Quantum computing transforms our existing knowledge and preparedness when it comes to processing data for brute force attacks.
Why Cybersecurity Should Be Top of Mind in 2023
Data centers have been the focus of recent attacks over the last decade, with hackers using various techniques to acquire sensitive data. The cybersecurity landscape is ever evolving to handle the latest threats, so it's essential to stay up to date to mitigate security risks and trends. There are several cybersecurity areas within data center environments that could have an impact this year (2023) alone.
As strange as it sounds, one of those threats is the lack of, or overextended, cybersecurity specialists that ultimately lead to burnout. While this in itself doesn't create a cybersecurity risk, it does make managing data centers that much harder. It may also play a role in pushing more data to the cloud, where there is a smaller attack surface for companies to manage. This means fewer cybersecurity specialists are needed to maintain a secure environment, unlike those working in traditional data centers.
Although ransomware has decreased over the last year, it still remains a viable threat, according to IBM. This begs whether ransomware's decline is due to businesses' better defenses or because hackers have found easier solutions to mitigate security. Regardless, data centers continue to invest in multi-pronged defenses, which include strong end-point security for servers, networked-based ransomware monitoring and anti-phishing solutions. In the end, a decrease in ransomware doesn't mean companies should relax security, but rather maintain a high-threat posture.
To that end, threat analysts have found that hackers are becoming more adept at evading traditional security measures. Some cybercriminals have set their sights on MFA (Multi-Factor Authentication) and EDR (End-Point Detection and Response) technologies to get around security. Physical data center security threats are also a big issue that's been on the rise over the last decade. For example, some attackers may not be able to gain entry through digital means, so they set their targets on compromising HVAC systems, power supplies and other critical systems. There have also been instances of employees physically stealing hard drives, thumb drives and other components to sell to third parties or utilized to gain access to additional data.
Then there's the brute force attack, which hackers employ to gain entry to systems and data when everything else has been exhausted. This is done by submitting tons of passwords and passphrases with the hope that one of them will eventually grant access. There are several techniques attackers can employ for brute-force entry; however, most take an inordinate amount of time to accomplish depending on the encryption, which could be hours, days, weeks and even months.
Brute force attacks function by calculating every possible combination of passwords. As the password's strength increases, the amount of time to crack it increases exponentially. To put that into perspective, US export regulations typically only allow key lengths of 56-bit symmetric keys, although today's algorithms can take advantage of stronger 128- to 256-bit keys. So, the longer the key, the longer it takes to brute force the password. So, in theory, if hackers tried to brute force their way into a key with AES-128 encryption, it would take approximately 1 billion years to crack with the best hardware available today.
DWave's chip is designed to operate as a 128-qubit superconducting adiabatic quantum optimization processor.
But what if we lived in a post-quantum computing world? How long would a brute-force attack on popular cypher technologies take? While we’re likely still a decade or two away from Quantum computers that can easily break many of the cypher technologies in use today, we must start the planning process now. Why? Quantum computing changes the status quo when it comes to processing calculations for brute force attacks or key guessing. Unlike today's computers that rely on ones and zeros to process data, quantum computers take advantage of quantum mechanics using qubits (quantum bits). Although qubits are similar to traditional processors in utilizing a two-state system to process data, they can also exist in a superposition of those two states and use both values simultaneously to process information. Newer systems are being developed to take advantage of the physics involved with Quantum computers to implement special algorithms (e.g. Shor’s algorithm) to reduce the time scale to find the key dramatically.
Quantum computers are likely to disrupt and impact multiple sectors across cybersecurity fields, including the obliteration of asymmetric cryptography. For example, in a recently published report from Global Risk Institute (GRI), the time to break RSA-4096, which is practically impossible to break with classical computing technology, is under three days with a theoretical 1 megaqubit computer. While we are still a long way from a 1 megaqubit computer, the resources and time required are reducing rapidly at the same time we see advancements in Quantum computing which are in development.
As some companies are currently looking at ways to mitigate that impact on security, it's vital for governments, corporations and cybersecurity experts to gain a better understanding of how quantum computing works and begin development of protecting data against unwanted intrusion. Forecasters such as Prescouter have already outlined some cybersecurity solutions that companies can take advantage of, including the development of risk management and harnessing quantum computing itself to mitigate any risks.
Tomorrow's quantum computers are still several years away, if not decades, and they will be built and used by only the most prominent organizations and government entities that can afford such cutting-edge technology. At the same time, computers, servers and internet standards which are resistant to Quantum computing’s advantages take years to architect, implement, test and deploy. These systems then stay in production for years after that. In addition, valuable data can be obtained, stored and decrypted later when technology is available.
Today, professionals must balance cost, performance and security—the larger the key size, the longer the processing time. We will need the latest NIST based Commercial National Security Algorithm Suite 2 (CNSA 2.0) Quantum resistant standardizations, and intelligence in selecting the right use cases and implementation timelines, to advance and protect organizations. Experts like those at Microchip are necessary for organizations to evaluate what protocols they need today and how to best prepare for tomorrow's threats.
Kyle Gaede, Oct 3, 2023
Tags/Keywords: Computing and Data Center, Security