🎂 Introducing post-quantum Cloudflare Tunnel
Join Cloudflare Product Manager Abe Carryl, Research Engineer Bas Westerbaan, and Product Manager Wesley Evans to learn more about all the exciting work behind post-quantum Cloudflare Tunnel.
Read the blog post:
Visit the Birthday Week Hub for every announcement and CFTV episode — check back all week for more!
Hi, everybody, and welcome back to Cloudflare TV. Thank you so much for joining us today.
My name is Wesley and I'm one of the product managers for the research team here at Cloudflare.
And I could not be more excited to have Bas Westerban and Abe here today to talk about the future of the Internet.
And I know we talk about the future of the Internet all the time at Cloudflare, but when I say the future of the Internet, I really mean the future of the global network today and how we're working to secure it.
Birthday Week has been going on now along with G League for the last 14 days.
We've released a ton of stuff and this is the final big announcement push our final gift back to the Internet.
And today we're announcing all of our support for post quantum cryptography and really helping to secure the future of the Internet for the next 20 to 30 years.
Before we dive into it, though, Bas, Abe, I'd love for you to introduce yourselves to our viewers.
Bas, let's start with you. Thank you, Wesley.
My name is Bas Westerban. I'm a research engineer at our research team, and I'm working on making Cloudflare and the Internet at large both quantum secure.
My name is Abe Carryl and I work on our Cloudflare zero trust team and specifically on a product called Cloudflare Tunnel and super happy to be here with the with the research team today and talk a little bit about how we partnered up on Quantum Tunnels.
Thanks, guys. So two big words there, right?
Post quantum and tunnels.
I mean, so for our viewers, you don't know anything.
I think we're going to start by breaking those things down first.
So, Abe, why don't you start by explaining a little bit about what Cloudflare Zero Trust is and more specifically about what Cloud four autonomous.
Sure. So Cloudflare Zero Trust is really a security offering that we have for securing your teams, your workforce.
So a lot of users have come from this kind of traditional castle-and-moat model where you build mode around your castle, where you have your data and you build really high walls and hope that you're that would be attackers don't have taller ladders and you have this drawbridge kind of concept where you lower the drawbridge, somebody checks your identity at the door and then if you have the right identity, then you're kind of treated as trusted.
Once you're within the castle walls, that has a lot of different flaws from a security perspective where you can accidentally open up lateral access and movement within your network, people are able to go from the pub to the end to the castle walls and navigate around freely, and we really want to move and transition to this model of zero, which is really, more than anything else, a mindset shift and going from a kind of trust but verify approach to a never distrust, always verify approach.
And that's really what Cloudflare Zero Trust has to offer.
Tunnel specifically, what role it plays within this is that in order to establish that kind of connectivity in general, you need to build a private network and Tunnel is what can actually your private network or your infrastructure to Cloudflare does so in a really easy kind of three click process.
You deploy a lightweight daemon in your environment and I can kind of get into some of the details a little bit later.
But that's kind of the highlight of what Zero Trust is.
And in a nutshell, what Tunnel does to kind of connect your network to Cloudflare.
So I mean, in some ways to zero, trust is a capability to use the entire Internet as your corporate network, right?
Not just your own private MLPs circuits or your own private back lines, but you're using the whole Internet really as your corporate ecosystem, right?
And there's all kinds of benefits to doing that. I mean, the first is that a lot of the applications that you're using today already live natively on the Internet.
So to backhaul traffic to a small micro network that you're managing may not be the most intuitive approach.
You may have kind of performance setbacks there.
So getting to leverage the Internet where a lot of your applications look today is a really great way to get both security gains for your enterprise.
Let's talk a little bit about what post quantum means here in this case, because obviously using the whole Internet as the corporate network seems like a no brainer, right?
I mean, the amount of connectivity you have working the remote workforce that's become so popular now over the last 2 to 3 years.
What are the challenges when it comes to security with that?
When we think about the 2020s and the 2030s, I mean, obviously what Cloudflare research does is prognosticate a little bit about the future and worry about the coming threat model, right?
