Future proofing the connected world of quantum computing
Society is on the cusp of a new era – the era of quantum computing. By performing calculations based on the probability of an object’s state before it is measured, quantum computers can process exponentially more data than even the most advanced computers. Although these super-fast, super-powerful computers will bring many benefits, they also create new risks. For example, their superior ability to crack state-of-the-art security systems could compromise our digitised world and create new challenges for communications, finance, healthcare and government. Currently, such cybersecurity risks can be managed using Trusted Platform Modules (TPM), a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. However, to mitigate the specific risks posed by quantum computing, a new generation of TPM-based solutions is needed. That is why the EU-funded FutureTPM project is working to develop a Quantum-Resistant Trusted Platform Module (QR TPM). “The FutureTPM project is dedicated to developing the QR TPM solutions needed to ensure the long-term security, privacy and operational assurance of future ICT systems and services,” says Ursula Polessnig, a member of the FutureTPM Coordination Team and an employee at Technikon, an Austrian engineering and research company. “The security of hardware security modules, trusted execution environments, smart cards and the Internet of Things all stand to benefit greatly from the FutureTPM solution.”
A new generation of TPM solutions
Current TPM environments are based on traditional cryptography. The FutureTPM project aims to transition these legacy environments to systems that can provide enhanced security using such QR cryptographic functions as secure authentication, encryption and signing functions. In doing so, the project will essentially transform the host device into a ‘hardened’ security token that could, in theory, remain secure even against the enhanced threats presented by quantum computing. By selecting current state-of-the-art QR algorithms (and designing new ones) for primitives like key management, encryption, signatures, hash functions, message authentication codes and direct anonymous attestation, FutureTPM filled in the perceived gaps in current cybersecurity systems. Researchers then investigated a security threat model for each of these primitives to formalise security properties and provide formal proof. This architecture was then enhanced with detailed threat modelling and risk assessment (during both design- and run-time) functionalities. The result is a holistic TPM-backed solution capable of capturing the strict security and privacy requirements of all deployed edge and infrastructure assets considered in various application domains. “We successfully developed a new generation of TPM-based solutions that incorporate robust and physically secure QR cryptographic primitives,” explains Polessnig. “These solutions will be key to ensuring the long-term security and trust of a range of applications as they transition into the era of quantum computing.”
An architectural blueprint
FutureTPM has provided the first concrete results on how QR algorithms can be implemented in resource-constrained devices (such as TPMs) to build even more secure, decentralised chains of trust. “In doing so, we provided an architectural blueprint on how the next generation of hardware-based security tokens should be designed to provide QR crypto functions, measure and report the behaviour of computing platforms, and securely store data,” adds Thanassis Giannetsos, a researcher at the Technical University of Denmark and technical lead of the FutureTPM project. With the project set to end in December 2020, researchers are currently working to turn their results into standardisation proposals that will further advance the state-of-the-art of cryptography and TPM.
Keywords
FutureTPM, cybersecurity, quantum computing, Quantum-Resistant Trusted Platform Module, QR TPM, Trusted Platform Module, TPM, Internet of Things, cryptography