DigiCert, Inc., global provider of TLS/SSL, IoT and PKI solutions; Utimaco, one of the world’s top three Hardware Security Module providers; and Microsoft Research, a provider of quantum-safe cryptography, announced a successful test implementation of the “Picnic” algorithm, with digital certificates used to encrypt, authenticate and provide integrity for connected devices commonly referred to as the Internet of Things (IoT). This proof of concept provides a path toward a full solution, currently in development, that will protect IoT devices from future threats that quantum computing could pose to today’s widely used cryptographic algorithms.

IoT devices with RSA and ECC cryptography Currently, most IoT devices use RSA and ECC to protect confidentiality, integrity and authenticity for device identities and communication

Currently, most IoT devices use RSA and ECC to protect confidentiality, integrity and authenticity for device identities and communication. Experts from the security community, including Dr. Brian LaMacchia from Microsoft Research, predict that large-scale quantum computers capable of breaking RSA and ECC public key cryptography will exist within the next 10 to 15 years. Although this might seem like a long time away, many devices such as connected cars, smart homes, connected cities, connected medical devices and other critical infrastructures will either live longer than this or will take longer to update.

DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow’s problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash,” said Avesta Hojjati, Head of DigiCert Labs, the company’s R&D unit. “Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection.

DigiCert uses Utimaco Hardware Security Module

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments. The cooperation between DigiCert, Microsoft Research and Utimaco will help organisations implement secure and future-proof IoT products"

The cooperation between DigiCert, Microsoft Research and Utimaco will help organisations implement secure and future-proof IoT products that are protected against the potential security threats of quantum computing,” said DigiCert CTO. Dan Timpson.

Enterprises will be able to cost-effectively deploy these solutions at any scale. Further, these companies will provide solutions and tools to manufacturers of IoT devices to remain prepared for quantum threats. The goal is to keep the sensitive information and high-value assets safe.

Implementation of quantum-safe solutions

DigiCert, Utimaco and Microsoft’s successful test implementation provides a fundamental building block for the implementation of quantum-safe solutions,” said Dr. Thorsten Grötker, CTO at Utimaco. “Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats.

Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research, said, “The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography. Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

In case you missed it

What is the biggest change in the security industry since 2010?
What is the biggest change in the security industry since 2010?

Ten years is a long time, but it seems to pass in an instant in the world of security. In terms of technology, 2010 is ages ago. Changes in the market have been transformative during that decade, and we called on our Expert Panel Roundtable to highlight some of those changes. We asked this week’s panelists: What was the biggest change in the security industry in the 2010-2019 decade?  

SIA composing code of conduct for U.K. private security, seeking comments
SIA composing code of conduct for U.K. private security, seeking comments

The Private Security Industry Act of 2001 gives the Security Industry Authority (SIA) the function of setting standards of conduct in the United Kingdom’s private security industry. Time is winding down to provide input during the SIA’s six-week consultation on a new draft code of conduct for SIA licence holders and applicants for SIA licences. The authority is inviting the industry, licence holders, and anyone with an interest in private security to have their say on the draft code of conduct by taking part in a survey. The consultation will end on 23 February.   “The ethos of the code of conduct is that it will improve standards and public safety by setting out the standards of conduct and behaviour we expect people to uphold if they are entrusted with protecting the public, premises and property,” says Ian Todd, Chief Executive, Security Industry Authority (SIA). Security's Code of Conduct A code of conduct sets out what standards of behaviour professionals have to meet in order to work in the profession In security as in many professions, a code of conduct sets out what standards of behaviour professionals have to meet in order to work in the profession. SIA is suggesting Six Commitments of behaviour that will apply to all licensed security operatives and to applicants. If the code of conduct is sanctioned by the U.K. Home Office, it would become mandatory and incorporated into SIA’s licensing criteria Get Licensed. A commitment to certain standards of behaviour is fundamental to what it means to be fit and proper, and to being part of a profession. The six commitments are: Act with honesty and integrity Be trustworthy Protect the people and property you are entrusted to protect Be professional at work Act with fairness and impartiality at work Be accountable for your decisions and actions “We will review the comments from the consultation once it concludes on 23 February, analyse the results and publish a report on our findings,” says Todd. “The SIA will then use the comments it has received to write a final version of the code of conduct. The introduction of a code of conduct will be subject to final approval by Home Office Ministers.” SIA’s current Standards of Behaviour provide guidance on professional behaviour but are not mandatory. The draft code of conduct builds on the Standards of Behaviour. Upholding SIA's Standards The SIA’s Partnership and Interventions team is the unit that enforces the Private Security Industry Act “The majority of licence holders uphold the standards of behaviour that the SIA, their employers and the public expect of them,” says Todd. “Their professionalism and dedication keep the public safe and tackle crime. However, there are incidents in which some licence holders do not behave in this way. This minority lower the standard of service the public receives, harm public safety, and bring themselves and the rest of the private security industry into disrepute.” The SIA’s Partnership and Interventions team is the unit that enforces the Private Security Industry Act. It is likely that they will be required to enforce the code of conduct should it become mandatory. The draft code of conduct is currently out for consultation and the proposal has been shared widely to licence holders, private security businesses, and enforcement partners encouraging them all to take part. “Once the consultation has concluded, we will analyse the findings from the feedback, produce a report and publish it on our website and share this widely via social media,” says Todd.

