Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Quantum. Show all posts

The Future of Quantum Computers: Challenging Space Encryption with Light

 

In the realm of technology and communications, the race for supremacy between quantum computers and space encryption is intensifying. 

While quantum computers hold the promise of unprecedented processing power, space encryption, leveraging light to beam data around, presents a formidable challenge. 

The advent of the first satellite slated for launch in 2025 heralds a new era in secure communication. Quantum computers, with their ability to perform complex calculations at speeds far surpassing traditional computers, have long been hailed as the future of computing. 

However, their potential to unravel existing encryption methods poses a significant threat to data security. With the ability to quickly factor large numbers, quantum computers could potentially break conventional encryption algorithms, jeopardizing sensitive information across various sectors. 

On the other hand, space-based encryption offers a robust solution to this dilemma. By harnessing the properties of light to encode and transmit data, space encryption provides an inherently secure method of communication. Unlike conventional methods that rely on mathematical algorithms, which could be compromised by quantum computing, light-based encryption offers a level of security that is theoretically unbreakable. 

The upcoming launch of the first satellite dedicated to space encryption marks a pivotal moment in the evolution of secure communication. Equipped with advanced photonics technology, this satellite will demonstrate the feasibility of transmitting data securely over long distances using quantum principles. 

By beaming encrypted data through space via light particles, it will lay the groundwork for a future where secure communication is not only possible but also practical on a global scale. One of the key advantages of space encryption lies in its resistance to interception and tampering. Unlike terrestrial communication networks, which are susceptible to eavesdropping and hacking, data transmitted via space-based encryption is inherently secure. 

The vast distances involved make it extremely difficult for unauthorized parties to intercept or manipulate the data without detection, providing a level of security unmatched by conventional methods. Furthermore, space encryption offers unparalleled reliability and speed. With data transmitted at the speed of light, communication delays are virtually nonexistent, making it ideal for applications where real-time transmission is critical. 

From financial transactions to government communications, the ability to transmit data quickly and securely is paramount, and space encryption delivers on both fronts. As quantum computers continue to advance, the need for secure communication methods becomes increasingly urgent. While quantum-resistant encryption algorithms are being developed, they may not be sufficient to withstand the full potential of quantum computing. 

In contrast, space encryption offers a solution that is not only resistant to quantum attacks but also provides a level of security that is unmatched by any other method. In conclusion, the future of quantum computers and space encryption is intertwined in a battle for supremacy in the realm of secure communication. While quantum computers hold the promise of unparalleled processing power, space encryption offers a robust solution to the threat of quantum attacks. 

With the launch of the first satellite dedicated to space encryption on the horizon, we stand at the cusp of a new era in secure communication—one where light reigns supreme. Search Description: Explore the future of quantum computers challenging space encryption with light-based data transmission, as the first satellite launch in 2025 heralds a new era in secure communication.

Implementation Flaws Identified in Post-Quantum Encryption Algorithm

 

Two implementation flaws have been identified in the Kyber key encapsulation mechanism (KEM), an encryption standard intended to safeguard networks from future attacks by quantum computers. Collectively known as "KyberSlash," these flaws could allow cybercriminals to discover encryption keys. 

The encryption standard Kyber key encapsulation mechanism (KEM), designed to protect networks from future assaults by quantum computers, has two implementation vulnerabilities. Collectively referred to as "KyberSlash," these flaws might make it possible for hackers to acquire encryption keys. 

“Timing attacks of this nature are a derivative of broader ‘side channel’ attacks, which can be used to undermine any type of encryption, including both classical and post-quantum algorithms,” Andersen Cheng, founder of Post-Quantum, explained. “With this type of attack, the adversaries send fake (and known) ciphertext and measure how long it takes to decipher. They can then infer the timings for each attempt and reverse engineer the actual key-pair.” 

