SlideShare a Scribd company logo

Quantum threat: How to protect your optical network

ADVA
ADVA

At NetNordic, Vincent Sleiffer explored the looming quantum threat and asked whether there are quantum-safe network technologies that can be applied today to protect sensitive information against dangers including data harvesting.

1 of 27
Quantum threat
23 September 2022, Dr. Vincent Sleiffer MSc, senior systems consultant
How to protect your optical network
© 2022 ADVA. All rights reserved.
2
POP
POP
POP
Location 2
Location N
Location 1
The big picture
Making networks secure with multi-layer encryption
Ethernet
1-100 Gbit/s
Optical (DWDM)
100-400 Gbit/s
FSP 150
(MACsec aggregation)
ENC
FSP 150
(MACsec, VNF)
FSP 150
(MACsec, VNF)
FSP 150
(MACsec, VNF)
FSP 150
(MACsec aggregation)
FSP 3000
FSP 3000
FSP 3000
ENC
© 2022 ADVA. All rights reserved.
3
Can you access data in an optical fiber?
© 2022 ADVA. All rights reserved.
3
© 2022 ADVA. All rights reserved.
4
Fiber tapping
Fiber tap
Transmitter Receiver
Hacker
© 2022 ADVA. All rights reserved.
5
Sumitomo, OFC 2019
Does this really protect your sensitive data?
Physical layer protection
https://lumenisity.com/core
smart-unique-nanf-
hollowcore-technology/
https://www.wirestrander.com/blog/submarine
Carrying the
sensitive data
Noise
© 2022 ADVA. All rights reserved.
6
https://www.profitap.com/fiber-taps/
Amplification
and MUX
points
Network
monitoring
points
Encrypt your sensitive data!
© 2022 ADVA. All rights reserved.
7
Optical fibers traverse hostile locations
Detecting tapping using OTDR technology
© 2022 ADVA. All rights reserved.
8 © 2022 ADVA. All rights reserved.
8
Encrypt all your data, and then you’re done …
Right?
© 2022 ADVA. All rights reserved.
Setting up the cryptography (AES256)
Key exchange
© 2022 ADVA. All rights reserved.
10
Alice
Bob
How to protect confidential information?
Confidential Confidential
• Uses a different, separate protocol
• Secure delivery: privacy, integrity, assurance
• Needs to be handed to the rightful recipient
Key exchange protocol
Secure transport
© 2022 ADVA. All rights reserved.
11
Symmetrical encryption algorithms are fast and efficient
Protecting communication systems
AES-GCM-256 AES-GCM-256
Secret
Session
key
Secret
Plaintext Ciphertext Plaintext
Alice Bob
Session
key
© 2022 ADVA. All rights reserved.
12
Present crypto-systems are resistant to computing attacks using large prime numbers
Protecting communication systems
AES-GCM-256 AES-GCM-256
Secret
Diffie-
Hellman
Diffie-
Hellman
Session
key
Key exchange
Secret
Plaintext Ciphertext Plaintext
Alice Bob
Session
key
© 2022 ADVA. All rights reserved.
© 2022 ADVA. All rights reserved.
What’s the danger with this approach?
© 2022 ADVA. All rights reserved.
14
Symmetric ciphers are quantum resistant – public key cryptography is vulnerable
Quantum computers break present crypto systems
AES-GCM-256 AES-GCM-256
Secret
Diffie-
Hellman
Diffie-
Hellman
Session
key
Key exchange
Secret
Plaintext Ciphertext Plaintext
Alice Bob
Session
key
© 2022 ADVA. All rights reserved.
15
Symmetric ciphers are quantum resistant – public key cryptography is vulnerable
Quantum computers break present crypto systems
AES-GCM-256 AES-GCM-256
Secret
Diffie-
Hellman
Diffie-
Hellman
Session
key
Key exchange
Secret
Plaintext Ciphertext Plaintext
Alice Bob
Session
key
Source: https://quantum-computing.ibm.com/composer/docs/iqx/guide/shors-algorithm
Shor’s algorithm -> fast factorization (find prime numbers)
© 2022 ADVA. All rights reserved.
© 2022 ADVA. All rights reserved.
Time to prepare for quantum era
Why care about future quantum computers?
The quantum computer threat
Minutes
Hours
Days
Months
Years
Millenniums
High-performance
computer (2018)
Quantum
computer (202x)
Cracking time
© 2022 ADVA. All rights reserved.
17
Solutions
Two possible solutions
Post-quantum cryptography (PQC)
Quantum-key distribution (QKD)
Solution 1 Solution 2
Based on physics!
Based on very
complex math
© 2022 ADVA. All rights reserved.
18
Quantum key distribution (QKD) is securing key exchange by quantum transport
Solution 1: Quantum transmission for key sharing
Alice
Bob recognizes the
observation
Session
key
Session
key
Quantum channel
Quantum key processing Quantum transport
And others emerging
© 2022 ADVA. All rights reserved.
19 © 2022 ADVA. All rights reserved.
19
Quantum physics: detection collapses state
