New Big Cybersecurity Risks:

Quantum Computing and

Artificial Intelligence

HueiJane TschaiAssociate Professor, National Taiwan University

Deputy Director, Association of Cyber Forensics Development in Taiwan

2018/11/26~27 CyberBayKin: Secure A Digital Myanmar

Outline

Introduction

Quantum Computing

Artificial Intelligence

Taiwan Cyber Security Policy

Conclusion

2

Fusion of Destructive Innovation Flips the World

3

Big Data: Innovation Trigger

Internet of

Everything

Top 10 Strategic Technology Trends for 2019

4

Quantum Computing

5

Quantum Computing Flips Tech Industry

6

Classical Computer Quantum Computer remark

AlgorithmBest algorithm 1024

Steps

Best algorithm 1010

Steps

Speed

150,000 yr. Less than 1 sec.Combining 300-bit numbers

for qualitative factorization

109.2 billion yr. 3 hr.Unlocking the private key

with a 100 qubit computer

In 1994, Peter Shor discovers Shor algorithm

which can theoretically break many of the

cryptosystems in use today.

• MD4、MD5

• HAVAL128

• RIPEMD

• ECDSA、ECDH

• DSA

• SHA-1

• RSA512 ( in 1999)

• RSA768 (in 2009)

• RSA4096(in 2015)

All have been cracked

• ECC-256 can be cracked by

computer with 1024 Qubits

• ECC-256 can be cracked by

computer with 2048 Qubits

• AES-256 can be cracked by

computer with 2128 Qubits

New Idea for Cyber Crime

7

Intercept now, Decrypt later

Dutch General Intelligence and Security Service 2015 "a nefarious attacker

could start intercepting and storing financial transactions, personal e-mails

and other sensitive encrypted traffic and then unscramble it all once a

quantum computer becomes available"

Snowden revealed: US and British intelligence agencies are using the

submarine cable termination station to collect data that account for 99% of

all global network traffic.

Wired Magazine 2012: US NSA is building a new data center in Utah that

can preserve all traffic generated by the Internet, making it a strategic

resource for analysis when they can master quantum computing capabilities.

Next Generation Computing

8

“I think I can safely say that nobody

understands quantum mechanics”

- Feynman

A quantum computer is a machine that could

be built on the atomic level and performs

calculations based on the laws of quantum

mechanics.

Basic Ideas Behind Quantum Computing

9

Quantum Uncertainty

Quantum Entanglement

Quantum Superposition

Albert Einstein: Spooky action at a distance

Quantum Bit(Qubit)

Bit

Unlike Newton's laws of motion, The position and momentum of a particle cannot be determined at the same time.

History of Quantum Computing

10

First Quantum Revolution Second Quantum Revolution

• Establish the basic principles of

quantum mechanics and change the

way people look at things on physical

world.

• Combine information technology theory

and quantum mechanics to create

more innovative products and services.

• 1900: quantum hypothesis first suggested

by Max Planck

• 1924: The term "quantum mechanics" was

first used in Max Born's paper.

• 1925: Werner Heisenberg, etc. develop

the matrix mechanics formulation of

Quantum Mechanics

• 1926: Erwin Schrödinger uses De

Broglie's electron wave postulate to

develop a "wave equation"

• 1927: Werner Heisenberg formulates the

quantum uncertainty principle.

• 1982: Wootters、Zurek、Dieks “No-

Cloning Theorem”

• 1982: Richard Feynman proposes a basic

model for a quantum computer which based

on the law of quantum mechanics instead of

the law of classical physics.

• 1985: David Deutsch developed the first

universal quantum Turning machine,

showing the quantum circuits are universal.

• 1992: David Deutsch and Richard Jozsa

shows that the quantum computer is

exponentially faster.

• 1994: Peter Shor discovers Shor’s algorithm which can theoretically break many of the

cryptosystems in use today.

• 1997: Lov Grover develops a quantum

search algorithm.

