Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is considered practically impossible. The advent of quantum computers (QC) will worsen cybersecurity. QC will be a boon for data-intensive industries by drastically reducing the computing time from years to minutes. But QC will render our current cryptography vulnerable to quantum attacks, breaking nearly all modern cryptographic systems. Before QCs with sufficient qubits arrive, we must be ready with quantum-safe strategies to protect our ICT infrastructures. Post-quantum cryptography (PQC) is being aggressively pursued worldwide as a defence from the potential Q-day threat. NIST (National Institute of Standards and Technology), in a rigorous process, tested 82 PQC schemes, 80 of which failed after the final round in 2022. Recently the remaining two PQCs were also cracked by a Swedish and a French team of cryptographers, placing NIST’s PQC standardization process in serious jeopardy. With all the NIST-evaluated PQCs failing, there’s an urgent need to explore alternate strategies. Although cybersecurity heavily relies on cryptography, recent evidence indicates that it can indeed transcend beyond encryption using Zero Vulnerability Computing (ZVC) technology. ZVC is an encryption-agnostic absolute zero trust (AZT) approach that can potentially render computers quantum resistant by banning all third-party permissions, a root cause of most vulnerabilities. Unachievable in legacy systems, AZT is pursued by an experienced consortium of European partners to build compact, solid-state devices that are robust, resilient, energy-efficient, and with zero attack surface, rendering them resistant to malware and future Q-Day threats.
References
[1]
Fleck, A. (2022) Cybercrime Expected to Skyrocket in Coming Years. Statista.
https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/
[2]
Satoh, A., Fukuda, Y., Hayashi, T. and Kitagata, G. (2020) A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware. IEEE Open Journal of the Communications Society, 1, 1837-1849.
https://doi.org/10.1109/OJCOMS.2020.3038704
[3]
Banafa, A. (2023) How to Secure the Internet of Things. In: Banafa, A., Ed., Introduction to Internet of Things (IoT), River Publishers, New York, 57-62.
https://doi.org/10.1201/9781003426240-10
[4]
Raheman, F., Bhagat, T., Vermeulen, B. and Van Daele, P. (2022) Will Zero Vulnerability Computing (ZVC) Ever Be Possible? Testing the Hypothesis. Future Internet, 14, Article 238. https://doi.org/10.3390/fi14080238
[5]
Raina, S. (2023) Geopolitical Instability Raises Threat of ‘Catastrophic Cyberattack in Next Two Years’. World Economic Forum.
https://www.weforum.org/press/2023/01/geopolitical-instability-raises-threat-of-catastrophic-cyberattack-in-next-two-years/
[6]
Taylor, P. (2023) Connection Density of 4G, 5G, and 6G Mobile Broadband Technologies (in Millions of Devices Per Kilometre2). Statista.
https://www.statista.com/statistics/1183690/mobile-broadband-connection-density/
[7]
Aslam, A.M., et al. (2023) Metaverse for 6G and Beyond: The Next Revolution and Deployment Challenges. IEEE Internet of Things Magazine, 6, 32-39.
https://doi.org/10.1109/IOTM.001.2200248
[8]
Zhang, S., Xiang, C. and Xu, S. (2020) 6G: Connecting Everything by 1000 Times Price Reduction. IEEE Open Journal of Vehicular Technology, 1, 107-115.
https://doi.org/10.1109/OJVT.2020.2980003
[9]
Szymanski, T.H. (2022) The “Cyber Security via Determinism” Paradigm for a Quantum Safe Zero Trust Deterministic Internet of Things (IoT). IEEE Access, 10, 45893-45930. https://doi.org/10.1109/ACCESS.2022.3169137
[10]
Dobberstein, L. (2022) Post-Quantum Crypto Cracked in an Hour with One Core of an Ancient Xeon. The Register.
https://www.theregister.com/2022/08/03/nist_quantum_resistant_crypto_cracked/
[11]
Beckwith, L., Nguyen, D.T. and Gaj, K. (2022) High-Performance Hardware Implementation of Lattice-Based Digital Signatures. Cryptology ePrint Archive.
