newsletter



    The Quantum Dilemma that Banks Must Face

    1702

    The topic of quantum computing keeps coming up more and more as time goes by. Stories have abounded about Google and Microsoft solving their Quantum Dilemmas, and the Chinese also achieving quantum computer supremacy. Has the time come for banks to face the next stage of the digital revolution?

    The dilemma around this topic revolves around one simple issue: Will there be an Intel of Quantum Computing? Or will there even be an equivalent to what Intel has been to our normal PCs? Or will everybody just simply go out there and create their own, much like seems to be the case at the moment.

    Much like the other firms we mentioned earlier, Intel also appear to be developing quantum computing technology with more and more of their Tweets relating to the new technology. While we’ve all been watching news about algorithms and the new oil – data, others have been busy preparing for the next phase of the Digital Revolution.

    The Cypherpunks – the Original Disruptors

    Many will recall how Edward Snowden took on the US National Security Agency (NSA) back in 2013.

    One of the accusations he made at the time had been that the NSA was building a quantum computer that could crack encryption that protects banking, medical, business and government records around the world.

    Last year, the NSA came a step further to something they may or may not have been working on since Snowden made his stand.

    Many in the U.S. will think this is a good thing, especially with concerns over how swiftly Chinese quantum computing seems to be developing.

    Countries like Russia, China and the U.S. are not the only ones who have to worry about whistle-blowers, disruptors and critics. Modern banking and Big Tech also have their fair share of disruptors, one only has to consider Cambridge Analytica’s whistle-blower Christopher Wylie.

    And, if you think what Wikileaks and Cambridge Analytica have meant for corporations and countries, the Quantum Dilemma might be even more disruptive.

    Banks, with all their trillions and trillions of megabytes of data, should worry. Or, at least, protect themselves better from what the future might hold.

    Doxing

    In recent weeks a former US cyber security chief, Chris Krebs, spoke with the FT and said that: “You’ve got to go after the bad guys, and I’m not just talking about law enforcement”.

    To dox a hacker who holds organisations to ransom by encrypting their data systems and asking for cash, you need to identify them, then tell them you will be going after them.

    But while we wait for ‘doxing’ to be put into place or an alternative, quantum computing may also offer a solution to the problem of hacking and ransomware.

    Quantum Computing in Banks and Financial Institutions

    Some banks like HSBC, BBVA, JPMorgan and Standard Chartered (and probably many more) have already started to look more deeply into quantum computing.

    Wall Street is also getting in on the act, with the Economist covering a deeper story on their quantum focus in late 2020.

    It wasn’t so long ago that we were being told that Blockchain is the next big thing, might it have actually been quantum computing all along?

    Back in June 2020, we spoke to Johann Polecsak, CTO of QANPlatform, to explore more about how they have brought together Quantum computing and Blockchain, and how their solution might have a solution that banks can use:

    Post-quantum Cryptography

    Today we return to Estonia to speak to Johann a bit more about a solution they have been developing.

    “We now have a separate company for the encryption and post-quantum cryptography part of the business, which is a cybersecurity solution.

    “A post-quantum Virtual Private Network (VPN) solution,

    “By separating the post-quantum cryptography out of the quantum resistant blockchain platform and creating a new product, a post-quantum VPN.”

    Microsoft are one of the companies exploring this area too, with a thorough write-up about how the process works on their site, and on github.

    Johann continued by using the example of the Transport Layer Security (TLS), and with us both having travel restrictions, we were, inevitably, forced to use video to catch-up:

    “We believe that things are secure, because of TLS, our zoom call is being protected by TLS.

    “Let’s say, if your Internet Service Provider, be that mobile or Wi-Fi, wanted to monitor our conversation, they could.

    “Of course, we are only talking hypothetical targeted attacks here. But, if they were interested in you or me, then they could monitor your network packets (consisting of control information and user data), and save it.

    “And if they save these packets, the related TLS handshake (when connection details are established between two parties on a network) is what can also be captured and opened by a quantum computer. If you crack the handshake process, then you can read the packets in plain text. Packets like our conversation now.

    “It means we are defenceless. In a few years’ time all of the conversations we’ve all had during lockdown and before could, hypothetically, be opened up to public view. It would come as a very nasty surprise if you are not ready.

