Quantum computers: a data security risk?

In order to pro­tect IT, indus­tri­al and pro­duc­tion sys­tems French energy com­pany, EDF, is con­duct­ing advanced research stud­ies in cyber­se­cur­ity to explore the full range of innov­a­tions in this area.

“We are pre­par­ing ourselves for the events that will inev­it­ably occur!”, begins Youssef Laa­rou­chi, R&D cyber­se­cur­ity pro­ject man­ager at EDF and part­ner of the Seido Lab with Télé­com Par­is (IP Par­is). To pre­pare for new threats against indus­tri­al power sys­tems, Youssef Laa­rou­chi and his team study the con­tri­bu­tion of arti­fi­cial intel­li­gence in detec­tion of pos­sible attacks.

The issue that they are most inter­ested in is how people who design vir­uses and oth­er mal­ware man­age to con­ceal them and make them increas­ingly dif­fi­cult to detect. Not only does mal­ware spread by remain­ing hid­den, they also now pos­sess an advanced form of intel­li­gence which allows them to evade the detec­tion of clas­sic pre­ven­tion sys­tems such as intru­sion detec­tion sys­tems, intru­sion pre­ven­tion sys­tems, or firewalls.

To ana­lyse the beha­viour of these mal­wares, the team uses a range of advanced tech­no­lo­gies and works in col­lab­or­a­tion with the aca­dem­ic research world. “To improve the detec­tion rate, we use AI algorithms and couple weak attack sig­nals to volumes of net­work traffic data, for example”, explains Youssef Laarouchi.

Data coup­ling was not stud­ied much until now. “But today, we have mature AI and machine learn­ing algorithms, and most import­antly adequate com­pu­ta­tion­al power, because these ana­lyses demand sub­stan­tial com­put­ing time. This makes it pos­sible to con­duct inter­est­ing ana­lyses with neur­al net­works, super­vised machine learn­ing, etc.”

In addi­tion to improv­ing the detec­tion of mal­ware, the team broadens its research field to study new attacks tar­get­ing the lower lay­ers of phys­ic­al sys­tems. “These mal­wares dir­ectly attack the core of the pro­cessor by insert­ing a com­mand to gain priv­ileges. This type of attack is gen­er­ally invis­ible to the system’s high­er levels”, spe­cifies Youssef Laarouchi.

Ensur­ing con­fid­en­ti­al­ity of per­son­al data is yet anoth­er research sub­ject. Data must be secure when they are trans­ferred from one place to anoth­er or when they are stored on a serv­er. It is pos­sible to encrypt data, but they must be read­able when required. “So, the ques­tion is: how can we use data without see­ing and access­ing them? This new field of cryp­to­graphy is a key issue for an indus­tri­al com­pany such as EDF. It makes it pos­sible, for example, to offer ser­vices to cli­ents that guar­an­tee the pro­tec­tion of these data, which must remain private.”

The team also leads stud­ies on quantum cryp­to­graphy. Future quantum accel­er­at­ors will soon be able to “break” the encryp­tion keys cur­rently in use. “We are pre­par­ing for this issue by devel­op­ing and test­ing new encryp­tion algorithms, and by study­ing cer­tain quantum prop­er­ties which we could use in post-quantum cryptography.”

This is a char­ac­ter­ist­ic of research in industry: it con­sists of applied research on real data, some­where between fun­da­ment­al research and mar­ket solu­tions. The aim is to provide busi­nesses with the tools they need and help to imple­ment them​.To stay up to date with fun­da­ment­al research, EDF par­ti­cip­ates in the Chaire Cyber CNI (cyber­se­cur­ity of crit­ic­al infra­struc­tures) of the Insti­tut Mines-Télé­com, in part­ner­ship with Télé­com Par­is, Télé­com Sud­Par­is, the Pôle d’ex­cel­lence cyber de la région Bretagne, as well as man­u­fac­tur­ers includ­ing Nokia Bell Labs or Air­bus. “We have com­mon goals, we might as well try to achieve them by work­ing togeth­er!”, con­cludes Youssef Laarouchi.