PARTNER CONTENT: At MWC Las Vegas in October all eyes were on the potential of 5G to accelerate IT transformation and unlock untold value for global enterprises. But there’s a looming threat set to dampen this optimistic outlook for telcos and network operators. The clock is ticking down to a quantum computing future which could change everything.

Fortunately, technology exists today to make the journey to 5G quantum safety as seamless as possible.

Why quantum matters

The business potential of 5G should by now be well understood by network operators. But there are also new opportunities for state-backed hackers and cybercriminals.

“There are simply more users and more applications accessing data, and that results in a larger attack surface for bad actors to get into these networks and steal information,” explains Intel Enterprise Segment Manager, Mitch Koyama.

This in itself would be a challenge. But it’s one compounded by the prospect of Cryptographically Relevant Quantum Computers (CRQCs) which, for certain tasks, are orders of magnitude faster and more powerful than today’s supercomputers. By solving the mathematical problems on which asymmetric encryption like PKI cryptography is based, they could reduce to rubble a critical security pillar on which 5G is built.

Consider, for example, the IPSec VPN tunnels that securely connect datacentres, customer environments and edge computing locations. A CRQC could unmask the encryption keeping these tunnels impermeable, and expose the data passing through them. This also has major implications for security technologies like SASE and, in a similar way, current zero trust network access (ZTNA) approaches. This isn’t just a problem for the future—bad actors can harvest data today and decrypt it later, a serious threat for long-lived secrets.

“As evidenced by recent revelations, telcos continue to be a major target for threat actors, so it’s no great leap to assume they would be in the crosshairs once CRQCs emerge,” warns Michael Murphy, Deputy CTO at post-quantum cryptography specialist Arqit.

“This is the most valuable connectivity that we have globally, and it is therefore among the most valuable targets for bad actors to go after because they know that the largest organisations in the world rely on major telcos to run their networks,” he says.

The clock is ticking

There are several ways CRQCs could increase cyber risk in telco environments. However, the most pressing threat is the probability that malicious actors are already harvesting PKI-encrypted data with a view to decrypting it when CRQCs become available. This Store Now, Decrypt Later (SNDL) threat increases the urgency with which telcos must find a path to quantum safety, according to Murphy.

“The longer you go on using these [PKC] algorithms, the more data you’re putting at risk of being harvested now to be decrypted later,” he continues. “Because of the size of these networks and the way data moves around the world, there really is no way really of stopping somebody from harvesting that data.”

Although we don’t know for sure when CRQCs will finally appear, regulators are already urging organisations to formulate plans for the post-quantum era. Standards are emerging—such as RFC 8784—to build momentum among technology providers. And in the US, government agencies have already been empowered to mandate suppliers adhere to quantum-safe encryption standards.

Which approach is best?

There are various approaches for telcos to consider. NIST has already standardised a handful of post-quantum cryptographic algorithms (PQAs). These are designed to nominally withstand the compute power of CRQCs, although several were broken by researchers during the standardisation process. Quantum key distribution (QKD) is another option—using quantum properties of photons to help two parties securely exchange encryption keys. A third way is symmetric key agreement: allowing endpoints to agree a key without using asymmetric methods. It uses algorithms that have been confirmed by US and UK governments and the GSMA as post-quantum secure, with only minor tweaks required.

According to Murphy, network operators should be looking for technology that offers a strong, simple, scalable and standards-based way to achieve quantum safety.  

“You want to be able to say, ‘will it protect my data and can I prove that it will? Is it simple to deploy, manage and operate? Can it scale to the ambition that I have as an organisation? And can I point to the standards that it’s using and say it’s something that is fully agreed on by the community?” he says.

Arqit and Intel’s approach answers a resounding ‘yes’ to these questions, by blending the best aspects of PQAs and symmetric key agreement for a more robust approach.

“A basic tenet of cryptography is if you can do more things to try and protect the data, even if one of those things becomes weakened over time, you can fall back on others. We’re particularly strong on symmetric, but we do also use some PQAs in a way that mitigates the risk of them becoming weakened over time,” explains Murphy.

There’s also a strong focus on flexibility and ease of deployment with the Arqit/Intel approach, which is architected to be low compute in order to work seamlessly on edge devices. This contrasts QKD, which requires special fibre optics and dedicated equipment, and is “difficult to deploy and scale”, Murphy claims.

“Through our partnership with Intel, we are one of the few organisations that is also bringing a solution that fits in seamlessly with what the telcos are already trying to deploy.” he adds. “This is a white-box solution that can be provisioned on demand with zero touch. These are things telcos need to think about because they run global networks that need to change so much over time.”

Arqit and Intel in action

One such operator is Telecom Italia Sparkle, which wanted to secure communications between its datacentres over the open internet—now and in the post-quantum era. Mindful of the SNDL threat to its business and customers, the firm collaborated with Arqit and Intel to deploy quantum-safe IPsec VPN connectivity.

Specifically, it leveraged the Arqit SKA-Platform for post-quantum symmetric cryptographic key generation, and Arqit’s NetworkSecure Adaptor to integrate these keys with the strongSwan open source VPN library. The resulting out-of-the-box, quantum-safe VPN solution was enabled by the Intel-based NetSec Accelerator—a high-performance “server on a card” with a PCIe form factor. The Intel solution is designed to offload cryptographic and network operations in order to improve throughput and reduce CPU load.

Intel’s Koyama says the NetSec Accelerator is illustrative of the work Intel has been doing for years to produce flexible, high performance yet low-power offerings in different form factors for the telco market.

“In the past couple of decades, Intel has spent a great deal of time making software-defined telco networks a reality. We have a specific type of architecture designed for packet processing, network security including encryption and decryption—and Arqit plugs right in and runs beautifully on that architecture.”

The time is now

Telecom Italia Sparkle is already realising the benefits of quantum-safe infrastructure with no downtime or loss of performance. As the clock continues to tick down to a new quantum age, its global peers would do well to follow suit.