    Sounds quite frightening, and also might resonate with a few of the things that Snowden seemed to be warning us of back in 2013. So how much time do we have?

    Johann continued:

    “With the quantum VPN, it builds on well established protocols, all protected by elliptic-curve or RSA cryptography, but all vulnerable in the near future.

    “It’s no longer a question of ‘if’, but ‘when’ the first quantum computer will be able to break the well-established cryptography. IBM says it might even be in 2 years.”

    “Google may have briefly held quantum supremacy, but that is no longer really the challenge anymore as the inevitability of quantum computing nears.”

    So naturally, Johann told us more about how their solution works:

    “Our solution has the first protection layer of your VPN protected by elliptic-curve cryptography, but inside that layer is a post-quantum key exchange.

    “The outer layer will seem easy to crack for a quantum computer, but once it is past that it will find the post-quantum handshake which protects the data. And this is where it will come to a dead end.

    “The newest technology of the future won’t be able to tell that you are using an exotic protocol. A lot of companies are afraid of attacks, and for them so they wouldn’t want to advertise necessarily that their network has an exotic protocol. Our VPN means that from the outside companies can remain incognito and nobody can tell if they are protected by anything other than standard cryptography.”

    Cybersecurity is often referred to in the same sentence as Israel. And, Johann has visited the eco-system there, and takes much inspiration from developments made in the country.

    We then touched upon the market that is out there for a product like QAN Platform’s VPN.

    “We have a very niche market, there are not so many sectors that will need this level of protection.

    “If you think of banks, they often use secondary authentication mechanisms or one time passwords, which gives them some security.

    “But if a banks’ data was compromised by a quantum computer in the next 5 or so years, for the bank, this would be an unacceptable risk.

    “It will be hard to protect all systems within a bank still, with their exposure to Zoom calls, WhatsApp and other channels. We can only truly be quantum secure if all their data is on self-hosted systems, peer-to-peer telephony, or your web server.”

    And when it comes to working with companies who want to be ‘quantum resistant’, Johann explained a bit more:

    “I often speak to Tech people in companies, they immediately see the opportunity that being ‘quantum resistant’ gives them.

    “And it’s really easy to implement,

    “You have your web servers, email servers, etc.. and you can immediately be protected without a single line of code having to be written. It’s a VPN, it just needs to be implemented on the clients’ server, no software needs to be changed. Just direct traffic through the VPN rather than your physical IP and it just protects you immediately.”

    With many banks relying more heavily on cloud providers like AWS, Microsoft and Google, we asked Johann how he expects this market to adapt.

    “We will need to trust the cloud providers, but there will still be risks.

    “You could copy your quantum keys to the cloud, which might not be a quantum resistant channel and your keys could be captured allowing the quantum computer to recover the handshake process.

    “Our solution runs in Kubernetes, natively, allowing you to protect your services running inside Kubernetes. Everything we are building is cloud native, and must be easily run in Kubernetes.

    “We are also looking at other areas where we can help customers become quantum secure.”

    Johann pointed out how Shor’s algorithm has come up again recently, in discussions related to breaking public-key cryptography schemes. For anyone wanting to delve deeper into the subject, the mathematician, Peter Shor, invented the algorithm in 1994. There is a lot to learn still.

    The FT went into a bit more detail on the topic only a few months ago:

    For banks, ‘Trust’ is one of the most important messages, that needs to be strengthened constantly. With the imminent arrival of quantum computing, and what it could mean for both banks as well as their customers, we may not be able to simply choose how we contact a bank in the future. In the future, just to be secure, we will have to rely more heavily on the tech that the banks will have.

    And if the banks want to have the tech to make us feel we can trust them more. Getting tech that can stop future data breaches like ones we have seen in the past with TSB and others, would seem to be an essential investment. And like Johann tells us, it’s not a matter of ‘if’, but a matter of ‘when’, and the ‘when’ is drawing ever closer.

    For more information about QANPlatform, check their latest news.

    Author: Andy Samu

    #Cypherpunk #Disruptor #EdwardSnowden #QuantumLeap #NSA #Intel #Microsoft #Google #China #QANPlatform #Blockchain #Quantumcomputing #Cybersecurity #Doxing