BlackBerry securing in-vehicle software for post-quantum cyberattacks

In recent months, The White House and the National Institute of Standards and Technology (NIST) as well as NATO have all taken steps to prepare for a ‘Y2Q’ scenario in which quantum computers become weaponized by threat actors and many widely used security methods become useless against next-generation attacks.

While quantum cyberattacks may still be years away, the US and Europe are not taking any chances and already advocating for organizations to prepare for post-quantum cyber attacks. With cybercriminals now looking to steal data for future decryption, organizations have been advised to take precautionary measures to identify sensitive encrypted data which could be decrypted in the future.

As such, BlackBerry Limited has announced that it will provide support for quantum-resistant secure boot signatures for NXP Semiconductors’ crypto-agile S32G vehicle networking processors in a demonstration to illustrate how to mitigate the risk of potential quantum computing attacks on in-vehicle software.

While NXP is based in the US primarily, the semiconductor company also has plants around the world, with the Asia Pacific region playing a significant role in its production. The new integration will allow the software to be digitally signed using NIST’s CRYSTALS Dilithium digital signature scheme that will be quantum-resistant.

The collaboration is set to guard against an increasingly risky future when quantum computers will be able to easily break traditional code signing schemes. The Code Signing and Key Management Server from Certicom by BlackBerry leverages the NXP S32G chip’s secure boot flow to achieve fast and agile quantum protection.

Using quantum-resistant signature schemes such as Dilithium for low-level device firmware, over-the-air software updates, and software bills of material mitigates the risk of potential quantum computing attacks on critical software updates, addressing a major security concern for a number of industries.

According to Joppe Bos, Senior Principal Cryptographer at NXP Semiconductors, as quantum computers continue to advance in development, it’s increasingly important to work to secure today’s systems against these future threats.  

“Collaborating with BlackBerry strengthens our solution to address the critical need to harden code signing and software update infrastructure against future cryptosystem vulnerabilities,” added Bos.

“In the lead up to Y2K, US business spent upwards of US$100 billion to avoid calamity and the issue was simply a matter of adding two digits to the date field. Y2Q, when quantum attacks become possible, is on another level, posing a significant threat to industries selling or operating long-lived assets with updatable software,” said Jim Alfred, VP, BlackBerry Technology Solutions.

Alfred added that NXP shares BlackBerry’s vision of mitigating the risk of quantum computing concerns and, thanks to their support for hash-based signatures. Together both companies can provide cybersecurity teams with the tools they need now to prevent their existing security measures from becoming obsolete.

---

---

---

---