Security CEO and founder of Safe Quantum Inc., working with data-driven companies to define, develop and deploy quantum-safe technologies.
Perfect forward secrecy (PFS) is not a new security concept, but it may be worth examining through the lens of quantum security.
PFS is a security feature implemented in encryption protocols to enhance the confidentiality of data exchanged over the internet. While it often plays a vital role in VPN network security, it also is used to ensure the confidentiality and integrity of data in different contexts, such as various aspects of cybersecurity and encryption.
For example, PFS is essential for secure messaging apps like WhatsApp. Even if a user’s encryption keys are compromised, past and future messages remain secure, maintaining the privacy of conversations.
In email communication, PFS can be applied to end-to-end encrypted email services, guaranteeing that email content remains confidential, even if an attacker gains access to encryption keys or intercepts messages.
In e-commerce transactions, PFS is critical for securing online transactions. When you make purchases online or perform online banking, PFS ensures that your financial information remains confidential, protecting you from potential fraud and identity theft.
And PFS can be used in secure file-sharing services, preventing unauthorized access to shared documents and files and ensuring that their contents remain confidential.
The combination of a quantum technology called QKD (quantum key distribution) with PFS is very interesting to consider for high-performing security. In QKD, data is encrypted in photons using randomly generated keys at the sender’s end and can only be unlocked by the intended recipient on their end.
QKD-encrypted data is incredibly secure and virtually impossible to hack, even in so-called “harvest now, decrypt later” attacks. While there is some research that questions the infallibility of QKD, when you combine PFS with the photon key generated in QKD, I posit that it removes all room for doubt.
The moment you get past initial authentication of the sender and the receiver, you generate unbreakable keys that are photonic in nature, and you can then store them in a buffer. Different QKD technologies can create up to nearly 100,000 bits per second (depending on fiber loss). With that accumulation of keys, you would never have to re-authenticate the sender and receiver.
Unless you hack the initial QKD session, you now have no chance of hacking it ever again.
In the event of an interruption or intrusion, QKD checks the transmission channel, sees that what it’s sending isn’t getting from Point A to Point B and simply doesn’t touch that data. With QKD, you can guarantee those keys are secret and establish a situation of safety, where you would never transmit if the key was in any way defective.
This is important for several reasons.
- While government organizations like the NSA and the National Institutes for Standards and Technology may question the efficacy of QKD, corporate CISOs (chief information security officers) need to know this application of PFS and QKD is an intriguing potential for unbeatable security.
- Financial services organizations are already investing in quantum computing. With trillions of dollars at stake, QKD deserves to be on their radar screen.
- And while much of the industry says commercialized quantum computing is still 10-15 years away, harvesting attacks are being done today. Personal data like medical records last a lifetime.
So what can CISOs be doing now?
- First and foremost, be informed about a range of security advancements beyond post-quantum cryptographic (PQC) algorithms.
- Begin to implement QKD pilots to understand and show this quantum-guaranteed security. Prove it to yourself versus taking people’s advice.
- And lastly, seek diversity in your security approach.
A defense-in-depth security strategy that encompasses PQC, PFS and QKD is a safer bet than putting all your security eggs into one basket.