Practical Quantum Cryptography For The Internet of Things
You may know Southwark in South London by its magnificent Gothic cathedral. Or by browsing through bustling Borough Market. Or even Shakespeare’s Globe Theatre. But there are a couple of guys determined to make Southwark famous for some serious quantum science.
Shahram Mossayebi and Patrick Camilleri are the co-founders of 2-year-old start-up Crypto Quantique. They are developing a solution to address the biggest challenge facing the booming Internet of Things (IoT) market: security. Quantum tech caught up with the two entrepreneurs at their offices in Southwark.
Soon, there will be more than 150 billion connected devices in the world. Everything from consumer devices like smartphones & Amazon Alexas; to cars, industrial robotics and automation machinery. But according to Gartner, the critical factor holding back 62% of enterprises from fully exploiting IoT technologies is fear. Fear of security breaches and hacking. Each connected device is a potential security threat, a window into your corporate network that can be broken into.
Whilst doing consulting work, Shahram came across practical cryptography issues related to key management of multiple devices. He met Patrick whilst at Entrepeneur First, a start-up accelerator based in London. Patrick was fed up with academia, after 10 years studying, and both were keen on starting up a new company.
“Being half physicist, half cryptographer, I’d come across technologies like QKD and quantum random number generators, so I could see the benefits of using quantum technologies in cryptography,” says Shahram. “I was wondering whether there was some way of combining the best of these technologies to have a hybrid, integrated, scalable, enterprise-wide cyber security solution. So, the idea Patrick and I started working on was how do we combine what is currently available with quantum technology to give us something unique.”
Shahram continues, “IoT devices are the enablers of all AI-related as well as Industry 4.0 developments. IoT is at the heart of the most advanced technologies we are seeing, but if these are not secure, if you can’t trust your connected devices, what use are they? Security has to start from the device, all the way through the infrastructure and into the back-end systems. But how can you achieve end-to-end security with thousands, if not millions of devices?”
Enterprise cyber security is a noisy market, with tons of established and emerging players, all claiming to provide lock-tight security, and many with big marketing budgets behind them.
As Shahram explains, “At the heart of end-to-end security there are two main principles: firstly, a route of trust, which is usually a hardware security module that sits inside each device. This provides a means for attestation as the device is installed inside the network. And it also provides cryptographic key security credentials that are required for the second principle of cryptographic algorithms. These algorithms then provide a bridge between each device to the back-end services to establish end-to-end security.”
“However, to get these two principles to work together, a customer must go out and buy it piecemeal. There is no all in one solution. So firstly, a customer needs to source lots of different bits and pieces of technology, needs to trust each of those providers, and then, has to knit it all together! That of course increases risk of compromise and increases cost. Can you really trust an anonymous hardware manufacturer in China?”
Crypto Quantique’s solution provides both the hardware as a route of trust, as well as the cryptographic algorithms to bridge to the back-end. A plug and play, end-to-end solution.
“On the hardware side, we didn’t want to go with what is available on the market. We are using quantum effects within silicon semiconductor technology to create a large key space within each chip. It’s only known to that chip, is perfectly random, unique and unclonable. That acts as a route of trust within each device, as well as providing the key materials and credentials without any need for a third party.”
But there are still obstacles to overcome, from a technological as well as a people perspective.
As Patrick says, “We need to make sure all the different components work together, from a chip design software perspective. We need to bring all the members of the team together and make sure they speak the same language. The cycle is also pretty long. Chip design can take 6-9 months. Manufacturing a further three months, not counting any bugs that may come up and send us back to the drawing board. It’s a very lengthy process.”
The difficulty of harnessing quantum effects on silicon meant a journey to hell and back for the engineering team to come up with innovative circuits.
“One of the interesting points of our team is that we believe cyber security for IoT is a multi-dimensional problem that needs to be solved from multiple perspectives," says Shahram. “But what you see in the market is people just attacking it from their singular perspective and fixing one facet of the problem. A software company solves software issues. A hardware company, hardware issues. What they don’t tell you is that these are just some facets of the issue.”
Crypto Quantique decided to take a different approach with their team.
“Our team is a combination of electrical engineers (chip designers), cryptographers, and quantum physicists. Which is very cool as is represents each facet of the problem, but presents other challenges! We talked about getting everyone to speak the same language, you can imagine that challenge with three highly intelligent groups of people, each with their approach to the problem all needing to get on the same page!”
As all entrepreneurs know, building the team and finding the talent is critical. Get the right people in and the rest starts falling into place.
“Given the great universities in London, and the software scene, finding software developers and cryptographers wasn’t too hard. Finding experienced chip designers however is another story. Semiconductors aren’t a strength of the UK, and it’s taken us a lot of time to find the right people. Luckily, being in London is a real draw for young talent.”
There’s been a lot of hype surrounding quantum cryptography, news about “unbreakable codes”, and the ability to hack any device. But what is the reality of where the industry is?
“Enterprises need standards. Right now, we don’t have quantum cryptography standards for industry. There are some for quantum key distribution (QKD) and post-quantum cryptography, but unless we have proper standards, I don’t see wide scale industrial adoption. The other aspect is the practicality of running QKD. If you want to take advantage of this “unbreakable” encryption you need the right network in place, and due to the complexity, I don’t see industry using it. Companies working on QKD are pivoting to adapt the technology to what is usable now.”
“QKD is relying fully on quantum effects to exchange random numbers to remote parties. To work, it needs to have its own dedicated network. The devices are big, so you can’t put it in your smartphone for example, or in sensors. In our scenario, we wanted the chip to be available within any device. Because of that we compromised on the pure quantum effects. We are still working with quantum effects, but our device is not a pure quantum solution. But it is reliable, and it can be integrated into all devices. It solves real-world problems. And it is ready to use!”
“A further benefit is the way we have designed the chip is that it is hardware agnostic, so you can pair it with whatever you want!” adds Patrick.
It’s now time to move into the market, talk to customers and run pilots. Given the size of the IoT market, it’s easy to imagine a great deal of interest from prospective customers for the technology that Shahram and Patrick have built.
If you have questions or enquiries about this article, please get in touch with me directly: amit.das@alphaevents.com
Visit the Crypto Quantique website at www.cryptoquantique.com