public sector security for the quantum era
- High-performance network encryption with certified randomness source for encryption keys
- Quantum cryptography or QKD
- Quantum key generation platform for highly secure crypto-operations
- Proven Swiss security
- Uncompromisingly high performance
Governments need to transmit large amounts of confidential data securely, both internally and on a global scale. A top priority is to protect against ever more technologically advanced cyber-attacks and the growing threat of leaks. The most effective way to ensure the confidentiality and integrity of data in transit is through encryption. But governments have an even more complex task – they are required to keep certain classifications of data secret for long periods of time – usually up to a decade. This means that the crypto algorithms employed today must be valid for at least the next 10-15 years.
The task of long-term data protection is rendered even more complex by the advent of the quantum era when, in the next decade or so, the massive computational power of quantum computers will render much of today’s encryption unsafe. This means that governments have a limited time frame to move to “quantum-safe” crypto solutions, and moreover, that they need to deploy such quantum-safe solutions already today.
IDQ’s government solutions provide quantum-safe cryptography and are designed and built to protect mission-critical data which has long-term sensitivity and value.
IDQ’s quantum key generation platform offers best practices in key generation for highly secure crypto operations requiring proven and certified randomness (entropy). At the heart of the key generation is the Quantis quantum random number generator (QRNG) which has passed numerous government certifications and is validated under AIS 31 testing. These QRNGs are used to ensure truly random encryption keys for use in IDQ’s encryptors. They also generate keys or tokens for other security applications and crypto operations, such as authentication, digital signatures, secure access control, etc.
The Centauris encryption platform provides high-performance layer 2 encryption (Ethernet & Fibre Channel). It can be deployed today and upgraded to quantum cryptography through the addition of the Cerberis Quantum Key Distribution (QKD) server in the coming years. This ensures provable forward secrecy as well as investment protection far into the future.
For governments encrypting at layer 2 has huge advantages over traditional IPSEC encryption for a number of reasons. Firstly encrypting at Layer 2 masks the entire IP packet, thus hiding important information about the network architecture and IP addresses.
Layer 2 encryption also allows traffic masking which obscures the amount of information sent over the network – an important feature for governments where the amount and frequency of traffic between different parties on the network may provide information to enemies about planned actions. Finally, layer 2 encryption provides much better network performance than IPSEC, with no encryption overhead, minimal latency and “set and forget” functioning.
FIPS and Common Criteria level security certifications ensure both physical protection of the appliances as well as best-practice encryption key management processes and access controls. Separation of duties and other security policies can be applied and enforced through the management interface – for example there can be a separation of roles between the network and security teams within each ministry or agency.
In addition IDQ provides open platform encryption platforms where governments can include their own approved key management schemes and even proprietary encryption algorithms.
IDQ works with government agencies and public administration clients all over the world, securing everything from data transfer during elections to inter-ministry datacentre and backbone connections.