Building a quantum-secure future – Why the financial services sector need to upgrade their network infrastructure

2023/05/08 Toshiba Clip Team

  • Quantum computers, able to decrypt sensitive data currently being transmitted across ordinary networks, have the potential to threaten the security underpinning today’s digital economy.
  • Sensitive data is being ‘harvested’ from networks vulnerable to eavesdropping so quantum computers can decrypt it at a later date. Industries whose data is both sensitive and long-lasting – such as financial services – are particularly at risk from these attacks.
  • Only by transitioning to a quantum-secure network can organisations protect their data both now, and in the future.
Building a quantum-secure future – Why the financial services sector need to upgrade their network infrastructure

The arrival of powerful quantum computers promises to be a milestone moment, with the potential to disrupt computing as we know it. Many of the fundamental principles of cybersecurity we rely on will be undermined, threatening the security of information online.

 

It’s a development that should be of particular concern to industries with highly sensitive and long-lasting data, who will be at a greater risk of exploitation by attackers.

 

The only solution? Quantum secure networks, which are able to protect data from interception and decryption, even by quantum computers.

 

The adoption of these networks supports the UN’s SDG goal nine – the development of quality, reliable, sustainable and resilient infrastructure. Quantum networks, more resilient against eavesdropping attacks, are the only method of data transmission provably secure against quantum computers.

Understanding the quantum threat

Today’s digital economy is underpinned by the security of standards such as Public Key Cryptography (PKC), which has so far been successful at encrypting data against current threats. Decryption requires computations such as factoring very large numbers, which – although possible – would take a classical system a huge length of time to complete.

 

During the 1990s, an algorithm developed by mathematician Peter Shor was the first to demonstrate that the underlying physics of quantum computers meant they could exploit novel mathematics to perform this task many orders of magnitude faster than a classical system.

 

In short, he proved that quantum computers could bypass current security algorithms in mere seconds. At that point, the industry realised it would have to replace today’s standards with a new generation of security designs – ones which would be resistant to quantum computers.

Destabilising the financial sector

“Quantum technology creates new and significant opportunities for business, but presents potential risks.”

 

This, from EY’s (Ernst & Young) Managing Partner for TMT, Praveen Shankar, succinctly summarises the double-edged sword that quantum developments represent for organisations.

 

Praveen Shankar, Managing Partner for TMT, Ernst & Young

Praveen Shankar, Managing Partner for TMT, Ernst & Young

Even though malicious actors don’t have access to quantum computers today, there’s widespread evidence that attackers have already begun to collect large amounts of encrypted data, storing it until a quantum computer becomes available to unlock it.

 

These attacks are known as harvest now, decrypt later. They’re evidence that the mere potential existence of quantum computers puts today’s data at risk.

 

Harvest now, decrypt later attacks exploit the fact that important data such as financial information or military secrets age slowly, and would therefore remain useful to an attacker for many years.

 

It means that the most vulnerable organisations – like banks, or government departments – are likely already being targeted, the attacks indistinguishable from other encrypted data interceptions.

 

The risk for organisations isn’t simply that the point at which quantum computers are able to break PKC is drawing near. There is also a significant threat that, when such a breakthrough is made, it might not be publicly announced. This would give the owner of the quantum computer an invisible advantage – one that the industry wouldn’t know they had to protect themselves against.

 

Even the unconfirmed possibility that this has happened could prove destabilising to the financial sector, as organisations, shareholders and regulators all scramble to find out if supposedly-secure sensitive data is really still safe.

 

The key defence against this uncertainty is to be proactive – and ensure that networks are protected by quantum-safe encryption well in advance of such a breakthrough being made.

Becoming quantum safe

Addressing the quantum risk requires the development of new encryption algorithms able to resist quantum computers. The resultant encryption keys must be resistant to being cracked by a quantum computer, making the data itself hard to decrypt. The keys themselves must then be distributed in a secure manner across a network, safe from eavesdropping attempts.

 

“Quantum secure data transmission represents the next major leap forward in protecting data,” explained EY’s Praveen Shankar, “[which is] an essential component of doing business in a digital economy.”

