First post-quantum computing IoT security platform compliant with new NIST standards
11 July 2022
Crypto Quantique's QuarkLink enables secure chip-to-cloud connectivity at scale with just a few keystrokes
Specialist in quantum-driven cybersecurity for IoT (internet of things), Crypto Quantique has announced a post-quantum computing (PQC) version of its QuarkLink chip-to-cloud IoT security platform. The upgraded platform is believed to be the first to use post-quantum algorithms recently announced for standardization by NIST (National Institute of Standards & Technology), particularly the chosen key encapsulation mechanism (KEM), CRYSTALS-Kyber.
As part of its recent announcement on post-quantum standards, NIST focused on the applicability of the schemes to embedded devices, including benchmarks of all schemes on the ARM-Cortex M4, demonstrating that post-quantum security on the IoT is a realistic goal. Elsewhere, NIST standardized multiple signature schemes, including both lattice- and hash-based signatures, and suggested algorithms of future interest that may be standardized later. Crypto Quantique’s KEM-TLS protocol is designed to be flexible and can easily be adapted to these changing standards.
QuarkLink is a comprehensive platform for connecting IoT devices with an embedded root-of-trust to server-based applications. Its functions include device provisioning, automated secure onboarding to applications and lifetime security management. Via a simple interface, users can achieve firmware encryption, signing and secure updates over-the-air, certificate and key renewal, and device revocation. A few keystrokes initiate an automated process for onboarding thousands of devices in minutes to a server platform, or to multiple platforms simultaneously. AWS, Microsoft and Mosquito are among the cloud services currently supported.
Crypto Quantique worked on the post-quantum version of QuarkLink’s enrolment, relying on a custom, built-in-house variant of the novel KEM-TLS protocol developed with researchers at the Department of Computer science at ETH Zurich. The research was led by led by Professor Kenny Paterson. The resulting variant of the KEM-TLS protocol is particularly suited to the IoT setting, as its reliance on KEMs, as opposed to post-quantum digital signatures, lowers bandwidth costs and increases efficiency, without compromising security.
Crypto Quantique CEO, Shahram Mossayebi said: “Many IoT installations have a projected operating life of ten years or more. During that time, we will see the emergence of quantum computers that will make cyberattacks on IoT devices several orders of magnitude more powerful than they are today. We have already developed a quantum-driven root-of-trust technology for semiconductors that will provide the foundation for secure IoT networks. By ensuring that QuarkLink runs the most advanced post-quantum algorithms, we will provide our customers with unbreakable end-to-end security. Our first demonstration of a post-quantum version of QuarkLink shows how easy we can make it for customers to achieve IoT device security at scale, whatever hackers throw at them – now or in the future.”
Kenny Paterson, Professor of Computer Science at ETH commented: “It’s been very exciting working with the Crypto Quantique team to research and develop PQC protocols, and to see our research ideas entering deployment in such a short space of time. Kudos to Crypto Quantique for being the first to market with solutions offering security for the long term.”
Background to this Development
This work described above was made possible through the Eurostars programme in partnership with ETH Zurich. The programme's goal was to create the world’s first quantum-driven cyber security platform to protect IoT devices from cyber-attacks. Eurostars funds multiple projects across Europe every year, with over 29% of applications receiving funding and 1.75 Billion in public/private funds invested since 2014.
This project received funding form the Eurostars-2 joint programme with co-funding from the European Union Horizon 2020 research & innovation programme.
This recent development is just another example of the readiness of Crypto Quantique to address the security needs of the IoT industry by actively developing with the most cutting-edge algorithms, now standardised by NIST. Post-quantum computing will become a necessity, and an early start in understanding what that process entails will save money, time and effort.
Contact Details and Archive...