Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm an advisor and analyst with KuppingerCole Analysts. My guest today is Alexei Balaganski. He is the CTO and a lead advisor with KuppingerCole Analysts. Hi Alexei, good to have you.
Hello Matthias, great to be back after a long winter break, I guess.
Right, exactly. But shortly before the winter break, we started a topic that was early November, assume, or late October. We had an episode around quantum computing, post quantum encryption, and the so-called cryptocalypse. And we want to continue that discussion from there because we are getting closer to EIC. But much more importantly, this is really, in some way or the other, really getting this problem is really getting in the ways of those who need to deal with it. We want to talk about authentication in times of post quantum and cryptography. But first of all, for months, you said a long winter break has been quite a while. Why are we talking about quantum and why are we talking about it right now?
Well, of course, we should probably not dive into another deep lecture on what quantum mechanics or quantum computing actually is. Everyone can just go and read and listen to tons of materials online. Just to recap, major risk of quantum computers appearing overnight is that they will be able to break any kind of existing asymmetric encryption. And that encryption is basically a foundation for everything digital in the modern world, from encryption in terms of data protection to strong authentication and financial transactions online and digital signatures and whatnot. So basically, while this topic has been discussed to death over the last years, there is still a lot of people considering it firmly in the realm of science fiction. And I guess you should remind our viewers that no, it's no longer science fiction. It's really almost happening tomorrow. And there are signs for that.
Right. And we want to talk about that in terms of authentication. Of course, KuppingerCole is a bit known for doing identity and access management. So authentication is part of our DNA. And we've been talking about improving authentication as long as I've been with KuppingerCole and much longer. So really we wanted to get rid of passwords. But we were not as successful as we wanted. But now we are in a situation where there are mechanisms around. So what happened with authentication in the recent 10 years, 15 years?
Surely more than that. Again, that claim that password is dead or almost dead or will die tomorrow or as soon as possible has been around for, I would say, at least 30 plus years. I personally remember hearing about that in the last century, if you will. People are already talking about that and promising that, yeah, absolutely, passwords are horrible, they are very weak and inconvenient, and we tend to forget them, and so we tend to write them down on pieces of paper, and those papers are getting stolen. In the end, basically passwords are inherently insecure, and we have to get rid of them as soon as possible. Well, 20, 30 plus years later, we are still not there completely but there has been a lot of progress recently. One of those major developments, of course, was FIDO, you know the FIDO Alliance for strong authentication, standardization. They've done a lot of effort of developing really interesting, reliable standards for password replacements. But more important than that, they've managed to persuade large online service providers like Google, Apple, Microsoft to actually implement those standards. it's taken them a few years, but as soon as... FIDO2 standards were supported by all the major browsers and operating systems. The adoption was growing really fast and right now basically with passkeys, for example, which are native to all the entire Apple ecosystem, as well as Google and some other popular online websites, with passkeys basically you can forget passwords almost forever because they are a much better secure and more convenient alternative. However, as we said earlier, everything about this modern strong authentication, including by the way, biometric authentication as well, hangs upon this notion of prime factorization. Basically, it's an extremely hard mathematical problem, which allows us to create those asymmetric encryption and decryption keys. So when we are going to exchange some sensitive data, I have your public key, you have your private key, so I can send you a secret message and you can decode it with your own key without any unsafe key exchange procedures. It's basically the foundation of modern asymmetric cryptography. And this exactly this problem can be bypassed, if you will, with quantum computers. There are already existing algorithms to crack all modern asymmetric encryption algorithms. You've probably heard about the Shor's methods. The only thing that prevents cryptocalypse now is the fact that there is no really working quantum computer available on the market today. But who knows, maybe it will be tomorrow.
Yeah, and there are lots of announcements every now and then when comes to next advances in quantum computing. So there are things going on sometimes hidden, sometimes marketing, sometimes vaporware, and sometimes really around. What has happened in the meantime in that area?
Well, yes, kind of, the actual quantum race, if you will, kind of stopped or slowed down a little bit in recent years because, of course, of the AI race kind of taking the first position with all the money flowing. But it never stopped, really. mean, you always hear something going on. Just a few months ago last year, we've heard a big announcement from Google with regards to some...quantum computing developments. Now, just a few days ago, we've heard something from Microsoft announcing not just a new chip, but an entirely new way to implement quantum chips. So basically, a different technology to create quantum computers faster and hopefully stronger and more reliable. Because that's the whole point. A quantum computer as a prototype, we can have them today. The problem is essentially breaking faster than they can crack anything. As soon as you have a stable and working quantum computer which can actually do something useful, I am pretty sure the first thing people would run on it would be decrypting other people's sensitive data. And this is exactly what we want to avoid.