 

Quantum Key Distribution (QKD) is an example of such a quantum secure method of data transmission, and can be used today to distribute ultra-secure encryption keys – creating networks which can respond to the quantum threat digital businesses are facing.

 

Toshiba’s Quantum Key Distribution System

Toshiba’s Quantum Key Distribution System

Unlike RSA (the most common algorithm today), which utilises mathematical principles, QKD security is underpinned by fundamental physical laws. Each bit of key material is encoded using a sequence of photons in random states or qubits and, due to the nature of measuring quantum systems, any attempt to intercept these photons disturbs the encoding of their states.

 

This alteration reveals eavesdropping attempts, discards the current key, and restricts a new key from being successfully created until the eavesdropping stops. This makes QKD a highly-secure method of data exchange, provably secure even against quantum computers.

 

Toshiba’s QKD is a mature technology, the result of two decades of research. It is underpinned by proprietary technology that make it world-leading: running across longer distances than competitors, or deploying over existing fibre networks.

Quantum security in action: The QSMN

In 2022, EY became the launch customer for the Quantum-Secured Metro Network (QSMN), the trial of a world first commercial QKD network built using Toshiba QKD hardware and key management software across BT’s fibre network.

 

The Quantum-Secured Metro Network in London

The Quantum-Secured Metro Network in London

“Quantum secure data transmission represents the next major leap forward in protecting data, an essential component of doing business in a digital economy. Our collaboration with BT is a great example of how we are applying our value ‘create together’ in delivering real innovation that will add significant value to business and to the quantum economy in general.

 

The London network represents an important step to building a national network for quantum secured communications, which will stimulate the growth of a quantum ready economy in the UK.” explained Andrew Shields, head of the Quantum Technology Division at Toshiba. “That’s why the QSMN trial is so significant; it’s the first step for organisations to begin “securing the data now.”

 

Andrew Shields, Head of the Quantum Technology Division, Toshiba

Andrew Shields, Head of the Quantum Technology Division, Toshiba

The QSMN offers a range of quantum-secured services, including dedicated high bandwidth end-to-end encrypted links over a large metropolitan area. Currently, the network is a point-to-point fibre connection which links to EY’s internal Ethernet network, and as well as QKD, it utilises a classical encryptor based on AES 256 symmetric keys (replaced every minute). EY is sending test data over the network to gain insight into its real-world throughput and latency.

 

Howard Watson, CTO at BT, explained why such trial networks are so vital: “Quantum-enabled technologies are expected to have a profound impact on how society and business operates in the future, but they are remarkably complex to understand, develop and build: in particular, ensuring that the end-to-end service designs meet the stringent security requirements of the market.”

 

Howard Watson, CTO, BT

Howard Watson, CTO, BT

In short, trial networks such as the QSMN not only offer a vital platform for real-world learning, but a hub around which financial organisations can build quantum-aware teams and test their market fit.

 

For EY, it’s also a chance to demonstrate their proactive approach to customer security. Data sent across the QSMN is protected from quantum threats, which means their partners are not at risk of harvest now, decrypt later attacks.

 

The London trial network creates a powerful message – to potential threats, to the industry at large, and to EY’s customers – that the UK is ready to adopt quantum secure methods. It represents an important step towards building a national network for quantum secured communications, which will stimulate the growth of a quantum ready economy in the UK.

 

“This is the kind of innovation that helps cement the UK as a global innovation economy in the vanguard of discovering, developing and commercially adopting transformational technology with real societal benefits,” said George Freeman, Minister for Science, Research and Innovation, HM Government.

 

For vulnerable financial institutions, the success of the trial network should be a cause for optimism. QKD will continue to play a fundamental role in protecting sensitive data and securing customer trust for years to come.

Taking steps towards safety

Committed to People, committed to the Future, Toshiba is developing solutions that protect the security of people and organisations from developing threats.

 

The quantum era is fast approaching. And while nobody knows for sure when quantum computers will reach a dangerous level of availability, the risks associated with quantum computers are far higher for those industries regularly transmitting sensitive data. It’s therefore imperative that organisations in these vulnerable sectors, like financial institutions, begin to adapt to the coming quantum era as soon as possible.

Related Contents