Root Causes 47: Quantum Apocalypse - Quantum Resistant Cryptography for IoT

Tim Callan

We are very fortunate to have our repeat guest Alan Grau joining us today. Alan is VP of IoT and embedded solutions here at Sectigo.

So, we talk a lot of this podcast about quantum computers and the threat they pose to our existing defacto encryption algorithms, RSA and ECC, and what needs to be done to change that and what we thought we’d do today is focus in specifically of how all of this matters in the world of IoT. Because IoT is unusual in some ways, right gentlemen?

Jason Soroko

I think one of the most interesting aspects to IoT devices, Tim, is that, you know, when I am talking to customers and of course, even when you just look around you, you are looking at IoT devices have already been around with us for 30 years plus if you look at industrial control systems. Been around a long time. Long, long life cycles. Automobiles fall under that category. You are talking about cars that’ll probably be lasting 5, 10, 15, 20 years and all manner of IoT devices that are beyond that as well. CCTBs that might be up there for a long time. Tim, you and I have talked a lot about crypto agility – the need for it. And I think crypto agility, that ability to just understand at the very least that the cryptographic algorithms that we are using today might not be the ones being used towards the middle or end of the lifetime of some of these devices that are being produced right now. That’s a big topic and I’m really glad to have Alan on today to help us understand this better.

Tim Callan

Alan, I mean one of the things that comes up a lot on this of course is the lifespan of device. Right? In the world of IoT certainly they can be short-lived but oftentimes they are not.

Alan Grau

No, that’s absolutely the case and I actually had a customer I was talking to recently that was building a disposable medical device. So it was a use once and dispose of or use a handful of times and dispose of type of device.

Tim Callan

Yeah.

Alan Grau

And so due to the nature of the specifics of the device they needed high levels of security to know that it was really an authentic device and was being utilized appropriately so they could track it. But they don’t really need to worry about crypto agility because the device won’t last.

Tim Callan

It’s gone in a week or a month. Exactly.

Alan Grau

But that’s really the anomaly. You know, as Jason pointed out, if you look at the electric grid, right, when those folks that are managing our electric system are looking at their capital expenditures and deploying devices they talk in multi-decades and so they want an expected need devices to be utilized over a very, very long period of time.

Tim Callan

So multi-decades, so this certainly is problematic for those listeners who have listened to other of our episodes including our episode on Mosca’s Inequality and our more recent one on quantum annealing, you know, a lot of the estimates say that in 10 or 15 years all of our existing crypto is basically going to be valueless. So once you use a phrase like multiple decades, you know, if I want a device to last for 20 years that’s more than 15 years according to my arithmetic. So how do we deal with that?

Alan Grau

Well, that’s really a big problem right now in the IoT world because we don’t yet have long-term solutions in place to address that but it’s something that we really need to start thinking about in a different fashion. So if you are building an IoT device one of the things that you do need to be thinking about is what’s the usable life of the device vs. what’s usable life of the security on the device. There’s actually a standards group, not a standards group but a consortium, an organization around IoT security that is defined, you know, kind of set of processes and best standards and best practices for IoT security and again, that’s an evolving process but one of the considerations that they are including that I thought was a unique way of looking at things is an expiration date on the security for a device and that’s very different than just a lifetime for a certificate but it is in fact designed to start people to think about this exact problem.

Tim Callan

So what happens when you reach the expiration date? Does that mean that device needs to be retired or is there something that’s tantamount to a firmware update where you can actually push something down and upgrade the security or is that unknown right now?

Alan Grau

I think a lot of that is still in process of being defined and we had an earlier podcast where we were talking about IoT botnets and the problems with these gaping securing holes of default passwords or even devices that have access without a user name and password. So anybody that could talk to the device they don’t even have to have a user name and password. It will just accept the incoming connection. So the IoT world has still got these gaping security problems and many, many devices that have to be addressed so we haven’t yet got to the point where we’ve really figured out all of these considerations but as we look at it one of the questions that I think people have to come to grips with is in some cases it does mean that the device would be operating with a deprecated level of security and I say that because one of the best practices that companies are using in building secure IoT devices is they are using a TPM chip or a hardware secure element on the device to enable crypto and enable secure key storage.

