Periodic Reporting for period 2 - Crypto-Inside (Quantum driven cybersecurity - advanced security for the Internet of Things)
Reporting period: 2021-05-01 to 2022-04-30
According to Cisco there will be 500 billion devices connected to the Internet by 2030. Despite this huge potential, growth is hampered by user fears of inadequate security. The biggest quoted barrier to IoT growth in businesses is security, and with good reason. IoT devices are often the weakest point in any network and the estimated economic cost of IoT attacks to the top five European economies is €3.8 billion each year.
There is an urgent industry need for a robust, end-to-end security solution that can uniquely identify IoT devices and handle the major challenges in registering and managing billions of IoT devices. In response to this need, Crypto Quantique has developed a unique Key Provisioning Architecture, underpinned by a true Physically Unclonable Function (PUF) that exploits the phenomenon of quantum tunnelling to generate unforgeable cryptographic keys to secure data communications. Together, these provide the most robust End-to-End security possible, eliminating user’s security fears and unlocking the latent potential in the IoT market.
Our technology can provide an unforgeable identity at the device level, elimination of costs associated with key injection and provisioning and bill of materials, and enable IOT enterprises to rapidly onboard and control their own devices via cloud service providers.
Our solution is:
- Fully integrated and end-to-end (Key Provisioning Architecture + hardware root of trust).
- The end-user runs their own security management – there is no need to devolve trust and security to third parties.
- Cloud platform, hardware and microcontroller independent.
By licensing our quantum PUF IP and monetising API calls to verify identity, we will create a €33M p.a. opportunity by 2025, creating 70 new European jobs.
There is an urgent industry need for a robust, end-to-end security solution that can uniquely identify IoT devices and handle the major challenges in registering and managing billions of IoT devices. In response to this need, Crypto Quantique has developed a unique Key Provisioning Architecture, underpinned by a true Physically Unclonable Function (PUF) that exploits the phenomenon of quantum tunnelling to generate unforgeable cryptographic keys to secure data communications. Together, these provide the most robust End-to-End security possible, eliminating user’s security fears and unlocking the latent potential in the IoT market.
Our technology can provide an unforgeable identity at the device level, elimination of costs associated with key injection and provisioning and bill of materials, and enable IOT enterprises to rapidly onboard and control their own devices via cloud service providers.
Our solution is:
- Fully integrated and end-to-end (Key Provisioning Architecture + hardware root of trust).
- The end-user runs their own security management – there is no need to devolve trust and security to third parties.
- Cloud platform, hardware and microcontroller independent.
By licensing our quantum PUF IP and monetising API calls to verify identity, we will create a €33M p.a. opportunity by 2025, creating 70 new European jobs.
The project has been structured as follows: WP1 focused on taking our engineering prototype hardware and software and transforming them, from being suitable for an engineering lab to being suitable for use in a business environment by non-technical personnel. Then we needed to test the correct functioning of the commercial grade output from WP1 in WP3. Coupled to this we needed to generate support materials and demonstrations to support market engagement (WP2). Then we ensured to secure proven infrastructure to support market entry (WP4), by starting the process of securing identified key stakeholders, establishing a route into the market and starting preparing full entry into the market (WP5).
Overall, the project has progressed as planned, producing valuable technical outputs aligned with the objectives of each WP, thanks to a comprehensive project and risk management. Likewise, several required pre-commercialisation actions have been carried out, establishing the mechanisms and strategic business partnerships with key stakeholders, which will facilitate market deployment in subsequent post-project phases. In addition, multiple communication and dissemination actions have been developed to increase the visibility of our solution and business.
Overall, the project has progressed as planned, producing valuable technical outputs aligned with the objectives of each WP, thanks to a comprehensive project and risk management. Likewise, several required pre-commercialisation actions have been carried out, establishing the mechanisms and strategic business partnerships with key stakeholders, which will facilitate market deployment in subsequent post-project phases. In addition, multiple communication and dissemination actions have been developed to increase the visibility of our solution and business.
Our QDID IP, a new type of Physical Unclonable Function (PUF), uses quantum tunnelling to generate unforgeable and highly random cryptographic keys without the need for secret key injection, storage, or complex post-processing. Together with our Crypto-Inside platform, we deliver a fully integrated end-to-end IoT security solution to the key stakeholders.
