Jump to content

Possible Cybersecurity applications of Quantum Computing


Amaroq_Starwind

Recommended Posts

I recently made an account on D'Wave's LEAP community forum, and I have gotten a chance to learn more about how quantum computing actually, well, computes. I was actually expecting to be disappointed, but instead I actually got even more hopeful of its capabilities, and it's given me some new ideas.

I'd like to share a few of them, but I really would also like some other people to join in my brainstorming. I don't like being the only guy who has ideas.

Anyways, here's my handful:

1. Troubleshooting and correcting vulnerabilities, crashes and other bugs

2. Recovering data, particularly structured data which has been heavily corrupted or encrypted, or unstructured data which is at least partly intact (assuming there's something to compare it to, like a hash of the original file)

3. Predicting multiple possible signatures from a single Malware sample, so that signature-based detection isn't completely useless and so that "block at first sight" policies can still be helpful.

4. Optimizing slow code, prioritizing critical workloads when resources are constrained, and tracking suspicious activity to its source.

5. Identifying false positives by predicting the consequences of letting a sample go.

Link to post
Share on other sites

Regarding 3 and at least part of 4, these are things that the Malwarebytes team actually already does very well (most of the Malwarebytes engine/signatures are based on heuristics and more advanced pattern analysis and threat morphological prediction meaning each def=potentially lots of detections for many threats across a single variant/family of threats and many more 'fuzzy'/generic signatures extend to covering multiple families of different threats and sometimes entire threat classifications depending on the code and predictability of the patterns being targeted) and as for 4, that's at least partially accounted for in the behavior based components like Exploit Protection and Ransomware Protection which look at the source(s) of malicious/suspicious activity to trace and terminate/quarantine the source of an attack to stop the attack event in its tracks as early as possible (especially Exploit Protection which is pre-payload and tends to stop attacks much earlier in the kill chain than other more conventional detection/protection methods, perhaps with the exception of Web Protection which has the ability to block malware/attacks at their source, assuming the server/site hosting the threat/attack is known to the Researchers).

While Malwarebytes doesn't contain a HIPS (and therefore doesn't really have much in the way of predicting consequences for letting a sample go), it does have the advanced anomaly detection engine/heuristics that looks at threat behavior and more advanced/fuzzy sample analysis to generically detect threats with a % of probability of certainty with identification, though anything matching its signatures beyond a specific threshold is detected/quarantined automatically when enabled (I'm not sure if they have it configured to only detect/quarantine threats with a higher than n% of certainty or not or if it's just anything with a higher rate of probability than 0%, but I suspect the former since most of the reported FPs coming from this component tend to show an 80% or higher positive identification indicator in the logs being submitted, at least based on what I've observed here on the forums).  Going as far as trying to predict the potential risk/fallout of allowing a possible attack goes way beyond what any protection mechanism does in my experience and can become quite complex and computationally expensive very quickly in my opinion and would be better served to simply provide a protected rollback mechanism comparable to System Restore etc. rather than trying to generate real-time risk models while the system is actively in use as I could easily see some serious performance issues coming from trying to perform such calculations all the time when the user is trying to use their system, especially if they're doing anything more complex than simple web browsing like content creation, gaming, or any kind of heavy multi-tasking.  It's also just way simpler to have a rollback mechanism that creates regular backups or just keeps a rolling iterative backup in real-time similar to the Flight Recorder and Ransomware Rollback components in Malwarebytes Endpoint Protection & Response (more info here).

Link to post
Share on other sites

In regards to number five being too computationally intensive, this is cloud-based quantum computing that we're talking about. It's kind of a given that a lot of this would be far beyond the capabilities of what the average user would have access to at their desktop. So really, that's a problem that wouldn't even affect the end-user.

Quantum computing excels at optimization problems, especially ones with more variables and constraints to consider. This is exactly that kind of problem.

Link to post
Share on other sites

10 hours ago, Amaroq_Starwind said:

In regards to number five being too computationally intensive, this is cloud-based quantum computing that we're talking about.

OK, but then there's the issue of privacy.  We get enough heat already from just collecting basic telemetry like anonymous detection stats and application usage; if they started collecting full details of all system activities/threads/processes etc. in real-time via cloud servers controlled by Malwarebytes, I'm pretty sure any users concerned about privacy would lose it, and they'd be right to.  This level of monitoring, especially when the details are regularly/constantly transferred offsite is just asking for trouble in my opinion.  It's something I could see being just fine in a work environment, at least if the servers are owned/controlled by the company's own sysadmins, not Malwarebytes.  Businesses wouldn't take too kindly to Malwarebytes collecting that much info either, I'm sure, especially since it could put corporate data, customer info and trade secrets at risk as Malwarebytes would essentially be acting as a full-on Trojan, collecting all activity/data from every endpoint and transmitting it all out over the net.

Edited by exile360
Link to post
Share on other sites

It would be an optional thing, probably, enabled by SysAdmins and uploaded only for their own workgroup. There's also ways to build encryption that can't be easily defeated by quantum computing, and since this would be managed by D'Wave (who have extremely strict policies about privacy and ethics)... It's complicated, but I suppose nobody has to go down that rabbit hole if they don't want to. At the very least, cloud-based quantum computing could still be used to enhance the already existing machine learning aspects of Malwarebytes.

Link to post
Share on other sites

According to D'Wave... it will actually be a very long time before quantum computing will actually be able to pose much of a threat to cybersecurity. As it stands, it doesn't even pose much of a threat to encryption in its current form due to just how limited quantum computing still is. There are folks working on making encryption methods which are less susceptible to quantum computing, though. For instance, Lockheed Martin (one of D'Wave's first customers) is more than likely working on that as we speak, though the details are probably classified. They are a defense contractor after all.

Really, a lot of articles saying that quantum computers will threaten cybersecurity everywhere... are written by people who don't fully understand how it actually works and how long of a way it still has to go. Their fears are well-founded, and their logic is undeniable, but they're also being a little bit pessimistic. I'm a pessimist myself, and yet I'm not afraid. Should I be, though? Maybe, but only time will tell. Yes, it's a problem, but people are working on it.

I should just have faith that quantum key cryptography takes off sooner rather than later. However, there are also types of mathematical problems which quantum computers are currently ill-suited for, and will probably never be able to solve better than a classical computer can. Anything that's not a factoring problem or optimization problem, for instance. Quantum key cryptography is not the only hope, and there's still plenty chance for other forms of encryption to be developed which are also resistant to quantum computing.

In the meantime, we should probably focus on how to turn the tide while we still have the chance.

Link to post
Share on other sites

  • 2 weeks later...

So, I just learned of something going on that may be of interest to anyone who currently follows Quantum Computing. Anyone else getting a renewed sense of optimism?

https://csrc.nist.gov/Projects/Post-Quantum-Cryptography

The short version is, for those who don't wish to follow the URL; there are currently on-going projects to develop new forms of Public-Key Encryption which are still compatible with classical computers and existing infrastructure, but which are also exceptionally resistant to attack by both classical and quantum computers. The Post-Quantum Cryptography (PQC) group in particular is having a competition-style research and development campaign, and they are currently on the second round of candidates. You can sign up for their mailing list on Google Groups, and even join the on-going effort if you so wish.

What this means is that Quantum Computing is actually going to soon lead to the development of encryption algorithms and protocols the likes of which the world has never seen, and it might only continue to get better from there. For once, we might actually be ahead of the bad guys.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.