Most people in computer security and other IT professions are well aware of the alarm bells ringing about what will happen in the post quantum computing world. It is not if, but when we will see the effects of quantum computing start popping after it becomes readily available to malicious actors. However, we cannot discount the multiple opportunities that quantum computers could offer all industries, including the IoT industry, giving them an advantage over their competitors.
If you are involved with IoT, here is what you need to know about the possible benefits and threats that quantum computing could bring.
Opportunities and Challenges from Quantum Computing for the IoT Industry
IoT is an emerging technology that enables billions of devices to connect and communicate securely with each other and with the internet. IoT is an acronym for "Internet of Things". It refers to the network of physical objects, devices, vehicles, and other items that are embedded with sensors, software, and connectivity, allowing them to collect and exchange data over the internet. Its use has enabled applications that connect smart home devices, drones, intelligent systems, smart cities, healthcare devices, healthcare devices, smart agriculture, and much more. Adopting IoT has allowed businesses to expand their systems with ease.
However, it is also a technology that is under continuous threat of cyberattack. Therefore, it has introduced new security challenges for both network and security teams. Legacy processes and conventional network defenses are not equipped to address the potential for a slew of new security issues that will come with quantum computing.
Anticipated Opportunities for IoT in a Post Quantum World
A post-quantum world will bring multiple opportunities, including the expansion of IoT security. This will lead to:
- Better threat intelligence and security updates where IoT devices will regularly receive security patches and threat intelligence that will help prevent cyberattacks.
- Optimized complex computation power: With Quantum Computing the speed is incredibly high, IoT benefits from this speed since IoT devices generate a massive amount of data that requires heavy computation and other complex optimization.
- Faster validation and verification process: Quantum computing addresses that concern as it can speed up the verification and validation process across all the systems several times faster while ensuring constant optimization of the systems.
- Quantum Random Number Generators, which generate ‘truly random’ numbers using properties of quantum physics could be used to strengthen the security for connected devices, including 5G and industrial IoT devices and their applications.
- Because the IoT ecosystem is made up of a network of heterogeneous devices, multiple security layers will need to be deployed at each data exchange point.
- With increased IoT monitoring 24/7, IoT can help monitor, manage, analyze and discover events and alerts for increased protection to better defend systems and devices.
- The firewalls used for IoT, known as hardware firewalls, will help protect against unauthorized remote access, suspicious network traffic and phishing scams.
Quantum Computing threats to IoT: Current encryption may not be secure in the future
Currently, more than 30% of all network-connected enterprise endpoints are IoT devices. Quantum computers have the potential to pose certain threats to traditional encryption methods as well as the risk of forging digital signatures which are used to verify the authenticity and integrity of electronic documents, transactions and communications. Digital signatures are based on mathematical algorithms that are computationally infeasible to forge or tamper with using classical computers.
In turn, this has an impact on firmware over-the-air updates (FOTA). These are reliant on cryptographic algorithms that are widely used to secure communication and data. If an attacker gains access to a quantum computer capable of breaking encryption, they could potentially manipulate the firmware update packages in transit or compromise the integrity of the firmware code itself. This can result in unauthorized modifications or the injection of malicious code, jeopardizing the updated devices' security and operation.
While these IoT devices and sensors can run traditional encryption schemes, they are not strong enough to withstand a cyberattack by a quantum computer.
IoT devices use cryptography for various purposes to ensure the security and privacy of data transmitted and stored within the IoT ecosystem. Examples are:
- Secure communication - Cryptography is used to establish secure communication channels between IoT devices and other entities such as servers, gateways, and other devices. To encrypt data, encryption methods such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Adleman) are used, preventing unauthorized access or manipulation during transmission.
- Authentication and access control - In IoT networks, cryptographic protocols are utilized for device authentication and access control. To prevent unauthorized devices from accessing the network or resources, digital certificates and public-key infrastructure (PKI) are used to verify the identity of devices or entities.
- Data integrity - To ensure the integrity of data transmitted or received by IoT devices, cryptographic techniques such as message authentication codes (MAC) or digital signatures are utilized. This ensures that the data has not been modified or tampered with during transit.
- Secure storage - IoT devices may store sensitive data locally, such as user credentials or configuration settings, for security reasons. To protect stored data from unauthorized access or theft, cryptographic techniques such as symmetric or asymmetric encryption are utilized.
- Privacy and anonymity - Cryptography plays an essential role in ensuring privacy and anonymity in IoT devices. Techniques like homomorphic encryption, zero-knowledge proofs, and differential privacy assist in the protection of sensitive data and the prevention of unauthorized identification of individuals or devices.
- Firmware and software updates - Cryptography is used to secure IoT device firmware and software upgrades. To ensure that only authorized and unaltered software is installed on the devices, digital signatures are used to verify the authenticity and integrity of the updates.
The above purposes rely on asymmetric algorithms which in turn are at risk of being cracked by quantum computers. Asymmetric algorithms, also referred to as public-key algorithms, are encryption algorithms that encrypt and decrypt using two different keys. They are widely used in various cryptographic protocols to provide secure communication over insecure channels.
If a sufficiently powerful quantum computer becomes available, it could have the ability to break these asymmetric encryption algorithms, threatening the security of encrypted data and communications. This is of extreme concern to a variety of industries, in particular banking, government and e-commerce who rely on strong communication.
With the coming of quantum computing, stronger algorithms will be needed to provide security for IoT devices, but as mentioned earlier, these devices are limited, even with the newer 5G devices coming on board. Instead of relying on IoT devices to provide their own security, focus will be shifted to networks having high-security features and having the capability to work with system-level spectral efficiency and support for high data rates. These networks must also be free from network security rates.
Don’t Wait, the Time to Prepare the IoT Industry for Quantum Computing is Now!
It has been projected that quantum computers will become widely available by 2030. While that might seem far off, the time to prepare for its arrival is now. Why? Because the race is on now. Computer manufacturers like IBM plan to have a 4,000-qubit commercially available quantum computer in 2025 and it will have a significant impact on all industries, including IoT. The key in protecting your systems is to protect your keys.
Learn more about Q-safe, SecurityServer or u.trust Identify, and get prepared for the post-quantum future by viewing our webinar and white paper available below.
About the authors
Dawn M. Turner ist ein professioneller Autor mit einer Leidenschaft für technische Vorschriften und Normen sowie für deren Relevanz und Auswirkungen auf betriebliche Vorgänge und die Industrie im Allgemeinen. Dawn verfügt über mehr als 10 Jahre Erfahrung in der IT-Branche in den Bereichen Hardware, Programmierung sowie System- und Netzwerkentwicklung. Ihr Bildungshintergrund umfasst ein Zertifikat für Computeroperationen und -programmierung, CompTIA- und Microsoft-Zertifizierungen, einschließlich A+, MCSE und MCP, Associates-Abschluss mit Hauptfach Wirtschaft & Nebenfach Informatik, Bachelor of Science-Abschluss mit Hauptfach Wirtschaftskriminalität & Nebenfach Buchhaltung und einen MBA mit Fokus auf Finanzen & Wirtschaft.
Dawn Illing ist ein Produktentwicklungsmanagerin mit über 25 Jahren Erfahrung im Produktmanagement in den Bereichen Banken, Versicherungen und Cybersicherheit. Durch ihre internationale Tätigkeit in der EMEA-Region wurde ihr Interesse an grenzüberschreitender digitaler Identität und Cybersicherheit geweckt, einschließlich der interoperablen Anforderungen, die für die erfolgreiche Bereitstellung digitaler Produkt- und Marktlösungen erforderlich sind.