Your SlideShare is downloading.
×

- 1. © 2022 Juniper Networks 1 Chief Architect Juniper Networks Exploring Quantum Technology for Networking Melchior Aelmans
- 2. © 2022 Juniper Networks 2 Your computer can factor a 100-digit number in 17 minutes. A 200-digit number would take about 75 years. And it gets exponentially more difficult with more digits. Sounds as if we are safe right?
- 3. © 2022 Juniper Networks 3 Source: https://www.laserfocusworld.com/test-measurement/research/article/14067750/ibm-and-fraunhofergesellschaft-team-up-to-promote-quantum-computing-in-europe
- 4. © 2022 Juniper Networks 4 Public Key Cryptography or Quantum Key Distribution
- 5. © 2022 Juniper Networks 5 Public Key Cryptography Steel-Belted Radius TLS Asymmetric Public Key Cryptography MACsec AES-256 AES-256 has no known vulnerability itself from Quantum computers MACsec AES-256 Public-key cryptography is vulnerable when a quantum computer with enough qubits becomes available. Then Shor's algorithm can be used to break public-key cryptography schemes.
- 6. © 2022 Juniper Networks 6 How does Quantum technology differentiate? 6 Algorithmic Strength RSA DH AES pQC sharing Crypto Engine Typical use Entropy Source Public crypto (RSA, DH) Public key Math bootstrap Local RNG Symmetric (AES) Private key Math Work horse from local RNG or QKD QKD none Physics bootstrap Quantum-RNG Public Key Cryptography Symmetric Cryptography QKD is one of multiple security enhancement investments being made across the industry to prevent the risk of Quantum Computing being used by malicious adversaries Quantum Computer attack potential Physical Strength 100% QKD 100% Quantum channel is information theoretically secure NEW! QKD + MACsec / IPsec M ath Physics Quantum safe
- 7. © 2022 Juniper Networks 7 Today’s Key Distribution (PKI) Key Source (Router) Key-Sink (Router) 1. A Key source generates a key by use of a Random Number Generator (RNG) 2. The Key-Source encrypts the key using Public Key Cryptography (PKI) and sends it to the Key-Sink Result: key is known at source and sink RNG 1. Issue: The full key information is transported over the data channel, can be intercepted without knowledge of Key-source and Key-Sink (store&decrypt later) 2. Issue: PKI is considered breakable with Quantum Computers using Shor’s Algorithm packet flow
- 8. © 2022 Juniper Networks 8 Post Quantum Cryptography (pQC) Key Distribution 1. Issue: [same as today] The full key information is transported over the data channel, can be intercepted without knowledge of Key-source and Key-Sink (store & much harder to decrypt later) 2. Issue: pQC-PKI is considered resistant against attacks with Quantum Computers using Shor’s algorithm. But there is no proof that another Algorithm exists that could break the encryption Key Source (Router) Key-Sink (Router) packet flow RNG 1. A Key source generates a key by use of a Random Number Generator (RNG) 2. The Key-Source encrypts the key using pQC-based Public Key Cryptography (PKI) and sends it to the Key-Sink Result: key is known at source and sink
- 9. © 2022 Juniper Networks 9 Quantum Key Distribution (QKD) QKD-A QKD-B Quantum Channel Dark fiber or Satellite 1. Quantum Key Distribution enables two distant devices connected with a Quantum Channel to “distill” the same information on both devices Result: key is known at source and sink 1. Advantage: cannot be broken even if the adversary has unlimited computing power. The distribution mechanism is proven to be information theoretic secure [Wikipedia] • Quantum state cannot be intercepted without changing it’s state and is detectable • Quantum state decays fast. It cannot be stored for a long time to decrypt it later Router Router
- 10. © 2022 Juniper Networks 10 Quick Intro: Quantum Communication by dummies • Quantum state of individual photons is any fraction between 0 and 1 • Photons can be split into two photons jointly maintaining the properties of the original photon. P0 = 1 à (p1 + p2) = 1 • The state of photons is unknown until measured: p1 =?, p2 =? • Measurement of one photon ‘collapses’ the state of both: Measuring p1 = 0.3 causes p2 = 0.7 [Remember: (p1 + p2) = 1 ] • If we measure the state of a photon and know that it was entangled, the state of the other photon is known.