[12]
3SoC Consortium (2023) Solid State Software on a Chip (3SoC): A Novel Approach for Quantum Safe Computing. Blockchain 5.0 Oü (BC5), Tallinn.
https://www.bc5.eu/3SoC/
[13]
Dickson, B. (2016) What Bruce Schneier Teaches Us about IoT and Cybersecurity. TechTalk.
https://bdtechtalks.com/2016/11/29/what-bruce-schneier-teaches-us-about-iot-and-cybersecurity/
[14]
Statista Research Department (2016) Internet of Things (IoT) Connected Devices from 2015 to 2025 (in Billions).
https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
[15]
Zhang, M., Xin, Y., Wang, L., Jajodia, S. and Singhal, A. (2019) CASFinder: Detecting Common Attack Surface. 33rd Annual IFIP WG 11.3 Conference, DBSEC 2019, Charleston, 15-17 July 2019, 338-358.
https://doi.org/10.1007/978-3-030-22479-0_18
[16]
Islam, Z. (2022) Hackers Now Exploit New Vulnerabilities in Just 15 Minutes. Digital Trends.
https://www.digitaltrends.com/computing/hackers-now-exploit-new-vulnerabilities-in-just-15-minutes/
[17]
Cybersecurity Ventures and Herjavec Group (2018) Hackerpocalypse: A Cybercrime Revelation. Cyentia Cybersecurity Research Library.
https://library.cyentia.com/report/report_001392.html
[18]
Grimes, R.A. (2019) Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today’s Crypto. John Wiley & Sons, Hoboken.
https://doi.org/10.1002/9781119618232
[19]
Yoo, C.S. and Lee, B.C. (2023) Optimizing Cybersecurity Risk in Medical Cyber-Physical Devices. William & Mary Law Review, 64, 1513-1554.
[20]
Chen, L., Jordan, S., Liu, Y.K., Moody, D., Peralta, R., Smith-Tone, D., et al. (2016) Report on Post-Quantum Cryptography. US Department of Commerce, National Institute of Standards and Technology, Vol. 12, Gaithersburg.
https://doi.org/10.6028/NIST.IR.8105
[21]
Fernandez-Carames, T.M. and Fraga-Lamas, P. (2020) Towards Post-Quantum Blockchain: A Review on Blockchain Cryptography Resistant to Quantum Computing Attacks. IEEE Access, 8, 21091-21116.
https://doi.org/10.1109/ACCESS.2020.2968985
[22]
Dupraz, F. and Rollin, M. (2022) Why Everyone’s Talking about…the Quantum Apocalypse. Natixis Investment Managers.
https://www.im.natixis.com/intl/research/everyone-s-talking-about-the-quantum-apocalypse
[23]
Ford, P. (2023) The Quantum Cybersecurity Threat May Arrive Sooner than You Think. Computer, 56, 134-136. https://doi.org/10.1109/MC.2022.3227657
[24]
Křelina, M. (2022) Quantum Technology in Future Warfare: What Is on the Horizon? Future Warfare and Technology: Issues and Strate-Gies. Global Policy Journal, 1, Article 107.
[25]
Fulton III, S. (2022) A Buyer’s Guide to Quantum as a Service: Qubits for Hire. ZDNET.
https://www.zdnet.com/article/a-buyers-guide-to-quantum-as-a-service-qubits-for-hire/
[26]
Biden, J.R. (2021) Executive Order on Improving the Nation’s Cybersecurity. White House.
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
[27]
Kerman, A., Borchert, O., Rose, S. and Tan, A. (2020) Implementing a Zero Trust Architecture. National Cybersecurity Center of Excellence.
https://www.nccoe.nist.gov/sites/default/files/legacy-files/zta-project-description-final.pdf
[28]
Ali, R. (2021) Looking to the Future of the Cyber Security Landscape. Network Security, 2021, 8-10. https://doi.org/10.1016/s1353-4858(21)00029-5
[29]
Olufon, T. (2023) Zero Trust Comes into the Mainstream in Europe. Forrester.
https://www.forrester.com/report/zero-trust-comes-into-the-mainstream-in-europe/res178958
[30]
Columbus, L. (2023) How Post Quantum Cryptography Will Help Fulfil the Vision of Zero Trust. Venture Beat.
https://venturebeat.com/security/how-post-quantum-cryptography-will-help-fulfill-the-vision-of-zero-trust/
[31]
Huttner, B. and Kalsi, M. (2022) Countdown to Y2Q: Working Group, Quantum-Safe Security. Cloud Security Alliance.