So what is post quantum crypto and why do we need to be talking about it today if we don't even have a quantum computer yet?
Yeah, so let's, let's unpack post quantum.
So it's, it's about quantum computers.
So quantum computers, they exist already.
They're just very small, but quantum computers, they work a bit differently.
They can compute some things much faster than other things.
And there's one particular thing that they can do very well, and that's factoring numbers.
And that's really problematic for cryptography because that's based on the fact that factoring numbers should be hard.
So once there is a big enough quantum computer, it will be able to decrypt basically everything, all traffic online.
As I said, there isn't one yet.
Well, not a big enough one yet already.
But we're looking at how they are getting bigger and bigger.
And there's a lot of investment from a lot of different countries, rather, as I would say, an arms race, even between between Europe, US, all different countries, they try to be the first to have this big quantum computer because it's not just the cryptography that gets broken.
That's actually a negative part of it, but it also has a lot of positive potential where you can emulate, can simulate materials.
So instead of having to try new alloys of metal, you can actually simulate with a quantum computer efficiently and that will be will be great.
But then there's the drawback of breaking off cryptography, whereas now.
So that's the problem.
And the question is when will it be there?
It's hard to say.
Somewhere between 15 and 50 years. But you'd say, Well, we have some time then still.
But the problem is that all communication with now, all day data we send out of the Internet, all our everything we search about our health, everything we look up all our private messages.
They can be in encrypted form.
They can be stored today by someone with with intentions and it can be.
A storage is cheap, right.
It's not like we're talking about small amounts of data here.
We're talking about potentially nation state actors that can vacuum up vast quantities of the Internet.
And if we're talking about moving our corporate data across the Internet, that's a real concern.
And also the vast majority of data. I mean, our videos, they will just they will if they need that, they can just store interesting parts.
But I suppose the bigger players, they can store everything they want.
But that's a big problem because there's really an expiration date on everything that's sent over the Internet today.
Everything sent today, practically over the Internet can be decrypted and when quantum computers arise.
But luckily there is a solution.
We have there has been a worldwide efforts to design cryptography secure against attacks of quantum computers.
And this culminated this year where Nist's known for standardizing as an existing cryptography.
They picked the cryptography, the post quantum cryptography, that's the cryptography secure against quantum computers.
That will be the gold standard for the years to come.
So that's awesome.
I want you to explain a couple of things to our viewers, too, before we get too down there.
What is it exactly? I know some people might know it, but I want you to tell everybody who they are because they're a really cool organization.
And when you say global, what do you mean by global?
Yes, This is the is the United States National Institute of Standards and Technology.
So they make all kinds of standards from what's a standard cup of tea, but also cryptography.
It's really important that you have standards. So things are interoperable, but they also make the standards for cryptography.
And they had they had a start of the competition six years ago to find the to standardize the quantum cryptography We're going to use it's competition So people from all around the world have participated in it.
There were like 70 submissions and over three rounds of over the years, it got whittled down to the to just ten finalists.
And finally a few algorithms were picked and which will be standardized in a year.
So this will. Put the bow on its next tier.
So let's dive in a little bit here because Abe is going to tell us all about how easy it is to connect Cloudflare Tunnel to your origin, how it connects to the network edge.
And I want to get into that too, because the simplicity of the whole product suite is so amazing.
But the magic sauce of it, right, is really all the quantum that we've added together with this ultra simplicity.
So let's talk about the complexity here first so that we can everyone can understand just the level of technical interoperability we've brought here in the simplicity that we've brought to this eventually.
So let's dive in a little bit here to Kyber and to the whole suite of different cipher suites that we've brought to bear to make tunnels post quantum secure.
And also when we say post quantum secure and post quantum resistant, also explain a little bit that what that means to.
Postpartum secure. So.
Maybe. So the great thing about having post mortem is that it makes the tunnel secure, whatever it is on the inside.
The tunnel itself is secure.
Well, that is the goal, actually.
If you use plot, if someone a visitor visits your web app or your application, your network via Cloudflare tunnel, that's just one part of the connection.
