Cybersecurity

Beyond End-To-End: unveiling the Quantum threat to Encryption

If you’ve ever used Whatsapp or Instagram to communicate with friends and family, you’d notice that the messages are “end-to-end encrypted”. Upon first notice, it sounds great. All your messages are safe and secure – you’d think. 

However, not every encryption method is created equal, and with the rise of cyberattacks and more sophisticated technology especially in the Quantum field, one must exercise caution when choosing the right tools to use. But to better understand the scale of this issue we must first address the mathematical operation that makes such risk feasible in the first place.

Shor’s algorithm poses a major threat to security provided by current industry-standard encryption methods like RSA and ECC which rely on the difficulty of factoring large integers for security. However this difficulty is limited to the classical world of computing, where operations would be trialed one by one until a solution is found (exponential time) making it almost impossible to decipher such encryption methods. On the other hand, a Quantum computer is able to simultaneously compute all the possible trials in a single iteration due to it being in a superposition of exponentially many states – achieving rapid polynomial time. In simpler terms, many of the “asymmetric” encryption methods are at risk.

Evidently, this causes a domino effect on Symmetric encryption methods, since most Symmetric keys are exchanged between users through an asymmetric exchange process, which could be compromised by Shor’s algorithm allowing potential decryption of all data encrypted with that key: including your texts and photos.

Whilst this threat isn’t currently feasible for ordinary individuals — since Quantum Computers are costly, sophisticated pieces of technology –  many countries and researchers are becoming increasingly aware of its uses and have created their own. Evidently, there is an imminent risk that Quantum threats may have the potential to escalate cyberattacks and transform the digital landscape as we know it. 

Moreover, some authorities and individuals are adopting a technique called “Harvest Now, Decrypt Later”: accumulating databases of encrypted information. In hopes, it could one day be decrypted with sufficiently powerful quantum computers. 

Evidently, many companies and researchers (including NIST) have taken measures to enhance encryption methods and implement Quantum safe or secure encryption in their communication protocols. One example, is the open-source messaging platform signal, which introduced the new PQXDH encryption protocol that claims to be quantum resistant to current advancements in the field of encryption: however, they claim that such technology must be upgraded as future findings and vulnerabilities may require additional security adjustments. If you wish to, the whitepaper for the encryption method can be accessed here.

Conclusion

Finally, we realised that such advancements pose a monumental risk to information security. Although it’s easy to be pessimistic about such advancements, I believe that it’s a step in the right direction towards safeguarding our digital security and communication. Therefore, as individuals and organisations alike we must take proactive measures:

  • Stay Informed: Keep abreast of developments in quantum computing and its implications for encryption. Awareness is key to making informed choices.
  • Quantum-Safe Encryption: Consider adopting encryption methods that are resilient to quantum attacks. New cryptographic standards, often referred to as Post-Quantum Cryptography (PQC), are being developed to address this specific concern.
  • Advancements in Technology: Support and invest in technologies that stay ahead of the curve (especially open-source projects), continually updating encryption methods to withstand emerging threats.

Sources

https://csrc.nist.gov/projects/post-quantum-cryptography/
https://statweb.stanford.edu/~cgates/PERSI/papers/MCMCRev.pdf
https://purl.utwente.nl/essays/77239/
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/encryption/what-types-of-encryption-are-there/#:~:text=There%20are%20two%20types%20of,used%20for%20encryption%20and%20decryption.
https://signal.org/docs/specifications/pqxdh/

Kevin Ku Unsplash

The AI Paradox: Enhancing Cybersecurity while Raising Concerns

In today’s interconnected and digitized world, numerous cybersecurity attacks such as malware attacks, phishing attacks, and data breaches occur, increasing the demand for cybersecurity professionals and advanced technologies such as Artificial Intelligence. However, AI acts as a defender and as a challenger to cybersecurity. 

Cybersecurity involves analyzing patterns from massive amounts of data to protect systems and networks from digital attacks and identify threats. The traditional approach relied heavily on signature-based detection systems, which were effective against known threats but incapable of detecting new or unknown threats, resulting in frequent cybersecurity attacks. However, AI-based solutions use machine learning algorithms that are trained using vast amounts of historical and current data to detect and respond to unknown and new threats. According to Jon Olstik’s Artificial Intelligence and Cybersecurity, approximately “27 percent” of security professionals in 2018 wanted to use AI for “improving operations, prioritizing the right incidents, and even automating remediation tasks,” implying that the reasons for AI in cybersecurity continue to increase over time.

However, there’s another side to AI’s role in cybersecurity, and it’s more dangerous than beneficial. While it may appear that AI systems are unlikely to be hacked, this is not the case because hackers can manipulate these systems. As previously said, AI solutions employ machine learning algorithms to detect threats; nevertheless, a fundamental flaw is that vulnerability is that these models are fully dependent on the dataset. A poisoning attack occurs when an attacker modifies the dataset to fulfill their malicious goals, forcing the model to learn from the modified data and leading to more attacks. 

As these rising concerns and vulnerabilities, AI-based solutions will need to be not only fast, but also safe and risk-free. AI and Cybersecurity share a complex relationship and it’s safe to conclude that Artificial Intelligence will continue to play a paradoxical yet essential role in the growing field of cybersecurity.

  • Comiter, Marcus, et al. “Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It.” Belfer Center, August 2019, https://www.belfercenter.org/publication/AttackingAI#toc-3-0-0. Accessed 7 July 2023.
  • Moisset, Sonya. “How Security Analysts Can Use AI in Cybersecurity.” freeCodeCamp, 24 May 2023, https://www.freecodecamp.org/news/how-to-use-artificial-intelligence-in -cybersecurity/. Accessed 7 July 2023.
  • Oltsik, Jon. “Artificial intelligence and cybersecurity: The real deal.” CSO Online, 25 January 2018, https://www.csoonline.com/article/564385/artificial-intelligence-and -cybersecurity-the-re al-deal.html. Accessed 7 July 2023.