Latest news with #NIST
Mint
3 days ago
- Business
- Mint
Mint Explainer: As banks brace for quantum attacks, is India moving too slowly?
Banks and financial institutions worldwide are gearing up for the day when quantum computers become stable enough to potentially break traditional encryption, which could cause massive data breaches, falsified transactions, identity theft, and large-scale market manipulation. To guard against this, major players such as JPMorgan, Mastercard, Barclays, Citigroup and Wells Fargo are adopting quantum-resistant or post-quantum cryptography (PQC) encryption that's designed to resist such attacks. JPMorgan, for instance, has launched a quantum-secured, crypto-agile network (Q-CAN) in Singapore using quantum key distribution (QKD), in which encryption keys are encoded in light particles. Since merely observing a quantum particle changes it irreversibly, any hacking attempt disrupts the signal, exposing the tampering. The bank is also aligning its systems with the latest National Institute of Standards and Technology (NIST) standards. In March it collaborated with Honeywell-owned Quantinuum and national labs to generate certified quantum-based random numbers to strengthen cryptographic systems. Also read: India quantum startups win record grants; move closer to real-world applications Last November, Banque de France and the Monetary Authority of Singapore tested quantum-resistant algorithms to encrypt and sign emails across conventional internet systems. They now plan to expand PQC trials to cross-border payment networks. Meanwhile, Mastercard has tested NIST candidate algorithms and explored QKD integration in its global network, despite challenges with compatible hardware. If vendor support continues, Mastercard expects QKD could be ready for deployment within five years. Why the tearing hurry? One may ask: shouldn't financial institutions wait until quantum computers are stable and market-ready, especially since some experts see this happening within 10 years, while others say it will take until 2035-2040? In the computers we use in homes and offices today, two bits can represent one of four possible states—00, 01, 10, or 11—but only one at a time. In contrast, two quantum bits (qubits) in a quantum computer can represent all four states simultaneously, thanks to superposition and entanglement properties, effectively functioning like four classical computers in one. For now, though, while a quantum computer's power grows exponentially when you add more qubits, this also induces more errors. Still, the reason for developing quantum-resistant cryptography quickly is the fear that hackers can steal and store data now, and wait until Q-Day (when quantum computers surpass classical computers) to decrypt it using a quantum machine. This form of attack is known as 'harvest now, decrypt later'. Traditional encryption at risk Banks, stock exchanges, insurance firms and fintech platforms depend on public-key cryptography to secure transactions, protect user identities, and maintain the integrity of their operations. They typically use a combination of encryption methods to ensure security, combining the strengths of both symmetric and asymmetric cryptography. Symmetric encryption uses a single key to encrypt and decrypt data. It's fast and efficient, and thus often used for securing large amounts of data. For instance, it's used when your phone encrypts stored files and by HTTPS websites after conducting an initial handshake. However, the challenge is safely sharing the key between sender and receiver. Asymmetric encryption, on the other hand, uses two keys: a public key to encrypt data and a private key to decrypt it. Advanced Encryption Standard (AES) and Data Encryption Standard (DES) are both symmetric encryption algorithms. Storing data such as customer records or transaction logs relies heavily on AES, especially AES-256, due to its strong security and speed. RSA and ECC on the other hand are examples of asymmetric encryption algorithms. RSA stands for Rivest-Shamir-Adleman, named after its three inventors. It's one of the most widely used encryption methods and secures data using a pair of keys, one public and one private. ECC stands for Elliptic Curve Cryptography, which also uses key pairs but relies on mathematical curves for encryption. Quantum computers, using Grover's algorithm, can find the encryption key used with AES much faster than a classical computer. With Shor's algorithm – quantum algorithm developed by American mathematician Peter Shor in 1994 – a quantum computer can effectively break asymmetric encryption such as RSA and ECC. Also read: Three govt arms join forces to shield India in the quantum computing era Classical computers can take more than 1,024 years to break such algorithms, but quantum computers could do so in a matter of hours using Shor's algorithm. It is estimated that quantum computers could break RSA-2048 in a few hours or less, once they have around 4,000 qubits. (Currently, IBM's Condor has 1,121 qubits; it