Satisfaction criteria differ for DIY vs. pro-install companies, says J.D. Power
Satisfaction criteria differ for DIY vs. pro-install companies, says J.D. Power

J.D. Power is a well-known name when it comes to measuring customer satisfaction, and they have been measuring satisfaction in the home security industry since 2016. Changes affecting the marketplace – both in terms of disruptors and technology – make this a unique time. For example, in 2019, J.D. Power expanded the Home Security Satisfaction Study to not only measure the traditional pro-install/pro-monitor companies, but to separately evaluate self-install/pro-monitor brands.  “At J.D. Power our rankings are meant to support an industry in two key ways,” says Christina Cooley, J.D. Power's Director, @Home Intelligence. “First, we provide consumers who are shopping for products and services with a ‘report card’ of who provides customers with high levels of customer satisfaction. Second, we provide companies with actionable insights to help them prioritise their initiatives to improve and maintain high levels of customers satisfaction that drive loyalty and growth.” Differentiating between companies The traditional Pro-Install/Pro-Monitor companies are challenged to differentiate from one another In home security, J.D. Power is in a unique position to report on the changes taking place in the evolving industry. The 2019 rankings show that the traditional Pro-Install/Pro-Monitor companies are challenged to differentiate from one another, as each have their individual strengths and opportunities, but overall the score range is relatively tight. On the do-it-yourself (DIY) side, there is more differentiation. A set of brands has been able to challenge the traditional industry by achieving extremely high customer satisfaction levels. Price is always an important factor that impacts customer satisfaction, whether for security or another market J.D. Power serves. The equation is simple, says Cooley: does the price paid equal the value the customer feels they have received from the product or service? “For Home Security, we didn’t specifically look at price until this year,” says Cooley. “With the changes that have occurred in the market, price can be a differentiator as we’ve seen with the emergence of DIY-installed systems. However, lower pricing does not have a direct relationship to quality of service.” The price factor For example, there are some higher-priced pro-installed brands that perform lower on customer satisfaction than lower-priced competitors. And DIY-installed systems as a whole are less expensive, and price is the customer satisfaction driver in which the DIY segment most outperforms the pro segment. Price is the customer satisfaction driver in which the DIY segment most outperforms the pro segment The equation is: performance minus Expectations equals Customer Satisfaction. “Obviously, price point will be a factor in the purchase decision and the expectations the customer has about the product and service,” says Cooley. “Any pro or DIY system has the opportunity to differentiate the customer experience regardless of price point.” There are clear differences in the pro vs. DIY experience, which is why J.D. Power evaluates the brands in separate rankings. However, Cooley says the drivers of satisfaction are consistent across both groups. The key to each group goes back to the equation above.  Evaluating the purchase process For the both pro and DIY companies, J.D. Power evaluates the purchase process the same. Though the customer may take a different path to purchase based on the offering they seek, the drivers are still the same: Usefulness of information provided Reasonableness of contract terms Professionalism of sales representative Ease of purchasing home security system. For installation, there are clear differences. DIY systems are evaluated based on: Ease of completing installation Quality of installation instructions provided Timeliness of receiving home security system. Pro systems are evaluated based on: Professionalism of technician Timeliness of completing installation Quality of work performed. Interestingly, purchase and installation are the customer satisfaction driver where both pro and DIY providers (as a whole) are most closely aligned on performance. Customer loyalty The price a customer is paying must align with the quality of the system they receive What drives a customer to purchase a home security system initially will often be very different than what will keep them as a loyal customer, Cooley notes. The price a customer is paying must align with the quality of the system they receive, and the service provided through the professional monitoring and customer service. “With the expansion of home security offerings, it’s more important than ever for home security companies to understand the motivations, intentions, and usage patterns across different customer segments to ensure that regardless of the decision to go pro or DIY-install, they are able to meet their customers’ needs and differentiate in the very competitive market. The J.D. Power Home Security Study provides these actionable insights.” The study is focused on the companies/brands that comprise the top two-thirds of market share in each segment, pro and DIY installed. A number of the brands included may work with local dealers or retailers for sales and install, but the customer is essentially evaluating those services as part of the system purchased. It is one and the same from the customer’s perspective, and the sales/install process can either delight or frustrate a customer from the beginning, which can then set the foundation for the entire experience moving forward. Reasons for shopping for a security system tend to differ between pro and DIY shoppers: Both sets are most focused on wanting a newer, more up-to-date system Between the two, pro customers are more often moving into a new home or wanting to take advantage of a discount or bundling opportunity with other products For DIY customers, they are shopping for a system to give them more peace of mind and to protect their property. Reasons for selecting the provider also vary: A pro company is often selected based on brand reputation or a special offer/promo A DIY company is primarily chosen based on price or a positive review. In terms of brand image, we see that customers see both pro and DIY providers similarly in terms of reliability. However, when it comes to being customer-driven, DIY providers receive higher image ratings compared to pro-installed companies.