Post-Quantum Cryptology: How Secure Memory Can Protect Against Vulnerabilities

What you’ll learn:

• The importance of PQC for cybersecurity in a quantum-computing world.
• Security risks involving connected cars and supply chains.
• Embedding secure memory with encrypted data to better mitigate risks.

A Fortune Business Insights report revealed that quantum computing was valued at $885 million in 2023 and is projected to grow to $12 million by 2032.  Quantum computers can do massive computation for things like blockchain and decrypting encryption.

With the potential to transform many industries such as chemical research and drug discovery, manufacturing (reducing the need for prototyping), supply-chain management, and even AI in the future, quantum computing could also become a significant cybersecurity threat.

Why Post-Quantum Cryptography is Crucial for Future Security

Experts predict this could be a major event by 2030, and organizations should start putting plans in place now.  Post-quantum cryptography (PQC) is considered a vital replacement for classical cryptographic algorithms that are no longer considered to be safe in lieu of quantum computers.

In response, the U.S. NSA and U.K. NCSC have adopted Leighton-Micali Signature (LMS) as the preferred PQC algorithms for digitally signing and authenticating firmware and software updates. Compliance with the new Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) guidelines for software and firmware signing is expected by 2025, with a complete transition mandated by 2030.

Similarly, the RED (Radio Equipment Directive) is a European regulation that by the year 2025, anything transmitting over a network must have a cybersecurity provision. Likewise, another European regulation for the automotive industry called the UN R155 claims that manufacturers need to have cybersecurity provisions built into products to counter cybersecurity attacks.

For example, any car that’s not prepared by July 1, 2024, will not be allowed to ship. Some automakers are foregoing production on certain models because they decided not to implement those security measures.

Security Risk and the Rise of Connected Vehicles

Automakers are at major risk with the rise of connected vehicles, which must meet high security standards to protect drivers' and passengers' safety and privacy. This can pose significant challenges if automakers don’t act now. With the industry’s long development cycles over five years, a car developed today will be on the road until at least 2040, according to a McKinsey report.

This issue could also wreak havoc across the supply chain. Adversaries could interrupt supply chains, diminishing supply-chain assurance by intercepting the shipment of a device or even within the factory. Secure MCUs have some level of security, but they lack large memory and the ability to expand memory.

Secure Memory with Post-Quantum Cryptography

Embedding secure memory in the device with data that’s encrypted is one way to provide better protection against these attacks. On this front, PQC can be implemented in many ways, including integrating in-memory, which meets the emerging regulations requirements and is designed for applications in industrial IoT, networking, servers, and critical infrastructure applications.

Memory-supporting asymmetric key cryptography algorithms and enabling devices can facilitate both secure over-the-air (OTA) with asymmetric PQC signatures and a secure supply chain via LMS-OTS (NIST 800-208). These secure-memory devices provide robust protection for both code and data, making it difficult for hackers to tamper.

Such devices also employ stringent authentication protocols, ensuring only authorized actors and software layers gain access. On top of that, they facilitate remote secure software updates while safeguarding against rollback attacks, ensuring only legitimate updates are made.

In addition to deploying secure memory in devices, companies can take the following steps to plan for post-quantum threat.

• Conduct an audit of their current security scheme to determine if it’s vulnerable.
• Review internal data and determine what’s valuable to protect.
• Review hardware and software requirements and start developing a plan to implement the security scheme.
• Ensure software updates are done regularly. 
• Work with ecosystem partners, such as memory, networking, and software providers, to put safeguards in place before it becomes more prevalent. 

While quantum computing still requires enhancements in scaling, as we’ve observed with the recent acceleration of generative AI, companies should prepare for rapid advances. This emerging technology poses significant security risks that need to be addressed.