TADSummit Online Conference

TADSummit online Conference, Cavero Quantum Update Symmetrikey, Kevin Graham

Leave a comment

Introduction

In this session we discuss with Kevin:

  • Non human identity in a quantum world;
  • Preparing for quantum threats and crypto agility; and
  • Authentication challenges facing the marketplace today.

Back in November last year (2024) Kevin and I discussed, “Is Security in Programmable Communications ready for the post Quantum Era?” Since then, quantum computing has rapidly become mainstream, with announcements from Google, Microsoft, and trials between carriers and their technology partners. In addition, the world has become much more divisive, where America is viewed as a less reliable partner.

Latest on PQC

Post-quantum cryptography (PQC) has moved from an ‘on the horizon issue’. To requiring specific actions by next year. Hence why Cavero exists. Terms like quantum agility are used, which covers the plan from today’s encryption through steps towards PQC.

The EU Commission released this week, “A Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography.” Some of the recommendations include:

  • Coordinated implementation roadmap for the transition to Post-Quantum Cryptography by April 2026.
  • For high-risk use cases, quantum-vulnerable public-key mechanisms shall not be used stand-alone after the end of 2030,
  • analogously after the end of 2035 for medium-risk use cases.

What this means is not just governments, financial services, and security / identity companies worrying about protecting secrets, but enterprises large and small depending on their risk exposures need to start planning and moving beyond the usual AES (Advanced Encryption Standard) towards post quantum cryptography. This transition and the protections applied is referred to as crypto agility.

Symmetrikey

The update from Cavero, announced in February is Symmetrikey. Symmetrikey, an encryption and authentication protocol based on Ring Learning With Errors (RLWE). Unlike traditional cryptographic techniques that rely on the complexity of mathematical problems, Symmetrikey introduces a new paradigm—one that is provably secure against both quantum and classical adversaries.

A defining aspect of Symmetrikey is its built-in two-way endpoint authentication mechanism. Where traditional encryption methods do provide authentication capabilities, that authentication is usually only one way. It’s the equivalent of your bank calling you up and asking you to verify your identity, while not verifying their identity at any point. Symmetrikey solves this problem by using the keys to make the authentication two-way.

Its extensible supporting today’s applications like SIM (Subscriber Identity Module), credit cards, and IOT that are lightweight and software based, all the way through to heavy weight PQC.

PQC Use Cases

I questioned on the IOT applications, here there needs to be a move to continuous authentication, that is zero trust. We covered this with Stefan Kostic of IPification a couple of weeks ago. Not doing it just once, rather ensuring devices in the field remain secure.

The discussion moved onto power grid devices, and the risks exposed there as attacks can come from agents, not bots for DDoS, rather a more intelligent, targeted and distributed attacks on critical infrastructure that is not within the closed power distribution side, rather on the customer side. This brought Kevin to the massive gap in protecting non human identities, and how symmetrikey provides a framework to adapt / improve based on the continuous discoveries criminals make in exploring attack surfaces.

The small power failure example I gave brought us onto the Spanish power grid failure from April. And the importance of the infrastructure protecting against such failures. Using the US example of diesel generators and passive optical networks to keep access and wireless infrastructure up. With that infrastructure providing a mechanisms for continuous authentication, and hence the workflows to maintain security.

Kevin brought up the classic push-pull of deliverability, security and user experience. How this has become much more dynamic. The past was a security band aid was applied that wasn’t too difficult for the customer. But the world is now much more complex, hence the rise in crypto agility.

Wrapping up, Kevin highlighted how the first telco to declare they are quantum safe will fundamentally change the market. Can any business afford to operate over a the network that can expose its secrets?

Leave a Reply

Your email address will not be published. Required fields are marked *