does.
Play Video
This is where QNu Labs, a startup from Bengaluru, steps up to the challenge. It uses quantum cryptography to obfuscate data and provides keys to fight hackers.

“Quantum cryptography uses photon light, or Qbits, to ensure that the data is protected and that the keys are constantly changing for any attacker to open a piece of information,” explains Sunil Gupta, Co-Founder and CEO of QNu Labs.

This means that the current mathematical keys used in securing data are challenged by this new way of securing information: neither the person sending the data, nor the recipient have any ideas as to what the key is. In fact, the key is decided by the key management system only when it knows the party is ready to receive it.

(L-R): Sunil Gupta, Dr Anil Prabhakar, Prithvi Kini and Mark Mathias

Started in IIT Madras in 2016, but now based in Bengaluru, QNu Labs was founded by Srinivasa Rao Aluri, Sunil Gupta, Mark Mathias and Dr Anil Prabhakar. The founders are all scientists and technocrats who have more than three decades each of corporate experience and knew each other through common friends.

The story QNu Labs began when, in 2015, the Government of India asked these technology stalwarts to build a new level of data security using photon lights. The company did not want to divulge its investment numbers. But the founders did share that they spent the first two years just building the technology. Now it has five potential clients and a business revenue pipeline of Rs 12 crore.

To understand what QNu Labs does, it is imperative to understand the difference between quantum cryptography and quantum computing.

Essentially, quantum cryptography is based on the fundamental and unchanging principles of quantum mechanics. In fact, quantum cryptography rests on two pillars of twentieth-century quantum mechanics: the Heisenberg Uncertainty principle and the principle of photon polarisation.

According the Heisenberg Uncertainty principle, it is not possible to measure the quantum state of any system without disturbing that system. Thus, the polarisation of a photon or light particle can only be known at the point when it is measured.

Simply put, the photons will not let the hacker duplicate the information because it is in quantum bits. So a hacker would have to duplicate information for every Qbit, and that is considered a physically impossible task.

There are several detailed definitions of quantum computing available. A simple one from Microsoft defines quantum computing as a branch of computing science that applies the properties of quantum physics to process information.

Operating with nanoscale components at temperatures colder than intergalactic space, quantum computing has the potential to solve some of the world’s toughest challenges.

A fully functional quantum computer would take only days or hours to solve problems that would potentially take billions of years using today’s computers.

What’s more, quantum computers will enable new discoveries in the areas of healthcare, energy, environmental systems, smart materials, and more.

Unfortunately, the principles of quantum computing are being used to steal information too.

“Today most attacks are state-sponsored and if you look at the future, there are bots that harvest now and encrypt later. The attacks are getting better as we enter the new age of computing,” adds Sunil.

QNu labs has a solution for making encryption hack-proof and future-proof by using the principles of quantum physics.

With its Quantum Key Distribution and Quantum Random Number Generator, QNu has ensured that data security has now entered the age of quantum safety.

The product sits in a hardware box and is connected to network servers or routers. It is sold to corporates or any large organisation wanting to protect its information.