Eavesdropper will be detected due to increasing QBER
One photon per quantum bit:
how to cope with fiber (+other) losses?
© 2022 ADVA. All rights reserved.
20
Identifying attacks against key
exchange
Multivendor solution utilizing
open key exchange interfaces
Quantum-safe encryption of
DWDM user traffic
Integrated into live network of
major CSP
First quantum-safe network
with public service providers
Financial institution Quantum key distribution
Quantum safe cryptography: QKD
Cambridge
Adastral Park,
Ipswich
Quantum channel
Encrypted
data channels
<40km point-to-point link
© 2022 ADVA. All rights reserved.
21
Code- and lattice-based asymmetrical encryption algorithms are quantum-safe
Solution 2: Quantum-safe key exchange
Alice
Bob
Session
key
Session
key
Quantum-safe key
exchange protocol
Quantum-safe key
exchange protocol
Key exchange
NIST, July 2022: Standardization candidate: CRYSTALS-Kyber. Round 4 candidates:
BIKE, Classic McEliece, HQC and SIKE
BSI, August 2020: Classic McEliece and FrodoKEM, a.o., in a hybrid solution
© 2022 ADVA. All rights reserved.
22
One of the last of these three models was Rainbow, a signature
system that has a secret key that is only known by the user and that
can be verified by the recipient. Ward Beullens cracked the access
system in a little less than a weekend and using only a laptop.
Source: https://english.elpais.com/science-tech/2022-03-24/using-just-a-laptop-an-encryption-
code-designed-to-prevent-a-quantum-computer-attack-was-cracked-in-just-53-hours.html
The team, from Computer Security and Industrial
Cryptography group (CSIS) at KU Leuven, were able to
crack the algorithm SIKE — or Supersingular Isogeny Key
Encapsulation (SIKE) — using a mathematical approach
to understand SIKE’s encryption and then predict and
steal its encryption keys.
Source: https://thequantuminsider.com/2022/08/05/nist-approved-post-
quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
© 2022 ADVA. All rights reserved.
23
• Field upgradable with
firmware images digitally
signed by ADVA
• Updates enable crypto
agility for addition of new
algorithms and deletion of
undesired algorithms
• Hardware-ready for
quantum safe public key
exchanges (e.g., classic
McEliece)
Field upgradable to enable crypto agility
Crypto submodule (CSM)
© 2022 ADVA. All rights reserved.
24
ADVA protects EU research network against quantum attacks
Quantum-safe key exchange using McEliece algorithm
100G user payload is protected by quantum-resistant
AES-256 cipher
Joint demo with regional research network providers
and super-computing centers
Quantum safe cryptography: post-quantum ciphers
© 2022 ADVA. All rights reserved.
25
Quantum-safe cryptography options
Future-proof security
• New cryptographic algorithms, e.g., McEliece
or Frodo, thought to be secure against cyber
attacks by quantum computers
• The security of the encryption relies on the
computational difficulty
• Reach limitation based on optical interface
Post-quantum cryptography (PQC)
Session
key
Session
key
Quantum safe
key exchange
protocol
Quantum-safe
key exchange
protocol
Key
exchange
• Use quantum physics for secure key exchange:
A try to eavesdrop introduces detectable
anomalies in quantum states
• The security of the encryption relies on the
foundations of quantum mechanics.
• Limited reach due to fiber loss
Quantum-key distribution (QKD)
Session
key
Session
key
Quantum channel
Key exchange
Solution 1 Solution 2
© 2022 ADVA. All rights reserved.
26
Post-quantum security with PQC and QKD
Plaintext Plaintext
Alice Bob
AES encryption AES encryption
Secret
Diffie-
Hellman
Diffie-
Hellman
Session
key
Key exchange
Secret
Ciphertext
Session
key
PQC PQC
Key exchange
QKD QKD
Key distribution
Future-proof data security and flexibility
Protection
against quantum
computers
attacks
© 2022 ADVA. All rights reserved.
27
Dr. Vincent Sleiffer MSc
Senior Systems Consultant
+46 76 795 32 57
VSleiffer@adva.com
Linkedin.com/in/VSleiffer
Getting access to data inside
the fiber is possible. Therefore
it is necessary to encrypt your
sensitive data
Quantum computers are going
to be able to break current key
exchange methods (RSA,
Diffie-Hellman, elliptic curve
cryptography)
Protect your data now against
the quantum threat by using
quantum key distribution
(QKD) and post-quantum
cryptography (PQC)!
Further
listening:
Quantum threat: How to protect your optical network
Takeaways

