STEPHEN BEGLEY - 保護今天的秘密免受明天的威脅.pdf

《STEPHEN BEGLEY - 保護今天的秘密免受明天的威脅.pdf》由會員分享，可在線閱讀，更多相關《STEPHEN BEGLEY - 保護今天的秘密免受明天的威脅.pdf（17頁珍藏版）》請在三個皮匠報告上搜索。

1、2022 Mandiant2024 MandiantSecuring todays secrets against tomorrows threatsThe quantum-cryptographic threat landscape19 March 2024Stephen BegleyPrincipal Consultant at Mandiant ConsultingIntroduction01IntroductionOverview of Quantum ComputingQuantum Threats and TimelinesWhat Can We Do Today?Q&A01020

2、30405AgendaStephen Begley-Mandiant UK&Ireland Red Team Lead2.5 year tenure at MandiantPreviously 6 years Big 4 ConsultingPreviously earned a Masters and PhD in experimental Quantum ComputingWho Am I?Overview of Quantum Computing02Quantum computers represent a new paradigm in computing,but are not ju

3、st extremely powerful versions of our current(“classical”)computers:Faster than a classical computer at certain specific tasks In most cases,currently slower than classical computers Good at simulating other quantum systems Also good at factoring large numbers Limited other applications and algorith

4、ms currentlyQuantum Computing OverviewQuantum physics enables a range of other technologies relevant to cryptography,including:Quantum Key Distribution(QKD)Uses quantum-mechanical superposition and entanglement for key generation and sharing Makes it possible to detect whether key material has been

5、interceptedQuantum Random Number Generation(QRNG)Enabled fast generation of large numbers of“truly random”numbersCryptographic Quantum TechnologiesQuantum Threats and Timelines03Asymmetric EncryptionVulnerable to attack.This has implications for:Communications Message and software signing E.g.PGP fi

6、le encryptionSymmetric EncryptionNot vulnerable to attack by quantum computers(with todays key sizes).E.g.AES Establishing and transporting shared keys still a problemHash FunctionsNot vulnerable with currently known quantum algorithms.QCs can speed up collision attacks via Grovers algorithm but onl

7、y quadraticallyBlockchainImplementation DependentBlockchain relies on asymmetric public-key crypto but the exposure window of public keys can be limited,e.g.P2PKH#Quantum Computing Attacks:ScopeQuantum Computing Attacks:Timelineshttps:/globalriskinstitute.org/publication/quantum-threat-timeline/Mosc

8、as TheormBUTtodays secrets are already at risk!Store Now Decrypt Later attacksForward secrecy does not solve this problemFor data with a long“shelf-life”,extra precautions should be taken ASAPhttps:/ can we do today?04Use Quantum Cryptographic SolutionsQuantum Key Distribution In theory provides com

9、plete protection against eavesdropping,practical implementation can have reduction in this assurance Introduce third party risk Requires satellites,point-to-point transmission or dedicated cables Susceptible to DoSWhat can be done?https:/ can be done?Use Quantum-Resistant Classical SolutionsProtect

10、Data from CollectionPost-Quantum Cryptography(PQC)https:/www.ncsc.gov.uk/whitepaper/preparing-for-quantum-safe-cryptographyhttps:/www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/NIST announced CFP for standardisation processDec 20162024Standards PublishedFirst 4 wi

11、nners announced(1 PKE,2 signature)Jul 2022NIST requests comments on initial public standard draftsAug 2022Deadline for commentsNov 2023 No current widely implemented algorithm NIST contest has selected winners for standardisation this year Carefully studied,but still new algorithms Approach recommen

12、ded by UK NCSC and the NSANIST Published Draft StandardsModule-Lattice-Based Key-Encapsulation Mechanism Standard(ML-KEM,Kyber)Module-Lattice-Based Digital Signature Standard(ML-DSA,Dilithium)Stateless Hash-Based Digital Signature Standard(SLH-DSA,SPHINCS+)FIPS 203FIPS 205FIPS 204What can be done NO

13、W?Ensure existing controls are robustMigrate to PQC where possible(e.g.symmetric encryption)for sensitive dataApply additional controls around highly sensitive/long shelf-life data;e.g.applying additional network segregation,wrapping plaintext in symmetric crypto before transmissionPrepare existing

14、software to enable“drop-in replacement”cryptoBuild in automation where possiblePlan management of PKI certificate lifetimes-dont go too far into the future!Identify systems which may have legacy issues and plan replacement or mitigationAppoint one person as Head of Cryptographic InventoryBegin Preparing a Cryptographic Bill of MaterialsIncluding software libraries,hardware,legacy systemsPrioritize articles in terms of data sensitivity and shelf-lifeInventoryProtectBuild“Crypto-Agility”Thank you.