So now back to business. We talk to lots of vendors, to customers, to end users who rely like everybody does on strong authentication, on strong mechanisms that protect this authentication process by applying cryptography. So what can you do? What can organizations do? We've convinced them to go passwordless. Everybody tries to convince me every day to say, why don't you want to change your password against the passkey? It's much more secure and you can exchange it via the iCloud keychain, which is encrypted and secure. And from what we've been talking about right now, it's not. So where should we go to? What should we aim at and where should we start?
Well, first of all, the general claim that strong authentication is better than passwords still remains because well nothing can be worse than passwords. Obviously. So having a little bit more security is always better than having no security at all. And again, for the current challenges, we are safe enough. The only question is what would happen tomorrow or next year or whatever. And, how quickly can you adapt? So the whole discussion nowadays is not will quantum computing happen or not or when it will happen because we know it probably will and fingers crossed it won't happen tomorrow but it may very well happen next year. The only question is what to do when it happens. How quickly can you adapt? How quickly can you basically redesign your entire digital business around a new, like radically new...precious end risk of the post-quantum society. And we already know that stuff like this happened probably not at the same large scale, but we've already lived through multiple scenarios when some specific implementations or specific outdated cryptography methods have been deprecated and removed from circulation, if you will, because they were deemed to be not safe enough. The same is going to happen to all the other methods we have now. And the question is, how quickly can we switch to a new generation? This is what we usually call crypto-agility.
We've talked about crypto-agility in the first episode that we did with these few months ago. But how will it look like when authentication is our daily business and we do it all the time when we use services? How will this crypto-agility be applied to our modern authentication mechanisms and how fast can that be and who does it?
Well, first of all, the situation on its own is not tragic. It's not catastrophic because the solution is already out there. I mean, people much smarter than me, the real kind of hardcore cryptography experts have been working hard for over a decade now to create those post-quantum, quantum safe next generation algorithms to replace the existing ones. And they are already there and the American NIST Institute has already standardized them. So they worked for over a decade as well, testing, monitoring, comparing, sending half-baked solutions back to designers. Now we already have an established set of standards and they've even sketched kind of another decade long transition process. How should it be done provided there are no... crisis, are no catastrophes, how would you go about it, implement it at your own convenient pace? They are aiming for about a decade to replace the entirety of current cryptography with the new generation. Again, the only question is can we risk doing it slowly or do we have to prepare for a more catastrophic scenario? This is entirely for every business to decide for themselves because they have to... know their own risks and understand their own risk appetite compared to their budgets and the things they have to lose in case of a cryptocalypse kind of event. The only question is again kind of why should not you start today? And there is no other answer for that. You have to because it's already a little bit too late. You have to start today. You have to start thinking about it today. And you have to... not just be ready to implement this crypto-agility within your organization, you have to think in terms of the entire supply chain, because a lot of those solutions are actually provided by third parties, especially in the whole strong authentication market. You're probably working with a third party for authentication and authorization and biometrics. Well, you have to work with third party biometrics anyway, because those tools are usually... embedded into smartphones and stuff like that. So they have to be crypto agile as well. So in a way, we have to provide some kind of a group or even society level pressure on those vendors to ensure that they are keeping up with all those developments as well. So basically crypto-agility is something where everyone has to do their part.
Right, and you've mentioned that nothing, it's no contradiction, then it should be convenient. We cannot do it with a big bang. So it needs to be something that is a smooth transition, which works with existing systems, but also increases the security of the mechanisms that you're using towards this crypto-agility or this crypto agile state so that we can really improve while we are walking. So, and as you said, the vendors should be there, the standards are there. The algorithms are there. So what should the audience do? What should they do as a customer, as a user of services? Is there a tag now with Crypto Agility? Where to look at?