Recommended

How to Quantum-Secure Optical Networks
 How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical NetworksADVA
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Qualcomm 5G Vision Presentation
Qualcomm 5G Vision PresentationQualcomm 5G Vision Presentation
Qualcomm 5G Vision PresentationQualcomm Research
 
Quantum Key Distribution
Quantum Key DistributionQuantum Key Distribution
Quantum Key DistributionShahrikh Khan
 
CS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSCS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSKathirvel Ayyaswamy
 
Troubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerTroubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerDavid McGeough
 
5G Concept
5G Concept5G Concept
5G ConceptEricsson
 

More Related Content

What's hot

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication CodeKeval Bhogayata
 
Advanced Tools and Techniques for Troubleshooting NetScaler Appliances
Advanced Tools and Techniques for Troubleshooting NetScaler AppliancesAdvanced Tools and Techniques for Troubleshooting NetScaler Appliances
Advanced Tools and Techniques for Troubleshooting NetScaler AppliancesDavid McGeough
 
5G and IoT Security
5G and IoT Security5G and IoT Security
5G and IoT SecurityNUS-ISS
 
Cognitive Radio in 5G
Cognitive Radio in 5GCognitive Radio in 5G
Cognitive Radio in 5GHavar Bathaee
 
Introduction to zigbee
Introduction to zigbeeIntroduction to zigbee
Introduction to zigbeeAmit Dixit
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmVittorio Giovara
 
Gi fi technology-Aditya sehgal
Gi fi technology-Aditya sehgalGi fi technology-Aditya sehgal
Gi fi technology-Aditya sehgalAditya Sehgal
 
Syn504 unleashing the power of the net scaler policy and expressions engine...
Syn504   unleashing the power of the net scaler policy and expressions engine...Syn504   unleashing the power of the net scaler policy and expressions engine...
Syn504 unleashing the power of the net scaler policy and expressions engine...Henrik Johansson
 
5G technology
5G technology 5G technology
5G technology zainAli314
 
Wi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentationWi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentationBryan Slayman
 

What's hot (20)

Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
Femtocell
FemtocellFemtocell
Femtocell
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication Code
 
MANET
MANETMANET
MANET
 
Advanced Tools and Techniques for Troubleshooting NetScaler Appliances
Advanced Tools and Techniques for Troubleshooting NetScaler AppliancesAdvanced Tools and Techniques for Troubleshooting NetScaler Appliances
Advanced Tools and Techniques for Troubleshooting NetScaler Appliances
 
5G and IoT Security
5G and IoT Security5G and IoT Security
5G and IoT Security
 
Cognitive Radio in 5G
Cognitive Radio in 5GCognitive Radio in 5G
Cognitive Radio in 5G
 
Architecture of 5G
Architecture of 5GArchitecture of 5G
Architecture of 5G
 
6LoWPAN
6LoWPAN 6LoWPAN
6LoWPAN
 
Introduction to zigbee
Introduction to zigbeeIntroduction to zigbee
Introduction to zigbee
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
Gi fi technology-Aditya sehgal
Gi fi technology-Aditya sehgalGi fi technology-Aditya sehgal
Gi fi technology-Aditya sehgal
 
SDWAN.pdf
SDWAN.pdfSDWAN.pdf
SDWAN.pdf
 
6G Communication
6G Communication6G Communication
6G Communication
 
UNDER WATER SENSOR NETWORK ENERGY BASED
UNDER WATER SENSOR NETWORK ENERGY BASEDUNDER WATER SENSOR NETWORK ENERGY BASED
UNDER WATER SENSOR NETWORK ENERGY BASED
 
Syn504 unleashing the power of the net scaler policy and expressions engine...
Syn504   unleashing the power of the net scaler policy and expressions engine...Syn504   unleashing the power of the net scaler policy and expressions engine...
Syn504 unleashing the power of the net scaler policy and expressions engine...
 
