Autonomy and quantum resilience for government

作者 ジョン タイービ | Mar 28, 2023

Connected systems are now enmeshed into our everyday lives and environments. This fundamental truth extends, of course, into the realm of US government agencies and the military. Here, it is mission-critical that we uphold the highest safety and security standards to protect systems, data and users from outside threats. And when it comes to ensuring that machines involved in large-scale autonomous projects can be trusted, a holistic approach is essential. A holistic approach, moreover, that anticipates the coming threat from quantum computers.

Organizations will benefit from augmentation of human effort that could improve safety, operational efficiency, user comfort and much more. But the big question is how can we trust the intelligence behind it? Trust is a fascinating, multi-dimensional topic, with both objective (using high rigor disciplines) and subjective (human behavior) perspectives. Assurances can be given on each dimension, giving us confidence in how a system should behave in any event, and in a way that is not only safe but in keeping with what humans reasonably expect of that machine at any given time.

Nevertheless, challenges remain – and the largest and most dangerous tend to be systemic. This is the result of many factors: complexity, connectivity (which leads to blurring of boundaries), uncertain cascading impacts and unclear responsibilities, attribution, or accountability.

Let’s take an example from the commercial world of farming as an example. With an autonomous harvesting robot, the issue of trust isn’t just with the machine itself. This is because the trend, in agriculture and many areas, is migration from a unit sale model to a service provision model. Thus, the robot itself will only be part of the service encompassing data provision, harvesting, fitting out a farm with intelligent components like sensors, and managing the entire process every season.

Addressing trust in a cyber-physical system

We now have a cyber-physical system, able to make its own decisions and connected to a wider world. Therefore, addressing trust must extend to all these areas. The service model also means that the owner and operator of the harvesting process may no longer solely be the farmer. This blurs the boundaries of who (or what) makes the decisions on the safety of the operator and those in proximity, operational effectiveness and the cyber security of both robot and associated data services. Furthermore, how do we know we can trust those decisions?

A holistic view is crucial, as it allows us to be adaptable rather than deterministic, something that is especially important when considering the pace of technology, the increased demand for agility, and the ever-evolving threat landscape. This means using probabilistic approaches (whether this be in the realms of opportunity or risk) and taking multiple perspectives. These range from the technology bundles that are most suitable (what sensors or algorithms to use or which verification and validation strategy to deploy), to socio-technical aspects such as finding the right skillsets, to integrating philosophies from different disciplines such as safety and security.

When it comes to addressing trust in autonomous systems, there are many aspects to consider and explore. Beyond these considerations, we see another fundamental challenge for government organizations: ensuring that these autonomous systems have been future proofed to address emerging quantum threats.

Quantum resilience for government

Let’s look more closely now at the implications of the emerging quantum threats for government organizations. It is reasonably likely that quantum computers will be capable of defeating existing asymmetric cryptography (RSA, ECC and so on) and will be available to state or federal level actors some time before the public. It is especially imperative the government implements post quantum security (PQS) algorithms on critical embedded devices. At CC we have developed a hardware accelerated implementation of CRYSTALS-Dilithium, a lattice-based signature scheme, targeted at low-power embedded systems.

The principal goal was to create this implementation of an accelerator running in simulation, together with testbench software that exercises it to compute Dilithium signatures and allows for performance measurements. A secondary goal is an implementation running in an FPGA+MCU system to allow real-world power measurements to be taken. The implementation will initially be targeted at an FPGA-based SoC (most likely Xilinx Zynq). We will run FPGA synthesis during development to get estimates for resource usage.

Reacting to quantum attacks on government

More broadly, government must re-examine the way it responds to new threats. An initial reaction might be to patch in some fixes; to upgrade and be safe again. While this might be possible in some cases, it is more complicated with the quantum computing threat. PQC algorithms are fundamentally different to current standards. As a result, optimizations made for a device, to improve efficiency based on current algorithms, may not work with PQC algorithms. So, if the device will be around for 10 years or so, this will need to be addressed in the design now.

In further work at CC, we have been pushing the boundaries of the ability of today’s hardware to run the PQC algorithms needed in the future. It has been a challenge and a lot has been learnt from the work. While we’ve shown that it is possible to future-proof devices at a reasonable cost, a number of important factors must be considered:

  • The right chip must be chosen to ensure there is enough memory and storage to operate the new algorithms
  • It’s important to update firmware securely. New digital signature algorithms will be more computationally expensive, so the device must be able to handle things like having enough storage for the signatures or any other metadata associated with the operation
  • Cryptographic agility must be considered. The flexibility to easily switch underlying crypto is important when assumptions on the security of algorithms fall through. This is especially relevant for custom low cost/bulk manufacture devices, as web-based standards such as the X.509 public key certificate standard already include provisions for switching out the underlying encryption algorithms used
  • The use case matters, with PQC mainly affecting asymmetric crypto. Some use cases which could experience a disproportionate impact are:
  • Large device volumes with inter-device communications. Here, a more computationally expensive key exchange mechanism could have a large impact
  • Large message volumes, where authenticity of the messages matter. Potentially slower signature algorithms could have various impacts on the performance of a system

While this does demand that devices are built with greater memory and storage resource, there are many favorable things which mean it can be done sooner rather than later. Resources are getting cheaper, so the new overheads are going to be affordable in many cases. Work is being done to integrate the new algorithms into common tools and libraries such as OpenSSL, meaning it shouldn’t be necessary to migrate to vastly different tools and tech that are unfamiliar.

The chances are that many devices and systems still to be designed will be around in the quantum world in some form. So, can they be designed now and optimized for the future threat? Or even designed with the ability to adapt to future threats? The answers are yes and yes – but it’s not straight forward. Please don’t hesitate to reach out to me if you’d like to hear more about our quantum research and discuss the applications that are emerging. With a broadly-based multidisciplinary team of 800 across the world, CC is uniquely placed to help with your ambitions.

専門家

ワイヤレス&デジタルサービス事業本部 北米地域 事業開発担当 | お問い合わせ

エンタープライズソフトウェアソリューションから航空宇宙産業におけるM&Aまで、様々な市場において大手企業や政府機関による革新的な製品・サービス開発のサポートに17年以上従事。ケンブリッジコンサルタンツでは、AI・高性能センシング・ロボティクス・ワイヤレス通信に関するグローバルな知見を活用しながら、FFRDC(連邦政府出資研究開発センター)や大規模政府請負業者と連携し米国政府向けのデジタルトランスフォーメーションや自動化に取り組んでいる。米空軍士官学校では学士号を、レッドランズ大学にてMBAを取得。

関連するインサイト

ディープテック

新規なテクノロジーや、そのテクノロジーを通じた長期的に持続可能な価値の創出について、ご関心をお持ちでしょうか。

当社はビジネスとテクノロジーが交差する場所での創造性に主眼を置き、お客様の事業を再定義するようなソリューションを創出します。

産業分野

お客様が目指す産業分野に関する深い見識を備え、ブレークスルーをもたらすディープテックを活用できて、価値を創出する活動で確かな実績を持つパートナーが必要です。

お客様の事業分野における当社の実績や、どのような事業上の優位性をお届けできるかについて、ご確認ください。

インサイト

ケンブリッジコンサルタンツの最新のインサイト、アイデア、視点をご確認ください。

ビジネスと社会の将来を形成するディープテックの動向を、最前線の事例を通じてお伝えします。

キャリア

ご自身の能力が評価され、真の差異を産み出せるような仕事に興味はありませんか。

これからキャリアをスタートする方でも、経験豊富な方でも、ぜひご連絡をお待ちしています。