Protection from attacks by quantum computers: DFKI starts project for long-term encryption of medical data

Since Google announced its alleged “quantum supremacy”, they have become a hot topic once again: The expected efficacy of future quantum computers presents a great risk towards data security. This means that for the protection of long-term sensible information such as medical data, an effective post-quantum cryptography already needs to be developed and prepared for deployment. In a new project titled “PQC4MED”, the German Research Center for Artificial Intelligence (DFKI) and its partners work on procedures in order to protect medical data from attacks by quantum computers via updateable systems.

They are rumoured to be the basis for the next big step in digitalization: The enormous computing power of quantum computers allows them to process calculations that push the boundaries even of supercomputers. The potential capabilities of quantum computing (QC) pose a great danger for data security: According to current insights, most cryptographic methods used nowadays will become unsafe after the introduction of high-performance quantum computers. Therefore, it is already necessary to develop methods for post-quantum cryptography (PQC) that can withstand attacks by quantum computers. Especially for areas and systems with high demands for long-term security and durability, which often cannot be replaced on short notice, these PQC procedures are of utmost importance.

Medical technology is one of these areas: While patient data requires a particularly high level of protection, the medical devices that record and process this data are designed for long-term usage due to their complexity and acquisition costs. For this reason, the Cyber-Physical Systems research group of the DFKI led by Prof. Dr. Rolf Drechsler and several partners have started the project “PCQ-Technologies for the Data Protection in Medical Care in Germany (PQC4MED”. The aim is to develop new long-term update mechanisms, guaranteeing that medical devices can be equipped with the most current cryptographic methods and are thus protected from quantum computers on the long run.

Crypto-agility for long-term data security

The ability of devices to update their encryption is called crypto-agility. This capacity for updates is an important criterion especially for embedded systems, as their exchange is more cost-intensive and, due to their different components, riskier in comparison to individual computer systems. For this reason, the project “PQC4MED” involves creating an update platform for embedded system in medical technology that allows crypto-agility both on a hardware and software level and thus enables the future deployment of QC resistant algorithms.

An important part in this QC resistance is the secure element (SE), a chip that guarantees the protection of processed data in a device and therefore plays a vital role during a possible attack by a quantum computer. For this reason, the project includes the development of a secure element that can be updated with new encryption methods. This work is based upon cryptographic standards that are currently being determined regarding their resistance against quantum computing. But also medical devices that are already in use are meant to be made crypto-agile via new updating methods. This would make the exchange of secure elements avoidable.

Strong consortium from science and business

The “PQC4MED” project consortium brings together expert knowledge of IT security from both the scientific and the business side: Apart from the German Research Center for Artificial Intelligence, the consortium consists of Wibu-Systems AG, Infineon Technologies AG, Schölly Fiberoptic GmbH, macio GmbH, the Institute for Theoretical Computer Science (ITI) of the KIT as well as the Institute for IT Security of the University of Luebeck. The consortium had applied for the research program of the German federal government for IT security titled “Self-reliant and safe in the digital world 2015 to 2020”.

The project “PQC4MED” is funded by the Federal Ministry for Education and Science (BMBF) with roughly 690 000 Euros. The runtime amounts to 36 months; the completion of the project is set for 31 October 2022. Until then, the determination of standards for PQC methods that can be deployed via the update platform is also expected.

Photo:
Under https://cloud.dfki.de/owncloud/index.php/s/7D7KrC62LqB9tRe you can find a photo ready for download. This photo can be used in connection with reporting on the project naming the source “Venusvi - stock.adobe”.

Contact:
Prof. Dr.-Ing. Tim Erhan Güneysu
Deutsches Forschungszentrum für Künstliche Intelligenz GmbH (DFKI)
Cyber-Physical Systems
Phone: +49 234 24626

Press contact:
Deutsches Forschungszentrum für Künstliche Intelligenz GmbH (DFKI)
Corporate Communications
Phone: +49 421 178 45 4180

Share this post:

Contact:

Prof. Dr.-Ing. Tim Erhan Güneysu

Cyber-Physical Systems, DFKI

German Research Center for Artificial Intelligence
Deutsches Forschungszentrum für Künstliche Intelligenz