Harnessing AI and Post-Quantum Cryptography for Cybersecurity in the Quantum Era

I'd like to welcome you to day two of Besides Las Vegas. Uh how's everyone doing? >> All right, some coffee. Um [laughter] uh well, welcome to the first talk of day two on in the proving grounds track. Uh this talk is harnessing AI and postquantum cryptography for cyber security in the quantum era. It'll be presented by Anushka. Uh before we start, few quick announcements. We'd like to thank our sponsors, especially our diamond sponsors, Adobe and Aikido, and our gold sponsors, Formal and Drop Drop Zone AI. It's their support along with other sponsors, donors, and volunteers that make this event possible. Uh also, this talk is being recorded. So, as a reminder, uh to those in the audience, please put your phone

on silent so as not to disturb the presentation. Um, if there is time at the end for questions, uh, wave me down. I'll be running around with a microphone just so that folks on the recording can hear. And with that, I will hand it over to Anushia. >> Perfect. Thank you. Um, can everyone hear me also in the back? Cool. Okay. Um, so yeah, today we're going to be talking about harnessing AI and postquantum crypto for cyber security in the quantum era. So before we get started, a little bit of a who am I. I'm a product manager at Microsoft. Um I've been there for about a year now. Um I focus on encryption for Keraros as well

as Azure Kubernetes service and overall um I'm passionate about security as well as cryptography and like engaging with the security community and that's kind of what brings me here today. All right, let's start with a little bit of a case study. This starts with a broad statement here. Your data has been compromised. So let's say if you have a advanced persistent threat like AP45 who's been backed by the North Korean government. So who's kind of heard of them already? Just a show of hands. Okay, a lot of you. And who can kind of tell me which industries they usually target? There's a little bit of a giveaway on the slide. So they target um defense aerospace nuclear and

engineering organizations across US and other countries. So, they're usually focused on creating um disruptive cyber attacks, but now they've evolved to creating specialized cyber espionage attacks. So, we we know that they're um doing lots of bad things, but what if I told you they could just steal your secrets simply by excfiltrating your web traffic? So, data leaks are happening every day, and the most dangerous part is that they're happening silently. So, we don't know which data is being stolen until it's much later and um too late. And on Qday, all of this data can be decrypted much faster. So what is Qday? Qday is a theoretical point in time when we anticipate that quantum computers

will become strong enough to break traditional encryption. So this is anticipated to be in the year 2030. It could be sooner than that. It could be later than that. But this is just based on the research that we know. And at that point, any data that has been stolen can be decrypted um in just a matter of weeks. Now before I get started, I do want to start with absolute basics. I'm sure all of you guys know all this already, but just so that we're on the same page. Um, our modern cryptographic systems are based on difficult mathematical problems. That includes things like factoring large prime numbers and solving discrete logarithms. So um I'll start with super

basics. There are symmetric crypto and asymmetric crypto. Show of hands if you guys know um all about this. Everybody. Cool. Okay. Um, so you guys are all experts. I'm just going to go through it really quickly. So symmetric crypto uses the same keys for encryption and decryption. And a common example is AES. Asymmetric crypto uses um or public key cryptography uses public key for encryption. Private key for decryption. And um 99% of the time this is how you're sharing your symmetric keys, right? And good common examples of that are RSA and ECC. Now that we've kind of established the basics, let's get right into it. So um with quantum computing, quantum computers are able to solve um

problems about 100 million times faster than classical computers. Um and the reason that they're they're able to do this is because they represent a paradigm shift. So with classical computing, you have your um binary bits, right? So your zeros and ones. But with classical computing, you have cubits that leverage quantum mechanical properties such as superposition and entanglement. So with superposition that's the ability of a cubit to be in multiple states at the same time. So simple example can be a coin. Um with binary uh bits you have like your heads or tails or zeros or ones. But with um cubits it's kind of like flipping that coin and it can be heads or tails simultaneously or zeros or ones