5G technology
5G technology 5G technology
5G technology
 
4 g and 5g Communication
4 g and 5g Communication4 g and 5g Communication
4 g and 5g Communication
 
Wi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentationWi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentation
 

Similar to Quantum threat: How to protect your optical network

The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...ADVA
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quantum-safe data center interconnects
Quantum-safe data center interconnectsQuantum-safe data center interconnects
Quantum-safe data center interconnectsADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsADVA
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 
ADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdfADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdfOlam21
 
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdfPawachMetharattanara
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018   Application agility and programmability with cis...Cisco Connect Halifax 2018   Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Canada
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureADVA
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Gilles Callebaut
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Secure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data CentersSecure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data CentersADVA
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceADVA
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 

Similar to Quantum threat: How to protect your optical network (20)

The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...ADVA launches world’s first commercial optical transport solution with post-q...
ADVA launches world’s first commercial optical transport solution with post-q...
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quantum-safe data center interconnects
Quantum-safe data center interconnectsQuantum-safe data center interconnects
Quantum-safe data center interconnects
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Layer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport SystemsLayer 1 Encryption in WDM Transport Systems
Layer 1 Encryption in WDM Transport Systems
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
ADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdfADVA Webinar to Netwell.pdf
ADVA Webinar to Netwell.pdf
 
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
5. Firetide Next Generation Wireless Infrastructure for City Surveillance.pdf
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018   Application agility and programmability with cis...Cisco Connect Halifax 2018   Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Scalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the FutureScalable, Secure, Programmable – Cloud Connectivity for the Future
Scalable, Secure, Programmable – Cloud Connectivity for the Future
 
Ethernet basics
Ethernet basicsEthernet basics
Ethernet basics
 
Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...Low power wireless technologies for connecting embedded sensors in the IoT: A...
Low power wireless technologies for connecting embedded sensors in the IoT: A...
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Secure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data CentersSecure Optical Connectivity Solutions for High-Capacity Data Centers
Secure Optical Connectivity Solutions for High-Capacity Data Centers
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assurance
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 

More from ADVA

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350  SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350  SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 

More from ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350  SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350  SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 

Recently uploaded

Large Language Models and Applications in Healthcare
Large Language Models and Applications in HealthcareLarge Language Models and Applications in Healthcare
Large Language Models and Applications in HealthcareAsma Ben Abacha
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubShapeBlue
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024ThousandEyes
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...BookNet Canada
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...2toLead Limited
 
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfQ4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfTejal81
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...ShapeBlue
 
Establishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentEstablishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentThorsten Huelsmann
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...DianaGray10
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxUdaiappa Ramachandran
 
Java Optional (Kitworks Team Study 김성호 발표)
Java Optional (Kitworks Team Study 김성호 발표)Java Optional (Kitworks Team Study 김성호 발표)
Java Optional (Kitworks Team Study 김성호 발표)Wonjun Hwang
 
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Cprime
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueShapeBlue
 
Mastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationMastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationAppsthentic Technology
 
Communities, networking and developer culture
Communities, networking and developer cultureCommunities, networking and developer culture
Communities, networking and developer cultureRavi Sanghani
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarThousandEyes
 

Recently uploaded (20)

Large Language Models and Applications in Healthcare
Large Language Models and Applications in HealthcareLarge Language Models and Applications in Healthcare
Large Language Models and Applications in Healthcare
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...Transcript: Trending now: Book subjects on the move in the Canadian market - ...
Transcript: Trending now: Book subjects on the move in the Canadian market - ...
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...
Microsoft x 2toLead Webinar Session 1 - How Employee Communication and Connec...
 
