Image via Unsplash
Mainstream quantum computing may still be years away, but cybersecurity efforts to protect against quantum attacks can’t wait. When quantum computing does make its entrance, it could quickly eviscerate the cryptography that currently protects online communications, such as the digital signatures used in the domain name system (DNS) and the key exchanges used in transport layer security (TLS).
Fortunately, efforts to protect against how quantum computers could be used in cyberattacks have been underway for years. The National Institute of Standards and Technology (NIST) launched its post-quantum cryptography program in 2016, and in July selected the initial group of algorithms eligible for standardization. But the industry needs to prepare now because updating systems for quantum capabilities will have its challenges.
DNS manages the flow of traffic on the internet. And the cryptography used in DNS Security Extensions (DNSSEC) is essential to the safe routing of traffic, using digital signatures or symmetric keys to verify that websites and data are what they purport to be. Strong cryptography is the only way to ensure that users can trust the results.
Today’s current level of cryptography works well, rendering data as a random sequence of bytes that are useless to anyone without a key. However, quantum computing will change that with processing power which will make current cryptography obsolete.
The quantum bits, or qubits, used in quantum computing work in a different, much faster way than the binary bits used in traditional computing, enabling quantum machines to not only code information more quickly but also to store information immediately. Attackers would be able to access data, store and decrypt it later — and decrypt it much more easily with the power of quantum computing. Encrypted data will likely not stay encrypted for as long as intended.
Quantum computing also will present challenges to DNS’ capacity to handle traffic, because of the larger key and signature sizes that post-quantum cryptography will use. Larger key sizes will require greater computational resources, but, more importantly, may create packet sizes too large for the universal datagram protocol (UDP) used by DNS servers to handle.
In addition to the effects on infrastructure, quantum presents other challenges. Updating ciphers is already a risky process, especially for those running root servers if the servers don’t restrict who can perform updates. If passphrases used to generate the keys are compromised, an attacker could fake any domain verification.
The Internet Corporation for Assigned Names and Numbers (ICANN) also would have to review the key signing ceremony that occurs every three months to generate the cryptographic keys used at the top of the DNSSEC chain. If a quantum attack were to compromise those keys, all of the DNS requests made could be affected.
Preparing for a post-quantum world begins with a shift in mindset, acknowledging that many aspects of IT will change. Security leaders need, for example, to let go of the idea that messages will remain private forever. Security leaders have become accustomed to the notion that what gets encrypted stays encrypted, at least for any foreseeable future. And quantum computing could shorten the time it takes to break encryption by an order of magnitude.
A message sent today with end-to-end encryption (E2EE) might not be breakable currently, so attackers are less likely to bother keeping it. However, because quantum computing may make it breakable fairly soon, attackers may see storing encrypted — but potentially critical — data today for later decryption as a viable tactic.
Organizations such as financial institutions and governments, which regularly deal with high-risk data, should start preparing to make use of post-quantum algorithms as soon as possible. It might seem like they have plenty of time, with quantum computing still under the horizon, but those preparations are a long process. Key steps include:
NIST’s selection of the first four encryption algorithms designed to withstand a quantum attack resulted from a six-year effort, but it’s still only the initial step in the final phase of developing a post-quantum cryptographic standard, which NIST expects to be completed within two years. A second round of algorithms is expected to be announced soon.
But when it comes to securing the DNS, the challenges are not so much algorithmic as they are operational. Hardware will have to be upgraded to handle the increased processing of quantum computing. Existing protocols must be adjusted or new ones introduced, to handle the increased key sizes. One option could be hash-based signatures. They have stood up well against post-quantum cryptography and don’t involve much overhead when they need to be changed, but when dealing with the volume of traffic DNS handles, even low overhead can be significant.
At the moment, there is no complete solution on the table. However, progress is underway. NIST and other standards-making bodies, such as the Institute of Electrical and Electronics Engineers (IEEE), are working on the algorithmic changes. Organizations that must protect their data for the long haul must begin preparing for the operational changes that will follow.
Peter Lowe is the Principal Security Researcher at DNSFilter
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep! 
In today’s rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.
ON DEMAND: Apple Mac computer use is growing in the corporate space. Having the solutions and the knowledge base to respond to events that include Mac computers is just as important as their Windows counterparts.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2024. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing
About The Author
More Stories
From Coverage to Meaningful Connectivity: How Kenya Is Leading Africa’s Internet Future
Community Snapshot—April
Anatomy of a Scam