New Big Cybersecurity Risks:
Quantum Computing and
Artificial Intelligence
HueiJane TschaiAssociate Professor, National Taiwan University
Deputy Director, Association of Cyber Forensics Development in Taiwan
2018/11/26~27 CyberBayKin: Secure A Digital Myanmar
Outline
Introduction
Quantum Computing
Artificial Intelligence
Taiwan Cyber Security Policy
Conclusion
2
Fusion of Destructive Innovation Flips the World
3
Big Data: Innovation Trigger
Internet of
Everything
Top 10 Strategic Technology Trends for 2019
4
Quantum Computing
5
Quantum Computing Flips Tech Industry
6
Classical Computer Quantum Computer remark
AlgorithmBest algorithm 1024
Steps
Best algorithm 1010
Steps
Speed
150,000 yr. Less than 1 sec.Combining 300-bit numbers
for qualitative factorization
109.2 billion yr. 3 hr.Unlocking the private key
with a 100 qubit computer
In 1994, Peter Shor discovers Shor algorithm
which can theoretically break many of the
cryptosystems in use today.
• MD4、MD5
• HAVAL128
• RIPEMD
• ECDSA、ECDH
• DSA
• SHA-1
• RSA512 ( in 1999)
• RSA768 (in 2009)
• RSA4096(in 2015)
All have been cracked
• ECC-256 can be cracked by
computer with 1024 Qubits
• ECC-256 can be cracked by
computer with 2048 Qubits
• AES-256 can be cracked by
computer with 2128 Qubits
New Idea for Cyber Crime
7
Intercept now, Decrypt later
Dutch General Intelligence and Security Service 2015 "a nefarious attacker
could start intercepting and storing financial transactions, personal e-mails
and other sensitive encrypted traffic and then unscramble it all once a
quantum computer becomes available"
Snowden revealed: US and British intelligence agencies are using the
submarine cable termination station to collect data that account for 99% of
all global network traffic.
Wired Magazine 2012: US NSA is building a new data center in Utah that
can preserve all traffic generated by the Internet, making it a strategic
resource for analysis when they can master quantum computing capabilities.
Next Generation Computing
8
“I think I can safely say that nobody
understands quantum mechanics”
- Feynman
A quantum computer is a machine that could
be built on the atomic level and performs
calculations based on the laws of quantum
mechanics.
Basic Ideas Behind Quantum Computing
9
Quantum Uncertainty
Quantum Entanglement
Quantum Superposition
Albert Einstein: Spooky action at a distance
Quantum Bit(Qubit)
Bit
Unlike Newton's laws of motion, The position and momentum of a particle cannot be determined at the same time.
History of Quantum Computing
10
First Quantum Revolution Second Quantum Revolution
• Establish the basic principles of
quantum mechanics and change the
way people look at things on physical
world.
• Combine information technology theory
and quantum mechanics to create
more innovative products and services.
• 1900: quantum hypothesis first suggested
by Max Planck
• 1924: The term "quantum mechanics" was
first used in Max Born's paper.
• 1925: Werner Heisenberg, etc. develop
the matrix mechanics formulation of
Quantum Mechanics
• 1926: Erwin Schrödinger uses De
Broglie's electron wave postulate to
develop a "wave equation"
• 1927: Werner Heisenberg formulates the
quantum uncertainty principle.
• 1982: Wootters、Zurek、Dieks “No-
Cloning Theorem”
• 1982: Richard Feynman proposes a basic
model for a quantum computer which based
on the law of quantum mechanics instead of
the law of classical physics.
• 1985: David Deutsch developed the first
universal quantum Turning machine,
showing the quantum circuits are universal.
• 1992: David Deutsch and Richard Jozsa
shows that the quantum computer is
exponentially faster.
• 1994: Peter Shor discovers Shor’s algorithm which can theoretically break many of the
cryptosystems in use today.
• 1997: Lov Grover develops a quantum
search algorithm.