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfQ4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
Establishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentEstablishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry development
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptx
 
Java Optional (Kitworks Team Study 김성호 발표)
Java Optional (Kitworks Team Study 김성호 발표)Java Optional (Kitworks Team Study 김성호 발표)
Java Optional (Kitworks Team Study 김성호 발표)
 
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
Improving IT Investment Decisions and Business Outcomes with Integrated Enter...
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
Mastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationMastering Play Store App Listing and Optimization
Mastering Play Store App Listing and Optimization
 
Communities, networking and developer culture
Communities, networking and developer cultureCommunities, networking and developer culture
Communities, networking and developer culture
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 
Sue Loth: Job Search Strategies using personal connections
Sue Loth: Job Search Strategies using personal connectionsSue Loth: Job Search Strategies using personal connections
Sue Loth: Job Search Strategies using personal connections
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 

Quantum threat: How to protect your optical network

  • 1. Quantum threat 23 September 2022, Dr. Vincent Sleiffer MSc, senior systems consultant How to protect your optical network
  • 2. © 2022 ADVA. All rights reserved. 2 POP POP POP Location 2 Location N Location 1 The big picture Making networks secure with multi-layer encryption Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC
  • 3. © 2022 ADVA. All rights reserved. 3 Can you access data in an optical fiber? © 2022 ADVA. All rights reserved. 3
  • 4. © 2022 ADVA. All rights reserved. 4 Fiber tapping Fiber tap Transmitter Receiver Hacker
  • 5. © 2022 ADVA. All rights reserved. 5 Sumitomo, OFC 2019 Does this really protect your sensitive data? Physical layer protection https://lumenisity.com/core smart-unique-nanf- hollowcore-technology/ https://www.wirestrander.com/blog/submarine Carrying the sensitive data Noise
  • 6. © 2022 ADVA. All rights reserved. 6 https://www.profitap.com/fiber-taps/ Amplification and MUX points Network monitoring points Encrypt your sensitive data!
  • 7. © 2022 ADVA. All rights reserved. 7 Optical fibers traverse hostile locations Detecting tapping using OTDR technology
  • 8. © 2022 ADVA. All rights reserved. 8 © 2022 ADVA. All rights reserved. 8 Encrypt all your data, and then you’re done … Right?
  • 9. © 2022 ADVA. All rights reserved. Setting up the cryptography (AES256) Key exchange
  • 10. © 2022 ADVA. All rights reserved. 10 Alice Bob How to protect confidential information? Confidential Confidential • Uses a different, separate protocol • Secure delivery: privacy, integrity, assurance • Needs to be handed to the rightful recipient Key exchange protocol Secure transport
  • 11. © 2022 ADVA. All rights reserved. 11 Symmetrical encryption algorithms are fast and efficient Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Session key Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 12. © 2022 ADVA. All rights reserved. 12 Present crypto-systems are resistant to computing attacks using large prime numbers Protecting communication systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 13. © 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. What’s the danger with this approach?
  • 14. © 2022 ADVA. All rights reserved. 14 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key
  • 15. © 2022 ADVA. All rights reserved. 15 Symmetric ciphers are quantum resistant – public key cryptography is vulnerable Quantum computers break present crypto systems AES-GCM-256 AES-GCM-256 Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Plaintext Ciphertext Plaintext Alice Bob Session key Source: https://quantum-computing.ibm.com/composer/docs/iqx/guide/shors-algorithm Shor’s algorithm -> fast factorization (find prime numbers)
  • 16. © 2022 ADVA. All rights reserved. © 2022 ADVA. All rights reserved. Time to prepare for quantum era Why care about future quantum computers? The quantum computer threat Minutes Hours Days Months Years Millenniums High-performance computer (2018) Quantum computer (202x) Cracking time
  • 17. © 2022 ADVA. All rights reserved. 17 Solutions Two possible solutions Post-quantum cryptography (PQC) Quantum-key distribution (QKD) Solution 1 Solution 2 Based on physics! Based on very complex math