1980

The Solvay Conference 1927

11

Max Planck Marie Curie Albert Einstein

Werner

Heisenberg

Erwin

Schrödinger

Paul

Dirac

Current Status of Quantum Computing Industry

12

Quantum mechanics will be a paradigm shift

D-Wave Systems

• Founded in 1999

• World's first quantum computing company

• The only company that delivers quantum computing systems and software

• over 160 U.S. patents, over 100 peer-reviewed papers

World's First Quantum Commercial System

13

Time Type QuBit Status

May

2011

D-Wave

One

128 • “The world's first commercial quantum

computing system"

• This claim is controversial.

May

2013

D-Wave

Two

512 • A collaboration between NASA, Google and

the USRA launched a Quantum Artificial

Intelligence Lab. eg machine learning research

• 100 million times faster than traditional

computers with specific algorithm

January

2017

D-Wave

2000Q

2000 • 50 million US dollars

• Google, NASA, Lockheed Martin, USC, USRA,

Los Alamos National Laboratory, Oak Ridge

National Laboratory, Volkswagen, and many

other worldwide companies

• To solve some of the most complex problems

such as medicine discovery, cyber security,

space exploration ,national defense, financial

analysis, etc.

First Real-Time Quantum Application Environment

14

D-Wave Leap was launched on OCT 2018

15

Quantum Supremacy

More than 50 QuBitsThe potential ability of quantum computer to solve problems that

classical computers practically cannot.

72 QuBits• March 2018, Google unveiled

Bristlecone

56 QuBits• Oct 2017, IBM announced IBM Q

When you get a quantum computer,

What will you do?

16

17

Dig up the

remaining

Bitcoin!

• a new BitCoin 2.0 ecosystem

• Make BitCoin free from being cracked by quantum computers.

Quantum Cryptography

Quantum Key Distribution(QKD)

– Bennett and Brassard proposed in 1984 and demonstrated

experimentally in 1989.

– Based on the Principle of uncertainty, No-Cloning Theorem

18

• E91 protocol

• B92 protocol

• BBM92

• DPS (Differential

Phase Shift)

• COW

• Continuous

Variable

QKD Network Status

QKD Network launch BB84 BBM92 E91 DPS COW

US DARPA

QKD Network2001 Yes No No No No

EU SECOCQ

QKD Network2003 Yes Yes No No Yes

Japan Tokyo

QKD Network2009 Yes Yes No Yes No

China

QKD Network2009 Yes No No No No

Swiss Geneva

QKD Network2010 Yes No No No Yes

19

• QuintessenceLabs(Austria)

• SeQureNet(France)

• MagiQ Technologies(US)

• ID Quantique(Swiss)

Quantum Cryptography

Post Quantum Cryptography (PQC)

– Quantum-proof, Quantum-safe, Quantum-resistant

– Such public-key algorithms are thought to be secure

against an attack by a quantum computer

– Arms Race

20

(NTRU) (Rainbow Signature)

(Merkle trees )(McEliece)

Quantum Teleportation

QKD Network

“Pure" quantum communication

– The concept of quantum teleportation is proposed in 1993

– Principle of quantum entanglement

21

Quantum Internet

Quantum Teleportation Over Optical Fiber

22

Quantum Internet

LaunchQuantum

Communication Distance

1993Gisin Group, University of

Geneva, Switzerland1 KM Up to 23 KM in 1995

2003 MagiQ System 120 KM

The world's first

commercial quantum

crypto system

2004 UK Cambridge network 122 KM

2005 USA DARPA QKD Network 10 KM 3 nodes

2007 USA Los Alamos Lab. 100 KM

2008 EU SECOQC 82 KM 6 nodes

2015SwissQuantum QKD

Network307 KM

The first

international QKD

network

2017 China QKD Network 2000 KM 7 nodes

Quantum Teleportation Over Optical Fiber

23

China plan to establish first quantum communication network in 2030.

