Monthly Archives: November 2022

Why is #IronCAP the preferred #postquantum #cybersecurity solution?

Unlike regular computers, quantum computers work so quickly that they can crack security measures in seconds – something that conventional computers can take years to do.

Quantum computers exploit the quantum effects to perform memory and processing tasks using qubits, or quantum bits. Because of this, both memory and processing are performed in parallel rather than the traditional serial method. It’s faster than regular computers and may be used to create powerful security technologies.

Quantum computers build upon the principals of quantum mechanics to give us an entirely new way of computing. They operate by taking advantage of quantum mechanics to perform computations, which means they can function on a scale far beyond classical computers. This gives them immense power and speed, which has led many physicists to predict that they will one day replace our current computing methods.

IronCAP X is a post-quantum cybersecurity solution that thwarts cyber attacks from both the classical world of computers today and quantum computers in the future. It is easy to use, with an interface that integrates with everyday email clients. Protecting data has never been more important. The world’s cybercriminals are becoming increasingly sophisticated, using new technologies to breach networks. IronCAP X is designed to protect businesses and individuals against sophisticated cyber hacking by hackers, rogue states or tyrants.

  1. IronCAP provides security against cyber attacks from both the classical world of computers and quantum computers.
  2. IronCAP is easy to use, with an interface that integrates with everyday email clients.
  3. IronCAP has a patent-protected cryptography system

IronCAP X provides easy-to-use, post-quantum cryptography for remote access and VPN applications. Post-quantum cryptography protects against both classical and quantum computers.

You need to act now!

We at IronCAP™ have been trying to educate businesses and individuals that Q-day (the day the first quantum hack is publicly recognized) is around the corner and everybody needs to gear up. Nation states and governments are already at it, how about you? To learn more, visit www.ironcap.ca.

IronCAP™ is our latest innovation for the post-quantum cybersecurity. This patent-protected, post-quantum cryptographic system is based on the Goppa Code-based cryptographic technology. It has embedded our proprietary subclass of (L, G) making it not only more secured but also has faster cryptographic operations (key generation, encryption, decryption) than the traditional Goppa Code-based technology (McEliece). We are offering a live demonstration for the general public to try and experience the strength of IronCAP™ post-quantum encryption easily. To learn more, visit www.ironcap.ca.

#CyberAttacks Have No Boundaries

There are cyberattacks on corporations and government bodies daily. We have all heard of the famous Twitter hack where a number of high-profile politicians and tech leader accounts were hacked to scam people into transferring their cryptocurrency. Blockchain and cryptocurrency are not immune to hacking. A family of malware, KryptoCibule, has been stealing cryptocurrency from users since as far back as December 2018, as per security firm ESET.

Quantum computing is now accelerating rapidly into commercial applications and that unfortunately will also include quantum hacking. The good news is that IronCAP has already successfully built a quantum-safe encryption that protects you from pre-quantum and post-quantum threats.

Clearly, cryptography is the key and quantum-safe encryption is the bulletproof vest for your data. Your traditional computers are not quantum-safe and cannot withstand the power of quantum hacking.  BUT IronCAP’s patent-protected cryptographic technology can make you quantum-safe.

You need to act now!

We at IronCAP™ have been trying to educate businesses and individuals that Q-day (the day the first quantum hack is publicly recognized) is around the corner and everybody needs to gear up. Nation states and governments are already at it, how about you? To learn more, visit www.ironcap.ca.

IronCAP™ is our latest innovation for the post-quantum cybersecurity. This patent-protected, post-quantum cryptographic system is based on the Goppa Code-based cryptographic technology. It has embedded our proprietary subclass of (L, G) making it not only more secured but also has faster cryptographic operations (key generation, encryption, decryption) than the traditional Goppa Code-based technology (McEliece). We are offering a live demonstration for the general public to try and experience the strength of IronCAP™ post-quantum encryption easily. To learn more, visit www.ironcap.ca.

Disruptive #Cyberattacks could easily cripple a nation

Energy supplies and critical infrastructure is not immune from attack!

On May 7th, 2021, Colonial Pipeline, the largest American oil pipeline system that carries 2.5 million barrels of fuel a day delivering 45% of what is consumed on the East Coast of the United States, was shut down by a ransomware attack.

