Evolving Security Trends & Shift Left in Post Quantum Cryptography
Posted 04/14/2023 by Eric Sivertson, VP of Security Business
As we continue to embrace the fast evolving technology in our daily lives, we must also recognize and mitigate the risks that come with it – particularly when it comes to keeping our information secure. Amidst these technological enhancements and challenges, there are two major trends that stand out: Post Quantum Cryptography (PQC) and cyber resilience.
The rapid growth of the IoT ecosystem, fueled in part by the rise of 5G, has created a complex and highly distributed network of devices that are increasingly vulnerable to cyberattacks. This has driven the demand to leverage PQC to ensure systems are both cyber-secure and resilient to future threats. The goal of PQC is to develop cryptographic systems that are secure against attacks generated from both quantum and classic computers and can work alongside existing communications protocols and networks.
At embedded world 2023, Lattice hosted its quarterly security seminar with Dr. Kimmo Jarvinen, CTO and Co-founder at Xiphera, Burkhard Jouer, Sales Director at PQ Shield, Julien Witassek, Managing Director at AMI, and Charles Thooris, Chief Sales Officer at Secure-IC, to discuss how these security trends are impacting system and application design decision making and what solutions are available to help ensure they can evolve with the shifting landscape.
Post Quantum Cryptography and the Path Forward
Although the PQC method is not fully developed, it is becoming more popular and well known. In fact, in July 2022, the National Institute of Standards and Technology (NIST) announced the first algorithms that will be the basis for PQC standards. These first algorithms and standards are an important milestone to ensure sensitive data is secure amidst the development of new cutting-edge technology, but they are just the beginning.
A defined standard is needed before we can begin implementing solutions. Once standards are in place, we’ll see a quick pivot to developing and selling solutions for consumers and businesses alike. Solutions will vary between software and hardware, but each has a specific and essential purpose: software is more flexible and more agile, while hardware allows for higher performance and levels of security. It’s likely that hardware will drive the progression of PQC, but software will still play an integral role as security evolution and flexibility is critical. Ultimately, the adoption of PQC solutions depends on yet-to-come market advancements which will, in many ways, be accelerated through standards processes.
The Rise of Cyber Resilience
Like PQC, cyber resilience is a new concept that’s taking hold from the server world into the embedded world. With cyber resilience, we’re seeing a shift away from the citadel model – utilizing centralized computing and a defined security perimeter (this model is like a castle on a hill where everything inside the walls is safe and controlled). Now, instead, people recognize that cyberattacks are likely to happen and, as such, in addition to having protections against them to make them more difficult to activate against your systems, you must equally be prepared and able to recover when they do. With cyber resilience, every system you have will need resiliency for all components. As a result, many are turning to automated systems that can protect, detect, and recover in real-time.
Even further, with cyber resilience, dynamic Root of Trust (RoT) is key. You must ensure that the most fundamental layer of your security measures is solid and reliable from bottom to top. This creates a system that has a complete chain of trust. Additionally, dynamic RoT products enable developers to manage technology remotely while still having the highest level of security.
The Role of FPGAs in Post Quantum Cryptography and Cyber Resilience
Security has become a non-negotiable for companies regardless of the industry. FPGAs are a natural fit to implement cyber resilient systems enabled with PQC algorithms.
As PQC standards continuously evolve and the demand for cyber resilience increases, FPGAs allow developers to update at fundamental hardware levels in a way that microcontrollers cannot. These updatable adjustments to key low-level RoT feature sets help ensure that, as threats and standards evolve, fielded systems can protect, detect, and recover networks in real-time with latest security algorithms — keeping sensitive data secure amidst growing firmware vulnerabilities and expanding attack surfaces.
To learn more about the growing need for secure technology and the Lattice FPGA solutions available, reach out to the team at Lattice.