is targeting a 100,000-qubit system by 2033). In 2021 the Bipartisan Policy Center, a think tank in Washington, DC, estimated that a quantum attack could cause trillions of dollars in economic losses if financial systems remained unprotected. The World Economic Forum has listed quantum attacks on encryption as one of the top 10 cybersecurity threats. By 2029, Gartner predicts that 'advances in quantum computing will make asymmetric cryptography unsafe and by 2034 fully breakable". How are Indian financial institutions preparing for this? In a December 2024 white paper titled 'Securing the Indian Banking Sector in the Age of Quantum Computing', the Reserve Bank Innovation Hub (RBIH) said Indian banks can stay protected from quantum attacks by leveraging the expertise of technology companies and research institutions, adopting a phased approach, and prioritising critical infrastructure. The 2025 Thales Data Threat Report revealed that 68% of respondents in India believe quantum computers could eventually break current or future encryption algorithms, exposing data once considered secure. About 55% of respondent organisations in India said they were prototyping or evaluating PQC solutions, and 49% said they were assessing their encryption strategies. Only 40% said they were placing their trust in telecom or cloud providers to manage the transition. About 56% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. In addition, 58% highlighted the 'harvest now, decrypt later' threat. Also read: What Microsoft's quantum computing breakthrough means for the world Chief information security officers (CISOs) and chief technology officers (CTOs) in India's banking, financial services, and insurance (BFSI) sector have a moderate understanding of quantum computing, with 'an average PQC readiness score of just 2.4 out of 5", highlighting 'a lack of preparedness", according to a 14 May report by the ISB Institute of Data Science titled 'Quantum Resilient Banking: Strategies for a Secure Transition'. The report found that that 57.5% of respondents believed quantum computing would pose a significant threat within three years. Yet, while common security measures such as firewalls and endpoint protection are widely implemented, advanced techniques such as intrusion detection systems and vulnerability management tools remain underutilised, the report added. India, which launched its National Quantum Mission (NQM) in 2023 with an outlay of ₹6,003 crore, is promoting a cohort of startups with the aim of jumpstarting India's capabilities in quantum technologies. With NQM, India plans to develop quantum computers with 50-100 qubits in about five years, and 1,000 qubits and beyond in eight years. While QNu Labs in Bengaluru is focused on developing quantum-safe networks to enable secure communications, QPiAI India, also based in Bengaluru, has already built a 25-qubit superconducting quantum computer. Others such as Chennai-based Quantica Computacao are developing quantum cryptographic tools to help protect banking transactions. Further, the all female-founded Qkrishi Quantum and the Indian Institute of Information Technology-Kottayam (IIIT-K) have partnered to conduct research in quantum finance. Easier said than done The post-quantum cryptography market was valued at $356.4 million in 2023 and is forecast to touch $17.69 billion by 2034, according to ResearchandMarkets. The market encompasses a variety of approaches including lattice-based, hash-based, and multivariate cryptography. Authors of the RBIH note, for instance, specifically recommend lattice-based cryptographic techniques, which offer 'a promising defence against emerging quantum risks... [as they are] designed to be resistant to both classical and quantum attacks." QNu Labs recommends Quantum Random Number Generators (QRNGs) since they 'exploit quantum phenomena to create truly random numbers, a crucial element in strong encryption". Implementing new cryptographic standards could take 10 to 15 years owing to major operational hurdles, though rapid adoption by some tech firms will speed up protections for many users, according to a note by Moody's. While saying the scale of the transition was hard to quantify, it likened the task to the years-long effort to fix the Y2K bug, and moving from fossil fuels to renewables. Also read | Google's Willow: Quantum computing's next big leap? The note also cautioned that performance slowdowns are expected, as quantum-resistant algorithms require larger key sizes and heavier computation. Integrating these standards will demand significant IT expertise and pose technical challenges across legacy systems. A recent note by Infosys unit EdgeVerve Systems cautioned that banks "must address the operational complexities of transitioning to new algorithms, such as managing data retention policies, replacing legacy cryptographic methods, and updating existing infrastructure". It concluded that without a well-defined road map, banks risked falling behind in securing their systems against quantum threats.