simultaneously. The other quantum mechanical property that's relevant is entanglement. So this is the ability for cubits to be uh multiple cubits to be correlated even over long distances. And these two properties allow quantum computers to explore multiple possibilities for complex mathematical problems at the same time um and solve those problems much quickly. Something that um classical computers just cannot do right now. So let's kind of look at um what the graph here looks like. So when we think about um quantum computing uh as you can see when the problem size increases the time taken for classical computing increases in an exponential manner whereas time taken for quantum computing increases in a linear manner and yes

there is a little bit of an overhead but um overall the trend is linear. As the number of problems increases um the distance between the two the gap between the two also increases quite a bit. So what does that mean? That means that problems that we thought were unsolvable um or would take billions of years with classical computing are going to take um a matter of weeks with quantum computing. So this is why it's really serious with uh the kind of speed up that quantum computing is giving us. Now let's kind of talk about what are the algorithms that allow quantum computing to get this sort of linear speed up. Um just a show of hands if you guys have

heard of Shor's algorithm and Grover's algorithm already. Okay, so some of you so Shor's algorithm represents a breakthrough uh which allows us to factor um large prime numbers as well as discrete logarithms exponentially faster. And why does this matter? Right? This matters because algorithms like RSA and ECC are based on those same principles. Kind of going back to the same the first slide that I presented. And um if you have a quantum computer running shores algorithm is going to factor these numbers exponentially faster. And this matters because um RSA and ECC are the algorithms used in all of our secure web connections today. So this is a big deal. Now, with Grover's algorithm, it offers a quadratic speed

up for our unstructured search problems. So, when I think about unstructured search problems, what does that remind you of? You have a problem and you're going at it with every possible solution. What does that kind of sound like? Brute force. I heard brers. Okay, great. So, yeah, it speeds up brute force attacks, right? Um, so Grover's algorithm is not going to explicitly go and break encryption, things like symmetric encryption, but it's going to speed up those brute force attacks. Let's walk through an example. If you have something like AES 128, that's going to take about 2 to the 128 attempts to break with classical computing. But with quantum computing, it takes about 2 to the 64 um amount of

calculations. So it's effectively halfing the security. Having said that, if you do use um things that have uh larger bit sizes such as AES 256, then that's still considered postquantum um safe. Now that I've said all this, you might be wondering, is classical encryption broken today? And the answer is no. Quantum computers are still in their early stages and they don't have enough stable cubits. So the um brute forcing example that I talked about, that would require thousands of stable cubits and we don't have that yet. There's also noise and decoherence. Um, so for that error correction to happen, you would still require stable cubits, which we don't have. But the threat is real and it's growing. So you might be

wondering, what are adversaries doing today? Adversaries are engaged in something called harvest now decrypt later attacks. So what that means is you're stealing um encrypted data with the hope that you will be able to decrypt it in the future once quantum computers become powerful enough. Now you guys um all know storing data is not um is not free. You know you pay lots of dollars on your iCloud store just to store images. So storing data like this is obviously expensive. So adversaries are not just kind of stealing all data out there. They're being really strategic about this. They're stealing data that has longevity. So they're looking at intellectual property, government secrets, healthcare data, data that's going to be relevant about 5

to 10 years from now. Um so with that and given the long lead times to make changes to the cryptographic algorithms it's absolutely essential that we kind of act today and the first step of um kind of acting today is being able to detect some of the harvest now decrypt later attacks. So um harvest now decrypt later attacks can broadly be classified into things like data excfiltration attacks as well as network intrusion attacks. So this uh threat landscape has both outsider threats and insider threats. Each has its own unique risks to the organization. But I'll be talking about outsider threats today. So there's traditional uh defense mechanisms that I've put on the slide. Things like