The advantages over the state of the art can be summarised as follows:
a) Customer runs their own Key Provisioning Architecture (KPA).
b) It is more hardware/microcontroller independent.
c) Crypto Quantique's (KPA) can be integrated into customer systems regardless of what IoT management software they are using (plug & play).
d) Fully integrated solution as it provides both hardware root of trust and KPA. It provides end-to-end security and plug-and-play solution.
e) Crypto-Inside offers a far more automated solution as it is integrated into the production line as well as the cloud so we prevent customers from needing to perform tedious and error-prone uploading or downloading of device keys/certificates. This is open to malicious theft of keys by third parties obtaining access to the production line and interfering with the hardware security modules.
f) We have no requirement for enrolment secret keys to be kept secret, and in particular no private information from the device is learned by the factory (Trusted solution).
g) High quality cryptographic material to provide high IoT security and future-proof security.
h) Crypto Quantique’s QDID IP uses conventional semiconductor processes so it is easy to integrate with standard CMOS technology (Plug & play).
i) Crypto Quantique’s QDID IP requires minimal post-processing and error correction codes (efficient/low power).
j) Crypto Quantique’s QDID IP occupies less silicon area than SRAM PUFs.
The project will entail relevant socioeconomic impacts such as:
1) Increased quality of security will be an enabler of the IoT market, since 45% of potential IoT buyers have declined to install devices because of security fears according to the Bain 2018 IoT Customer Survey. Consumer privacy & security is lagging device adoption; consumers are adopting devices in the h9ome without, necessarily considering aspects of privacy and security that may be attached to the devices they are using. Industry takes a different approach and is often deferring device use.
2) Enhanced environmental impact, reduced climate change, enhanced care in the community for the aged, increased healthcare quality are some of the most common application areas to potentially become the beneficiaries of IoT devices. Enhanced operation of building heating sensors and heating systems will promote increased efficiency and reduced energy usage and therefore reduce climate emissions. Care in the community will become more common especially with the increase in aged communities and this will require the adoption of remote sensors to implement telemedicine. Finally increased healthcare will follow from the use of connected devices to monitor health conditions and adjustment of settings via remote healthcare professionals. Increased connectivity of sensors will permit live adjustments related to traffic flow in response to live air quality sensors in urban settings.
3) Increased job creation directly resulting from the increased manufacturing of sensors, and also from the wealth of service jobs that will result from the large collection of networked sensors in a variety of environments.
The advantages over the state of the art can be summarised as follows:
a) Customer runs their own Key Provisioning Architecture (KPA).
b) It is more hardware/microcontroller independent.
c) Crypto Quantique's (KPA) can be integrated into customer systems regardless of what IoT management software they are using (plug & play).
d) Fully integrated solution as it provides both hardware root of trust and KPA. It provides end-to-end security and plug-and-play solution.
e) Crypto-Inside offers a far more automated solution as it is integrated into the production line as well as the cloud so we prevent customers from needing to perform tedious and error-prone uploading or downloading of device keys/certificates. This is open to malicious theft of keys by third parties obtaining access to the production line and interfering with the hardware security modules.
f) We have no requirement for enrolment secret keys to be kept secret, and in particular no private information from the device is learned by the factory (Trusted solution).
g) High quality cryptographic material to provide high IoT security and future-proof security.
h) Crypto Quantique’s QDID IP uses conventional semiconductor processes so it is easy to integrate with standard CMOS technology (Plug & play).
i) Crypto Quantique’s QDID IP requires minimal post-processing and error correction codes (efficient/low power).
j) Crypto Quantique’s QDID IP occupies less silicon area than SRAM PUFs.
The project will entail relevant socioeconomic impacts such as:
1) Increased quality of security will be an enabler of the IoT market, since 45% of potential IoT buyers have declined to install devices because of security fears according to the Bain 2018 IoT Customer Survey. Consumer privacy & security is lagging device adoption; consumers are adopting devices in the h9ome without, necessarily considering aspects of privacy and security that may be attached to the devices they are using. Industry takes a different approach and is often deferring device use.
2) Enhanced environmental impact, reduced climate change, enhanced care in the community for the aged, increased healthcare quality are some of the most common application areas to potentially become the beneficiaries of IoT devices. Enhanced operation of building heating sensors and heating systems will promote increased efficiency and reduced energy usage and therefore reduce climate emissions. Care in the community will become more common especially with the increase in aged communities and this will require the adoption of remote sensors to implement telemedicine. Finally increased healthcare will follow from the use of connected devices to monitor health conditions and adjustment of settings via remote healthcare professionals. Increased connectivity of sensors will permit live adjustments related to traffic flow in response to live air quality sensors in urban settings.
3) Increased job creation directly resulting from the increased manufacturing of sensors, and also from the wealth of service jobs that will result from the large collection of networked sensors in a variety of environments.