https://cloudsecurityalliance.org/research/working-groups/quantum-safe-security/
[32]
Keary, T. (2022) NATO and White House Recognized Post Quantum Threats and Prepared for Y2Q. Venture Beat.
https://venturebeat.com/business/nato-and-white-house-recognize-post-quantum-threats-and-prepare-for-y2q/
[33]
Ribezzo, D., et al. (2023) Deploying an Inter-European Quantum Network. Advanced Quantum Technologies, 6, Article 2200061.
https://doi.org/10.1002/qute.202200061
[34]
Lin, H. (2023) The Mother of All Data Breaches: Quantum Com-Puting Holds New Promises and Dangers. Such Devices Could Overturn Our Whole Cybersecurity Regime, Revealing Not Just Mountains of Data But Secrets from Years Past. Hoover Digest, 2023, 79-83.
[35]
Sanzeri, S. (2023) What the Quantum Computing Cybersecurity Preparedness Act Means for National Security. Forbes.
https://www.forbes.com/sites/forbestechcouncil/2023/01/25/what-the-quan-tum-computing-cybersecurity-preparedness-act-means-for-national-security/
[36]
Alagic, G., et al. (2019) Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process. US Department of Commerce, National institute of Standards and Technology, Washington, DC.
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927303
[37]
Mathew, S. (2022) Encryption Meant to Protect against Quantum Hackers Is Easily Cracked. New Scientist.
https://www.newscientist.com/article/2310369-encryption-meant-to-protect-against-quantum-hackers-is-easily-cracked/
[38]
Castryck, W. and Thomas, D. (2022) An Efficient Key Recovery Attack on SIDH. Cryptology ePrint Archive. https://eprint.iacr.org/2022/975
[39]
Berzati, A., Viera, A.C., Chartouni, M., Madec, S., Vergnaud, D. and Vigilant, D. (2023) Exploiting Intermediate Value Leakage in Dilithium: A Template-Based Approach. Cryptology ePrint Archive. https://eprint.iacr.org/2023/050
[40]
National Security Agency (2021) Embracing a Zero Trust Security Model.
https://media.defense.gov/2021/feb/25/2002588479/-1/-1/0/csi_embracing_zt_security_model_uoo115131-21.pdf
[41]
Nivarthi, K.S.P. and Gatla, G. (2022) Fighting Cybercrime with Zero Trust. American Academic Scientific Research Journal for Engineering, Technology, and Sciences, 90, 371-381.
[42]
Raheman, F. (2022) The Future of Cybersecurity in the Age of Quantum Computing. Future Internet, 14, Article 335. https://doi.org/10.3390/fi14110335
[43]
Raheman, F. (2022) The Q-Day Dilemma and the Quantum Supremacy/Advantage Conjecture. Research Square. https://doi.org/10.21203/rs.3.rs-2331935/v1
[44]
Nyári, N. (2021) The Impact of Quantum Computing on IT Security. Biztonságtudományi Szemle, 3, 25-37.
[45]
Malware (2023) Total Amount of Malware and PUA. AV-TEST.org.
https://www.av-test.org/en/statistics/malware/
[46]
Canella, C., et al. (2019) A Systematic Evaluation of Transient Execution Attacks and Defenses. Proceedings of the 28th USENIX Security Symposium, Santa Clara, 14-16 August 2019, 249-266.
[47]
Filho, A.S., et al. (2020) Reducing the Attack Surface of Dynamic Binary Instrumentation Frameworks. In: Rocha, Á. and Pereira, R., Eds., Developments and Advances in Defense and Security, Smart Innovation, Systems and Technologies, Vol 152, Springer, Singapore, 3-13.
[48]
Stafford, V.A. (2020) Zero Trust Architecture. NIST Special Publication 800-207.
[49]
Manadhata, P.K. and Wing, J. (2011) An Attack Surface Metric. IEEE Transactions on Software Engineering, 37, 371-386. https://doi.org/10.1109/tse.2010.60
[50]
Swire, P. and Ahmad, K. (2011) Encryption and Globalization. Columbia Science and Technology Law Review, 23, 416-481. https://doi.org/10.2139/ssrn.1960602
[51]
Joseph, D., et al. (2022) Transitioning Organizations to Post-Quantum Cryptography. Nature, 605, 237-243. https://doi.org/10.1038/s41586-022-04623-2
[52]
Google (2019) Transparency Report: HTTPS Encryption by Chrome Platform.
https://transparencyreport.google.com/https/overview
[53]
Sharma, S. and Harjani, M. (2022) Rethinking the ‘Quantum Apocalypse’. RSIS Commentay.
