In this week’s episode of the podcast (#133): the arrival of functional quantum computers may be closer than you think. I’m joined by Avesta Hojjati, Head of DigiCert Labs and Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research to talk about coming quantum revolution and what it means for security. Also: what will it really take for consumers and businesses to ditch the user name and password? This week we’re kicking of a series on the future of passwords and authentication with George Avetisov, the CEO of the startup HYPR.
Quantum’s Security Challenge
Quantum computers sound like the stuff of science fiction: with the zeros and ones that are the foundation of modern computing giving way to ethereal qubits that can be either zero or one or both at the same time as well as everything in between.
But the arrival of functional quantum computers may be closer than you think. Estimates vary from the first such system being available anytime from five years or so from now to 20 or more. Once they’re here, quantum computers will make short work of many of the most commonly used encryption schemes, which protect much of the world’s sensitive data. And, for cryptography experts worried about the security of data protected with powerful encryption algorithms, a decade or two hence is close enough to begin preparing now.
One small step in that direction happened this week, as Microsoft teamed with the certificate authority DigiCert and the firm Utimaco, announcing a successful test implementation of a Microsoft-developed algorithm known as “Picnic” which can create quantum-safe digital certificates used to encrypt, authenticate and provide integrity for connected devices commonly referred to as the Internet of Things (IoT). Though still in development, the companies say that Picnic will protect IoT devices from future threats quantum computing could pose to today’s widely used cryptographic algorithms.
To understand more about the problem that the advent of quantum computing poses for the security of the Internet and the Internet of things, we sat down with Avesta Hojjati, Head of DigiCert Labs and Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research, and an inventor of the Picnic algorithm to talk about the coming quantum revolution and what it means for security.
Life after passwords
In just the last month, hundreds of millions of user names and passwords have been exposed by researchers: the contents of online compendiums known as collections 1 through 5. They’re the fruits of data breaches and hacks going back years, and they are a useful tool to cyber criminals who can carry out credential stuffing attacks against a wide range of sites.
The password problem gets even worse when you think about the Internet of Things, where endpoints proliferate and the consequences of attacks and compromises risk life and limb.
What’s the solution? One easy answer is biometric identifiers like finger prints, face scans – even voice are natural choices. But widespread use of biometrics can pose a risk to privacy and civil liberties, as countries like China are demonstrating. So is there a happy medium between security, privacy and civil liberties? In our second segment, we speak with George Avetisov, of the firm HYPR about how smart phones are creating the possibility for a new, decentralized authentication system in which users control their own online identities.