1980
The Solvay Conference 1927
11
Max Planck Marie Curie Albert Einstein
Werner
Heisenberg
Erwin
Schrödinger
Paul
Dirac
Current Status of Quantum Computing Industry
12
Quantum mechanics will be a paradigm shift
D-Wave Systems
• Founded in 1999
• World's first quantum computing company
• The only company that delivers quantum computing systems and software
• over 160 U.S. patents, over 100 peer-reviewed papers
World's First Quantum Commercial System
13
Time Type QuBit Status
May
2011
D-Wave
One
128 • “The world's first commercial quantum
computing system"
• This claim is controversial.
May
2013
D-Wave
Two
512 • A collaboration between NASA, Google and
the USRA launched a Quantum Artificial
Intelligence Lab. eg machine learning research
• 100 million times faster than traditional
computers with specific algorithm
January
2017
D-Wave
2000Q
2000 • 50 million US dollars
• Google, NASA, Lockheed Martin, USC, USRA,
Los Alamos National Laboratory, Oak Ridge
National Laboratory, Volkswagen, and many
other worldwide companies
• To solve some of the most complex problems
such as medicine discovery, cyber security,
space exploration ,national defense, financial
analysis, etc.
First Real-Time Quantum Application Environment
14
D-Wave Leap was launched on OCT 2018
15
Quantum Supremacy
More than 50 QuBitsThe potential ability of quantum computer to solve problems that
classical computers practically cannot.
72 QuBits• March 2018, Google unveiled
Bristlecone
56 QuBits• Oct 2017, IBM announced IBM Q
When you get a quantum computer,
What will you do?
16
17
Dig up the
remaining
Bitcoin!
• a new BitCoin 2.0 ecosystem
• Make BitCoin free from being cracked by quantum computers.
Quantum Cryptography
Quantum Key Distribution(QKD)
– Bennett and Brassard proposed in 1984 and demonstrated
experimentally in 1989.
– Based on the Principle of uncertainty, No-Cloning Theorem
18
• E91 protocol
• B92 protocol
• BBM92
• DPS (Differential
Phase Shift)
• COW
• Continuous
Variable
QKD Network Status
QKD Network launch BB84 BBM92 E91 DPS COW
US DARPA
QKD Network2001 Yes No No No No
EU SECOCQ
QKD Network2003 Yes Yes No No Yes
Japan Tokyo
QKD Network2009 Yes Yes No Yes No
China
QKD Network2009 Yes No No No No
Swiss Geneva
QKD Network2010 Yes No No No Yes
19
• QuintessenceLabs(Austria)
• SeQureNet(France)
• MagiQ Technologies(US)
• ID Quantique(Swiss)
Quantum Cryptography
Post Quantum Cryptography (PQC)
– Quantum-proof, Quantum-safe, Quantum-resistant
– Such public-key algorithms are thought to be secure
against an attack by a quantum computer
– Arms Race
20
(NTRU) (Rainbow Signature)
(Merkle trees )(McEliece)
Quantum Teleportation
QKD Network
“Pure" quantum communication
– The concept of quantum teleportation is proposed in 1993
– Principle of quantum entanglement
21
Quantum Internet
Quantum Teleportation Over Optical Fiber
22
Quantum Internet
LaunchQuantum
Communication Distance
1993Gisin Group, University of
Geneva, Switzerland1 KM Up to 23 KM in 1995
2003 MagiQ System 120 KM
The world's first
commercial quantum
crypto system
2004 UK Cambridge network 122 KM
2005 USA DARPA QKD Network 10 KM 3 nodes
2007 USA Los Alamos Lab. 100 KM
2008 EU SECOQC 82 KM 6 nodes
2015SwissQuantum QKD
Network307 KM
The first
international QKD
network
2017 China QKD Network 2000 KM 7 nodes
Quantum Teleportation Over Optical Fiber
23
China plan to establish first quantum communication network in 2030.
