Cloud Security Alliance Quantum-safe Security Working Group

Transcription

1 Don Hayford 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Seoul, Korea October 5, 2015 Session 3: Joint Global Efforts Cloud Security Alliance Quantum-safe Security Working Group 1

2 Cloud Security Alliance Membership 300 Corporate Members, 65K Individual Members CSA operates the most popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self assessment, 3rd party audit and continuous monitoring. CSA launched the industry s first cloud security user certification in 2010, the Certificate of Cloud Security Knowledge (CCSK), the benchmark for professional competency in cloud computing security. CSA s comprehensive research program works in collaboration with industry, higher education and government on a global basis. CSA research prides itself on vendor neutrality, agility and integrity of results. Website: Mission Statement To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

3 CSA Research Working Groups 28 member-driven working groups and research initiatives Anti-Bot Big Data Cloud Controls Matrix Cloud Data Governance Cloud Vulnerabilities CloudAudit CloudCISC CloudTrust Consensus Assessments Enterprise Architecture Incident Management and Forensics Financial Services Innovation Health Information Management Internet of Things Legal Mobile Open API Open Certification Privacy Level Agreement Quantum-safe Security Security as a Service Security Guidance Small Business Software Defined Perimeter Telecom Top Threats Virtualization

4 Quantum-Safe Security Working Group Established 11/2014 by ID Quantique, Battelle, QuantumCTek Now 90+ members from 40+ organizations Objective Provide objective information, education, and advice relating to QSS Provide thought leadership for the field of quantum safe encryption and key management Become a trusted advisor to policy makers, analysts, consultants, industry leaders, and internal security or risk officers on issues relating to securing data in the long term Bridge the gap between mathematicians and physicists, and bring quantum cryptography solutions into a traditional security framework Influence and/or set standards and certification procedures to promote adoption and implementation of quantum safe technologies

5 The Message Key distribution is a problem Quantum computers are a reality Breaking keys will become a reality and the data you are sending now will become vulnerable There are viable solutions QKD currently available from at least one company and certified to FIPS Post-quantum algorithms currently available from at least one company and approved by Accredited Standards Committee X9 (X9.98) These solutions need to become mainstream Approved algorithms and methods Appropriate certification paths for hardware and software Interoperability of software and hardware solutions Acceptance by the user community 5

6 Quantum-Safe Security Working Group Includes both physics-based (i.e, QKD) and software-based (i.e., post-quantum cryptography) both in membership and in our focus Three position papers Short, easy-to-read (2-4 pages) What is Quantum-Safe Security? What is Quantum Key Distribution? What is Post-Quantum Cryptography?

7 At Last, Some Success I have been shouted at by people saying stop scaremongering; it s science fiction, it will never happen. Andersen Cheng, PQ Solutions 7

8 What s Next for QSSWG Continued educational thrust White papers, conferences, workshops Focus on conferences aligned with specific industries General industry conferences like CSA Congress, RSA, others Continued thrust for acceptance and adoption by industry Standardization, certification, and accreditation participation PQ and QKD Algorithms, interoperability of hardware and software, certification CSA is not a standards organization, but our members are strong participants in the standards process as developers, suppliers, endusers 8