The Quantum Menace
Over the last few decades, the word ‘quantum’ has become increasingly popular. It is common to find articles, reports, and many people interested in quantum mechanics and the new capabilities and improvements it brings to the scientific community. This topic not only concerns physics, since the development of quantum mechanics impacts on several other fields such as chemistry, economics, artificial intelligence, operations research, and undoubtedly, cryptography.
This post begins a trio of blogs describing the impact of quantum computing on cryptography, and how to use stronger algorithms resistant to the power of quantum computing.
- This post introduces quantum computing and describes the main aspects of this new computing model and its devastating impact on security standards; it summarizes some approaches to securing information using quantum-resistant algorithms.
- Due to the relevance of this matter, we present our experiments on a large-scale deployment of quantum-resistant algorithms.
- Our third post introduces CIRCL, open-source Go library featuring optimized implementations of quantum-resistant algorithms and elliptic curve-based primitives.
All of this is part of Cloudflare’s Crypto Week 2019, now fasten your seatbelt and get ready to make a quantum leap.
What is Quantum Computing?
Back in 1981, Richard Feynman raised the question about what Continue reading
Towards Post-Quantum Cryptography in TLS
We live in a completely connected society. A society connected by a variety of devices: laptops, mobile phones, wearables, self-driving or self-flying things. We have standards for a common language that allows these devices to communicate with each other. This is critical for wide-scale deployment – especially in cryptography where the smallest detail has great importance.
One of the most important standards-setting organizations is the National Institute of Standards and Technology (NIST), which is hugely influential in determining which standardized cryptographic systems see worldwide adoption. At the end of 2016, NIST announced it would hold a multi-year open project with the goal of standardizing new post-quantum (PQ) cryptographic algorithms secure against both quantum and classical computers.
Many of our devices have very different requirements and capabilities, so it may not be possible to select a “one-size-fits-all” algorithm during the process. NIST mathematician, Dustin Moody, indicated that institute will likely select more than one algorithm:
“There are several systems in use that could be broken by a quantum computer - public-key encryption and digital signatures, to take two examples - and we will need different solutions for each of those systems.”
Initially, NIST selected 82 candidates for further consideration from Continue reading
Towards Post-Quantum Cryptography in TLS
We live in a completely connected society. A society connected by a variety of devices: laptops, mobile phones, wearables, self-driving or self-flying things. We have standards for a common language that allows these devices to communicate with each other. This is critical for wide-scale deployment – especially in cryptography where the smallest detail has great importance.
One of the most important standards-setting organizations is the National Institute of Standards and Technology (NIST), which is hugely influential in determining which standardized cryptographic systems see worldwide adoption. At the end of 2016, NIST announced it would hold a multi-year open project with the goal of standardizing new post-quantum (PQ) cryptographic algorithms secure against both quantum and classical computers.
Many of our devices have very different requirements and capabilities, so it may not be possible to select a “one-size-fits-all” algorithm during the process. NIST mathematician, Dustin Moody, indicated that institute will likely select more than one algorithm:
“There are several systems in use that could be broken by a quantum computer - public-key encryption and digital signatures, to take two examples - and we will need different solutions for each of those systems.”
Initially, NIST selected 82 candidates for further consideration from Continue reading
Introducing CIRCL: An Advanced Cryptographic Library
As part of Crypto Week 2019, today we are proud to release the source code of a cryptographic library we’ve been working on: a collection of cryptographic primitives written in Go, called CIRCL. This library includes a set of packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. Our hope is that it’s useful for a broad audience. Get ready to discover how we made CIRCL unique.
Cryptography in Go
We use Go a lot at Cloudflare. It offers a good balance between ease of use and performance; the learning curve is very light, and after a short time, any programmer can get good at writing fast, lightweight backend services. And thanks to the possibility of implementing performance critical parts in Go assembly, we can try to ‘squeeze the machine’ and get every bit of performance.
Cloudflare’s cryptography team designs and maintains security-critical projects. It's not a secret that security is hard. That's why, we are introducing the Cloudflare Interoperable Reusable Cryptographic Library - CIRCL. There are multiple goals behind CIRCL. First, we want to concentrate our efforts to implement cryptographic primitives in a single place. This makes it easier Continue reading
Introducing CIRCL: An Advanced Cryptographic Library
As part of Crypto Week 2019, today we are proud to release the source code of a cryptographic library we’ve been working on: a collection of cryptographic primitives written in Go, called CIRCL. This library includes a set of packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. Our hope is that it’s useful for a broad audience. Get ready to discover how we made CIRCL unique.
Cryptography in Go
We use Go a lot at Cloudflare. It offers a good balance between ease of use and performance; the learning curve is very light, and after a short time, any programmer can get good at writing fast, lightweight backend services. And thanks to the possibility of implementing performance critical parts in Go assembly, we can try to ‘squeeze the machine’ and get every bit of performance.