The only surprise – is that anyone is surprised! First the SolarWinds and now this blatantly demonstrates the weak cybersecurity of critical national infrastructure. One thing is certain that we need a more advanced approach towards cybersecurity.

Ever since the Colonial Pipeline ransomware attack has become public knowledge, there has been panic fuel buying in the East Coast of the United States.  Fuel prices have creeped up across the country, and 17 US States and Washington DC have declared states of emergency. CTV news quoted U.S. President, Joe Biden, “We need to invest to safeguard our critical infrastructure.” And Energy Secretary, Jennifer Granholm, said the attack “tells you how utterly vulnerable we are” to cyberattacks on the U.S. infrastructure.

Cyber threats are real and can turn catastrophic with the arrival of quantum computing.  We can prevent these crippling cyberattacks by updating our approach to cybersecurity – becoming quantum-safe.

You need to act now!

We at IronCAP™ have been trying to educate businesses and individuals that Q-day (the day the first quantum hack is publicly recognized) is around the corner and everybody needs to gear up. Nation states and governments are already at it, how about you? To learn more, visit www.ironcap.ca.

IronCAP™ is our latest innovation for the post-quantum cybersecurity. This patent-protected, post-quantum cryptographic system is based on the Goppa Code-based cryptographic technology. It has embedded our proprietary subclass of (L, G) making it not only more secured but also has faster cryptographic operations (key generation, encryption, decryption) than the traditional Goppa Code-based technology (McEliece). We are offering a live demonstration for the general public to try and experience the strength of IronCAP™ post-quantum encryption easily. To learn more, visit www.ironcap.ca.

#QuantumComputers are here and available for anybody to use

Could Quantum Hacks be the “Cyber Pearl Harbor”?

It’s a known fact that quantum computers are here and readily available for anybody to use. You read that right! They’ve arrived – the world’s first portable #quantum computers from #SpinQ. They’re not cheap, find out more at: http://spinquanta.com

Back in 2019, IBM had already unveiled their first commercial quantum computer.  In the same year, Google claimed quantum supremacy, and even Amazon offered their quantum computers for the public to use via their cloud service BRAKET.  In the summer of 2020, Honeywell announced that their quantum computers were superior to IBM’s and Google’s.  They also claimed they would increase their quantum volume 10X each year.  In December 2020, China’s University of Science and Technology announced their version of quantum computers claiming a million times faster than IBM’s and Google’s.  It’s evident that the global quantum computing race has begun some time ago already.

All of the above is just information available to the open world.  We have no idea what the closed world (i.e. national level) entails. Every day we hear news on cyberattacks at companies or government agencies that seemed unreachable before.  A quantum hack could have very well arrived quietly.  What do you think about the SolarWinds hack? The ransomware attack on the US JBS meat processing company and the Colonial Pipeline? The list goes on. Still got doubts? Here are what industry experts said at our latest quantum-safe readiness webinar.

Florin A. F., Director of CGI Innovation Center Montreal said, “…We think quantum computing is in the future and is a future risk. The reality is that every and each document that is stored today somewhere on a system for a financial institution is actually a potential document that is under attack…”

Asif Qayyum, Managing Director, Digital Security Risk & Controls at PwC Canada said, “…However one thing is for sure that everyone is realizing that the Q-day might have already occurred …..and because a breach that could have happened or a database which is encrypted but lying somewhere there, as soon as that readiness or availability of technology comes into the hand of these adversarial players that is going to explode multi-fold…”

These are just a little excerpt from the valuable insight these leaders provided at the webinar. You can watch the complete webinar here: https://www.youtube.com/watch?v=uy0el3lCosU

It’s believed that quantum hacking is approaching fast. This will render all the current encryptions vulnerable and hence make internet data, banking transactions, emails and etc. defenseless. We CANNOT emphasize enough on the urgency to upgrade the entire digital world to become quantum-safe.

You need to act now!

We at IronCAP™ have been trying to educate businesses and individuals that Q-day (the day the first quantum hack is publicly recognized) is around the corner and everybody needs to gear up. Nation states and governments are already at it, how about you? To learn more, visit www.ironcap.ca.