[54]
Ji, Y. and Dubrova, E. (2023) A Side-Channel Attack on a Masked Hardware Implementation of CRYSTALS-Kyber. Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security, Copenhagen, 30 November 2023, 27-37.
https://doi.org/10.1145/3605769.3623992
[55]
Li, X., Luo, C., Liu, P., Wang, L.E. and Yu, D. (2019) Injecting Differential Privacy in Rules Extraction of Rough Set. Proceedings of the 2nd International Conference on Healthcare Science and Engineering, Guilin, China, 10-12 September 2018, 175-187. https://doi.org/10.1007/978-981-13-6837-0_13
[56]
Markets and Markets (2023) Quantum Cryptography Market by Offering (Solutions and Services), Security Type (Network Security and Application Security), Vertical (Government, Defense. BFSI, Healthcare, Retail, and eCommerce) and Region—Global Forecast to 2028.
https://www.marketsandmarkets.com/market-reports/quantum-cryptography-market-45857130.html
[57]
Campbell, M. (2020) Beyond Zero Trust: Trust Is a Vulnerability. Computer, 53, 110-113. https://doi.org/10.1109/MC.2020.3011081
[58]
Kindervag, J. (2010) No More Chewy Centers: The Zero Trust Model of Information Security. Forrester Research Inc, Cambridge.
https://www.ndm.net/firewall/pdf/palo_alto/Forrester-No-More-Chewy-Centers.pdf
[59]
Rose, S., Borchert, O., Mitchell, S. and Connelly, S. (2020) Zero Trust Architecture. National Institute of Standards and Technology, Gaithersburg.
https://doi.org/10.6028/nist.sp.800-207
[60]
Okafor, U., et al. (2013) Eliminating the Operating System via the Bare Machine Computing Paradigm. 5th International Conference on Future Computational Technologies and Applications (Future Computing), Saint-Laurent-du-Var, 26-30 June 2023, 1-6.
[61]
Michael, J.B., Dinolt, G.C., Cohen, F.B. and Wijesekera, D. (2022) Can You Trust Zero Trust? Computer, 55, 103-105.
[62]
Georgsen, R.E., and Myrdahl Køien, G. (2022) Serious Games with SysML: Gamifying Threat Modelling in a Small Business Setting. INCOSE International Symposium, 32, 119-132.
[63]
Whitmore, T. (2022) The Elusive Promise of (and Maddening Obstacles to Implementing) a Cloud Zero Trust Architecture. Frost & Sullivan Report.
https://www.frost.com/frost-perspectives/elusive-promise-and-obstacles-to-cloud-zero-trust-architecture/
[64]
Kindervag, J. (2011) Applying Zero Trust to the Extended Enterprise. Forrester Research, Cambridge.
[65]
Horne, D. and Nair, S. (2021) Introducing Zero Trust by Design: Principles and Practice Beyond the Zero Trust Hype. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, M.-S. and Tinetti, F.G., Eds., Advances in Security, Networks, and Internet of Things, Springer, Cham, 512-525.
[66]
Manan, A., et al. (2022) Extending 5G Services with Zero Trust Security Pillars: A Modular Approach. 2022 IEEE/ACS 19th international Conference on Computer Systems and Applications (AICCSA), Abu Dhabi, 5-8 December 2022, 1-6.
[67]
Home, D. (2022) Leveraging Software Defined Perimeter (SDP) Soft-Ware Defined Networking (SDN) and Virtualization to Build a Zero Trust Testbed with Limited Resources. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, M.-S. and Tinetti, F.G., Eds., Advances in Security, Networks, and Internet of Things, Springer, Cham.
[68]
Lefebvre, M., Engels, D.W., and Nair, S. (2022) On SDPN: Integrating the Software-Defined Perimeter (SDP) and the Soft-Ware-Defined Network (SDN) Paradigms. 2022 IEEE Conference on Communications and Network Security (CNS), Austin, 3-5 October 2022, 353-358.