- 11. © 2022 Juniper Networks 11 Quantum Key Distribution BB84* protocol (schematic) 11 *invented by Ch. Bennett (IBM Research) & G. Brassard (University of Montreal) in 1984 Quantum Transmission Quantum Measurement Preparation Quantum Measurement Measurement post-processing Sifting through the Results Key Result More on BB84: https://www.youtube.com/watch?v=IE5952ExMK8
- 12. © 2022 Juniper Networks 12 Quantum Cryptography Key Exchange Quantum Key Receiver Quantum Key Transmitter Key request 1 2 Key-Cipher + key-ID Request Key with <Key-ID> 4 5 Key-Cipher Juniper Router crypt Juniper Router crypt Data communication MACsec/IPsec secured Data Link Quantum channel 3 Communicate <Key-ID> Eve Alice Bob
- 13. © 2022 Juniper Networks 13 Random Number Generators
- 14. © 2022 Juniper Networks 14 Random Number Usecases BLOCKCHAIN Secure transactions between users including payment protection for a resilient cryptocurrency infrastructure IOT SECURITY & 5G Protection of product connectivity systems and operational technology PKI/PQE Quantum secure encryption for both a pre & post quantum environment OPTIMIZATION New Product development & reduction in time to market HYBRID KEY GENERATION Post-quantum cryptography used with current encryption methods in existing systems SIMULATION Analytical & statistical simulation for risk mgt PREDICTION Analysis for superior mgt decision support systems & forecasting QKD Quantum drived cyber security distribution of crytograhic keys KEY ENCAPSULATION Wrap keys with Post Quantum Encryption (PQE) mechanism and algorithms
- 15. © 2022 Juniper Networks 15 Random Number Generators Random numbers are fundamental for cybersecurity & numerical simulations, optimization & prediction. Multiple types of random number generators: pseudo-random, quasi-random, true-random, quantum-random. Today’s wide-spread random number generators are typically slow, predictable & complex to monitor. Your code 084 976
- 16. © 2022 Juniper Networks 16 Quantum Random Numbers Generator
- 17. © 2022 Juniper Networks 17 Comparing random sources
- 18. © 2022 Juniper Networks 18 Summary: Potential fields of interest to networking Currently there are three quantum technology of interest for a Quantum Safe Strategy: 1. Quantum Random Number Generators (QRNG) QRNG has become a key enabling technology for quantum-level security in mobile devices, data centers and even medical implants, to name just a few current-day applications. 2. Quantum Key Distribution (QKD) QKD is only used to produce and distribute a key, not to transmit any message data. This key is used by any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. 3. Post Quantum Cryptography (PQC) Post-quantum cryptography refers to mathematical cryptographic algorithms (usually public-key algorithms) that are thought to be more secure against a cryptanalytic attack by a quantum computer than current-day public-key algorithms.
- 19. © 2022 Juniper Networks 19 But what about a Quantum Internet?
- 20. © 2022 Juniper Networks 20 how will the quantum internet look like? Application support based on quantum entanglement • Source: https://arxiv.org/pdf/2010.02575.pdf “Quantum networks will use existing network infrastructure to exchange classical messages for the purposes of running quantum protocols as well as the control and management of the network itself. Long- distance links will be built using chains of automated quantum repeaters.”
- 21. © 2022 Juniper Networks 21 Quantum Networking / Quantum Internet • Two approaches to construct quantum networks; simply forward quantum information directly between nodes or create entanglement between not directly connected nodes (somewhat comparable to overlay networking ) leveraging teleportation and entanglement swapping. • Classical computer networks tackle the complexity of transmitting bits between two nodes by breaking down the transmission into several layers of a stack model, the Open Systems Interconnection model (OSI model). Work is ongoing to establish a comparable model to quantum network. • Quantum applications can operate with imperfect quantum states — if the fidelity is above an application-specific threshold (for basic QKD the threshold fidelity is about 0.8). A A B C C B Source: https://arxiv.org/pdf/2010.02575.pdf
- 22. © 2022 Juniper Networks 22 The advent of a Quantum Internet… 22
- 23. © 2022 Juniper Networks 23
- 24. © 2022 Juniper Networks 24 Questions? Reach out! Melchior Aelmans melchior@juniper.net
- 25. © 2022 Juniper Networks 25 Thank you