Quantum-Safe Trust for Vehicles

The theory of quantum computing has been with us for nearly three decades, courtesy of a quantum mechanical model of the Turing machine proposed by physicist Paul Benioff in the early 1980s. For most of that time, the notion has seemed more a far-off vision than an impending reality. That changed abruptly with a 2019 claim by Google AI, in conjunction with NASA, that it had managed to perform a quantum computation infeasible on a conventional computer. While many have eagerly anticipated the new vistas that could open with the arrival of quantum computing, cryptographers and security experts have not generally shared that enthusiasm since one of the most anticipated quantum advantages comes in integer factorization, which is critical to RSA (Rivest-Shamir-Adleman)-based security. Also, as far back as 1994, MIT mathematician Peter Shor developed a quantum algorithm capable of solving the discrete logarithm problem central to Diffie-Hellman key exchange and elliptic curve cryptography. Now that it seems quantum-computing capabilities could become commercially available within the next decade or two--likely in the form of cloud-based services--security professionals have turned with an intensified sense of urgency to the challenge of how to respond to the threat of quantum-powered attacks. One domain where this is particularly true is in the automotive industry, where cars now coming off assembly lines are sometimes referred to as "rolling datacenters" in acknowledgment of all the entertainment and communications capabilities they contain. The fact that autonomous driving systems are also well along in development does nothing to allay these concerns. Indeed, it would seem the stakes of automobile cybersecurity are about to become immeasurably higher just as some of the underpinnings of contemporary cybersecurity are rendered moot. To explore the implications of this in the discussion that follows, acmqueue brought together some of the people who are already working to build a new trust environment for the automotive industry: Alexander Truskovsky, director of technical strategy at ISARA Corporation, where efforts are being made to develop quantum-safe cryptographic roots of trust; Mike Gardiner, a solutions architect at Thales who has been central to efforts to tailor quantum-safe protections for the automotive industry; Atefeh Mashatan, director of the Cyber-security Research Lab at Ryerson University; and George Neville-Neil, director of Engineering Operational Security at JUUL Labs, who is better known to many as Kode Vicious. ATEFEH MASHATAN: What do you see as your greatest concerns when it comes to quantum vulnerability in the automobile industry? MICHAEL GARDINER: One of the big concerns has to do with over-the-air software updates for smart cars--like a Tesla, for example--where somebody with a quantum computer could potentially issue malicious firmware while creating the illusion it comes from the manufacturer.