Author: Marco Guadalupi, CTO and co-founder of Sateliot.
The Internet of Things (IoT) is rapidly transforming the way we live and work. Smart devices are becoming increasingly common in our society, infiltrating sensitive areas of our lives, like our homes and our finances. The business world and economic activities have been no exception, and industries like water management, agriculture, logistics and other fields have become progressively more connected to the web. Although the adoption of IoT is not yet as widespread as it could be, it is expected to grow significantly in the coming years. As this technology becomes more ubiquitous, it is crucial to address the security challenges that come with it to protect IoT data from potential threats and attacks, says Marco Guadalupi, CTO and co-founder of Sateliot.
On a societal level, we are already educated to protect our personal and organisational data from breaches. In the same vein, embracing good security practices will be essential to protect the sensitive information transmitted by IoT devices. We are aware of the sharp increase in cyberattacks on confidential data, and even though policies are being made to prevent such breaches, the human factor is equally important to stop these attacks. However, when it comes to IoT, there are some policy gaps that have to be addressed at the highest level to work with solutions from top to bottom.
Several well-known organisations, including the Open Web Application Security Project (OWASP), IoTA and the IoT Security Foundation (IoTSF), have been the first line of defense against data breaches and cybercrime. However, they have failed to provide a set of recommendations for IoT data and have not specified the necessary protective steps to implement them. Moreover, the proposed recommendations are limited to the security and privacy of IoT devices on the terrestrial network (TN). Threats against IoT such as Denial of Service (DoS), Man-in-the-Middle (MitM) attacks and cyberattacks like the Mirai botnet have been left unchecked and unregulated.
Given the rapid development of global communication networks for IoT devices, satellite communication has become increasingly significant. This development means that there is an urgent need for IoT device security over non-terrestrial networks (NTN). While several ideas have been discussed to solve the security issues of integrated NTN-terrestrial networks, quantum technology might provide an appealing solution to IoT data security, especially in the protection of those assets that vertebrate our social, economical and political systems.
How Quantum technology can secure IoT data transmission in critical assets
Quantum key distribution (QKD) is an alternative to algorithm-based cryptography that provides unconditional security based on the principles of quantum mechanics. QKD works by encoding information on the quantum state of photons and sending them to a receiver. By allowing random keys to be shared between authorised users, such as an onboard satellite and the user terminal on the ground co-located within QKD terminal, QKD makes it possible to establish private networks without the need for a pre-provision manual process for pre-shared security keys.
Furthermore, QKD has been shown to be secure against attacks based on computational complexity, which makes it an attractive alternative to traditional security and cryptographic methods, based on the complexity of the mathematical problems. In the case of QKD, any attempt to intercept the photons and measure their quantum state would cause a disturbance that would be detected by the receiver, which can alert the presence of an eavesdropper to both parties.
The main challenge in implementing QKD is the requirement of a dedicated optical physical link between the sender and the receiver. This can be achieved by using fiber optic cables or free-space communication, but both methods have limitations that make them unsuitable for certain applications. Otherwise, QKD involves sending photons through the atmosphere, which can be affected by various environmental factors such as weather conditions, turbulence, and atmospheric absorption.
Nevertheless, the implementation of a QKD to protect the data retrieved from IoT devices, especially from those applied to monitor sensitive data such as those dedicated to real estate security, transportation of goods, or health conditions could be highly effective to avoid breaches. This is of particular importance when it comes to critical assets connected to industrial IoT, such as nuclear power stations, military facilities, tax and government institutions, banks and financial corporations, and other fields where a security breach can cause major damage.
QUDICE Project: Quantum technology as a European priority
In order to overcome these limitations and extend the range of QKD, researchers have proposed using satellite-based communication networks. Besides the development of reliable quantum devices, there are more challenges to overcome, such as scalability issues and the need for standardised protocols. On the flip side, academia, industry and governments have already joined their efforts collaborating in the project QUDICE, launched in January 2023, to address these challenges and ensure the practical implementation of secure quantum communication for critical assets from the industrial IoT environment.
The QUDICE Consortium, standing for Quantum Devices and Subsystems for Communications in Space, is a collaborative effort from eleven partners from six European countries, including the University of Padova, the Sorbonne University, and the University of Malta; the ICFO and Fraunhofer research institutes; and technology companies like Stellar Project, ThinkQuantum, QUSIDE, Thales Alenia Space, Argotec, and Sateliot.
The project aims to advance the field of space-based quantum communications by developing the technologies and systems components and subsystems that are necessary to implement QKD in satellites. Some of the goals set by the project are the development of a Quantum Random Number Generator, a satellite Pointing, an Acquisition and Tracking system, an Entangled Photon Source, a 5G system for QKD post-processing support and 5G QKD-secured connectivity service, and also, the simulations required to assess the performance of the developed quantum satellite communications components.
Having seen the scale of the project, it is no wonder that quantum communication infrastructure has become a priority for Europe to maintain its competitiveness in the global race for quantum technologies. This especially given that the United States and China are heavily investing in its development, lured by the potential for significant economic, military and strategic benefits. So far, the objectives of QUDICE are to develop the first prototypes by the end of 2023, and to conduct testing in 2025. Not to say that as we evolve towards the next generation of networks, such as 5G and 6G, satellite-based QKD systems will provide better security levels.
In conclusion, the security of IoT data is of utmost importance. It is essential to establish symmetry and coordination in the processing and security of this information to protect it from unauthorised access. The lack of widely acknowledged security and privacy rules and suitable countermeasures makes it difficult for IoT stakeholders to create safer systems, endangering the viability of these applications. By utilising QKD, we can establish private networks with inviolable security and ensure that IoT data in critical assets is adequately protected.