network monitoring, IDS, IPS, DLP as well as next generation firewalls. So these are all really good and they're effective against known threats and they can have behavioral baselines and they can go and detect anomalies. However, um where they fall short is against zeroday attacks or stealthy adversaries. And this is where AI can really enhance the detection capabilities. And there's three ways it can do so. The first is behavior analytics. So, it can look at user and device behavior and look at subtle deviations within that and flag compromised accounts or uh lateral movements. The second is by having dynamic um policy adjustments or autotuning your firewall rules based on the real-time thread detection that it's doing. The third is having predictive

threat modeling. So it has access to um historical data within your own system as well as global data by web scraping. What are those zeroday attacks that are happening in the wild? Based on that um it can anticipate what type of attacks um can be coming up in your own environment. So this AI capability combined with um your traditional detection mechanisms can give you a more granular and proactive approach to detecting and mitigating against um data exfiltration as well as postquantum crypto attacks that are coming up. Now that I've talked about AI quite a bit, I want to walk you through um a little bit of a research that I have been doing. So I used a KDD uh network

intrusion data set. Um so this included about 18 different features and it had information about um things like port scanning uh network exfiltration if there is a uh use of admin or super user or if there is remote access um from a different laptop um all of these attacks combined um I had three different a IML models so I had isolation forest autoenccoders and variational autoenccoders and among them autoenccoders performed the best for um accuracy precision and recall so I'll take Take a moment here to just go through those results here. Um, having a high precision and high recall in my opinion is really essential. Having high precision will make sure that you don't have too many false alarms. Our cyber

security resources are precious. So, you want to make sure that you're putting it to good use. Um, and high recall will ensure that you're not actually missing any sort of attacks that might be happening. So, um, those are really important and something that you must consider. Um let me kind of go through a little bit about each of these models. Um so isolation forests kind of work by randomly splitting out features and then isolating anomalies. So this was really good for detecting simple outliers. For example, when there was an increase in outbound traffic, uh that's an obvious indication of data exfiltration, right? When um and the next model that I had was autoenccoders. So this is more

neural networks where it was used to um look at the normal data flow and then reconstruct it and when there was a high reconstruction error then that that basically was an indication of an anomaly. So to make sure that I set the biases right I had to do benchmarking and normalizing the data. Um but this was good for detecting things like um subtle deviations in user behavior. So there was um data from a bank that I also used and that could say okay this is not uh indicative of a specific user's behavior. So that was good for things like that. Next was variational um autoenccoders. So this goes a step further and it models um whatever uh

autoenccoders does with a probabilistic latent space. So this is good at detecting subtle deviations and long-term deviations. So if you have a advanced persistent threat in your environment for example um then this will be uh beneficial to help you out with um in addition to your traditional detection capabilities. Now the data set that I used isn't very complex. It was 18 features. So overall the models performed really well. Um but one key takeaway that I want to leave you with with this experiment is that AI can greatly help you with passive exfiltration detection. So this is when data is leaked slowly and quietly and this is going to go unnoticed by your traditional detection mechanisms.

However, if you have a AI model um that's trained on high recall, like I mentioned uh earlier, recall is really important. High recall anomaly detection, then that's going to be a more accurate indicator of um subtle activities happening like silent data harvesting. All right, now that I've talked about AI so much, I want to bring this a little bit close to home. Um there's four different industries on this um slide here. Finance, healthcare, government um and technology and cloud. Just a show of hands if you guys work in this industry or have customers in these industries. Okay, that's a lot of us, right? So this is going to impact all of us. Um and quantum computing poses a significant

threat for all of these industries. In finance, it's going to invalidate digital signatures and enable fraud. So this is potentially going to increase global losses by about 20 to 30%. In healthcare, patient data could be exposed. So that's going to be in violation of HIPPA and GDPR. And those attacks are anticipated to go up by about 50%. And for governments, your secrets and uh kind of classified communication could be retroactively exposed. So that's pretty dangerous as well. And uh for technology and cloud protocols like TLS and SSH as well as VPNs, they could be compromised and um this could basically threaten our platform integrity and customer data. So this isn't just a theoretical risk. It's real. It's growing and trans