Leaders
3 days ago
- Science
- Leaders
KAUST, KACST Set New Benchmark in Data Security with Quantum Innovation
A collaborative team of scientists from King Abdullah University of Science and Technology (KAUST) and King Abdulaziz City for Science and Technology (KACST) has achieved a groundbreaking milestone in data security. The researchers have developed the world's fastest quantum random number generator (QRNG), according to international performance standards. QRNG In a statement from KAUST, the university announced that their QRNG successfully passed the rigorous randomness tests set by the U.S. National Institute of Standards and Technology (NIST). The device generates random numbers at speeds nearly 1,000 times faster than existing QRNGs. 'This marks a major breakthrough for industries that rely on robust data security,' said Professor Boon Ooi of KAUST, lead author of the study published in Optics Express . Random number generators are essential for secure applications in sectors like healthcare, finance, and defense. However, conventional systems often rely on 'pseudo-random' algorithms — complex but ultimately predictable computations. In contrast, QRNGs use quantum mechanics to generate truly random numbers, making them inherently more secure. 'Unlike traditional systems, quantum random number generators don't just appear random — they are fundamentally unpredictable due to their quantum basis,' explained Professor Ooi. The team's record-setting performance was made possible by innovative advances in both device fabrication and post-processing algorithms. Their QRNG utilizes ultra-small micro-LEDs — only a few micrometers in size — which significantly lower power consumption and enhance portability, enabling broader deployment across various technologies. Dr. Abdullah Almogbel, a contributing researcher from KACST's Microelectronics and Semiconductors Institute and Director of the Center of Excellence for Solid-State Lighting, emphasized the project's alignment with Saudi Arabia's Vision 2030. KAUST 'KACST is dedicated to advancing applied research that supports national goals, especially in positioning the Kingdom as a global leader in strategic fields like quantum-enabled technologies,' said Almogbel. 'Research like this has the potential to deliver high value across multiple industries and enhance Saudi Arabia's global competitiveness.' National Institute of Standard and Technology (NIST), an internationally recognized authority in measurement standards, sets the benchmarks used to validate the quality and integrity of random number generators. Related Topics: Higher Education: Saudi Arabia's Emergence as Global Destination Saudi Students Organize Qur'an Competitions in UK Saudi Women in the Workforce: How Does the Kingdom achieve real Empowerment? International Mining Conference to Host Global Geological Survey Leaders in Jan. Short link : Post Views: 8
Business Wire
3 days ago
- Business
- Business Wire
Endace Secures FIPS 140-3 Validation for EndaceProbe Packet Capture and Network Recording Appliances
AUSTIN, Texas & AUCKLAND, New Zealand--(BUSINESS WIRE)--Packet capture authority, Endace, today announced that EndaceProbe has achieved FIPS (Federal Information Processing Standard) 140-3 validation from the U.S. National Institute of Standards and Technology (NIST). The rigorous evaluation process formally validates that EndaceProbe hardware and software conforms to the latest cryptographic security framework, giving customers in government, defense, and regulated industries such as critical infrastructure, finance and healthcare, confidence the data they record using their EndaceProbes is protected by highly secure encryption. FIPS 140-3 validation was conducted on the following Endace products: EndaceProbe 2144-G5, EndaceProbe 2184-G5, EndaceProbe 92C8-G4, and the newly announced EndaceProbe 94C8-G5 100GbE platform. 'We are very proud to have achieved this FIPS 140-3 validation,' said Cary Wright, VP Product at Endace. 'Although FIPS is a US-mandated framework, it is widely acknowledged as a gold standard for cryptographic security technology. The meticulous testing requirements to meet FIPS criteria are laborious, but achieving this certification is a testament to Endace's unrelenting dedication to providing customers with armor-plated products that can be safely deployed into the most secure environments on the planet.' In October 2024, EndaceProbes were certified by the U.S. Defense Information Systems Agency (DISA) for its Department of Defense Information Network Approved Products List (DoDIN APL). Certification for the DoDIN APL involves rigorous testing to meet stringent military-grade cybersecurity criteria, and APL approved products may be deployed with no further certification or testing required, making it simpler for US agencies to comply with mandatory federal packet capture requirements. FIPS 140-3 is the most recent framework requirement from NIST and the Canadian Centre for Cyber Security for hardware and software products that use cryptography algorithms to protect sensitive information. The process is exhaustive and involves rigorous testing and validation for protecting cryptographic keys, performing cryptographic operations, and ensuring the security of data at rest, in-transit, and in-use. For more information about FIPS 140-3, see EndaceProbes provide scalable, accurate, full packet capture and recording, with zero packet loss so security and network teams can quickly access the irrefutable packet evidence they need to investigate and resolve incidents. With centralized data mining, rapid search, centralized management, and workflow integration, EndaceProbes deliver deep visibility into both North-South and East-West network traffic and 100% accurate recording on network links to 100Gbps and beyond, with industry-leading speed, density and storage capacity. About Endace
Yahoo
3 days ago
- Business
- Yahoo
Endace Secures FIPS 140-3 Validation for EndaceProbe Packet Capture and Network Recording Appliances
