Check out all the on-demand sessions from the Intelligent Security Summit here.
Designing zero trust into silicon and producing hardware-based security at the chip level is delivering on the promises quantum computing made years ago.
But, the core technologies based on quantum computing — quantum bits or qubits — are too noisy to provide the telemetry data that endpoint detection and response (EDR) and extended detection and response (XDR) need to operate at scale in an enterprise. Even with cybersecurity vendors exploring quantum computing to capture and interpret weak signals, the technology continues to be impractical for mainstream cybersecurity use today.
Quantum computing needs a cybersecurity use case
If quantum computing is going to help solve cybersecurity challenges, it must increase the stability, speed and scale in identifying weak signals and stopping breaches while also providing real-time data from powerful algorithms. A recent Financial Times article, “Hype around quantum computing recedes over lack of practical uses,” critiques Chinese researchers’ claims of defeating RSA encryption using quantum computers, a technology attainment predicted to take a decade or longer.
>>Don’t miss our special issue: The CIO agenda: The 2023 roadmap for IT leaders.<<
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
The article analyzes why claims are improbable. One of the most noteworthy insights is how quantum computing’s current state of qubit technology is too noisy for error correction. The article states, “the quantum bits, or qubits, used in today’s machines are highly unstable and only hold their quantum states for extremely short periods, creating “noise.” As a result, “errors accumulate in the computer, and after around 100 operations there are so many errors the computation fails,” Steve Brierley, chief executive of quantum software company Riverlane, told the Financial Times.
Late last year, H.R.7535, the Quantum Computing Cybersecurity Preparedness Act, was passed. The act “addresses the migration of executive agencies’ information technology systems to post-quantum cryptography. Post-quantum cryptography is encryption strong enough to resist attacks from quantum computers developed in the future.”
CISOs and CIOs are likewise concerned about how quantum computing could potentially be used to render their authentication and encryption obsolete, leaving their infrastructures exposed. Those types of strategic threats make hardware-based security with zero trust designed from first silicon all the more attractive and trusted.
What is hardware-based security?
Gartner defines hardware-based security as the “use of chip-level techniques for protecting critical security controls and processes in host systems independent of OS integrity. Typical control isolation includes encryption key handling, secrets protection, secure I/O, process isolation/monitoring, and encrypted memory handling.”
Hardware-based security is quickly emerging as table stakes for securing an enterprise by providing safeguards against various cyberattacks ranging from ransomware to sophisticated software supply chain intrusion attempts. With features like confidential computing, encrypted VMs and containers, enterprises are beginning to put more trust in hardware-based security. With all hardware security vendors either currently providing or finalizing zero-trust support in their silicon, hardware-based security is gaining greater adoption in enterprise data centers.
Microsoft’s recently published Windows 11 Security Book: Powerful Security from Chip to Cloud explains how Windows 11 enables zero-trust protection. The operating system supports chip-level zero-trust security that guards against privileged access, credential theft and many other attack scenarios.
“Credentials are protected by hardware and software security layers such as Trusted Platform Module 2.0, Virtualization-based Security (VBS), and Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device,” according to the report.
The lengthy publication provides examples of how Microsoft collaborates with a broad base of chipset manufacturers, all focused on providing hardware-based zero trust.
“I believe the zero-trust concepts shouldn’t stop at the network or system,” writes Martin G. Dixon, Intel fellow and VP of Intel’s security architecture and engineering group. “Rather, they can be applied down inside the silicon. We even refer to infrastructure on the chip as a network or ‘network on a chip.’”
One of the most compelling aspects of the latest hardware-based security silicon development generation is its support for zero-trust security. Upgrading servers across a data center with the latest generation of hardware-based security chipsets and silicon-based products opens up the opportunity to enable hardware-based authentication and encryption, two core goals for many zero-trust security frameworks and initiatives.
Leading vendors providing hardware-based security in silicon or working on R&D projects in this area include Amazon Web Services (AWS), AMD, Anjuna, Apple, Bitdefender, Fortanix, Google, Intel, Microsoft, Nvidia, Samsung Electronics and many others.