IronCAP™ is our latest innovation for the post-quantum cybersecurity. This patent-protected, post-quantum cryptographic system is based on the Goppa Code-based cryptographic technology. It has embedded our proprietary subclass of (L, G) making it not only more secured but also has faster cryptographic operations (key generation, encryption, decryption) than the traditional Goppa Code-based technology (McEliece). We are offering a live demonstration for the general public to try and experience the strength of IronCAP™ post-quantum encryption easily. To learn more, visit www.ironcap.ca.

ISACA Now – The #QuantumComputing Threat: Risks and Responses

The Quantum Computing Threat: Risks and Responses

Editor’s note: The ISACA China Hong Kong Chapter hosted a recent webinar on the topic “Quantum Threat: Risks and Response.” The event, moderated by Michael Yung, strategic advisor, Google Cloud, featured panelists Andrew Cheung, president/CEO, 01 Communique Laboratory Inc., Samuel Sinn, partner, digital transformation advisory services, PwC China and Hong Kong, William Gee, advisor, innovation and digitalisation, PwC China and Hong Kong, and Welland Chu, alliance director, Thales. The webinar included more than 130 online and onsite participants from a variety of backgrounds, including government officials, regulators, large corporates, and more. Below is a summary of the insights shared from the panel:

Michael: Quantum computing promises to change the world through many groundbreaking applications. At the same time when the world is already grappling with cybersecurity issues daily, such as data breaches, ransomware and more, will the arrival of quantum computers make matters worse?

With the focus on the quantum threat, our expert panel will share with us their views as well as how we shall respond to this threat. We will discuss the following topics:

  • What is quantum computing?
  • Implications to today’s cybersecurity practices and why these matter?
  • Who is most at risk and how can we implement Post-Quantum Cryptography (PQC) in the real world?
  • What can corporate leaders do today to mitigate the risks and what solutions are available now?

What is quantum computing?

Samuel: Classical computers are fundamentally based on the on/off states of switches called bits, while quantum computing is based on the nature of quantum entanglement and superposition. In simple terms, quantum computers allow on/off at the same time so that it is behaving like having millions of classical computers working in parallel to collectively solve the same problem.

Alongside any huge breakthrough in technology brings new risk: Quantum computing, with its unique powers, will render today’s encryption technologies obsolete. Since these encryption technologies formed the security bedrock of all digital activities today, our day-to-day functions such as financial transactions, money transfers, data protection, etc., would be impacted.

There is no 100 percent secure encryption in the world; we consider an encryption algorithm “safe” if the time required to break it is longer than the average lifespan of a human. With quantum computing, many of the encryption algorithms we rely on today would become unsafe overnight.

Andrew: Today’s encryption is based on prime number factorization, which is easy one way but extremely difficult in reverse.  It just takes milliseconds to multiply two very large 250-digit prime numbers to give a very large semi-prime number, but it will take over 150 years to do the reverse to brute force all the combinations. In the last 40-plus years, the strategy to keep ahead of advances in computation power is simply to extend the key size. The emergence of quantum computing made this approach ineffective: regardless of the key size, quantum computers can reduce the time to crack certain encryption algorithms from hundreds of years to merely seconds.

Implications and why we should care now

Welland: In 2019 Google reported that its 53-qubit Sycamore processor had completed in 3.3 minutes a task that would have taken a traditional supercomputer at least 2.5 days. In 2021, IBM announced Eagle, a 127 qubits processor, and that by 2023 a quantum processor with >1,000 qubits would be available. Major technology providers like Microsoft and Amazon have also started to offer quantum computers and simulators on their cloud services platforms. The global enterprise quantum computing market is estimated to grow at a CAGR >33%, reflecting the resources that are being directed into this field.

William: The race to “quantum supremacy” will significantly compress the development timeframe of quantum computers, and the availability of quantum computing capability in the cloud will not only further advance developments but also mean that bad actors could also easily access this technology. While there is still debate over when “Q-Day” will arrive, this is becoming less relevant when increasingly hackers adopt a “grab and wait” strategy by simply stealing the data first and decrypting once they can get hold of the cracking tools.

Who is most at risk and how we should implement PQC?

