Channelling Clausewitz: Leveraging Quantum And IoT Brute Force To Break IP Network Security

By Rudy Hoebeke, VP Product Management, IP Networks at Nokia

In the perpetual IP network security arms race between service providers and those that seek to disrupt and breach their networks, two technologies are equally responsible for disrupting a long-standing stalemate, the emergence of quantum computers and the proliferation of industrial scale IoT.

Both provide attackers with the ability to focus unparalleled brute force in their attacks, measured in processing power or bandwidth, shattering traditional IP network security defences.

The Quantum Compute Threat

The quantum threat comes from the massive processing power quantum computers can bring to bear on algorithms used to safeguard public key network encryption. Exactly when a quantum processor or a network of quantum processors, will amass enough qubits to break public key network encryption algorithms in a short amount of time is subject to much debate.

But what is clear is that it’s a question of ‘when,’ not ‘if.’  The industry is so terrified of this eventuality that they’ve given it a name: Q-Day.

To avoid a Q-Day apocalypse, the NIST (National Institute of Standards and Technology) is overseeing the development of a new set of public key cryptographic algorithms that will take quantum computers an impractical length of time to crack.

While this initiative, known as post-quantum cryptography (PQC), is making good progress, standardization and mass deployment is expected to take years. Who gets to the finish line first sufficiently powerful encryption-breaking quantum computers or universal PQC deployment is the subject of yet another unnerving debate.

Irrespective of this, the time to act is already here. Of increasing concern are so-called store-now-decrypt-later (SNDL) attacks; if malicious actors with adequate resources can intercept and store sensitive data flowing in today’s networks, then that data can be harvested on Q-day.

How Do You Make Networks Quantum Safe?

Luckily, there are already ways to make networks quantum safe today. According to multiple authorities including the NSA, NIST, ETSI and ANSI; symmetric encryption algorithms like AES coupled with highly randomized and large 256 bit keys are quantum safe.

These symmetric encryption algorithms can be used to introduce quantum safe encryption of traffic flows between routers or optical switches, safeguarding all data well in advance of Q-day. The symmetric keys can be distributed using quantum-safe encryption over traditional IP and optical links, or via quantum key distribution (QKD) mechanisms.

The Rise Of IoT Botnets In DDoS

Where a single quantum computer can unleash unparalleled brute force in processing, millions of IoT devices can be combined in botnets to unleash DDoS attacks at multi-terabit scale and beyond. Many are running porous versions of Linux or out-of-date firmware, making them easy targets for hijacking.

Access to high-speed symmetric consumer internet plans means they have an order of magnitude more bandwidth at their disposal. Their impact has been significant. IoT botnets are now responsible for the majority of Distributed Denial-of-Service (DDoS) traffic and they’ve led to the collapse of DDoS service prices to a mere fraction of what they were just a few years ago. They are the tool of choice for everyone from extortion gangs to political activists, and even to nation-state actors in geopolitical conflicts.

How Do You Stop A Botnet DDoS Attack?

When it comes to botnet DDoS attacks, detecting them is often as easy as realizing you’re suddenly drinking from a fire hose. However, doing something useful about it, without creating a traffic bottleneck, is far more challenging. How do you distinguish between hundreds of thousands of attacking IoT devices and valid traffic?

How do you stop or limit just them, without impacting valid users and their service experience? This calls for special intelligence on IoT devices and their network supply chains.

It requires the ability to quickly set up and tear down hundreds of thousands of IP filters, all without impacting network performance.

Are You Ready For This Darkening Threat Landscape?

Despite the powerful new threats to network security coming from the raw processing power of quantum computers or the unparalleled attack bandwidth of IoT botnets, help is out there. Service providers just need to ask the right questions to ensure the requisite IP network security capabilities are an integral part of their new or upgraded network builds.