How safe is a quantum-safe virtual private network?

Verizon aims to find out by testing the technology, which is geared at enhancing encryption methods using session key exchange security mechanisms, the carrier said.

VPN

Image: iStock/Melpomenem

Verizon said it is testing how a quantum-safe virtual private network (VPN) can enhance the protection of data now in order to thwart hackers in the future. As quantum computers become more advanced, they will have the potential to break today's public key encryption ciphers.

"Theoretically, hackers could capture data riding on networks today and store it until quantum computers have the power to break the encryption. It's a little like stealing a bank safe today and holding on to it until someone discovers how to pick the lock,'' the carrier said in a statement. Verizon and others believe the key to safeguarding information will be a quantum-safe VPN.

This technology works by using session key exchange security mechanisms or cryptographic ciphers that are designed to provide a higher level of protection. "Essentially, it's a solution that enhances encryption methodologies today in order to make them even more difficult to hack tomorrow,'' the company said.

SEE:  Quantum entanglement-as-a-service: "The key technology" for unbreakable networks  (TechRepublic)

In a recent trial, Verizon successfully tested how a quantum-safe VPN can replace the current public key encryption methods to establish encryption keys using post-quantum cryptography (PQC). Keys or ciphers were exchanged between two private 5G networks located in Verizon's 5G Lab in London and its executive briefing center in Ashburn, Virginia. The goal of the trial was to demonstrate that early adoption of PQC could prepare today's data from tomorrow's attacks.

The effort demonstrated the establishment of a quantum-safe VPN based on post-quantum crypto (PQC) algorithms that are currently being considered for standardization by the U.S. National Institute of Standards and Technology (NIST), Verizon said.

NIST is working on a global effort to find PQC algorithms that will be fast and trustworthy, but finalization and integration of the NIST PQC standards may take many years, Verizon said. In the meantime, tests like the one Verizon conducted "demonstrate it is possible to implement NIST PQC cryptography candidates on infrastructure links now with the ability to easily migrate as needed between the different PQC candidates," the company said.

"Verizon continues to innovate and test new quantum technologies because now is the time to assess risks of security breaches and develop mitigation strategies to ensure safe networks and communications in the future for consumers and enterprises," said Jean McManus, executive director of applied research at Verizon, in a statement. "While it may be five to 10 years before quantum computers are powerful enough to break today's encryption used in e-commerce and VPNs, it's important to explore new security methods today to ensure our information is safe down the road."

Verizon said that last year, it became one of the first carriers in the U.S. to pilot quantum key distribution, another quantum-based technology that can strengthen security. In the trial, live video was captured outside of three Verizon locations in the D.C. area, the Washington, D.C. Executive Briefing Center, the 5G Lab in D.C and Verizon's Executive Briefing Center in Ashburn, the company said.

Using a QKD network, quantum keys were created and exchanged over a fiber network between Verizon locations. The trial demonstrated that with QKD, encryption keys are continuously distributed in a provably secure manner, which through the properties of quantum mechanics, prevents meaningful eavesdropping and detects the presence of eavesdroppers.

QKD has a variety of use cases, notably, between locations that require highly sensitive data communications, Verizon said.

Also see