quantum secure Internet: Progress for Virtual Private Networks

The Remote Maintenance Solution from genua Now Supports Authentication via Cloud Identity Providers Okta and Azure Active Directory

Kirchheim near Munich, February, 28 2023. After three years, the BMBF-funded research project "Quantum-Safe VPN Modules and Operation Modes" (QuaSiModO) has been successfully completed. The researchers' goal was to investigate and test novel quantum-resistant - that is, not vulnerable to attack by a quantum computer - cryptographic algorithms and prepare them for use in VPN standards and VPN implementations. The results and their practical significance for IT security will be presented this week at an event on post-quantum cryptography hosted by Fraunhofer AISEC. IT security specialist genua GmbH is already working on initial implementations of the project results and is aiming for a post-quantum migration of its network security solutions as soon as possible.

Quantum Computers Challenge Cryptography

Cryptography is a prerequisite for ensuring the confidentiality and authenticity of communications and data. In virtual private networks (VPNs), it is used, among other things, for exchanging cryptographic keys as well as for encryption itself to communicate securely with a remote device over an insecure network such as the Internet.

However, established encryption algorithms are at risk: Quantum computers could become powerful enough to crack them within a few decades. This threat also affects sensitive data already stored today, as it could be decrypted retrospectively. In addition, post-quantum cryptography poses new challenges to the design of network protocols, as PQK algorithms are often slower or have larger key sizes than classic methods.

Practical Cryptoalgorithms For The Quantum Age

To meet these challenges, researchers around the world are working on new cryptographic methods. In the QuaSiModO research project, the aim was to identify practical trustworthy and secure algorithms that can be used to operate quantum-secure VPNs in the near future. The common IPsec and MACsec key exchange and key agreement protocols, Internet Key Exchange Version 2 (IKEv2) and MKA/PACE, should be made quantum secure for this purpose, including by using hybrid, crypto-agile, and multilayer encryption techniques.

According to Stefan-Lukas Gazdag, crypto researcher for the genua GmbH project coordinator, all project goals were achieved:

• the quantum-resistant key exchange for IPsec and MACsec,

• the implementation of quantum-resistant solutions on Layer 2 and Layer 3 of the TCP/IP reference model

• as well as the development and testing of VPN-suitable hybrid and cryptoagile mechanisms - in coordination with the relevant standardization committees.

In addition, the first attempts at post-quantum authentication have been undertaken. genua's main research had been on IPsec protocols. Gazdag is more than satisfied with the results: “We found several mechanisms to successfully quantum-proof the classic Internet Key Exchange IKEv2 as well as IPsec.”

The Next Step - Fully Quantum-Resistant Networks

genua GmbH has been active in research for quantum-resistant IT for a long time. As early as 2014, the company was involved in QuaSiModO's predecessor “Quantum Computer-Resistant Signature Methods For Practice" (squareUP). And a follow-up project for QuaSiModO is already being planned – with an expanded focus on complete quantum-resistant networks. "In the not too distant future, quantum-secure encryption techniques will be a must for IT solutions made in Europe", Gazdag continues. "Thanks to the results of QuaSiModO, we are at the forefront and will implement suitable procedures at an early stage that will keep our customers secure in the future.”

Joint Research For Quantum-Resistant Algorithms

The QuaSiModO project partners, in addition to genua as project coordinator, are ADVA Optical Networking SE, the Fraunhofer Institute for Applied and Integrated Security (AISEC) and the Ludwig Maximilian University of Munich (LMU). The German Federal Office for Information Security (BSI) and the Hessen CyberCompetenceCenter (Hessen3C) were also associated partners.

Image caption

Demonstrator of quantum-secure communication through IPsec and MACsec. Two sites are connected via layer 2 (VLAN) and layer 3 (IP tunnel). The VLAN is secured by SecTAG. The IP tunnel, on the other hand, is secured by IPsec / ESP and additionally encapsulated in SecTag. The connection is established with IKEv2 for ESP and MKA / PACE for SecTAG. © genua GmbH

Further information

• QuaSiModO project website pq-vpn.de/index.html

About genua

genua GmbH is an enabler of digital transformation. We secure sensitive IT networks in the public and enterprise sectors, for critical infrastructure organizations and in industries with an obligation to maintain secrecy with highly secure and scalable cyber security solutions. In doing so, genua GmbH focuses on the comprehensive protection of networks, communication and internal network security for IT and OT. The range of solutions spans from firewalls and gateways, VPNs, remote maintenance systems, internal network security and cloud security to remote access solutions for mobile employees and home offices.

genua GmbH is a subsidiary of the Bundesdruckerei Group. With more than 400 employees, it develops and produces IT security solutions exclusively in Germany. Since the founding of the company in 1992, regular certifications and approvals from the German Federal Office for Information Security (BSI) provide proof of the high security and quality standards of the products. Customers include, among others, Arvato Systems, BMW, the German Armed Services, THW as well as the Würth Group.