World's First Quantum Satellite Mozi

Aug 2016: China successfully launched a quantum satellite Mozi(Micius)

– To provide unbreakable secured comm. channels

Jun 2017: China sent ‘unhackable’ message to Austria over 1200 km.

Sep 2017: The world’s first a 75 min video conference

24

A figure from the letter shows how the Micius satellite transfers quantum keys across vast distances.

Quantum Computing is

National Strategic Technology

25

Country Status

US • In 2000, development of quantum computers was listed as one of the national S&T strategic goals.

• In 2009, White House National Science Council proposed the "Federal Quantum Information

Science Outlook White Paper"

• In 2016, White House S&T Policy Office issued "American Advanced Quantum Information Science:

National Challenges and Opportunities"

• Government agencies, universities, and private enterprises have established quantum R&D units

EU • More than 20 countries generated quantum related large-scale research projects

• Quantum Europe Conference from 2015

• Quantum Declaration released in 2016

• Launched Quantum Technologies Flagship under “Horizon 2020” in 2018

UK • UK government established the Quantum Technology Strategy Advisory Committee (QT SAB) to

develop national quantum technology strategy

• Invested 270 million pounds in 2013 to establish the UK's national quantum technology program

(UKNQTP) to translate academic work on quantum mechanics into new products and services.

• In 2015, the UK introduced the National Quantum Technology Strategy and invested 15 million

pounds in human resources

Singapore • Government funded S$150 million to National University of Singapore in 2007 to establish the

world's largest quantum computing lab, Centre for Quantum Technologies (CQT) which is the first

quantum research institute in Southeast Asia.

China • Include quantum computing as a priority funding area for the National Natural Science Foundation of

China

• Established multiple quantum information and computing research institutions

• In 2016, the State Council issued the Outline of the National Innovation Driven Development

Strategy, proposing the development of quantum technology.

• Launched the world's first quantum communication satellite in 2016, and built a global quantum

communication network in 2030

Artificial Intelligence (AI)

Software now means AI

26

What is AI?

Intelligence

– The capability to learn, solve problems, decision making.

– The capability to interact with the world (speech, vision, motion, manipulation)

Artificial Intelligence(AI)

– The study of ideas that enable computers to be intelligent.

– The part of computer science concerned with design of computer systems that exhibit human intelligence

– Concise Oxford Dictionary27

Artificial Intelligence (AI)= Artificial + Intelligence

Can Machines Think?

28

Alan Turing “Can machine think?” in 1950

Turing Test

John McCarthy, often known as the father of AI, coined the term “Artificial Intelligence”

Science fiction let us have the

concept of AI robots.

AI Re-ignition and Abundant Harvest

29

Reigning World chess champion Garry

Kasparov was defeated by IBM's

Deep Blue in 1997

Dragon Systems

NaturallySpeaking

first speech

recognition software

in 1997

1980’s AI Reignited

Deep

Learning

Expert

System

Kismet

could recognize

and display

emotions

In 1997a huge step towards an AI

decision making program.

1990-2000

Many AI landmark goals

hade been achieved

AI is Everywhere

30

2000-now AI is Everywhere

Big Data Cloud/Mobile

Autonomous Vehicles

Industry 4.0

Algorithm Bias Is the Real AI Danger

31Beauty.AI, 2016

Google Photos

2015

racist algorithm

Tay AI chatbot, 2016

“The real safety question, if you want to call it that, is that if we give

these systems biased data, they will be biased,”

--John Giannandrea, Google’s AI chief

AI Hallucination is a Tough Problem

32

Deep Neural Network(DNN)

“Adversarial” Images (Google Brain)

Google's Cloud Vision

AI Algorithm is a Black Box

33

• Lack of accountability

• Hidden biases

• Be influenced by its teachers

• The ability of decision making

• Privacy and Ethics

Amazon Echo became key

witness in murder investigation

Can We Believe AI Robots?