transitioning to postquantum crypto isn't optional. It's absolutely essential for oper operational resilience. So [snorts] with that, you're probably wondering how to prevent against uh postquantum crypto. So there's a couple different steps. The first step is being able to define um the scope of existing uh crypto inventory. So you want to understand which systems and data types are in scope. And then you want to understand the cryptographic assets in use. So um algor do you have algorithms like RSA, ECC, SHA, things like that. Uh what are the key sizes used? How often are the keys rotated? And this is again a use case for machine learning where it can go through your databases um and network

traffic to tell you if you are using any sort of vulnerable algorithms. Next, you want to document and assess your crypto usage. So you want to understand where each of these um algorithms are used. Are they in TLS? Are they in VPNs? Are they in Keraros? Um you also want to understand the lifetime of the data that's being protected. It's important to have short um data retention as well as um kind of uh segregation of the data, data segmentation. Third, you want to understand the risk of exposure. If you have um data that's going to be longived, for example, government secrets or healthcare data, then that explicitly needs to be protected and um you need to make sure

that there's good protection mechanisms around it. Next step is really important, which is um enabling crypto agility. So what is crypto agility? Have you guys heard of that term before? Just a show of hands. Okay, a few of us. So crypto agility is the principle of designing our systems um such that you're easily able to um swap cryptographic algorithms. So how do you do that? You want to be using modular crypto libraries and you want to make it so that your future updates can be done without fully re-engineering your stack. And this is critical for postquantum crypto because these algorithms are still evolving which brings me to my next step. You want to integrate um postquantum algorithms. So

there's three that have been standardized by NIST already. The first one is MLDDSA which is used for key exchange. The second one is um sorry MLEM which is used for key exchange and then second one is MLDDSA which is used for certificate hardening. Third one is SLHDSA which is used for hashbased signature hardening. So all three of these are postquantum crypto algorithms that you might want to consider. In addition to that, you also want to be aware of um integrating hybrid crypto. So what does that mean? It means combining your traditional encryption with your quantum encryption. So it uh it it's a matter of ordering. So quantum uh encryption can be applied first and then uh classical encryption or other

way around. The reason to do this is to be able to give you interoperability during the transition period. And lastly, you just want to be aware of any sort of government guidance that's out there. There's already documents that have been uh published by CNSA and NIST. So, make sure you're in compliance with those. All right. I want to make one quick point um to emphasize here. Um postquantum crypto changes are not a one-time event. You're going to have to keep making these changes. And the reason for this is because um these algorithms are less studied and less attacked which means there will 100% be changes in the future. So things that we um think are safe right now may not be

safe later. That's because we just don't know the potential of um what quantum computers can break. Um so what do what do you need to do now? You need to adopt crypto agility so that you're able to make these updates without breaking any sort of legacy systems and requiring full stack rewrites. All right, now that I've talked about postquantum algorithms so much, I'm sure you want to know a little bit more about them. So, I'll do a bit of an overview. So, MLM, you can kind of think about this as a highsecurity digital lock box in the quantum era. So, if you want to send a um secret, instead of kind of handing over the key to the recipient,

you're creating a lock box that only the intended recipient can open. Even um if someone tries to kind of intercept the data, they won't be able to. Um from a technical standpoint this is based on the difficulty of solving module lattice with errors and um in this case you kind of want to think about it as okay so if you want to send this to a recipient you want to encapsulate the data using their public key. So that's kind of like locking the lock box and then um you want to and the sender the receiver can decapsulate the um secret or unlock the lock box using their uh private key. So this is fast, it's efficient, and it's

