(IOT.Today) The National Institute of Standards and Technology (NIST) has consulted with cryptography thought leaders on hardware and software options to migrate existing technologies to post-quantum encryption.
The consultation forms part of a wider national contest, which is due to report back with its preliminary shortlist later this year.
IT pros can download and evaluate the options through the open source repository at NIST’s Computer Security Resource Center.
Businesses need to know how to contend with quantum decryption, which could potentially jeopardize many Internet of Things (IoT) endpoints.
One option, which NIST is considering, is to blend post-quantum security at network level with standard ciphers on legacy nodes. The latter could then be phased out over time.
A hybrid approach published by NIST guidance around using the old protocols that satisfy regulatory requirements at a security level that’s been certified for a given purpose.
For national governments, it’s becoming an all-out quantum arm’s race. And the U.S. may well be losing. Russia and China have both already unveiled initial post-quantum security options.
Businesses must have safeguards against quantum decryption, which threatens IoT endpoints secured by asymmetric encryption.
A symmetric encryption technique, Advanced Encrypton Standard, is believed to be immune to Shor’s algorithm attacks, but is considered computationally expensive for resource-constrained IoT devices.
For businesses looking to quantum-secure IoT in specific verticals, there’s a risk assessment model published by University of Waterloo’s quantum technology specialist Dr. Michele Mosca. The model is designed to predict the risk and outline times for preparing a response, depending on the kind of organization involved.
One option, which NIST is considering, is to blend post-quantum security at network level with standard ciphers on legacy nodes. The latter could then be phased out over time.