NIST validation ensures highest cryptographic security standards, enhances data protection, streamlines customer procurement and deployment AUSTIN, Texas & AUCKLAND, New Zealand, May 28, 2025--(BUSINESS WIRE)--Packet capture authority, Endace, today announced that EndaceProbe has achieved FIPS (Federal Information Processing Standard) 140-3 validation from the U.S. National Institute of Standards and Technology (NIST). The rigorous evaluation process formally validates that EndaceProbe hardware and software conforms to the latest cryptographic security framework, giving customers in government, defense, and regulated industries such as critical infrastructure, finance and healthcare, confidence the data they record using their EndaceProbes is protected by highly secure encryption. FIPS 140-3 validation was conducted on the following Endace products: EndaceProbe 2144-G5, EndaceProbe 2184-G5, EndaceProbe 92C8-G4, and the newly announced EndaceProbe 94C8-G5 100GbE platform. "We are very proud to have achieved this FIPS 140-3 validation," said Cary Wright, VP Product at Endace. "Although FIPS is a US-mandated framework, it is widely acknowledged as a gold standard for cryptographic security technology. The meticulous testing requirements to meet FIPS criteria are laborious, but achieving this certification is a testament to Endace's unrelenting dedication to providing customers with armor-plated products that can be safely deployed into the most secure environments on the planet." In October 2024, EndaceProbes were certified by the U.S. Defense Information Systems Agency (DISA) for its Department of Defense Information Network Approved Products List (DoDIN APL). Certification for the DoDIN APL involves rigorous testing to meet stringent military-grade cybersecurity criteria, and APL approved products may be deployed with no further certification or testing required, making it simpler for US agencies to comply with mandatory federal packet capture requirements. FIPS 140-3 is the most recent framework requirement from NIST and the Canadian Centre for Cyber Security for hardware and software products that use cryptography algorithms to protect sensitive information. The process is exhaustive and involves rigorous testing and validation for protecting cryptographic keys, performing cryptographic operations, and ensuring the security of data at rest, in-transit, and in-use. For more information about FIPS 140-3, see EndaceProbes provide scalable, accurate, full packet capture and recording, with zero packet loss so security and network teams can quickly access the irrefutable packet evidence they need to investigate and resolve incidents. With centralized data mining, rapid search, centralized management, and workflow integration, EndaceProbes deliver deep visibility into both North-South and East-West network traffic and 100% accurate recording on network links to 100Gbps and beyond, with industry-leading speed, density and storage capacity. About Endace Endace's scalable, always-on packet capture gives Network Operations and Security teams the deep visibility they need for fast, accurate incident investigation with rich forensic evidence at their fingertips from all their tools. EndaceProbes provide enterprise-class packet sniffing in on-prem, public and private cloud environments, with rapid, centralized search and one-click access to full pcap data from leading security and performance solutions (including Palo Alto Networks, Fortinet, Cisco, Splunk, Elastic, and many others). Analyze network traffic using a single, unified console across all on-premise, private, or public cloud infrastructure for total hybrid cloud visibility. Capture every packet. See every threat. View source version on Contacts Email: pr@ Phone:Mark Evans, mobile +64-21-494 850 – New Zealand / APACKimber Smith-Fidler, mobile +1 775 298 5260 – USA / North AmericaLeah Jones (The CommsCo) +44 203 697 6680 – UK / EMEA Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
23-05-2025
- Climate
- Yahoo
On This Date: The Joplin EF5 Tornado
In a spring of historic tornado outbreaks, a single late May tornado in southwest Missouri was the mic drop on a truly terrible 2011. On May 22, 2011, 14 years ago today, an EF5 tornado tore a six-mile long and up to mile-wide path of devastation through Joplin, Missouri. One hundred fifty-eight people lost their lives directly due to the EF5 tornado, the nation's deadliest tornado since 1947, which was before tornado warnings were routinely issued. Its damage scar was difficult to put into context, even by many experienced meteorologists. (MORE: What Our Meteorologists Haven't Forgotten About Joplin) "The western half to two-thirds of the track featured defoliated and debarked trees, scouring, parking blocks scraped from the ground with the rebar and deposited well away from parking lots, a lot of debris loading as it progressed," John Gagan, science and operations officer at the NWS office near Milwaukee, and a forecaster at the Springfield, Missouri, NWS office at the time of the tornado, told in 2021. According to an NIST report, 553 businesses and 7,411 homes were damaged or destroyed, affecting than more than 17,000 residents. The tornado produced about 4.1 million cubic yards of residential and commercial debris, according to "32 Minutes in May," a book published by the Joplin Globe. The Joplin tornado remains the costliest single tornado in modern U.S. history, with damage estimated at $3.98 billion (adjusted for inflation to 2025). It was one of 48 tornadoes on May 22, including an EF1 in the Minneapolis metro that claimed one life. A mid-April South and Carolinas outbreak was followed less than two weeks later by one of the nation's worst Super Outbreaks. This boosted April 2011's tornado tally to a record for any month in the modern era (758). Just two days after Joplin, a May 24-26 outbreak of 186 tornadoes killed 18 in the Plains and South, including an EF5 tornado through El Reno, Pedmont and Guthrie, Oklahoma. Jonathan Erdman is a senior meteorologist at and has been covering national and international weather since 1996. Extreme and bizarre weather are his favorite topics. Reach out to him on Bluesky, X (formerly Twitter) and Facebook.
