Large US banks up security to get ahead of the quantum threat

Large US banks are racing to get ahead of quantum computing powered encryption breakers, by showing interest and investing early in quantum key distribution (QKD), the only known prevention mechanism “This is like the space or arms race and it’s the sort of race the US can’t afford to come second in,” says John Prisco, …

by | May 9, 2019 | bobsguide

Large US banks are racing to get ahead of quantum computing powered encryption breakers, by showing interest and investing early in quantum key distribution (QKD), the only known prevention mechanism

“This is like the space or arms race and it’s the sort of race the US can’t afford to come second in,” says John Prisco, CEO of Quantum Xchange, the quantum security firm, describing the real threat the move to quantum computing will have on global cybersecurity.

“We have several large financial institutions now that are piloting this product,” says Prisco, declining to name which banks they were working with, only that they had received interest from the “JPMorgans, the Citibanks, the Morgan Stanleys, the Goldman Sachs types of companies”.

“By the end of September, we should have many of these pilots converted into customers. I think that’s very likely and a reasonable timeframe – we may do it sooner,” says Prisco.

The momentum Prisco suggests comes from the fact that it is a “hollow debate” around how long quantum computing will take to break current encryption: “What’s happening today is that data is stolen with the current classical key – harvesting attacks. Nefarious actors are storing data along with the key because they’re going to have a computer that can crack it,” says Prisco.

According to Olivier Pfeiffer, head of finance and critical infrastructure markets at Swiss cryptographers, ID Quantique, QKD exploits a fundamental principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.

“An eavesdropper intercepting keys transmitted on the QKD channel [the network between sender and receiver] will necessarily translate into a perturbation that can be detected by the sender and recipient.

“By using QKD to distribute keys and use them with symmetrical encryption, such as the widely used AES 256 type, it is impossible to decrypt the data now and after the arrival of the quantum computer,” said Pfeiffer by email.

Banks are waking up

And new research from analyst Inside Quantum Technology suggests that firms are taking note, estimating that the QKD market will grow to $980m by 2024 compared to $85m in 2019.

Likewise, the Chinese government has invested $10bn in a national quantum computing programme, while the US has enacted the quantum initiative act which has appropriate $1.2bn to protect critical infrastructure.

And while a quantum computer may not be developed in the short term, firms still run the risk of losing sensitive information even today, warn vendors.

“It’s hack now, decrypt later. Break into the CIA, take all their heavily encrypted data and wait for someone with a quantum computer,” says Lawrence Gasman, president of Inside Quantum Technology, explaining how financial institutions move critical and large data from headquarters to back-up or recovery facilities.

“Increasingly QKD is looking like a good option to protect that,” says Gasman. “It’s not just important, it’s not just protecting it from quantum computers, but being 100% certain that it’s as protected as it ever could be.”

To provide that ultimate layer of security to banks’ data in transit, Quantum Xchange has leased 850km of optical fibre from company Zayo to create a QKD network, according to Prisco.

“We’ve created a metropolitan area network in lower Manhattan and across the river to New Jersey, primarily to address the financial services market. A lot of back office operations for the top financial services have moved out of Manhattan over to New Jersey,” adding that, within a 25 mile radius, the NYSE, NASDAQ and the Chicago Board of Trade have operations.

“The banks are trying to use QKD as a differentiator against their brethren,” he says. “If they have a high net worth individual they’re selling it as the most secure way to protect your personally identifiable information.

“If it’s a hedge fund, it’s critical that they protect their algorithms, particularly if they’re transmitting or making adjustments to their software, they want to know they have the most secure link possible,” says Prisco.

While Prisco believes banks should invest in QKD early to avoid becoming susceptible to harvesting attacks, Pfeiffer believes the opportunity for QKD goes beyond.

“In particular, a central bank showed interest in linking their main national points of presence using QKD to ensure the confidentiality of their critical data,” said Pfeiffer. “By doing so, the data in transit links can be considered physically safe.

“New blockchain banking topologies, which are progressively adopted, show multiple vulnerabilities in their storage of private-public key pairs. We have started a new project, which includes QKD, for the storage of private keys in digital asset custody applications,” he said.

Categories:

Resources

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Other | Behavior detection & predictive analytics Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Gresham Technologies

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Philip Flood, Business Development Director, Regulatory and STP Services, recently joined the ‘7 questions with…’ podcast with Gert Raeves of… Continue Reading

View resource
Real-time payments tech put pressure on banks

Best Practice | Behavior detection & predictive analytics Real-time payments tech put pressure on banks

Intix

Real-time payments tech put pressure on banks

The transformation to real-time has seen the market modernise, but there is a further need for banks to have the… Continue Reading

View resource
TransferGo Case Study - payments industry

Case Study | Behavior detection & predictive analytics TransferGo Case Study - payments industry

ReconArt

TransferGo Case Study - payments industry

Bank statement and Account Payables reconciliation. Seamless integration with NetSuite. TransferGo outlined two major product requirements. First – full… Continue Reading

View resource

New GFT podcast on AI

In the latest episode of our new podcast series on AI entitled ‘Artificial Intelligence, Intelligently Applied’, our host Simon Thompson… Continue Reading

View resource