So there are actually four parts.
So a visitor connects to our network.
It goes through our network, then it goes via Cloudflare Tunnel.
To your network and then it connects to to the server on your network.
So what we're announcing today is the part from our network to your network.
It's the connection to us, your connection to us.
That's what's in the post quantum secure now.
So that's what we're talking about now.
But also today we announced that the connection from the browser to our network can now be met post quantum secure.
Just two more connections to make those quantum secure.
But it's a start, right?
Because what's really important is that an attacker.
Is there somebody right there?
Not there, not everywhere at once.
And every connection we make possible to obscure is one less where there's an opportunity for data to be stored, captured and stored.
Makes total sense.
Talk about Cuba a little bit. I think that's some of the most interesting things that we've done here, right, is figuring out a way to we talk about conventional development security.
We think about conventional ways encryption has been done in the past.
You talk about factoring large numbers, right?
You know, obviously we need a algorithm to encrypt our traffic that's going to be resistant to this ultrafast factoring system.
So how did Kyber come about?
What's what's the meat there that makes it so resistant to really, really fast factoring?
It doesn't use factoring at all.
It's based on a different mathematical problem, which is like it's at high school.
You solve numbers, you use to solve equations and it's basically like that.
But the thing is, is that you're not given the right, the exact values, but you're getting what might be a three, it might be a four.
And it turns out that once you have it, make it vague, it's practically impossible to solve it efficiently.
And that's basically the problem on which it's based.
So it's not factoring.
It's a completely different problem actually, in the next segment.
And in about an hour we have John Shenk, who is one of the coauthors of Kyber as a guest.
So I think he will explain a bit more about how kava works in detail. So if you want, you can tune in then.
But Kyber is, is what is called a key agreement.
So once you make a connection, there's there's there's typically three, three kinds of cryptography involved.
We have the normal encryption where you make sure where you have both have the same key and you encrypt it.
So if you have a ciphertext, you can only decrypt it if you know the key.
If you don't know the key, you can't do anything with it.
That's that's fine.
Examples are yes.
And they are already post quantum secure. But the problem is how do we know the same key?
And that's where what's called key agreement comes in, sometimes called key exchange.
And existing examples are Diffie Hellman are elliptic curve, Diffie- Hellman.
And the problem is that those are all broken. So the nice thing about.
So what's the magic about the key agreement?
The nice thing is, is that it's a protocol where you sign something and then the other send something back and then you both agree on the key by the magic of the mathematics.
And there is an example of such a thing, a key agreement where you which is, we think, secure against attacks of quantum computers.
That's so cool.
And Abe, when we think about obviously the magic of what we brought here with Kyber and the key agreement mechanisms and obviously conventional APIs that we believe is already post quantum secure, Cloudflare can do a lot of things right.
But beyond that, it's like a I want to hear a little bit more about its capabilities because we're not just talking about conventional TCP, UDP tunnel can do a lot of different things, but also talk a little bit about how easy it is to configure too.
I mean, that's I think one of the coolest things about this.
Yeah, the so one of the best parts about tunnels that we typically refer to it as a as a really easy way to connect your infrastructure to Cloudflare.
And that can be a single web app that you're developing locally on a Raspberry Pi that can be a Kubernetes cluster, that can be an entire private network segment that you want exposed over.
You want expose an entire RFC 1918 range or a private network range.
What we typically think of as 192.16, eight or ten ranges.
So there's a lot of versatility in what you can do with clarity.
The ease of use, I think.
Is the most you said you said something new that our viewers might not know about.
What is Cloudflare?
Great, great call there.
So Cloud 30, we typically split our tunnel into two different components.
So there's the tunnel itself, which is kind of the abstract concept of what you're actually routing through the tunnel.
And then there's Cloudflare DX that establishes the connectivity itself.
So it's a lightweight daemon, it's open source.
You can go to our page and view it.
I think it's 27,000 lines of code roughly, and it's really, really lightweight.
So that's what allows you to run it on either Raspberry Pi, we run it in our own infrastructure so you can run it really anywhere.
You can connect almost anything.