[69]
Karabacak, B. and Whittaker, T. (2022) Zero Trust and Advanced Persistent Threats: Who Will Win the War? International Conference on Cyber Warfare and Security, 17. No. 1. https://doi.org/10.34190/iccws.17.1.10
[70]
Gligor, V.D. (2022) Zero Trust in Zero Trust. CMU CyLab Technical Report 22-002. https://www.cylab.cmu.edu/_files/pdfs/tech_reports/CMUCyLab22002.pdf
[71]
Singh, C. and Kaur, R. (2023) Relevance of Multi-Factor Authentication for Secure Cloud Access. In: Rani, S., Bhambri, P., Kataria, A., Khang, A. and Sivaraman, A.K., Eds., Big Data, Cloud Computing and IoT: Tools and Applications, CRC, Boca Raton, 13.
[72]
Ouda, A.J., et al. (2022) The Impact of Cloud Computing on Network Security and the Risk for Organization Behaviors. Webology, 19, 195-206.
[73]
Moreschini, S., et al. (2022) Cloud Continuum: The Definition. IEEE Access, 10, 131876-131886.
[74]
Zichichi, M., Ferretti, S. and D’Angelo, G. (2020) On the Efficiency of Decentralized File Storage for Personal Information Management Systems. 2020 IEEE Symposium on Computers and Communications (ISCC), Rennes, 7-10 July 2020, 1-6.
[75]
Bickley, A. (2017) Securing IoT Nodes. Arrow Electronics.
https://static4.arrow.com/-/media/arrow/files/pdf/s/securing-iot-nodes.pdf
[76]
Mohamed, N., et al. (2023) In-Depth Review of the integration of AI in Cloud Computing. 2023 3rd international Conference on Advance Computing and innovative Technologies in Engineering (ICACITE), Greater Noida, 12-13 May 2023, 1431-1434.
[77]
Benzaid, C. and Taleb, T. (2020) AI-Driven Zero Touch Network and Service Management in 5G and Beyond: Challenges and Research Directions. IEEE Network, 34, 186-194.
[78]
Stern, N. (1981) From ENIAC to UNIVAC: An Appraisal of the Eckert-Mauchly Computer. Digital Press, Bedford.
[79]
Hansen, P.B. (2001) The Evolution of Operating Systems. In: Hansen, P.B., ed., Classic Operating Systems: From Batch Processing to Distributed Systems, Springer, New York, 1-34.
[80]
Bullynck, M. (2019) What Is an Operating System? A Historical Investigation (1954-1964). Reflections on Programming Systems: Historical and Philosophical Aspects, Vol. 133, Springer, Cham.
[81]
CVE Details. Top 50 Products by Total Number of “Distinct” Vulnerabilities.
https://www.cvedetails.com/top-50-products.php
[82]
Tanenbaum, A.S., Herder, J.N. and Bos, H. (2006) Can We Make Operating Systems Reliable and Secure? Computer, 39, 44-51.
[83]
Engler, D.R. and Frans Kaashoek, M. (1995) Exterminate All Operating System Abstractions. Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V), Orcas Island, 4-5 May 1995, 78-83.
[84]
Okafor, U., et al. (2012) Transforming SQLITE to Run on a Bare PC. Proceedings of the 7th International Conference on Software Paradigm Trends (ICSOFT-2012), Rome, 24-27 July 2012, 311-314.
[85]
Karne, R.K., Liang, S., Wijesinha, A.L. and Appiah-Kubi, P. (2013) A Bare PC Mass Storage USB Driver. International Journal of Computers and Their Applications, 20, 32-45.
[86]
Khaksari, G.H., Wijesinha, A.L., Karne, R.K., He, L. and Girumala, S. (2007) A Peer-to-Peer Bare PC VoIP Application. 2007 4th IEEE Consumer Communications and Networking Conference, Las Vegas, 11-13 January 2007, 803-807.
[87]
WDN (WebDevelopersNotes.com). Every Product Becomes Obsolete in 3 Years.
https://www.webdevelopersnotes.com/every-product-becomes-obsolete-in-3-years
[88]
Alfonseca, M., et al. (2021) Superintelligence Cannot Be Contained: Lessons from Computability Theory. Journal of Artificial Intelligence Research, 70, 65-76.