William: Asymmetric cryptographic systems are most at risk, implying that today’s public key infrastructure that form the basis of almost all of our security infrastructure would be compromised. That being said, the level of risk may be different depending on the data to be protected – for instance, a life insurance policy that will be valid for many years to come; a smart city that is built for our next generation. Similarly, the financial system, both centralized and decentralized, may have different vulnerabilities. For this reason, post-quantum security should be addressed as part of an organization’s overall cybersecurity strategy. It is of such importance that both the C-suite and the board should pay attention.

While blockchain-based infrastructures are still considered safe, being largely hash-based, transactions are digitally signed using traditional encryption technologies such as elliptic curve and therefore could be quantum-vulnerable at the end points. Blockchain with quantum-safe features will no doubt gain more traction as NFTs, metaverse and crypto-assets continue to mature.

Finally, the unique features of quantum computers is such that one would not use these for tasks such as word processing, thus implying that classical computers and quantum computers will likely co-exist for some time, making it even more important for everyone to address this quantum threat.

Welland: Companies and experts in the cybersecurity space have joined forces to combat this imminent threat. One aspect to note is the time needed to standardize cryptography in a global context: many of our audience may still remember the duration and effort taken to migrate 3DES to AES two decades ago!

It may be decades before the community replaces most of the vulnerable public-key systems currently in use today with new post-quantum cryptography. In the cybersecurity world, we should establish a robust set of preventive controls from enhancing awareness to taking a range of precautionary, detective and corrective measures so as to minimize the impact of the quantum threat.

What can be done today and what solutions are available?
Andrew: Many international organizations such as The National Institute of Standards and Technology (NIST); European Telecommunication Standards Institute (ETSI); PQCrypto; SAFEcrypto; and CREST Crypto-Math have been taking actions to find and recommend the next generation of cryptographic systems that are safe against quantum computers.

NIST started in 2016 with five categories of technology and a total of 82 candidates. Earlier in July, NIST announced the first four candidate algorithms that have been selected for standardization and four additional algorithms will continue into the next round. The final announcement of NIST PQC standard will likely to be in 2024.

It is important to note that the single most important factor on the robustness of an encryption method is how long it has been time-tested without a cracking theory because all encryption algorithms are safe until such a cracking theory is discovered.

Given the pace of technological advancement, going forward, “crypto-agility” – the ability of an organization to change cryptographic algorithms quickly to adapt to evolving security landscape – will be critical. A handful of forward-thinking companies have been taking meaningful actions by creating the API and solutions based on the remaining candidates of NIST.  This means, on day 0 when NIST announces the final recommendations, there will be a solution that companies can use the next day, rather than having to wait another few years for the tools to be developed.

Final thoughts

Andrew: There are quantum-resistant solutions available today that comply with industry standards such as PKCS#11, OpenSSL, but are not yet openly endorsed. This is still way better than standing naked in front of the quantum threat.

Samuel: Business leaders should address the quantum threat at the earliest opportunity. Rapid transition to new information security technologies are unrealistic as much of our infrastructure and network systems today are interconnected, often on a global level. Responding to the quantum threat will require significant infrastructural, cultural and procedural change, as well as funding on a scale that has not seen since the Y2K threat.

Welland: Stay agile and be flexible. Ensuring adequate protection for the future while complying with today’s standard is crucial for any business to keep up with compliance and regulatory requirements. There is a need to deploy applications and network equipment that are able to accommodate both pre-quantum and post-quantum cryptography at the same time, with the ability to switch swiftly to a different algorithm as the need arises.

William: Know your data and information assets that you need to protect, and take a risk-based approach to achieve a balance between cost and security. Plan ahead while remaining flexible as preparations need to be highly responsive and dynamic given the pace of technological advancement.

You need to act now!

We at IronCAP™ have been trying to educate businesses and individuals that Q-day (the day the first quantum hack is publicly recognized) is around the corner and everybody needs to gear up. Nation states and governments are already at it, how about you? To learn more, visit www.ironcap.ca.

IronCAP™ is our latest innovation for the post-quantum cybersecurity. This patent-protected, post-quantum cryptographic system is based on the Goppa Code-based cryptographic technology. It has embedded our proprietary subclass of (L, G) making it not only more secured but also has faster cryptographic operations (key generation, encryption, decryption) than the traditional Goppa Code-based technology (McEliece). We are offering a live demonstration for the general public to try and experience the strength of IronCAP™ post-quantum encryption easily. To learn more, visit www.ironcap.ca.