Well, obviously, like with every other area of cybersecurity, you have to start with discovering classification. You have to know what you have, how good, how flexible all those parts of your entire IT infrastructure are, how agile they are, how much technical debt you have, and basically, you can design your risk strategy around it. And again, the biggest challenge is to understand the scope of this problem. Because a lot of people just think, OK, quantum encryption means I have to think about data I have encrypted. And encrypted data I just have in one data center. Why should I care? We'll deal with it later. But in fact, data is now getting encrypted everywhere. And that's the whole point of modern digital business, it has to be encrypted because otherwise you can no longer prove that this money belongs to you or this cryptocurrency transaction worked a new favor or something like that or even that it was you as an identity on the other end of the transaction. The actual encrypted data is ironically not very much affected by the quantum computing because the standard symmetric encryption like AES, there is no quantum algorithm to crack it. It's all about asymmetric encryption, which again is the foundation of our intrinsic encryption. So HTTPS or TLS as it's called, encryption on the network level is all about it. Everything revolving around digital certificates is asymmetric encryption or smart cards, all those digital certificates you get for your email encryption, for example, for digital signatures. That paper you signed online, like your next contract, it's all about asymmetric encryption again. Even, again, kind of ironically, if you have a really old website, which still uses passwords, but you were smart enough 10 years ago and you are not storing your passwords unencrypted, you are actually hashing them. Those supposedly safe hash functions are also affected by quantum computing. Even though they cannot be cracked immediately, the time needed to basically brute force them will be dramatically reduced. So you have to expand the scope of your... understanding that kind of crypto-agility is not just about encrypted hard drives or some files in your emails and stuff like that. It's everywhere. And you have to start cataloging all those systems and understanding how quickly they can be updated. Again, if it's about encryption, you have to obviously re-encrypt the data, which on its own is probably a long process and resource intensive process, so you have to plan for downtime for your systems maybe. Some applications or services or hardware devices just cannot be upgraded anymore because they are legacy stuff. So you have to think about ripping them off and replacing with something else, or maybe designing some virtual controls around them. So instead of replacing the encryption, maybe you have to build a firewall around it or some zero trust access solution or something else. It's a lot of planning, a lot of compromising, if you will, and a lot of things you have to implement in a hybrid manner because you cannot just rip and replace everything at one step. You have to really carefully plan and design a long-term strategy. And this is why you have to start today and not the day before the cryptocalypse.
Right. And we are used to really also throwing away devices which are no longer up to the challenge. If we think back to Wi-Fi encryption, WPA, in first incarnations, there were lots of devices that had just to be thrown away because they were not capable of dealing with modern encryption mechanisms and they just needed to go away. And I think that will happen in all everything that you've mentioned as well. So additional mitigating measures to, yeah, to mitigate the risks that are arising, that will be an option as well. You said we should start today looking at the state of the nation, how these efforts, these projects are improving and moving on. This is something that we will do at EIC in May in Berlin at our conference. And of course, this post quantum authentication will be a topic to look at at such an event. On the one hand, talking to vendors, talking to the standardizers, and also talking to yeah, practitioners who are already doing that. Waiting for things to happen is the worst thing. So EIC will be the place to exchange around that, right?
Mm-hmm. Absolutely. And again, kind of the greatest part of EIC is that it's kind of, it's a melting pot, if you will, of different people from different backgrounds. Some of them are like us, analysts. I would say our primary job in this issue is basically working around poking people with sticks and asking hard questions. But of course, also has to be, people who can actually answer those questions. And we have a lot of those thought leaders, if you will, experts and practitioners as well. And it's always great when those people get together and can just communicate and collaborate and maybe even decide to form a working group and create a new standard that happened before and will probably happen again, which is awesome. And this is exactly why people come to our conference every year.
Exactly. And I enjoyed also to talk to you, especially in such podcast episode. I have one question that has not been planned, it has not been discussed, but we've talked about homomorphic encryption as part of decrypting and encrypting data during its use. Will that be affected by cryptocalypse or is this more symmetric?
Well, I believe, and don't quote me on anything, that it should not be affected that much because, it's not about that very specific mathematical problem which the current generation, asymmetric encryption is based upon. But it's actually great that you brought up this problem. The biggest challenge of homomorphic encryption nowadays is that there is a lot of vendors offering you solutions, but they're all homebrew. There have not been enough standardization effort in this area so far. So there is no NIST for homomorphic encryption or something like that. It's probably going to happen sooner or later. But right now, it's well, they always say kind of avoid proprietary encryption. Well, this is one of those areas where you have no escape from that. If you want to try, if you want to develop in homomorphic encryption now, you have to adopt some kind of a proprietary method. But I don't think it will be much of a risk from the quantum computers. So far nobody is talking about that. But then again, the beauty of this whole notion of Crypto-agility that it's not linked to a specific technology or standard. It's basically a feeling, if you will, a life philosophy. You have to make sure that you are agile everywhere, including those parts where normally people are not thinking about. If you can basically change something, like a large part of your infrastructure radically because of something just changed overnight, great, you will survive another apocalyptic event. If you are unable to do that, you do not need a cryptocalypse. You do not need quantum computers. Your business may fail just because of an outdated hashing function or an implementation error like that. Heartbleed probably had a decade ago.
Right, just because of quantum computing, all the other issues that we have around updating, maintaining and making the system safe in general and doing it properly, this does not go away. So we need to do that as well. But we will talk about quantum or post quantum encryption and post quantum authentication mechanisms, how to apply our crypto-agility to authentication processes, especially strong ones and the nice ones, the user friendly ones at EIC. Thank you very much Alexei for talking about this. This is really interesting, a bit scary, but I think there are ways out of this if we start right now and we can talk about that in Berlin. Thank you very much Alexei.
Thank you and remember, if you are prepared, you don't have to be scared. You know what's coming and again, be ready.
So true. Thanks and talk to you soon again.
Thank you.
Thank you. Bye.
