Much of our current IT infrastructure relies on DNS to safely route traffic. Securing that infrastructure is in turn heavily reliant on cryptography, but there's a threat looming on the horizon.
Quantum computing will offer a level of processing power that could render current cryptographic techniques obsolete, and that's a problem for the entire internet and networking world. We spoke to Peter Lowe, principal security researcher at DNSFilter, to discuss the possible impact of quantum computing on security and what can be done to address the threat.
BN: Why is cryptography so essential to DNS?
PL: Cryptography is the baseline Domain Name Security (DNS) servers use for verification as part of the DNS Security Extensions (DNSSEC). To achieve verification through the use of digital signatures or symmetric keys, DNS must confirm the site and data are who and what they claim to be -- and strong cryptography is the only way to ensure that we can trust the results.
BN: How does quantum computing put this at risk?
PL: Unlike a traditional computer which codes information in bits, a quantum computer codes information in quantum bits (qubits) which work in a different way. Qubits enable quantum computing to not only code information quicker, but store more information at once, threatening cybersecurity as we know it.
Quantum computing has the speed and power required to break cryptographic algorithms, enabling hackers access to data that was previously securely encrypted, and store and decrypt that data later on. It's relatively easy to access data 'on the wire' by performing a man-in-the-middle attack, but useless if the transmitted data is encrypted. Right now, the data would just look like a random sequence of bytes, and without the threat of quantum computing, it could stay that way for hundreds of years into the future. Quantum computing has the potential to enable hackers to decrypt this more easily, and the data may not stay secure for as long as originally intended.
On top of that, quantum computing poses challenges to key and signature size, which are much larger than current algorithms. Post-quantum cryptography uses larger key sizes than we're currently used to, which on its own is fine. But, due to limits in the protocol used by DNS servers, called Universal Datagram Protocol or UDP, packet sizes may become larger than what the server’s designed to handle. Not to mention, the bigger key sizes will require significantly increased computational resources on the servers themselves.
To protect against these threats to cryptography, the industry has started to look at rolling out post quantum algorithms. However, DNSSEC is particularly challenging to transition to post quantum algorithms because of the potential effects on infrastructure. Updating ciphers is a risky process, especially for those running root servers: if the passphrases used to generate the keys were compromised, it could be possible to fake any domain verification that took place. Every three months, a carefully choreographed Key Signing Ceremony takes place to generate the keys used at the top of the DNSSEC chain. This process would have to be thoroughly reviewed if any changes were to occur, meaning literally every validated DNS request on the internet -- trillions every day -- could be compromised.
BN: How can organizations start to plan for a post-quantum world?
PL: For organizations to prepare for a post quantum world, it is essential to shift our mindsets to let go of the idea that certain messages will remain private forever. We are regularly reassured that encryption protects our data from hackers, and while that is the case as it stands, it is important to keep in mind that encryption is going to break at some point. The biggest difference with quantum computing is that it could happen much faster than we imagined.
One example is messaging. There are many messaging systems that provide End-to-End Encryption (E2EE), used to safely exchange messages without worrying that, if the messages were intercepted, they could be read by hackers in the foreseeable future. Quantum computing accelerates this timeline by a magnitude. Therefore, storing the data may become a viable option for determined hackers.
High risk organizations, such as banks and governments, should start preparing to use post quantum algorithms as early as possible. While there is still plenty of time to do this, it will be a long process, so the earlier you get started, the better.
The first step is to prepare: identify where encryption is used within the entire organization, document the current procedures and algorithms used, and map out the retention requirements for each type of stored data. Additionally security professionals need to let go of rigid procedures: the more rigid the procedure, the harder it will be to update later on. To prevent these challenges down the road, security teams must ensure that any current practices are as flexible as possible.
For stored data, the safest option is always to simply delete it. For data that needs to be kept forever, there should be preparations to re-encrypt it when updated standards are ready. For software and hardware using encryption in another way, check whether the provider has any plans for upgrading its algorithms and investigate alternatives.
Staying informed on the latest developments in quantum computing will be another major factor in planning for a post-quantum world, whether that is through reading industry newsletters or paying close attention to standard updates made by the US Department of Commerce's National Institute of Standards and Technology (NIST).
BN: Are there post-quantum solutions available or already in the pipeline?
PL: In July of 2022, NIST selected four encryption algorithms to be added to NIST's post-quantum cryptographic standard, expected to roll out in about two years. There are also plans to announce another round of algorithms soon.
The challenges in the DNS world are largely operational rather than algorithmic: hardware will need to adapt to account for the increased computational requirements, and protocols will need to be adjusted or introduced without the current limits hampering those in use today.
One option on the table is to use hash-based signatures, which stand up quite well against post-quantum cryptography and have a lower overhead when they need to be changed. But, even a lower overhead is still significant.
Currently, there is no complete solution out there to solve this. However, industry discussions are occurring, and I'm excited to see what's in store.