Tim Callan

Right.

Alan Grau

And if you look at your iPhone, your Android phone, your laptop, if it’s a relatively new device those devices have a TPM chip or other hardware secure element on the device and that provides what’s called a root of trust but some of the things that that chip does are generate crypto key pairs. They also then use those key pairs for doing cryptographic operations. And, the reason we do it in hardware is it’s isolated from the normal processing and if a hacker is able to gain access to the normal part of the system they still can’t cross over and steal the crypto keys.

Tim Callan

Yeah. That’s walled off.

Alan Grau

Exactly. But what that means is I’m building an IoT device today, I’m building a smart connected car with a TPM chip in it, that TPM chip probably, to my knowledge, all the crypto chips being built for the IoT today support RSA and ECC encryption.

Tim Callan

Yeah.

Alan Grau

So those by definition are not going to be quantum-safe.

Tim Callan

Exactly. Now in the case of the connected car, maybe you solve it with a recall, right? Maybe you make people bring their car back and you put in a new chip, but if I’m out dropping things in the ocean those are a lot harder to get back. So a lot of it depends on the device and its life cycle and how it’s used right?

Alan Grau

Yeah. That’s absolutely one of the important considerations is is this device going to be used for 10 years? Is it going to be used for 30 years? Is it going to be deployed in a satellite or is it going to be deployed in a corporate office that’s easier to gain access to. So those are some of the considerations.

Tim Callan

Yeah. That’s absolutely one of the important considerations is is this device going to be used for 10 years? Is it going to be used for 30 years? Is it going to be deployed in a satellite or is it going to be deployed in a corporate office that’s easier to gain access to. So those are some of the considerations.

Alan Grau

Well, it’s not a black and white answer. So you had asked earlier if we hit that security expiration date on a device can we do a firmware update or do we have to update the device. Well, so a lot of that depends on how the crypto operations are being done on the device and what software update capabilities are possible on the device. So you really have to start digging pretty deep into the realities of the architecture. So I know that some of the crypto processing devices, some of the secure elements that are being built today do have software update capability for the crypto chip itself and so then the question comes down to does the underlying hardware in the crypto chip support the ability to do the appropriate crypto operations, the basic high level or detailed mathematics of crypto that are required for these new crypto algorithms and can they update the firmware to do that or is there some mechanism that can be used to allow that sort of updatability. That’s where you get into another possible solution. Some of that depends upon the underlying capability of the crypto chip itself. Some of the crypto chips do have the ability to support firmware updates to allow changes to the crypto algorithms, potentially fix bugs, add some basic features but it depends on whether or not those crypto chips have the basic hardware support for the newer types of crypto algorithms that are being created as being quantum resistant. So certainly if you can build the hardware so that it has support from some of those crypto chips today that would help to solve the problem.

Tim Callan

Does this pose another security challenge? Like once you are sitting here telling me well, I can go remotely change the crypto on the devices then immediately my mind goes to well is the bad guy gonna find a way to change the crypto and use that as their backdoor in?

Alan Grau

That’s certainly a possibility and I think there have been some published reports of vulnerabilities and attacks against some of the crypto chips. Those have been pretty rare. Most of those chips are designed with a very controlled interface to minimize the attack possibilities and the attack vectors, but it is a possibility. So making sure that that update process is itself highly secured is important and then some of the other considerations come down to the underlying technology of the device – of that crypto chip is. If they are using an FPGA technology where you can actually do essentially reprogramming of hardware through what’s called the field programmable gate array then that does open the door to potentially having more flexibility to future proof your security, your crypto. But, as you pointed out Tim, it does also then open up some additional potential attack vectors.

Tim Callan

Yeah. I mean that’s the trouble, right, is the more you want to make these things flexible and agile and give access to make changes, every one of those things is a potential doorway for good but also for misuse as well.

