We live in an increasingly connected world; one where data protection has become more than just a compliance issue. Prevention technologies like firewalls and anti-malware have proved ineffective against systems breaches, so information security professionals are turning to encryption to help protect the data itself.
Unfortunately, not all encryption solutions provide a suitable level of protection. Encryption is not simply a secure/unsecure equation. The effectiveness of an encryption solution is determined by the strength of the keys it uses. The strength of the key, in turn, is determined by the degree of randomness (entropy) used in its generation. The greater the degree of entropy, the stronger the key.
Watch out for insufficient entropy
A lack of entropy represents a point of weakness in any cryptographic system. Over the past five years we have seen a seemingly endless list of reports highlighting insufficient key strength as a root cause of systems vulnerabilities or data breaches. From weak keys used by millions of web servers and the revelations of the 2017 DUHK attacks to the 2019 Keyfactor research paper: Factoring RSA Keys in the IoT Era, the importance of entropy cannot be understated.
The Keyfactor report is of particular interest as the exponential growth of the Internet of Things has made the data protection landscape infinitely more varied. By 2021 it is predicted there will be over 35 billion connected devices worldwide, and it appears that the IoT faces a unique set of challenges when it comes to generating entropy.
Random number generators
As you might expect, there is a significant difference in performance between random number generation (RNG) technologies. There’s random, then there’s truly random.
RNGs can be broadly categorized as either software or hardware solutions. Software solutions are often referred to as pseudo random number generators (PRNG). If you’re looking for an indication of how random the output is, there’s a clue in the name. They are referred to as pseudo because conventional software isn’t capable of creating true randomness. Hardware solutions offer a greater degree of randomness but, again, not all solutions perform in the same way.
Quantum random number generation
Most hardware RNGs rely upon classical physics to generate randomness. However, classical physics is deterministic. By comparison, quantum physics is inherently non-deterministic.
Quantum RNGs, like the Quantis Range from IDQ, leverage the random properties of quantum physics to generate a true source of entropy, improving the quality of seed content for key generation. In addition, QRNGs have two other major advantages over conventional hardware RNGs. They allow live status checking and are invulnerable to environmental perturbation, further enhancing their random credentials.
A random revolution
The applications for QRNG are many and varied. They are helping to secure the next generation of mobile phone communications, providing long-term data protection for sensitive or personally identifiable information used in financial transactions, securing big data transmitted to and from cloud and datacenter services, even helping to secure the future of V2X communications. QRNG has also huge benefits for applications in computing and financial simulations, as well as in providing instantaneous true randomness for next-generation algorithms.
Although once considered an emerging technology, QRNG has become more mainstream in recent years. The significant rise in real-world applications has come, in no small part, as a result of the miniaturization of the technology. The ability to deliver QRNG in a compact application has led to a surge in mobile and IoT applications. IDQ’s own QRNG chip has been integrated into the ‘Galaxy A Quantum’, a custom edition of the Samsung Galaxy A71 5G smartphone commercialized by SK Telecom, as well as into the new VinSmart Aris 5G Smartphone, providing a new level of personal data security.
In an IoT world, data security extends beyond core systems to the very edge of what has become a virtualized and borderless infrastructure. As the sheer volume and variety of connected devices increases, QRNG is helping to secure mass market consumer applications. It is the security of data passing to and from the billions of connected, user-owned endpoints that has become the key challenge.
VinSmart and SK Telecom are just two of the global organizations pioneering the use of QRNG technology, with applications including mobile communications, PAY and medical data, critical national infrastructure, CCTV networks and next-generation quantum-safe cryptography.
Quantum-enhanced security as a root of trust
As the world transitions into a quantum era, information security professionals need to be confident that the systems they have in place are fit for purpose. Trust plays an essential role in information security. Developers need to be able to rely on the source of entropy that is the foundation of their cryptographic systems. In turn, customers need to have trust in the security and integrity of the systems they are entrusting their data to.
Adding a quantum twist to your crypto systems gives you an easy and painless head start in your organization’s journey to quantum security, strengthening instantly your cyber security posture. Quantum-enhanced security keys are set to become the new normal. Organizations should start implementing QRNG today to better protect their partners and customers’ data, as well as using it as an option to offer additional services.
If you’d like to explore any of the applications of random numbers in more detail, contact us today.