Stormshield announces the success of a first proof of concept incorporating encryption algorithms with resistance to quantum cyberattacks in hybrid mode in its Stormshield Network Security firewalls.
Post-quantum encryption: navigating a complex potential environment of the future
While quantum computing will enable numerous technological advances, it also poses a serious threat to information security as, ultimately, this revolution will provide the means of “breaking” existing cryptographic systems. And although such quantum computers may not yet exist, the threat is still a real one today. It covers retroactive cyberattacks described as “store now, decrypt later” attacks: this involves saving a very large volume of encrypted data and communications today, in order to decrypt them after the fact, once the necessary quantum technology has become available.
Post-quantum technologies are designed to be resistant to quantum attacks. Stormshield’s approach in this area is in line with the recommendations of France’s ANSSI cybersecurity agency, published in a notice dated April 2022, which recommended a gradual move towards post-quantum algorithms in anticipation of their full maturity. This hybrid mechanism has the advantage of combining “calculations for a recognised pre-quantum public key algorithm and an additional post-quantum algorithm” and of “taking advantage of the strong ability of the former to resist traditional attackers, and the conjectured ability of the latter to resist quantum attackers”.
“This PoC is an important step for Stormshield in understanding the quantum threat, explains Stormshield CEO Pierre-Yves Hentzen. As they seek to respond to this post-quantum challenge, our teams are now focusing on the information encryption component, which is vitally important from the point of view of the network security of the present and the future.”
A PoC and a first step towards the widespread implementation of post-quantum cryptography
Stormshield has successfully stepped up to this technical challenge by leveraging the knowledge and maturity it has acquired in this area.
The Stormshield team was able to incorporate an initial post-quantum encryption block, in hybrid mode, into the IPsec component of SNS firewall solutions by experimenting with current versions of the CRYSTALS-Kyber and FrodoKEM algorithms.
The objective of this PoC was to measure the impacts of hybrid mode with the two algorithms under conditions designed to simulate production flows. Firstly, the Stormshield team was able to observe the consequences of longer and more sizeable exchanges (larger key sizes and data transfer volumes), impacts on performance, and latency on the creation of a tunnel. Secondly, they were able to confirm the various migration scenarios: transition period, gradual migration, and cohabiting hybrid PQ-Safe and legacy solutions. They also carried out initial migration experiments towards a full PQ-Safe environment, which will require a forward-looking, multi-year effort.
Building on this first success in the ecosystem, Stormshield continues to monitor the rise in maturity of algorithms and protocols via its monitoring and intelligence unit.
On the technical front, the teams in charge of the post-quantum project will launch interoperability tests with other network components. And with regard to the regulatory aspect, they will also study the impact of these new algorithms on existing standards.