considered safe even in the quantum era. The next algorithm that I'm going to be talking about is MLDDSA. So this is used for signature hardening. You can think about this as a quantum era wax seal, which is um intended to provide authenticity even um in an era where our traditional wax seals like RSA and ECC um ECC are not able to. From a technical standpoint, they're also based on the hardness of module learning with errors. And so if you want to use MLDDSA, you're pretty much going to create a mathematical proof um that is tied to the private key as well as the message content and um anybody with your public key can then go and verify the secret um

and make sure that the message hasn't been tampered with and it's actually coming from the claim sender. So you can kind of think about this as a stamp in the quantum era that can't be forged. All right. So, I'm coming back to the first um kind of use case or scenario that I walked through. Um with this uh all you you can kind of see like everything is kind of the same but the last box has changed with by using the kind of steps that I described in my presentation um as well as PQC and crypto agility. Your data will be safe in the postquantum era. Now before I end the presentation um I want to leave you

with some key takeaways. Um as as we saw in the presentation, this postquantum thread is real and it impacts a lot of different industries. So early planning is absolutely essential to make sure that we are um planning for cyber um post postquantum crypto and transitioning to quantum safe algorithms um today will make sure that you are postquantum compliant and uh quantum safe in the future. Thank you. [applause]

Hello. Um, so, uh, let's assume that, you know, of course, the harvest not decrypt later has been going on for a bit, but it's still happening. Is there any uh movement within large organizations, finance, defense, so on and so forth to go back and retroactively uh u reenrypt a lot of these uh sensitive databases using postquantum encryption. >> So it's dependent on the organization themselves. The way um I I'll kind of speak about what I kind of know based on the work that we're doing um I guess at the company that I work at or just the general research. Of course, this is not representative of Microsoft's opinion, just my own. Um, so what we're trying to

do is make sure that the future systems are quantum safe. So for data that already um exists and might have vulnerable uh algorithms, it's recommended that you take those updates. Um let's say if you have a Windows server, make sure you update to the latest version that is postpquantum crypto compliant and store your essential data there. And that's part of the steps where you're kind of taking an inventory of what data is vulnerable and making sure it's safe. So those will be the steps. >> Thank you. >> Hi, I was wondering um as you mentioned NIST and FIPS um do you see a new FIPS 140- version coming up with the postquantum being certified now after

having been well in evaluation for a year and and all that. Um and um I mean what I can see from a project that I'm working on is that there's still in like standard libraries so much cryptography that is not fib certifiable still today um and not even speaking about like adding postquantum to those do you see that there's any movement like an open SSL or lips or the such or keraros? Uh yeah so algorithms like Keraros TLS they're already moving towards implementing postquantum crypto uh comp like implementing those and integrating postquantum crypto algorithms um based on the timelines that have been laid out by CNSA actually let me see if I can okay yeah based on

the timelines that have been laid out by CNSA um there's differences for every single kind of category here I'll talk about operating systems since the protocols that you asked about are specifically relevant there um what is required is we must offer um there must be an option to be postquantum compliant and then um by 2030 or 2033 is the deadline where you must absolutely only use postquantum crypto um algorithms and that's based on just CNSA and how you imple how each organization implements it is I guess dependent on them but that's the general guidance from CNSA and similar should follow from FIPS thank

Thank you. Great presentation. I was curious about your opinion uh of the risk to blockchain uh from quantum and uh you know any thoughts on that? >> Yeah, so for blockchain um wallets should absolutely be upgraded to be using those PQC algorithms. uh when we have nto node communication if that if that's using TLS TLS is going to be um updated very soon to be using PQC algorithms so um similarly that communication between each between those nodes um will also be using PQC so um blockchain will also have implications from PQC essentially is my overall opinion >> so yeah yeah so good in general but if you um I know there are old uh PQC or

sorry blockchain kind of data that's available out there. So you need to go and make sure that um that's encrypted with uh more latest PQC algorithms because people could go use shores algorithm and try to derive a private key based on the public key that is already there. So that's just a threat. The threat does exist to blockchain is essentially what I'm saying. >> All right, let's uh give Anushka one more round of applause.