And one of the things that makes it so powerful is the ease of use.
So you can you can run it through.
We have support for TerraForm and you can build tunnels directly to our API, but we also have a command line tool that we use as well.
So you can build it straight through the command line and five or six commands.
One thing that we released recently, which we're super stoked about is that you can also deploy a tunnel directly from the dashboard.
So all you do is you just type the name of your tunnel, we'll give you an installation script, you copy that into your terminal, and then you just press enter and you'll automatically be connected to Cloudflare.
It takes any complexity that would theoretically exist kind of out of the equation, which is awesome.
So you kind of pause there.
That's the ease of use. And then I'm happy to kind of dive into to wherever you want to go next.
So I mean, I think it'd be helpful to have an understanding for our viewers, too, about how this fits into the overall connectivity model.
It's like there's a zero trust architecture. We're talking about how tunnels can connect from origins, right to Cloudflare.
But then how do we secure the whole thing, right?
Talk about how the tunnels connect to a private network and how do they fit into this.
Zero Trust architecture warps a part of this equation. I think tunnels are obviously part of it.
What else is here?
Yeah, one of our senior leaders at Cloudflare.
I really liked how he kind of put it in talking about how building a private network at Cloudflare is really a three part recipe.
So you have tunnel on one end.
We talked a little bit about that.
You deploy Cloudflare DX that connectivity daemon in your network and then that establishes for outbound connections to Cloudflare.
The reason why I wanted to hit on that real quick is just because we want to do that for high availability.
If you want to be connecting your network, you want to make sure you have multiple points of redundancy.
So we'll connect it to different data centers in our blog.
I think we give the example of connecting through Amsterdam and Frankfurt, for example.
So one of those data centers is undergoing maintenance or there's any reason that it can't be reached.
You still have a whole other data center if one metal or one server is going through three others.
If a connection gets unhealthy or overwhelmed, you still have others to fail over to you.
So that's kind of one of the cool aspects there as well. So that's what establishes the connectivity to your network.
On the other side of the equation, you need your users to get their traffic to the Cloudflare networks.
And again, the Internet is now your private network. We use our Warp agent, which has millions of downloads across the globe, and we basically have turned that in the same bones into our VPN client.
So what you're able to do with that is you're able to deploy the client that sends all of your traffic gas to our edge.
It'll send it to the closest data center to you, and then we'll take this path from that data center to the tunnel.
And then the zero trust aspect is really what happens in the middle.
So we apply filters to that traffic.
We determine who can we reach, what stops certain traffic from going through.
So again, that kind of recap, that three part recipe is the warp agent getting your getting your traffic to Cloudflare filters, which are your Zero Trust policies being applied in the middle and then tunnel which actually then traffic gets sent to your origin.
We terminate TLS, we copy the payload send.
So it's an outbound only connection.
Again, that's another important aspect of Zero Trust is making sure that not just anything comes in and kind of deny default, deny policies along the way.
That makes total sense.
I mean, what we're doing is talking about how do we use the magic of Cloudflare at this massive global network scale to enable all sorts of connections to our edge?
But then from either the origin, from your company, from your end users, but then really using that secret source of the way I like to think of security at Cloudflare service to part recipe to beyond just how we do the connectivity layer.
There's everything we do with our transit protocols and our encryption, and there's everything that we do in terms of our filtering and all of our other access control methodologies.
And I think that's what's really interesting here is that we're adding and really making part of that recipe so much stronger today by adding in post quantum security for tunnels and that everything that's coming across the sort of origin boundary to Cloudflare is going to be so much more secure now than it was yesterday.
And let's talk about the scale of this, too, because Boston, we've turned this on, right?
It's functional. It's ready to go.
You don't have to do anything. There's no magic switch.
You have to flip.
There's no config file you've got to download. There's no update to Cloudflare D, right?
There's no update to well, you have to update to 22.
You need to update your version of Cloudflare. Right.
But there's no like giant refactoring. You're going to have to do it in ripping out five appliance boxes out of your data center and putting in five.
Well, there's one.