Four areas where quantum computing is falling short
Inflated claims of what quantum computing could deliver for cybersecurity created great expectations. But for all its computational power, there are four weaknesses that quantum computing has that are leading enterprises to put more trust in hardware-based security.
Qubit technology continues to be too noisy for error correction
As the number of qubits in a quantum computing use case increase, managing errors becomes more challenging. Qubit errors occur when the state of a qubit is disturbed by external factors such as noise, temperature or electromagnetic interference. These errors can cause the computation to become unreliable and produce random noise, limiting the number of steps a quantum algorithm can perform.
This is a significant problem for quantum computing in cybersecurity, as it reduces the accuracy and reliability of computations. With the leading cybersecurity providers’ roadmaps reflecting continued improvements in sensing, interpreting and acting on signal data, quantum computing’s instability in this area is contributing to the growth of hardware-based security.
During his keynote at CrowdStrike’s Fal.Con event last year, CrowdStrike cofounder and CEO George Kurtz said his company’s goal is to “pick up the weak signals on endpoints to understand intrusion patterns better.”
He continued, “and one of the areas that we’ve pioneered is [taking] weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains, and come up with a novel detection. This is much different than, ‘Let’s pile a bunch of data into a data lake and sort it out.’”
External control electronics need greater scale to meet cybersecurity’s challenges
From a cybersecurity standpoint, the problem of scaling quantum computing is closely related to increase in the number of qubits within a quantum chip. As the number of qubits increases, so does the number of control wires or lasers needed to control them. This requires external control electronics, which in turn requires many signal lines to scale.
In the IEEE Spectrum article An Optimist’s View of the 4 Challenges to Quantum Computing, Intel’s director of quantum hardware James S. Clarke writes, “Today, we require multiple control wires, or multiple lasers, to create and control qubits. As a result, fan-out is a major challenge for scaling up quantum computing.”
This complexity of scaling quantum computers with multiple control wires or lasers can make it challenging to implement and maintain security protocols in quantum computing systems, which is crucial for cybersecurity. As a result of this limitation, hardware-based security is gaining adoption and trust across enterprises.
High-value algorithms don’t provide data fast enough to thwart breach attempts
One of quantum computing’s limitations today is the length of time it takes to access and retrieve data from the highest-value algorithms. This is because quantum algorithms often require superpolynomial time to run, meaning the number of steps increases faster than a polynomial function of the input size. This can make them less suitable for zero-trust security, where quick and efficient telemetry data is required to thwart potential breach attempts.
In the context of zero-trust security, the ability to quickly and accurately measure the output of a computational process is crucial. Zero-trust security is based on the principle of “never trust, always verify,” meaning that even internal network traffic and communications should be closely monitored and verified. With high-value quantum algorithms that have impractical readout times, it may take time to quickly and accurately verify the output of the computation, thereby making these algorithms less suitable for use in zero-trust security systems.
Lack of standardization creates a challenge
The lack of standardization across programming, middleware, and assembler levels can make it challenging to ensure the security and integrity of the data being processed and stored. Compounding that challenge is the need for more knowledge about the application, application stack and environment management among developers and operations (devops) teams. This can result in a need for standardized processes for the development life cycle, making it harder to maintain secure and efficient quantum computing systems.
Given the need for more standardization, enterprises are concerned about vendor lock-in, which is also a significant barrier to adopting quantum computing.
In summary, the lack of standardization across programming, middleware and assembler levels in quantum computing makes it more challenging to ensure the security and integrity of data being processed and stored, making enterprise cybersecurity a significant challenge.
Hardware-based security is rapidly emerging as an attractive option for enterprises seeking to protect their data centers from cyberattacks. Quantum computing cannot (yet) provide the accuracy and speed required for effective EDR, making hardware-based security a more reliable option.
Hardware-based security solutions are designed from the first silicon to rely on zero-trust principles to guard against privileged access credential theft and other attack scenarios.
While quantum computing provides immense computational power, its current state of qubit technology is too noisy for error correction. External control electronics lack the necessary scale. High-value algorithms don’t quickly provide data. And, the lack of standardization makes enterprise cybersecurity challenging.
As a result, hardware-based security solutions are gaining trust in enterprises and providing safeguards against numerous cyberattacks.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.