Secure quantum communication for critical identity access management infrastructures
The security of digital identities is threatened by future quantum technologies. In the hands of attackers, quantum computers will be able to break classical encryption methods. To fend off such attacks, four partners launched the Quant-ID project. In this project, they are researching the development of novel methods and systems that guarantee cryptographic security in the long term based on quantum random numbers and post-quantum cryptography. Highly critical areas, such as government institutions, banks or insurance companies, will thus receive the necessary protection. The BMBF-funded project started in September 2022 and will run for three years.
To achieve greater acceptance for the digitisation of services and business processes in society, user-friendly, reliable, and privacy-protecting procedures must be established. In the project ‘Secure Quantum Communication for Critical Identity Access Management Infrastructures,’ Quant-X Security & Coding, the Fraunhofer Institute for Photonic Microsystems IPMS, MTG AG, and the University of Regensburg are jointly researching reliable digital identities. The use of currently used network protocols is intended to facilitate the transition from classical encryption algorithms to quantum-safe methods. Deviating from the original physical term, quantum security here refers to protection against attacks by quantum computers.
"Our goal is to develop quantum-safe authorisation of users in an IAM (Identity Access Management) architecture with the help of quantum random numbers and post-quantum cryptography," explains Dr. Alexander Noack, Group Leader at the Fraunhofer Institute for Photonic Microsystems IPMS. Post-quantum cryptography (PQC) refers to cryptographic algorithms that are used on classical hardware but promise security against attacks with quantum computers. In the project, the true random numbers required for these methods will be generated by a quantum random number generator (QRNG) to increase security. "In addition, we also want to secure network communication, signatures, and database encryption using post-quantum cryptography," said Dr. Alexander Noack.
Another goal of the joint project is to develop a quantum-safe ‘single sign-on’ approach that enables access to various services with a single central login. At the end of the project, the digital identities and quantum-safe authorisation will be tested in a demonstrator in a realistic application using existing network protocols. In the process, the capabilities of the developed system will be compared with classical methods. The results of the subprojects will also be applicable on a modular basis. This offers network administrators and system managers the option of integrating either the entire system or only partial aspects.
By developing the concept in Germany, sovereignty regarding the security of national information technology systems will be strengthened. This results in a particularly high market potential for the project solution in highly sensitive areas and critical infrastructures such as in the area of banks, insurance companies, companies in the healthcare sector as well as public authorities and state institutions. These players are dependent on meeting high-security standards, as they are often exposed to increasingly complex attack structures. To support the application of the quantum random number generator, certification by the German Federal Office for Information Security (BSI) is also being sought.
The consortium's motivation is to build up an interdisciplinary project team, to establish partnerships in Germany for overall solutions and to make safeguarding technologies against attacks by quantum computers accessible to everyone. "With this project, we want to create the basis for interdisciplinary collaborations for the efficient realisation of quantum security in Germany," says the Fraunhofer IPMS group leader. The resulting quantum-safe version of OpenID Connect will be made available to the public for a low cost as an open-source library.