Jason Soroko

So, Alan, when we are talking protecting a system overall and pinning it down, things like Secure Boot obviously important for any time a device is rebooting itself being able to double check the fact that it is running its own legitimate software that was intended by the manufacturers is so important. That’s just a thought but another point I’d like to make here is one of the schemes that we’ve been hearing about is this idea of a hybrid certificate which, you know, I think a lot of devices, a lot of device manufacturers have an interest in sometimes doing on-board key generation. I’m a fan off off-board generation because it gives you that flexibility of having an external system with proper entropy, this ability to have flexibility, if you couple that with a hybrid certificate type where the underlying chip technology that you are talking about is able to handle traditional crypto algorithm on the external surface of the certificate for a lack of a better way of putting it and the underlying key material is then protected with a quantum resistant algorithm that was all generated off-board. That’s an interesting idea. I’m curious to know your take on that.

Alan Grau

I think these are the sorts of creative thinking processes that are important in order to start to future-proof IoT devices. I mean there is just some fundamental limitations of the device that are realities because of the current technology and cost structure. The quantum resistant crypto algorithms, you know, that process is still being defined, still be refined in terms of which algorithms are ultimately going to be the ones that are selected so we can’t build them into hardware on a sub $.20 crypto chip for a small IoT device today.

Jason Soroko

Yeah. We are definitely not talking about small sensor type devices. There’s whole classes of devices that are not going to be applicable. You know, Tim, just a thought here. This is something we really need to be putting out into the public that there are going to be whole classes of devices that are going to have long life cycles that are going to be vulnerable and there’s almost just no way around it.

Tim Callan

Well, and you are both touching on I think one of the interesting points about this topic and this reminds me of some of what we got into in one of our recent podcasts about Mosca’s algorithm is people discuss these things like it’s a single homogenous group of devices or machines and they are all exactly the same and in reality they are not. Right? You’ve got different life spans, different use cases, different levels of accessibility, different levels of crypto agility, different levels of computing power and ultimately it means in reality we are gonna have dozens or hundreds of segments that are going to have to be treated differently.

Alan Grau

And we also have different levels of risk. So if you are talking about an IoT sensor and whether or not the data that is being transmitted can be decrypted a month after it was first transmitted well the risk and implications of that are probably completely insignificant. Right?

Tim Callan

Right.

Alan Grau

So that’s very different than if you can decrypt my banking information and my credit card information a month after it’s transmitted. So there are definitely a lot of nuances to this that need to be carefully thought through.

Jason Soroko

I think guys we are gonna have a future podcast on NIST’s guidance for IoT. I think that they’ve done a pretty good job of specifying device types. I think they’ve been quite realistic in specifying that a lot of devices are just never gonna be capable of doing some of the things we are talking about. I think we need to help to sort out what that NIST guidance means for manufacturers and consumers of these things and give them the synthesized thinking that I think I know that this team can do. So wait for that on a future podcast.

Tim Callan

I think that’s a great point and as so often happens whenever we do one of these we try to say, ok, we are gonna cover a topic and we usually enter three other topics that need to be returned to and I think we did that again today. Clearly, this is just scratching the surface on this very important and very complex area and as always, with our guests, Alan, I want to give you a chance to get a last word in. What did we miss? Is there anything else you want to add?

Alan Grau

The one thing I would add on this is, as always, it’s really important to be forward looking on how we are building security into our devices. If manufacturers ignore the problem and just stick their heads in the sand, it’s really going to be a problem down the road and with quantum cryptography and the changes that are going to be necessary there it’s even more true than with other areas because once that device is out in the field if you haven’t thought through some of these future issues, it’s going to be much more expensive to address after the fact.

Tim Callan

Yeah. That’s a very good point and we’ve seen this a lot and especially in the realm of consumer devices is there’s a strong tendency toward cheap, simple and now. And, cheap, simple and now might help you in the next 90 days but you might really pay the price down the road.

Alan Grau

Exactly.

Tim Callan

All right. Well, maybe this is a good time to leave it. Great conversation, gentlemen, as always. Jason, thank you so much for being here.

Jason Soroko

Thanks, Tim.

Tim Callan

Alan, thank you for joining us today. You’ve always been great whenever you’ve been on.

Alan Grau

Thanks, Tim.

Tim Callan

And this is Root Causes.

Root Causes 47: Quantum Apocalypse - Quantum Resistant Cryptography for IoT

Episode Transcript

Lightly edited for flow and brevity.

About Root Causes