With Gartner estimating that there will be 150 billion connected devices by 2030 — many of them mission critical, such as powering major national infrastructure — the risk and realisation that these devices aren’t secured properly is leading some cyber security experts to predict that there is a large-scale disaster waiting to happen. And the problem is only getting worse. By some estimates, on average there are 127 new devices connected to the internet every second.
Enter: Crypto Quantique, a startup out of company builder Entrepreneur First that has been patiently toiling away for the last couple of years trying to solve the IoT security problem. Specifically, the company has developed what it claims is “the world’s first quantum driven secure chip (QDSC)” on silicon, which, when combined with cryptographic APIs, it says is capable of providing any connected device with a scalable and easy to implement “end-to-end” security solution.
Moreover, by employing advanced techniques in cryptography and quantum physics, its makers say the Crypto Quantique QDSC is unique to every device and entirely unclonable, which makes it almost impossible to hack. That’s quite a claim.
“There are security complexities in IoT, many stakeholders, including OEMs, manufacturers, integrators and designers are involved in developing and implementing the IoT,” Shahram Mossayebi, co-founder of Crypto Quantique, told me over email. “Each stakeholder is faced with different threat vectors and thus has different security requirements and produces devices based on very different architectures. Currently there is no clear approach to securing the IoT, which is also impacted by the lack of basic security tools that would allow stakeholders to build their own security solutions”.
To that end, he explained that security must start from the device, then travel through the network and finally reach the IoT device’s backend services. In other words, proper end-to-end security is required to protect IoT devices and infrastructure.
At the heart of this is “root of trust” — the ability for a device to authenticate itself and be a trusted member of a network — which, conversely, is also the weakest link. Data traveling throughout the network also needs strong encryption, of course. Finally, with IoT devices being in the billions, there’s an issue of cost: any secure solution can’t be prohibitively expensive to implement on a per device basis or be fragmented across multiple third-party providers.
“We have created a root-of-trust by harnessing quantum processes in semiconductors to generate unique, unclonable and tamper evident cryptographic keys,” says Mossayebi. “We call it quantum driven secure chip (QDSC) and it is the first ever of its kind in the world. Because of the uniqueness and way in which the keys are generated there is no requirement to store the keys on the device because the keys can be retrieved on demand. This eliminates secure storage requirements and leakage of sensitive information.
“In addition to building the QDSC, we also provide the cryptographic APIs and manage the end to end security to remove the multiple parties involved in the security chain and provide an all-in-one solution. This means there are no ‘open windows’ in connectivity when it comes to security. Once a QDSC is placed in a device it links directly to the owner system (i.e. public or private cloud) through CQ’s cryptographic APIs, where it is managed automatically and remotely while the device is in the field. This is the most advanced security product for the IoT, enabling new industrial revolutions such as Industry 4.0”.
As I said, big (and very interesting) claims, indeed.
On that note, Mossayebi says Crypto Quantique is aimed at any connected device that needs to stay secure, from traffic lights to a SCADA machine used in critical infrastructure. “Currently, we are working with leaders in different fields such as defence, aerospace, energy, industrial IoT manufacturers and enterprise hardware appliance manufacturers. The applications vary from securing satellites and drones to securing energy grids, sensors in critical infrastructure and data centres,” he says.