As industrial control systems continue to advance toward digital transformation, building automation systems, commonly known as BAS, have become the core nerve part of modern buildings. However, the continuous development of quantum computing poses a potential threat to the currently commonly used public key cryptography system. This means that the encryption methods we rely on to secure BAS communications and controls may become vulnerable in the future. Understanding and planning for the application of post-quantum cryptography in BAS in advance is a necessary step to ensure the long-term security of critical infrastructure.
Why quantum computing threatens BAS security
Currently, the security of asymmetric encryption algorithms such as RSA and ECC that are widely used in BAS systems is based on mathematical problems such as large number decomposition or elliptic curve discrete logarithm. Problems like these are extremely difficult for classical computers to crack. However, quantum computers may use methods such as Shor's algorithm to solve them within polynomial time.
This shows that once a practical large-scale quantum computer appears, it will be possible for an attacker to decrypt the encrypted communication data intercepted in the early years, or forge digital signatures, and then directly take over control of the BAS. For building infrastructure with a life cycle of decades, its security design must take into account the evolution of threats in the next 10 to 20 years.
What are the main technical routes of post-quantum cryptography?
It is a collective name for cryptographic algorithms that are resistant to quantum computing attacks and are based on different mathematical problems. Currently, there are many mainstream technical routes, including lattice-based passwords, encoding-based passwords, multi-variable-based passwords, hash-based signature schemes, and so on.
Routes with different characteristics have their own advantages and disadvantages. For example, cryptography based on lattice has a relatively good balance between security and performance, so it is regarded as a candidate with broad prospects; however, the scheme for signature based on hash has a simple structure, but the length of the signature is relatively large. For embedded and resource-constrained environments like BAS, the computational efficiency of the algorithm, as well as the size of the key and signature, are core factors that must be considered.
What challenges does the BAS system face when migrating PQC?
Building automation systems are a typical collection of legacy systems, which include many controllers, sensors and actuators from different vendors and periods. The computing power of many devices is limited, and their memory and storage resources are relatively tight, making it difficult to directly run more complex post-quantum cryptographic algorithms.
There are many types of BAS network protocols, which have high requirements for real-time communication. Integrating a new cryptographic library may require in-depth modifications to the firmware and communication protocol stack. Testing and deployment costs are extremely high. System upgrades often need to be carried out in stages and regions. During this period, it is also necessary to ensure that the old and new systems have interoperability and security consistency.
How to choose a suitable post-quantum cryptographic algorithm for BAS
When choosing an algorithm, you must not just look at the theoretical security strength. You must combine it with the actual application scenarios of BAS. First, it is necessary to evaluate the hardware resources of various devices in the system to determine the maximum computing overhead and communication load that they can withstand. For end nodes under extreme resource constraints, it may be necessary to adopt a hybrid model, that is, a combination of classical cryptography and post-quantum cryptography.
It is necessary to pay attention to the standardization development of algorithms. The National Institute of Standards and Technology, also known as NIST, is advancing the standardization work of post-quantum cryptography algorithms. It must pay close attention to and prioritize the selection of algorithms that enter the final standard. This can reduce future compatibility risks and technical debt, and when selecting, it must be biased towards those algorithms with mature, lightweight open source implementations.
What are the specific steps to implement post-quantum cryptography migration?
Migration is not something that can be completed at once, but is a systematic project. The first step is to conduct a full asset inventory and risk assessment, identify all communication lines using asymmetric encryption and stored data, and determine their sensitivity level. Then draw up a detailed migration plan and clarify priorities, usually starting with protecting new, high-value subsystems.
Building a test environment is the third step, which involves performance benchmark testing and compatibility verification of candidate algorithms. Conducting small-scale pilot deployment is the fourth step, and during this process, system stability and performance indicators must be closely monitored. And developing a comprehensive rolling upgrade plan comes at the end. We provide global procurement services for weak current intelligent products, and can provide hardware product selection and supply chain support that meet new safety requirements for such upgrade projects.
How to manage long-term risks during PQC migration
Post-quantum cryptography migration is a process that takes many years to take shape. During this period, the system is very likely to be in a "double threat" situation: on the one hand, it must face attacks from traditional channels, and on the other hand, it must deal with future quantum attacks. Therefore, it is more prudent to choose a hybrid cryptography scheme as a transitional measure, that is, to use both traditional algorithms and PQC algorithms. Even if one of them is cracked, the other one can still play a protective role.
It is necessary to build a cryptographic architecture, which means that the system is designed so that encryption algorithms, key lengths and other parameters can be easily replaced and upgraded without having to rebuild the entire system. Regularly reviewing password policies, tracking the latest cryptanalysis progress and standard updates, and planning the path for the next algorithm upgrade are the keys to ensuring the long-term security of BAS.
In your building automation system upgrade plan, which type of core assets or communication links do you think should be evaluated and protected first? You are welcome to share your insights in the comment area. If this article is helpful to you, please like it and share it with your colleagues.
Leave a Reply