Researchers Endorse ‘Quantum-Safe’ Cloud Security
With cyber attacks on IT infrastructure growing more sophisticated and costly by the day, researchers are looking for new ways to stay ahead of hackers by strengthening encryption. Among the emerging tools are quantum random number generators that introduce a higher level of unpredictability that is difficult to reproduce. That in turn makes it harder for attackers to simply steal of guess keys.
Growing use and adoption of so-called "quantum-safe cryptography" prompted cloud security researchers to delve deeper into the technology in an attempt, they noted, to "future proof data against improvements to computer power, new attack strategies, weak random number generators and the emergence of quantum computers" that could one day be used to crack encryption.
"The performance and characteristics of random number generators have a strong impact on security," noted the Cloud Security Alliance, which released a research brief last week on the current state of the security technology. "Poor quality or insufficient quantity of random numbers make it that much easier, reducing security well below its designed level and making the overall system vulnerable."
The alliance's Quantum-Safe Security Working Group released a research paper describing software and hardware approaches for generating random numbers used to encrypt cloud infrastructure. Software, or pseudo-random number generators (PRNG), consist of an algorithm that if properly designed produces most of the properties of a random sequence.
"However, when designing a system to be 'quantum safe', i.e. protected from attacks by quantum computers, then all aspects of the cryptosystem must be upgraded," the researchers noted, making it unlikely that the PRNG approach is sufficient.
A stronger approach, they continued, is a "physical" random number generator capable of generating "random bits" based on hardware characteristics ranging from voltage fluctuations and clock jitter or radio noise and quantum measurements. A key metric for determining randomness is known as "entropy density" and is measured in bits. Another is throughput, or the quantity of random data measured in bits per second.
"For a given throughput, lower entropy will result in keys that are less random, making them more vulnerable to hacking," the researchers noted. Low throughput also limits the frequency at which encryption keys can be rotated.
The researchers conclude that random number generators based on quantum physical processes yield the highest quality random data and therefore the greatest crypto security in the cloud. Low cost quantum random number generators are beginning to appear as manufacturers leverage quantum effects to deliver more secure random numbers at what the researcher said are competitive costs.
Hence, the investigators endorse the use of quantum-safe security given the quality of the entropy delivered by this approach and its growing commercial viability. Using the quantum approach, they concluded, the "challenges [associated with] selecting random number generators that will not expose your data to breaches [have] suddenly become much simpler."