There is a flag you have when you run Cloudflare, you do have to give the dash, dash, post quantum flag.
We really want to make turn this on by default.
We really want to, but we want to be a bit cautious now because we are sending new packets, right when we when we create the tunnel, then there is the handshake and those packets, they are a little bit different because they have the new def cover in there, the post quantum cryptography, and because it's our own.
We use quick, but we use it on our own ports and that's why we think there won't be issues.
But we want to be very sure, right? It could be that there are some metal box, some ISP that does something where an internet is a big workplace.
So we so we want to make sure before we turn it on by default that we don't hit any issues.
So we would love everyone to start testing this by getting the quantum flag either or changing it in a conflict file.
And it will automatically, if there's an error, it will automatically report it to us and we will try to figure out the workaround.
We think there won't be we won't be errors, but we just want to make sure and in a coming software update, we will turn we will turn it on by default.
But for now.
You have to put the first quantum flag and we would love you to try it and.
Well, I think this goes back to something Abe was saying earlier, too, because Cloudflare is in the open source, right?
So not only are we working on it, but anyone else that wants to contribute to the project is more than happy to put up a push and we can take a look at it.
But this is still an absolutely a testing process because I think you said something key earlier, which is that this is one part of four different connections that have to be secured.
And we've we've announced the two biggest ones that have to get secured origins and anything coming from the user side traffic.
We're in the active process of figuring out the other two.
I don't want you to touch super deeply on what those could be, but I do want you to talk a little bit about.
How we got to this point in time in terms of the rigorous evaluation, because I think that's going to be a question a lot of people have.
Which is we did this six year long competition with. We started with 70 candidates.
We got it down to ten.
And now we've gotten an even smarter, smaller pool.
And even inside of that pool, we've had some recent research come out talking about some of the vulnerabilities here.
Why do we like Kaiba and why do why does Nest think it's the one to go with here, particularly the one that we're telling all of our customers and putting in cloud four they should trust?
Why should they trust it?
Well, Kyber is the only one that respects that suitable, but it's important to mention that we're not just using Kyber, we're combining Kyber with the tried and tested exclusive s19.
So that means that if kyber in the off chance and this is an off chance in the off chance that kyber turns out to be broken or vulnerable, we still rely on the known quantum security of X to 519.
So we're not we're only adding security on top where we were not we're not taking a risk, we're just adding security on top of it.
That's really important to mention.
So that's one thing.
So, yes, that's one thing.
And the other thing is that.
I lost my train of thought. No, you're fine.
You were talking about why? So I'll also redirect a little bit, because I think I want to keep on this sort of like we're adding security we're not taking away, because I think that's a really key concept here.
We have existing cryptography that we know is highly functional and exceptionally academically and security industry vetted and kyber, which is also undergoing the same level of rigor and has undergone the same level of rigor.
We're adding them together. The layperson would think, oh, there's going to be a performance set here.
You're adding another mechanism of security on top.
My performance is going to get is going to hit a degradation point with this, Right?
That's a that's a good question.
So this is about the handshake.
So once the handshake is done, they are symmetric keys.
We both have the key and there's no difference at all.
So once tunnel is established, there's no difference in performance or reliability.
So it's just about the handshake.
And the great thing about Kyber is that it's very fast.
It's so incredibly fast.
It's much faster than 519 in computationally, which is already known for its speed.
So we're not worried at all about CPU performance. It's a bit bigger though.
It takes a kilobytes.
I mean, we're sending a kilobyte in the Handshake instead of three two bytes.
But that's I mean, that's almost nothing.
So we don't expect big performance issues, but we are keeping track of it.
But we expected that it's barely noticeable.
It makes total sense.
I mean, Abe, from your standpoint, right?
You're thinking about the future of how we get origins on the cloud for what is having a more secure tunnel mean for your product line?
Yeah, it means that we can put it more places.
So I think that that's really what makes it super attractive is we really want Tunnel to be the connective tissue of the of the internet.
And I think that a big part of that is knowing that it can be trusted in any environment.
