By Sunil Gupta
In 2011, Israel created a brilliant technology, the Iron Dome, to defend itself from the short-range rocket attacks. This tech allowed Israel to detect and prevent enemy attacks, which in turn protects the population and critical assets. The Iron Dome can detect, analyse and thwart a range of incoming threats. The Iron Dome has three central components that contribute to its huge success in managing threats at an efficacy of 90 per cent:
Detection Component: Detects the threats and evaluates the nature of threats in real time
Management & Control Component: Helps manage the different aspects of battle and control mechanism
Action Component: The unit which takes action to neutralise the threat in real time to ensure that there is no damage
In 2013, NSA contractor Edward J. Snowden of the US made startling revelations that shook the world. He revealed the extent of the surveillance activities being undertaken by the British GCHQ and its US equivalent, the National Security Agency (NSA), which is largely gathering intelligence based on intercepted communications. Data or cyber war is the most consequential war being waged today. The term is applied to a cyber attack that has the backing of one nation with the intent of hurting another.
A full-blown cyber warfare could mean: the complete and prolonged shutdown of a power grid (something that has struck Ukraine twice, presumably at the hands of Russian cyber warriors); the wipe-out of data centres by malware that overheats circuits; the scrambling of bank records to cause financial panic (a 2013 attack froze three major South Korean banks); interference with the safe operations of dams and nuclear plants; blinding of radar and targeting systems of fighter jets or targeting critical infrastructure sectors, including energy, water and aviation.
In one of the recently reported “The intelligence coup of the century”, the spy agencies rigged the encrypting devices of a company so they could easily break the codes that countries used to send encrypted messages. Manipulating the randomness of the encryption key material where a system could be made to appear it was producing endless streams of randomly generated characters, while in reality it would repeat itself at short enough intervals, is one of the most sought-after backdoors in encryption products.
In 2013, one of the top spy agencies asked encryption company RSA to incorporate the weaker algorithm into an encryption product so that the encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to. The program had a random number generator, but there were a number of fixed, constant numbers built into the algorithm that can function as a kind of skeleton key. Anyone who knows the right numbers can decipher the resulting cryptotext.
Fast-forward to 2021. Now we have supercomputers such as Fugaku that has demonstrated a sustained performance level of 442,010 teraflops per second indicating the physical barriers of Moore’s Law appear to have been reached; Google has achieved and demonstrated quantum supremacy and IBM promises a 1000-qubit quantum computer – a world changing milestone – by 2023.
Cyber security experts are increasingly concerned about nation-state sponsored cyber attacks, according to the 2020 CrowdStrike Global Security Attitude Survey, produced by independent research firm Vanson Bourne. Cyber security researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. Also the pervasive weakness of randomness in encryption keys and digital certificates used in computational cryptography is a matter of great concern. The effect would be to render communications as insecure as if they weren’t encoded at all. Experts believe that with the astounding progress in building quantum computers in the past 2-3 years, the cryptography underpinning modern internet communications and e-commerce would succumb to a quantum attack in the near future.
India has seen increasing number of attacks on its critical infrastructure in the last few years and some of these attacks are suspected to be state sponsored to steal IPs of Indian companies or to create disruption in some of the mission critical services. Considering the growing military tension and recent stand-off with one of the neighbours, India needs to be aware, cautious and proactive against the cyber warfare that could be unleashed by its better equipped adversary.
In light of the above highlighted threats to the country’s security, time has come for India to seriously and urgently embrace an indigenous technology that meets the following criteria:
- Protects its ICT infrastructure
- Full control and ownership of hardware and software involved in it so that no manipulation of algorithms and program can be done by an outside party
- Future secure – unhackable by upcoming scalable quantum computers
- All the components and assemblies used in the product are from known and white-listed vendors
- Manufacturing of the hardware is completely done in India
QNu Labs, a home-grown R&D company has developed fully indigenised quantum safe security products that meet the above mentioned criteria. It has spent over Rs 30 crores in last four years to not only develop India’s first commercially ready and deployed quantum safe security products and solutions, but has also built an ecosystem consisting of academia partners, technology partners, professional services partners, vendors and suppliers to develop fully indigenised products from concept to manufacturing.
A decade ago, Israel built an Iron Dome to protect itself from short-range rockets from classical warfare. But in the current time when cyber warfare is more relevant, India should build a Quantum Dome to protect its national security and critical infrastructure from any potential quantum computer attacks.
QNu Labs offers India a fully indigenised dome leveraging its two fully indigenised products – Quantum Random Number Generator (Tropos) and Quantum Key Distribution (Armos) – that meet the following criteria expected from such a defensive technology:
Detection Component: Detects the eavesdropping threats and evaluates the nature of threat in real time
Management & Control Component: Carries out the critical key management, synchronisation and auto-tuning functions
Action Component: Takes action to neutralise the threat in real time by stopping the key generation process to ensure that keys do not get in to the hands of an adversary
Tropos and Armos have already been tested, field trialed and under procurement and deployment by different defense entities. Armos is also integrated with BEL equipment for automated real time transfer of encryption keys.
–The writer is chief executive officer of QNu Labs