apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes by Xenia Bogomolec, Quant-X Security & Coding GmbH
0 likes777 views
The document discusses the integration of quantum technologies into classical infrastructures and emphasizes the threats posed by evolving quantum computing capabilities, which could decrypt existing cryptographic methods. It highlights the need for post-quantum cryptography and homomorphic encryption as countermeasures and recommends conducting information risk assessments to prioritize protection needs of systems. Additionally, it promotes awareness of upcoming threats and the necessity for swift cryptographic updates.
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes by Xenia Bogomolec, Quant-X Security & Coding GmbH
- 1. https:/ /quant-x-sec.com/ | xb@quant-x-sec.com API Protection on Highly Volatile Threat Landscapes
- 3. 10/28/21 xb@quant-x-sec.com 3 Industrial/Scientific Activities Integration of quantum technologies to classical infrastructures Investigation of open questions in Post-Quantum Security, see https://github.com/Quant-X-Security-Coding-GmbH/QAA_Condition_Number Quantum feasibility studies of algorithmic problems
- 4. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here
- 5. 10/28/21 xb@quant-x-sec.com 4 The Unique Meaning of Cryptography in Information Security . company a company b Infrastructure & Computing ● SIEM ● IDS/IPS ● Endpoint Protection ● Malware Protection ● Access Controls ● etc. Communication ● Cryptography
- 6. 10/28/21 xb@quant-x-sec.com 5 Preserving Privacy in the Face of High Performance Attack Vectors Mathematics Computer Science Implementation System Integration Application Integration Network Administration Management Users THREATS Increasing Performance of Binary Technologies New Mathematical Solutions Quantum Computing Cryptography Stack
- 7. 10/28/21 xb@quant-x-sec.com 6 Overview on High Performance Attack Vectors - Current Threats ● Password and Cryptography Cracking Tools (Hashcat and similar tools) ● Aggregated computing resources and parallelization of attack processes ● New mathematical solutions affecting parameters and configuration of classical crypto Countermeasures Regularly check RFCs and recommendations of official Data Protection and InfoSec institutes for 1) Choice of algorithms 2) Key length 3) Algorithm parameter configuration … and update your systems accordingly in alignment with depending parties.
- 8. 10/28/21 xb@quant-x-sec.com 7 Overview on High Performance Attack Vectors – Near Future Threats Evolving Quantum Computing Technologies will make it possible to decrypt data encrypted by 1) Diffie-Hellmann 2) RSA 3) Elliptic Curves Timeline: IBM guesses by 2023 Countermeasures 1) New post-quantum crypto algorithms (NIST standardization round 3: https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions) 2) Homomorphic Encryption (not based on 1) -3) in Threats :-) 3) Quantum Communication (new quantum hardware, expensive)
- 9. 10/28/21 xb@quant-x-sec.com 8 Identify Assets of High Privacy Criticality by Information Risk Assessment Your Business Processes and the respective IT-systems are your Assets! 1) Perform a CIA-Rating on your systems connected to the APIs. This will indicate the protection need of the APIs. The best candidates for post-quantum cryptography are the ones which process data which needs to remain confidential for many years in the future. The best candidates for a near time transition to homomorphic encryption are the ones with ● High Confidentiality and Integrity Classification ● Low Availability Rating 2) Perform an Information Risk Assessment to consider threats vs. the systems protection need. This will help you to determine which new cryptography you might want to apply to which system. (Guide for conduction IRAs: https://www.nist.gov/publications/guide-conducting-risk-assessments)
- 10. 10/28/21 xb@quant-x-sec.com 9 X. Bogomolec | Quant-X Security & Coding GmbH | xb@quant-x-sec.com Conclusion Stay aware about upcoming threats and solutions. ...and Introduce swift crypto patch processes! Thank you!!! Find these slides on https:/ /quant-x-sec.com/published.htm (in the section Talks/Presentations at Conferences and Events)
- 11. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here