World's First Quantum Satellite Mozi
Aug 2016: China successfully launched a quantum satellite Mozi(Micius)
– To provide unbreakable secured comm. channels
Jun 2017: China sent ‘unhackable’ message to Austria over 1200 km.
Sep 2017: The world’s first a 75 min video conference
24
A figure from the letter shows how the Micius satellite transfers quantum keys across vast distances.
Quantum Computing is
National Strategic Technology
25
Country Status
US • In 2000, development of quantum computers was listed as one of the national S&T strategic goals.
• In 2009, White House National Science Council proposed the "Federal Quantum Information
Science Outlook White Paper"
• In 2016, White House S&T Policy Office issued "American Advanced Quantum Information Science:
National Challenges and Opportunities"
• Government agencies, universities, and private enterprises have established quantum R&D units
EU • More than 20 countries generated quantum related large-scale research projects
• Quantum Europe Conference from 2015
• Quantum Declaration released in 2016
• Launched Quantum Technologies Flagship under “Horizon 2020” in 2018
UK • UK government established the Quantum Technology Strategy Advisory Committee (QT SAB) to
develop national quantum technology strategy
• Invested 270 million pounds in 2013 to establish the UK's national quantum technology program
(UKNQTP) to translate academic work on quantum mechanics into new products and services.
• In 2015, the UK introduced the National Quantum Technology Strategy and invested 15 million
pounds in human resources
Singapore • Government funded S$150 million to National University of Singapore in 2007 to establish the
world's largest quantum computing lab, Centre for Quantum Technologies (CQT) which is the first
quantum research institute in Southeast Asia.
China • Include quantum computing as a priority funding area for the National Natural Science Foundation of
China
• Established multiple quantum information and computing research institutions
• In 2016, the State Council issued the Outline of the National Innovation Driven Development
Strategy, proposing the development of quantum technology.
• Launched the world's first quantum communication satellite in 2016, and built a global quantum
communication network in 2030
Artificial Intelligence (AI)
Software now means AI
26
What is AI?
Intelligence
– The capability to learn, solve problems, decision making.
– The capability to interact with the world (speech, vision, motion, manipulation)
Artificial Intelligence(AI)
– The study of ideas that enable computers to be intelligent.
– The part of computer science concerned with design of computer systems that exhibit human intelligence
– Concise Oxford Dictionary27
Artificial Intelligence (AI)= Artificial + Intelligence
Can Machines Think?
28
Alan Turing “Can machine think?” in 1950
Turing Test
John McCarthy, often known as the father of AI, coined the term “Artificial Intelligence”
Science fiction let us have the
concept of AI robots.
AI Re-ignition and Abundant Harvest
29
Reigning World chess champion Garry
Kasparov was defeated by IBM's
Deep Blue in 1997
Dragon Systems
NaturallySpeaking
first speech
recognition software
in 1997
1980’s AI Reignited
Deep
Learning
Expert
System
Kismet
could recognize
and display
emotions
In 1997a huge step towards an AI
decision making program.
1990-2000
Many AI landmark goals
hade been achieved
AI is Everywhere
30
2000-now AI is Everywhere
Big Data Cloud/Mobile
Autonomous Vehicles
Industry 4.0
Algorithm Bias Is the Real AI Danger
31Beauty.AI, 2016
Google Photos
2015
racist algorithm
Tay AI chatbot, 2016
“The real safety question, if you want to call it that, is that if we give
these systems biased data, they will be biased,”
--John Giannandrea, Google’s AI chief
AI Hallucination is a Tough Problem
32
Deep Neural Network(DNN)
“Adversarial” Images (Google Brain)
Google's Cloud Vision
AI Algorithm is a Black Box
33
• Lack of accountability
• Hidden biases
• Be influenced by its teachers
• The ability of decision making
• Privacy and Ethics
Amazon Echo became key
witness in murder investigation
Can We Believe AI Robots?
