Case Study : NATO
As a political and military alliance based around cooperation between 28 nations for mutual security, communication presents a particular challenge for NATO.
To meet the demands of a military environment, a communication solution needs to be robust, intuitive, and reliable. This is complicated by the nature of the organisation as it comprises staff from multiple nations, each of which has developed communications systems separately. Any solution must therefore be flexible, and interoperable.
Above all, communication tools must be secure and capable of resisting a determined adversary. They must prevent interception, and detect any interference. Given the sensitive nature of the information transmitted, and the fact that some information sent in the present would remain of value should it be accessed years later, the system must be secure against both current and future threats.
Post-Quantum provided a full-featured quantum-secure communication app to NATO for trial. Compatible with iOS and Android smartphones and designed in the style of popular consumer messaging apps, the system offered instant familiarity and ease of use. It also incorporated the core features users would expect from such an app: messaging, voice calling, image sharing, and video and audio messaging.
Interoperability challenges were addressed by delivering the solution as a cross-platform secured app. This ensured that existing hardware was supported so that members did not need to acquire new or specific devices. In addition, an on-the-fly group creation feature allowed for simple set-up and easy communication between teams from different members.
To ensure security in the present and the future, the app integrated two of Post-Quantum’s core technologies: sender authentication and quantum-resistant encryption.
The sender authentication system provides user-friendly Man-in-the-Middle detection, allowing the recipient to check the integrity of the channel without technical knowledge or special training. The sender records a video of him/herself reading a number. The number is generated by hashing the sender’s unique public key and other metadata, while the system performs facial and voice recognition checks in the background. This video is sent to the recipient, while the recipient’s app recreates the number from the data received. If the number read out by the sender in the video does not match the number displayed on the recipient’s app, there has been interference.
All data sent between devices was protected with quantum-resistant encryption. The lifespan of the information communicated – i.e. the length of time over which it would remain of value to an external party – and the technological capabilities of NATO’s potential adversaries increase the risk of encrypted data being stolen in the present for access several years in the future, using a code-breaking quantum computer. For such high-value data, with a lifespan considerably beyond five years, the precaution is necessary and one that Post-Quantum is in a rare position to provide.
The trial successfully demonstrated that instant messaging and communication can be made quantum-safe, and that this capability can be deployed in the present to guard against future threats. Furthermore, the trial enabled NATO to demonstrate its capabilities and intent in this space.
Following the success of this trial, NATO invited Post-Quantum to provide several modules - authentication with non-repudiation and quorum multi-party approval code libraries - to the competing teams in their Enterprise Architecture IoT hackathon.