On December 1st, Franziskus Kiefer, Goutam Tamvada, and Karthikeyan Bhargavan—all researchers at the cybersecurity firm Cryspen—reported the vulnerabilities to Kyber's development team. The encryption standard had a patch released immediately, but since it wasn't classified as a security vulnerability, Cryspen started notifying projects in advance that they needed to implement the fix as of December 15. 

Google, Signal, and Mullvad VPN have all adopted versions of the Kyber post-quantum encryption standard; however, Mullvad VPN has since confirmed that the vulnerability does not affect their services.

Post-quantum encryption rush

Kyber was first submitted for assessment to the US National Institute of Standards and Technology (NIST) in 2017, as part of the organisation's competition to test and approve an encryption standard capable of safeguarding networks against future quantum computer attacks. Though a machine with an adequate amount of qubits to use Shor's algorithm to break RSA encryption and similar standards has yet to be developed, recent breakthroughs in scaling quantum computers and mounting speculation about "Harvest Now, Decrypt Later" attacks have generated increased interest in adopting post-quantum standards among governments and large businesses. 

Several algorithms put into the NIST competition were demonstrated to be susceptible to conventional attacks. These include the Rainbow and SIKE standards, the latter of which was overcome by KU Leuven researchers in 2022 in less than an hour using an average computer. In February 2023, a team from Sweden's KTH Royal Institute of Technology used highly complex deep learning-based side-channel attacks to destabilise Kyber's official implementation, CRYSTALS-Kyber. However, this approach was one of six for which NIST published draft standards last summer, with plans to finalise the competition later this year. 

Kyber flaws 

Meanwhile, the Kyber KEM has been adopted by a number of major organisations. Google announced in August 2023 that it will be employing Kyber-768 as a part of a hybrid system to safeguard Chrome browser traffic at the transport layer security level. Similar to this, Signal secured its "Signal Protocol," which is also used to ensure end-to-end encryption in Google and WhatsApp conversations, in September by implementing Kyber-1024 in conjunction with an elliptic curve key agreement protocol. 

This hybrid approach to leveraging post-quantum encryption standards is intended to safeguard network traffic against attack in case that new vulnerabilities are discovered. Since the KyberSlash vulnerabilities were identified, the researchers say that patches have been implemented by the Kyber development team and AWS. The team also cited a GitHub library written by Kudelski Security. When approached by a local media outlet, the cybersecurity firm stated that the listed code was not utilised in any of its commercial products and should not be used in production, but that it had still incorporated a patch for the KyberSlash vulnerabilities in a new version of the library. 

Nevertheless, Cheng believes it is a significant step forward for the post-quantum encryption community because its focus on flaws has shifted from vulnerabilities in the mathematics that underpins the standards to implementation attacks. “It will be the responsibility of each organisation implementing new encryption to ensure the implementation is robust,” stated Cheng. “That’s why it is so important that teams working on the migration to post-quantum encryption have deep engineering understanding and ideally, existing experience in deploying the cryptographic algorithms. “

Hackers Deploy Agent Tesla Malware via Quantum Builder

A campaign promoting the long-standing.NET keylogger and remote access trojan (RAT) known as Agent Tesla uses a program that is available on the dark web that enables attackers to create harmful shortcuts for distributing malware. 

In the campaign that the experts observed, malicious hackers were using the developer to generate malicious LNK, HTA, and PowerShell payloads used to produce Agent Tesla on the targeted servers. The Quantum Builder also enables the creation of malicious HTA, ISO, and PowerShell payloads which are used to drop the next-stage malware. 

When compared to previous attacks, experts have found that this campaign has improved and shifted toward LNK, and Windows shortcut files. 

A spear-phishing email with a GZIP archive is swapped out for a ZIP file in a second round of the infection sequence, which also uses other obfuscation techniques to mask the harmful behavior. 

The shortcut to run PowerShell code that launches a remote HTML application (HTA) using MSHTA is the first step in the multi-stage attack chain. In turn, the HTA file decrypts and runs a different PowerShell loader script, which serves as a downloader for the Agent Tesla malware and runs it with administrative rights. 