34

IBM's Watson computer takes the Jeopardy!

iPhone Siri(2012年)

Google image recognition(2012年)

Her (2013 Movie)

Transcendence(2014 Movie)

Turning Test Winner Eugene Goostman in 2014

Technological Singularity

Can We Believe AI Robots?

35

I, Robot (1950 Novel/2004 Movie)

2001: A Space

Odyssey /HAL 9000

(1968 Movie)

Battlestar Galactica

/Cylon

(1978 Mpvie)

Terminator in 1984 movie

Star Trek / Data

(Movie 1987)

IBM Deep Blue win the world

chess champion in May 1997

AI (2001 Movie)

Technological Singularity

Taiwan Experience

36

Taiwan Digital Economy Policy

37

Toward a Smart, Sustainable, Human-centric Country

AI Development Policy

38

Cyber Security Is National Security

39

Taiwan Cyber Security Projects (Phase 5)

40

National Security1. Develop national

cybersecurity risk assessment mechanism

2. Establish national network and communication emergency recovery mechanism

3. Build national network defensive and offensive capabilities

Cyber SecurityManagement4. Complete national

cyber security policies, regulation & standards

5. Enhance cyber security defense among gov. and CI & CII sectors

6. More International collaborations

7. Increase cybercrime prevention and solve effectiveness

Industry Development8. Promote related

policies and development of cyber security industries

9. Reduce cyber security risks for industry supply chains

Technology R&D10. Combine and

raise the values of academic and industrial cyber security R & D capabilities

11. Develop a privacy protected digital identification framework

Talent Incubation12. Perfect the

incubation and demand of cyber security professionals

13. Promote cyber security awareness and child online protection

Help

defin

e

Defin

e

G-ISMS

CI Sector SpecificGuidelines

Common BaselineOf CIIP

Transportation

High Tech Parks

Banking& Finance

Comm. &Broadcasting

Medical

ICT SecurityManagement Act andEnforcement Rules

Law

ProvideReferences Provide references

CI Cyber Security Promotion Mechanisms

Supervise

CI Cyber SecurityCIIP Steering Group

Committees

CI Sectors

Power

Water

Join

Execution

GovernmentISMS Framework

••

CIIP Steering Group is formed by NICST and MOSTCI Cyber Security Committees is led by competent authority of that CI sector

Cyber Security Management Act

41

Government

Cyber Insurance ISO/IEC 27102

42

Insured Insurer

Data, Information, and documentation

Clause 8Annex A

Clause 6Clause 5

Clause 7

Management of Cyber risks within ISMS

(ISO/IEC 27001)

Risk assessment

for cyber insurance policiesRisk sharing

Cyber Insurance

Policy

1 2

34

Information technology -- Security techniques -- Information security management guidelines for cyber insurance

ISO/IEC 27102 Clause 7 Assess Control Environment

Sector-specific standards

43

ISO/IEC 27001 General Business

ISO/IEC 27009

Health informaticsISO27799

PIMS：PII ISO27018PIIPISO29151PIMSISO27552(CD)

Cloud ServicesISO27017

Telecom org.ISO27011

Energy utility industryISO27019

Sector-specific

Collection of Evidence

For the Insured

– ISO/IEC 27037:2012

✓ Information Technology--Security techniques --Guidelines for identification, collection, acquisition and preservation of digital evidence

For Forensic Investigation Provider

– ISO/IEC 27041:2015

✓ assuring suitability and adequacy of incident investigative method

– ISO/IEC 27042:2015

✓ analysis and interpretation of digital evidence

– ISO/IEC 27043:2015

✓ Incident investigation principles and processes

44

ISO/IEC 27102 Clause 7 Assess Control Environment

Conclusion

45Source: Gartner

Digital Security

IoT Security

Information Security

IT Security

OT

Security

Physical

Security

Offense

Defense Reactive

Proactive

Security Disciplines Converge While Skills Expand

Thank You!

Tschai, HueiJane+886 912 810 853

htschai@gmail.com