  • 18. © 2022 ADVA. All rights reserved. 18 Quantum key distribution (QKD) is securing key exchange by quantum transport Solution 1: Quantum transmission for key sharing Alice Bob recognizes the observation Session key Session key Quantum channel Quantum key processing Quantum transport And others emerging
  • 19. © 2022 ADVA. All rights reserved. 19 © 2022 ADVA. All rights reserved. 19 Quantum physics: detection collapses state Eavesdropper will be detected due to increasing QBER One photon per quantum bit: how to cope with fiber (+other) losses?
  • 20. © 2022 ADVA. All rights reserved. 20 Identifying attacks against key exchange Multivendor solution utilizing open key exchange interfaces Quantum-safe encryption of DWDM user traffic Integrated into live network of major CSP First quantum-safe network with public service providers Financial institution Quantum key distribution Quantum safe cryptography: QKD Cambridge Adastral Park, Ipswich Quantum channel Encrypted data channels <40km point-to-point link
  • 21. © 2022 ADVA. All rights reserved. 21 Code- and lattice-based asymmetrical encryption algorithms are quantum-safe Solution 2: Quantum-safe key exchange Alice Bob Session key Session key Quantum-safe key exchange protocol Quantum-safe key exchange protocol Key exchange NIST, July 2022: Standardization candidate: CRYSTALS-Kyber. Round 4 candidates: BIKE, Classic McEliece, HQC and SIKE BSI, August 2020: Classic McEliece and FrodoKEM, a.o., in a hybrid solution
  • 22. © 2022 ADVA. All rights reserved. 22 One of the last of these three models was Rainbow, a signature system that has a secret key that is only known by the user and that can be verified by the recipient. Ward Beullens cracked the access system in a little less than a weekend and using only a laptop. Source: https://english.elpais.com/science-tech/2022-03-24/using-just-a-laptop-an-encryption- code-designed-to-prevent-a-quantum-computer-attack-was-cracked-in-just-53-hours.html The team, from Computer Security and Industrial Cryptography group (CSIS) at KU Leuven, were able to crack the algorithm SIKE — or Supersingular Isogeny Key Encapsulation (SIKE) — using a mathematical approach to understand SIKE’s encryption and then predict and steal its encryption keys. Source: https://thequantuminsider.com/2022/08/05/nist-approved-post- quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
  • 23. © 2022 ADVA. All rights reserved. 23 • Field upgradable with firmware images digitally signed by ADVA • Updates enable crypto agility for addition of new algorithms and deletion of undesired algorithms • Hardware-ready for quantum safe public key exchanges (e.g., classic McEliece) Field upgradable to enable crypto agility Crypto submodule (CSM)
  • 24. © 2022 ADVA. All rights reserved. 24 ADVA protects EU research network against quantum attacks Quantum-safe key exchange using McEliece algorithm 100G user payload is protected by quantum-resistant AES-256 cipher Joint demo with regional research network providers and super-computing centers Quantum safe cryptography: post-quantum ciphers
  • 25. © 2022 ADVA. All rights reserved. 25 Quantum-safe cryptography options Future-proof security • New cryptographic algorithms, e.g., McEliece or Frodo, thought to be secure against cyber attacks by quantum computers • The security of the encryption relies on the computational difficulty • Reach limitation based on optical interface Post-quantum cryptography (PQC) Session key Session key Quantum safe key exchange protocol Quantum-safe key exchange protocol Key exchange • Use quantum physics for secure key exchange: A try to eavesdrop introduces detectable anomalies in quantum states • The security of the encryption relies on the foundations of quantum mechanics. • Limited reach due to fiber loss Quantum-key distribution (QKD) Session key Session key Quantum channel Key exchange Solution 1 Solution 2
  • 26. © 2022 ADVA. All rights reserved. 26 Post-quantum security with PQC and QKD Plaintext Plaintext Alice Bob AES encryption AES encryption Secret Diffie- Hellman Diffie- Hellman Session key Key exchange Secret Ciphertext Session key PQC PQC Key exchange QKD QKD Key distribution Future-proof data security and flexibility Protection against quantum computers attacks
  • 27. © 2022 ADVA. All rights reserved. 27 Dr. Vincent Sleiffer MSc Senior Systems Consultant +46 76 795 32 57 VSleiffer@adva.com Linkedin.com/in/VSleiffer Getting access to data inside the fiber is possible. Therefore it is necessary to encrypt your sensitive data Quantum computers are going to be able to break current key exchange methods (RSA, Diffie-Hellman, elliptic curve cryptography) Protect your data now against the quantum threat by using quantum key distribution (QKD) and post-quantum cryptography (PQC)! Further listening: Quantum threat: How to protect your optical network Takeaways