By Post-Quantum – 02/05/2019

The VPN is an essential tool for organisations’ staff, but it provides a route into an organisation’s systems for attackers. The key vulnerabilities are weaknesses in the cryptography securing the connection, and the user login and authentication process.

The current VPN standard, the Diffie-Hellman-based Internet Key Exchange Protocol, is vulnerable to attacks by quantum computers. Organisations need to introduce a quantum-secure process, while maintaining compatibility with existing systems. Post-Quantum’s system enables quantum-safe key exchange, used if both sides of the connection are compatible with it, with the current standard (IKEv2) available if not.

Complete replacement of current key exchange systems would not offer the necessary assurance in the encryption system, so introducing an additional quantum-safe key exchange gives greater confidence. Our system aligns with NIST’s approach, recognising hybrid modes in which quantum-resistant algorithms are a component of an overall system that is FIPS compliant.

We have developed our system in line with Gartner’s recommendation of crypto-agility (‘Better Safe Than Sorry: Preparing for Crypto-Agility’, Gartner ID: G00323350), to help organisations end dependence on a single protocol. We can ensure a simple transition to the post-quantum era.

Post-Quantum can also enhance the login process, with user-friendly biometrics-based identity verification that cryptographically binds the user’s identity to their session.