Quantum Builder, which can be bought on the dark web for €189 a month, has recently witnessed an increase in its use, with threat actors utilizing it to disseminate various malware, including RedLine Stealer, IcedID, GuLoader, RemcosRAT, and AsyncRAT. 

Malicious hackers often change their tactics and use spyware creators bought and sold on the black market for crimes. This Agent Tesla effort is the most recent in a series of assaults in which harmful payloads were created using Quantum Builder in cyber campaigns against numerous companies. 

It features advanced evasion strategies, and the developers frequently upgrade these techniques. To keep its clients safe, the Zscaler ThreatLabz team would continue to track these cyberattacks. 

Agent Tesla, one of the most notorious keyloggers used by hackers, was shut down on March 4, 2019, due to legal issues. It is a remote access program built on the.NET platform, that has long existed in the cyber realm, enabling malicious actors to obtain remote access to target devices and transmit user data to a domain under their control. It has been in the public since 2014 and is promoted for sale on dark web forums. 

In a recent attack, OriginLogger, a malware that was hailed as the replacement for the well-known data theft and remote access trojan (RAT) noted as Agent Tesla, had its functioning dissected by Palo Alto Networks Unit 42.



Post-quantum Cryptography Achieves Standardization Milestone

 

The first four standardised protocols for post-quantum cryptography have been released, providing the foundation for the creation of "future-proof" apps and web services. 

Last Monday, the US federal government's National Institute of Standards and Technology (NIST) announced a quartet of recommended protocols as part of a continuing standardisation process. The chosen encryption algorithms will be included in NIST's post-quantum cryptography standard, which is scheduled to be completed within the next two years. 

Four more algorithms are currently being considered for inclusion in the standard. According to NIST, for most use cases, two basic algorithms should be implemented: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). 

In the event that one or more approaches prove insecure, more than one algorithm for each use case is being sought as a backup. NIST recommends CRYSTALS-Dilithium as the principal method for digital signatures, with FALCON for applications that require smaller signatures than Dilithium can offer. SPHINCS, a third algorithm, is slower than the other two but was approved since it is based on a distinct mathematical process and so gives a possibility to increase variety. Dustin Moody of NIST discussed why another round of selection was required.

“Of the four algorithms we selected, one is for encryption and three are for digital signatures,” Moody told The Daily Swig. 

“Of the four algorithms that we will continue to study in the fourth round, all four are encryption algorithms. The primary motivation for this is to find a non-lattice-based signature scheme which is suitable for general purpose use to be a backup for our lattice-based signature algorithms we are standardizing (Dilithium and Falcon),” Moody added. 

He continued: “Our current NIST public-key standards cover encryption and signatures. So that is what our standardization process was targeted for – to replace the vulnerable cryptosystems in those standards. Other functionalities may be considered in the future.” 

The ongoing quest for next-generation cryptographic systems is required since present encryption protocols, such as RSA, rely on solving mathematical problems that are beyond the capabilities of even the most powerful conventional computers. Sufficiently powerful quantum computers, which operate on a fundamentally different paradigm than today's PCs or servers, may be capable of cracking today's public key encryption techniques. Increasing the key length alone will not suffice to counter this possible danger, necessitating the creation of post-quantum cryptography methods. 

Decrypt later, store now

Despite the fact that the present generation of quantum computers is mostly experimental and hampered by engineering hurdles, attackers may be planning for their future availability using "store-now-decrypt-later" assaults.If such attacks are effective, a rising volume of normally encrypted financial, government, commercial, and health-related data will be vulnerable to attack by suitably powerful quantum computers. 

Quantum computers handle computational tasks by relying on the features of quantum states, such as superposition, interference, or entanglement, rather than the basic binary states (0 or 1) of traditional computers. When paired with quantum algorithms, the technology might solve some mathematical problems, such as integer factorization, in a manageably short period, posing a danger to current encryption systems that rely on the current intractability of such issues. Quantum-resistant algorithms are based on arithmetic problems that both traditional and quantum computers should struggle to solve.