In the post-quantum computing era, can the time required for brute force attacks to break into a system be shortened?

Infineon / Mitsubishi / Fuji / Semikron / Eupec / IXYS

In the post-quantum computing era, can the time required for brute force attacks to break into a system be shortened?

Posted Date: 2024-02-12

By Kyle Gaede, Microchip Technology Inc.

--Quantum computing transforms our existing knowledge and preparedness when it comes to processing brute force attack data.

Why cybersecurity should be a top priority in 2023

Over the past decade, data centers have been the focus of hackers who use a variety of techniques to steal sensitive data. The cybersecurity posture is constantly evolving to address the latest threats, so staying current is critical to mitigating security risks and trends. In 2023 alone, several areas of cybersecurity in data center environments have the potential to have significant impact.

This may sound strange, but one of the threats is a shortage or oversupply of cybersecurity experts, which ultimately leads to burnout for everyone. While this in itself does not pose a cybersecurity risk, it greatly increases the difficulty of managing the data center. It could also prompt moving more data to the cloud, where the scope of attacks companies need to deal with shrinks. This means that, unlike working in a traditional data center, fewer cybersecurity experts are needed to maintain a secure environment.

According to IBM, although ransomware has declined over the past year, it remains a real threat. This begs the question: Is the decline in ransomware a result of companies tightening their defenses, or is it because hackers have found easier ways to weaken security protections? Regardless, data centers will invest in a multi-pronged defense that includes robust endpoint security for servers, network-based ransomware monitoring and anti-phishing solutions. Finally, the decline of ransomware does not mean that enterprises can relax their security efforts, but should continue to maintain a serious posture to deal with high threats.

To this end, threat analysts are finding that hackers are increasingly adept at circumventing traditional security measures. Some cybercriminals are turning to MFA (multi-factor authentication) and EDR (endpoint detection and response) technologies to circumvent security measures. Security threats to physical data centers have also been a major issue that has grown over the past decade. For example, some attackers may not be able to break into systems digitally, so they target HVAC systems, power supplies, and other critical systems. There have also been instances of employees physically stealing hard drives, USB flash drives, and other components to sell to third parties or use to obtain other data.

Next are brute force attacks, which are used by hackers to break into systems and gain access to data when all other means have been exhausted. The attack method is by submitting a large number of passwords and passphrases in the hope that one of them will eventually grant access. There are a variety of techniques an attacker can use to perform a brute force attack; however, most techniques require a significant amount of time to complete, which could be hours, days, weeks, or even months, depending on the encryption method used.

A brute force attack works by calculating every possible password combination. As password strength increases, the time required to crack a password increases exponentially. By way of comparison, although today's algorithms can utilize strong keys ranging from 128 to 256 bits, US export controls generally limit symmetric key lengths to 56 bits. The longer the key, the longer it will take to brute force the password. So, in theory, if a hacker tried to use brute force to break a key encrypted with AES-128, it would take about a billion years to break even with today's most powerful hardware.

DWave's chip is a quantum chip using a 128-qubit superconducting adiabatic quantum optimized processor.

But what if we live in a post-quantum computing era? How long does it take to conduct a brute force attack on a popular cryptographic technique? While we may be ten to twenty years away from quantum computers capable of easily breaking many of today's cryptographic techniques, the planning process must begin now. Why? Because quantum computing changes the status quo of dealing with brute force attacks or key guessing calculations. Unlike today's computers, which rely on 0s and 1s to process data, quantum computers use quantum bits (qubits) to make quantum mechanics work. Although qubits are similar to traditional processors in processing data using a two-state system, they can also exist in a superposition of these two states and use both values ​​simultaneously to process information. The goal of the new system, which is under development, is to use the physics involved in quantum computers to implement special algorithms, such as Schur's algorithm, that would significantly reduce the time it takes to find the key.

Quantum computers have the potential to disrupt and impact multiple industries in cybersecurity, including eliminating asymmetric encryption. For example, in a recently released report, it took less than three days to crack RSA-4096 using a theoretical 1-terabit qubit computer, while nearly impossible using traditional computing techniques, according to the Global Risks Institute (GRI). Crack. Although we are still a long way from realizing a 1-terabit computer, the resources and time required are rapidly decreasing, and at the same time, we are seeing the development of quantum computing continue to accelerate.

With some companies now looking for ways to mitigate the impact on security, it's critical that governments, businesses and cybersecurity experts understand how quantum computing works and start developing safeguards to protect data from unauthorized intrusions. Forecasting agencies like Prescouter have outlined some of the cybersecurity solutions businesses can take advantage of, including the development of risk management and leveraging quantum computing itself to mitigate any risks.

Although the birth of quantum computers will not have to wait for decades, it will still take several years. By then, only the most powerful organizations and governments will be able to afford and use this cutting-edge technology. Meanwhile, the computer, server and internet standards that counter the advantages of quantum computing will take years to build, implement, test and deploy. These systems will remain in service for many years to come. Furthermore, once the technology is available, valuable data can be acquired, stored, and later decrypted.

Today, professionals must find a balance between cost, performance and security, as larger key sizes mean longer processing times. We need to adopt the latest NIST-based Commercial National Security Algorithm Suite 2 (CNSA 2.0) quantum-resistant standards and apply intelligent decision-making in selecting appropriate use cases and implementation timelines to advance and secure organizations. Experts at companies like Microchip are critical for organizations because they can help evaluate the protocols that need to be adopted today and provide guidance on how to effectively respond to future security threats.

#postquantum #computing #era #time #required #brute #force #attacks #break #system #shortened