34
IBM's Watson computer takes the Jeopardy!
iPhone Siri(2012年)
Google image recognition(2012年)
Her (2013 Movie)
Transcendence(2014 Movie)
Turning Test Winner Eugene Goostman in 2014
Technological Singularity
Can We Believe AI Robots?
35
I, Robot (1950 Novel/2004 Movie)
2001: A Space
Odyssey /HAL 9000
(1968 Movie)
Battlestar Galactica
/Cylon
(1978 Mpvie)
Terminator in 1984 movie
Star Trek / Data
(Movie 1987)
IBM Deep Blue win the world
chess champion in May 1997
AI (2001 Movie)
Technological Singularity
Taiwan Experience
36
Taiwan Digital Economy Policy
37
Toward a Smart, Sustainable, Human-centric Country
AI Development Policy
38
Cyber Security Is National Security
39
Taiwan Cyber Security Projects (Phase 5)
40
National Security1. Develop national
cybersecurity risk assessment mechanism
2. Establish national network and communication emergency recovery mechanism
3. Build national network defensive and offensive capabilities
Cyber SecurityManagement4. Complete national
cyber security policies, regulation & standards
5. Enhance cyber security defense among gov. and CI & CII sectors
6. More International collaborations
7. Increase cybercrime prevention and solve effectiveness
Industry Development8. Promote related
policies and development of cyber security industries
9. Reduce cyber security risks for industry supply chains
Technology R&D10. Combine and
raise the values of academic and industrial cyber security R & D capabilities
11. Develop a privacy protected digital identification framework
Talent Incubation12. Perfect the
incubation and demand of cyber security professionals
13. Promote cyber security awareness and child online protection
Help
defin
e
Defin
e
G-ISMS
CI Sector SpecificGuidelines
Common BaselineOf CIIP
Transportation
High Tech Parks
Banking& Finance
Comm. &Broadcasting
Medical
ICT SecurityManagement Act andEnforcement Rules
Law
ProvideReferences Provide references
CI Cyber Security Promotion Mechanisms
Supervise
CI Cyber SecurityCIIP Steering Group
Committees
CI Sectors
Power
Water
Join
Execution
GovernmentISMS Framework
••
CIIP Steering Group is formed by NICST and MOSTCI Cyber Security Committees is led by competent authority of that CI sector
Cyber Security Management Act
41
Government
Cyber Insurance ISO/IEC 27102
42
Insured Insurer
Data, Information, and documentation
Clause 8Annex A
Clause 6Clause 5
Clause 7
Management of Cyber risks within ISMS
(ISO/IEC 27001)
Risk assessment
for cyber insurance policiesRisk sharing
Cyber Insurance
Policy
1 2
34
Information technology -- Security techniques -- Information security management guidelines for cyber insurance
ISO/IEC 27102 Clause 7 Assess Control Environment
Sector-specific standards
43
ISO/IEC 27001 General Business
ISO/IEC 27009
Health informaticsISO27799
PIMS:PII ISO27018PIIPISO29151PIMSISO27552(CD)
Cloud ServicesISO27017
Telecom org.ISO27011
Energy utility industryISO27019
Sector-specific
Collection of Evidence
For the Insured
– ISO/IEC 27037:2012
✓ Information Technology--Security techniques --Guidelines for identification, collection, acquisition and preservation of digital evidence
For Forensic Investigation Provider
– ISO/IEC 27041:2015
✓ assuring suitability and adequacy of incident investigative method
– ISO/IEC 27042:2015
✓ analysis and interpretation of digital evidence
– ISO/IEC 27043:2015
✓ Incident investigation principles and processes
44
ISO/IEC 27102 Clause 7 Assess Control Environment
Conclusion
45Source: Gartner
Digital Security
IoT Security
Information Security
IT Security
OT
Security
Physical
Security
Offense
Defense Reactive
Proactive
Security Disciplines Converge While Skills Expand