By Alexander Truskovsky, Senior Product Manager at ISARA Corporation
Today, remotely updating a device’s software – such as a connected car or smartphone – is easy and cost-effective. There’s no need to physically return the device to the manufacturer, which happily saves everyone time and valuable resources.
However, within the decade, remote or over-the-air (OTA) software updates will be at risk to large-scale quantum computer attacks which are capable of breaking public key cryptography. Quantum-enabled adversaries will gain the ability to forge software updates and take over the device. To solve this, roots of trust must be manually replaced with quantum-safe equivalents.
This presents a challenge for deployed devices, which causes a cost-prohibitive or logistically impossible problem for CISOs and CTOs. The two options are:
- Mass-recall or physically attend to all in-field devices to upgrade the embedded roots of trust
- Or allow devices to remain vulnerable to attack, which can open up the organization to potentially significant risks and legal repercussions
Neither is practical. Especially in the case of connected cars, medical devices or critical infrastructure – where the possibility of a quantum-enabled attack could cause extreme damage and even loss of life.
For some OEMs, this could be a problem that’s growing every day, even before a large-scale quantum computer is available. Devices manufactured today may still be in use beyond the arrival of a large-scale quantum computer and therefore open to risk. For example, there were approximately 16.8 million connected cars sold in 2016, and by 2020 there’s expected to be 250 million on the road, exacerbating the upgrade costs and resource requirements.
The solution is stateful hash-based signature
While many quantum-safe algorithm options are being evaluated right now, there is a mature ready-to-use option for the roots of trust and code signing – stateful hash-based signatures. These algorithms will not be evaluated by NIST because they are considered secure enough to be used today. Deploying hash-based roots of trust from the onset will provide significant savings to OEMs down the road.
The first quantum-safe HSM & roots of trust
An essential step to deploy a hash-based software signing solution is the Hardware Security Module (HSM). While providing physical protection to the private key, HSMs have limited memory and computing resources. Hash-based private keys are extremely large and have a state that needs to be maintained. Along with Utimaco Inc., we’ve taken the first step towards creating a commercial-grade quantum-safe HSM solution. Together, on October 12, 2017, we announced successful testing of the first quantum-safe HSM.
Today, CISOs and CTOs need to think about their future purchases of long-term and embedded security solutions. Are the devices deployed today likely to last beyond the arrival of a large-scale quantum computer? If they are, your software updates should be quantum-safe, which is possible with ISARA’s solutions.
We’re clearing the path to quantum-safe OTA software updates, get in touch with us and we’ll help you plan your migration.