Cybersecurity researchers recently reported that every IoT device with a random number generator or RNG (35 billion worldwide) contains a vulnerability that fails to properly generate random numbers, inhibiting the device’s ability to securely communicate, hide information from third parties, and authenticate and operate securely.
To learn more on how quantum cybersecurity can protect IoT devices from these types of failures, Design News interviewed Duncan Jones, RNG expert and head of quantum security for Cambridge Quantum (which is combining with Honeywell Quantum Solutions to form the world's largest quantum computing firm). Here is a portion of that discussion.
Design News: How can designers protect IoT devices with verifiable quantum technology-based Random Number Generators (RNGs)?
Jones: IoT devices need access to perfect, pattern-less entropy to create strong encryption keys. However, at a recent talk at DEFCON highlighted, existing RNGs were shown to be difficult to use properly. Further, they produce randomness that is full of patterns.
A better solution is to inject truer entropy and cryptographic keys into IoT devices when they are manufactured, using quantum technology to ensure the randomness is provably perfect. The only way to generate this perfect randomness is to execute quantum circuits on a quantum computer, which is exactly what we've been commercializing at Cambridge Quantum.
Design News: How can quantum technology provide randomness that attackers are unable to predict, protecting IoT devices?
Jones: Quantum computers allow us to tap into the fundamental randomness of nature. Using just a handful of qubits - well within the capabilities of existing quantum computers - it's possible to generate completely unpredictable randomness, thanks to quantum mechanics. Not only is the output of this process perfect random, but it can be proven to be truly random. This is very different from existing random number generators and even the first wave of quantum random number generators, which produce randomness that fails advanced statistical tests.
To protect against post-quantum attacks, IoT devices can be injected with randomness or cryptographic keys derived from quantum entropy.
Design News: Why is verifiable randomness the only way to ensure cryptographic keys protecting IoT devices are safe from conventional computers now and quantum computers in the future?
Jones: For cryptographic keys to be truly strong, they need to be derived from a non-deterministic source of entropy. Take a coin toss, for instance. This appears very random, but it's entirely predictable if you have enough computational power and knowledge of the system state.
Our existing methods of key generation are similarly predictable if you have sufficient computing power. Quantum computers will provide the ability to compute unimaginable amounts of data very quickly and are exactly the tool a future attacker would use to predict cryptographic keys and expose sensitive data.
Fortunately, if you generate cryptographic keys using Cambridge Quantum's IronBridge platform, these problems go away. The provably perfect quantum randomness generated within the platform cannot be predicted by even the most powerful quantum computers in the future. This is because we rely on the truly non-deterministic nature of quantum mechanics. This is the idea popularized with the Schrödinger's Cat analogy -you cannot tell what you will measure until you open the box.
John Blyler is a Design News senior editor, covering the electronics and advanced manufacturing spaces. With a BS in Engineering Physics and an MS in Electrical Engineering, he has years of hardware-software-network systems experience as an editor and engineer within the advanced manufacturing, IoT and semiconductor industries. John has co-authored books related to system engineering and electronics for IEEE, Wiley, and Elsevier.