So making sure that we're staying on the bleeding edge and that we're paying attention to the great research that your team does and that we're incorporating it where possible.
And like Barr said, in a safe and kind of friendly way to where we can learn along the way, I think that it's a win win.
So this was a super engaging project.
And I think that as soon as our team kind of kind of saw that this could be something that we could kind of tie into, it was natural.
It was immediately something that made sense that we wanted to work with you all.
And I think this is a great opportunity to talk about Cloudflare research and what the research team at Cloudflare does, because, Boss, how long have we been working on cloud for now?
I think we started looking at it already in 2016, if I'm correct.
I wasn't there yet, but 2016.
In 2019, we did.
So we started with looking at different post quantum algorithms. It was the field was very unclear about them.
Then in around 2019, we already foresaw potential issues with the size of the of the key agreements.
And we did a big experiment with Google where they turned on post content cryptography for some connections.
And that was really valuable insight.
And we've been continuing with experiments and looking into standards, looking where we'll be the problems, where we'll be the bottlenecks for years already.
And when did Bas and I come to you to say that we want to take this to Tunnel?
Not long maybe.
What do you think?
Three months ago, maybe. Three months ago.
It sounds about right. Right.
And this is what I love to talk about for Cloudflare research. Right?
Is that the research team at Cloudflare looks at a 3 to 5 year time horizon.
Right? We're really prognostic about where the future of the Internet's going to go and working to experiment and de-risk the foundational technologies.
They're going to affect the Internet for the next 20 to 30 years.
And spending time and energy de-risking them, putting them together in smart ways, running experiments with our partners to get them to a point where they're camera ready and then we can come to the PMS at cloud four and say, Hey, we've built a system that's going to fundamentally change the security of the Internet, right?
Oh, and it's only going to take three months to implement your system because we've figured out and de-risked it and you don't have to take any extra tech, get on to figure out how to make the thing work correctly.
Like that's really the secret sauce of what Cloudflare Research is, right?
It enables us to do so much more than we could conventionally do if we had to have every single team at the company be thinking about what are the foundational building blocks of the internet.
Instead, we get to be able to take the genius of all of cloud forest products teams, all of Cloudflare eti, all of our zero trust knowledge and really learn from where our customers pain points are and then look out into the deep, deep waters and say, these are the bets that we want to make.
And we're so excited about post quantum because this is a bet that's paying off and paying off big time.
The security of the Internet is fundamental to how we think about the world nowadays.
The pandemic really changed, I think, a lot of people's personal perspectives, but also a lot of corporate perspectives about the nature of how work is going to be done, the way remote work is going to happen.
The nature of using the Internet itself as the backbone of a corporate network, right?
And if I'm a CSO or if I'm a CTO and I'm going to trust the Internet, I'm going to trust Cloudflare, I want to be dang well sure that we're using the strongest possible security model in the strongest possible threat model to make sure that my corporate data, the thing that makes me money, helps pay my employees, helps run our business, is the most secure possible.
And I couldn't be prouder of the work the research team has done in collaboration with your team Abe, to really help make that security possible and really increase the overall security of the Internet.
So, guys, this has been fun.
We've got one minute left.
Any final thoughts?
Yeah, I would say that this migration, this will be the big topic of the next decade or two for everyone in IT.
because everyone will have to start to prepare for this and not all software.
So hopefully for most people it will be simple software updates, but not all software is updatable or hardware is updatable and they're being able to tunnel things.
That's great. I think this will be a fantastic tool.
And that's also why I was very eager to help out on this one.
And I'll add on to what you mentioned, Wesley, and to say that, you know, my favorite part about working at Cloudflare is the collaboration like this, but also thinking in days and weeks and not months and years.
And I think that this was a perfect example of one of those where obviously it's been much more than a quarter worth of work for you all.
But that's because you got it into a place where it made it to where it could only take a quarter for us.
So I think that that's the power of the way that we've kind of been set up.
And I think it's it's yeah, it's been it was a really, really cool project and I'm happy that we got a chance to talk to people about this today.
I really appreciate it. Thank you all for joining us on Cloudflare TV.