Cloudflare’s cryptography team designs and maintains security-critical projects. It's not a secret that security is hard. That's why, we are introducing the Cloudflare Interoperable Reusable Cryptographic Library - CIRCL. There are multiple goals behind CIRCL. First, we want to concentrate our efforts to implement cryptographic primitives in a single place. This makes it easier Continue reading
Major Updates to Cisco Certifications Part III (CCNP)
What is changing for CCNP? And why?
Some of the problems that existed in the current CCNP were:
- No way of showing progress until you took all 3 exams and became CCNP certified, usually a 1+ year commitment
- Needed to pass CCNA before being able to become CCNP certified
- The certification wasn’t modular and it was a lot of work to update the certification
- Difficult to stay current with new technologies
Effective 24 February 2020, it will be possible to jump in at CCNP level, meaning that you don’t need to be CCNA certified to become a CCNP.
Instead of taking 3 exams, only 2 exams are needed, one Core exam and one concentration exam. You can take them in any order and you can also keep taking concentration exams to show you have skills in newer technologies such as SD-WAN. These concentration exams will show as badges.
Because the certification is now more modular, it will be easier to keep the certification up to date and to update it as technologies evolve and new ones come to the fore.
Another change is that the RS and Wireless track are now merged into CCNP Enterprise where the Core exam is Continue reading
Impact of Controller Failures in Software-Defined Networks
Christoph Jaggi sent me this observation during one of our SD-WAN discussions:
The centralized controller is another shortcoming of SD-WAN that hasn’t been really addressed yet. In a global WAN it can and does happen that a region might be cut off due to a cut cable or an attack. Without connection to the central SD-WAN controller the part that is cut off cannot even communicate within itself as there is no control plane…
A controller (or management/provisioning) system is obviously the central point of failure in any network, but we have to go beyond that and ask a simple question: “What happens when the controller cluster fails and/or when nodes lose connectivity to the controller?”
Read more ...Network-as-a-Service Part 2 – Designing a Network API
In the previous post, we’ve examined the foundation of the Network-as-a-Service platform. A couple of services were used to build the configuration from data models and templates and push it to network devices using Nornir and Napalm. In this post, we’ll focus on the user-facing part of the platform. I’ll show how to expose a part of the device data model via a custom API built on top of Kubernetes and how to tie it together with the rest of the platform components.
Interacting with a Kubernetes API
There are two main ways to interact with a Kubernetes API: one using a client library, which is how NaaS services communicate with K8s internally, the other way is with a command line tool called kubectl, which is intended to be used by humans. In either case, each API request is expected to contain at least the following fields:
- apiVersion - all API resources are grouped and versioned to allow multiple versions of the same kind to co-exist at the same time.
- kind - defines the type of object to be created.
- metadata - collection of request attributes like name, namespaces, labels etc.
- spec - the actual payload Continue reading
HPE Aruba: Think Bigger Than SD-WAN – It’s SD-Branch
SD-WAN capabilities can address networking and security between the branch and clouds or the data...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored)
On today's Tech Bytes we talk with sponsor Anuta Networks about its ATOM network automation software. Guest Kiran Sirupa explains ATOM’s capabilities including low-code automation, network device configurations, compliance checks, telemetry collection, and more.
The post Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored)
On today's Tech Bytes we talk with sponsor Anuta Networks about its ATOM network automation software. Guest Kiran Sirupa explains ATOM’s capabilities including low-code automation, network device configurations, compliance checks, telemetry collection, and more.Podcast: EVPN Building Blocks
In this episode, you’ll hear from Keith Townsend, Co-founder, The CTO Advisor; Rahul Aggarwal,...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Applications for 2019 Chapterthon Now Open
We’re happy to announce that the call for applications for the 2019 Chapterthon is now open.
Our world is more digitally connected than ever before, yet barriers still remain for the half of the world’s population who are unconnected.
For 2019, Chapterthon projects will help with Connecting the Unconnected. The Internet for everyone, including every last person on the planet, and we won’t rest until each person has the option of choosing to be connected.
Want to take part in this challenge?
We are looking for creative, innovative, and impactful short-term projects from our Chapters and Special Interest Groups (SIGs) that are for the community, with the community, by the community.
Find out how to apply at: https://www.internetsociety.org/grants/chapterthon/2019/
Only one project will be selected per Chapter to participate in this contest. The selected projects then participate in the global Chapterthon contest. The three winning projects will receive an award!
To guide you through this process, we’ve organised an info session on 27 June 2019 at 11:00 UTC.You can register in advance at:
https://isoc.zoom.us/meeting/register/5b0fba421a1ce3737510d14dfea9e911
All other information about the Chapterthon is available here:https://www.internetsociety.org/grants/chapterthon/2019/
Take part and help us connect the world one community Continue reading