Securing today for the quantum future

Hi, everyone. It's great to see you for another episode of Cloudflare TV, this time during birthday week. My name's Coco. I work in Cloudflare Zero Trust product suite, specifically on the work client, which is our Zero Trust client for Cloudflare One. And with me today is Sharon, who's also part of Cloudflare One. I'll let Sharon introduce herself. My name is Sharon Goldberg. I'm a director on the Cloudflare One team. I work on a bunch of different things, but one of my titles is the post -quantum janitor. So I go around and I work on post -quantum janitation in the Cloudflare platform, which basically means making sure that our different products are updated to post -quantum cryptography in anticipation of Q -Day when cryptographically relevant quantum computers start to come online that can attack and break all the cryptography that we use on the internet and so really happy to be here with Coco she is the product manager for the warp client which is one of the clients in our cloud server one sassy platform and we upgraded this to post quantum cryptography this week as part of birthday week so Coco and I will tell you a little bit about what we did why we did that and so before we get into the details of the warp client I'll just give like a couple of minutes or seconds, a background on post-quantum cryptography, why it's relevant, and why we're working on it at Cloudflare. So to start with, all across the internet, the internet is built on top of cryptography, and the two most important cryptographic algorithms that are used in the internet for public key cryptography are RSA and elliptic cryptography. And the crazy thing is that once quantum computers become powerful enough, they will actually break the algorithms RSA and elliptic curve cryptography, basically breaking the security of the cryptography that's the backbone of the entire internet. So this is a big problem. For a long time, I thought and a lot of people thought that the day when these quantum computers come online is very far in the future, like so far that I wouldn't have to care about it. But that's no longer true. The National Institute of Standards in the US, NIST, has said that by 2030, we have to deprecate RSA and elliptic curve cryptography. So that's in four and a half years. So four and a half years from now, all the cryptography that we use in the internet needs to be deprecated according to the National Institute of Standards. For me, that is when I started paying attention to post -quantum cryptography. And that's why I think it's really important. But I'm just talking about myself here. When I talk about Podflare, Podflare has been working on post -quantum cryptography since 2018. We ran some of the first post -quantum cryptography trials with Chrome starting, I think, in 2019. It was way before I joined here. And actually today, we are getting close to having almost half of the traffic through our network that reaches the edge of our network, actually speaking in post -pondent cryptography, if that traffic originates from the user's web browser. So we are running post -pondent cryptography at scale in Cloudflare already today. And the reason that this is so important is because of an attack that the industry calls Harvest Now, Decrypt Later. So Harvest Now, Decrypt Later means an... that harvests internet traffic today and then stores it and then in the future once it has a powerful cryptographic ability to decrypt this this photography using quantum computers once that happens he then decrypts the stored traffic and recovers the information and so this harvest now decrypt later attack is the reason that a lot of organizations and especially our government organizations are really encouraging upgrade to quantum cryptography post-quantum photography now, for example, if it's a government and you're having information about citizens like their social security numbers or their health records, that information is still valuable in 10 years from now. And so if it's compromised by being harvested today and decrypted in the future, that is still valuable information for an adversary even 10 years down the road. So these attacks are actually relevant today, even before we have quantum computers. And that's why post-quantum cryptography is really important to even deploy right now. And that's why we're deploying it at scale at Cloudflare. The other thing that I that I wanted to mention is that, you know, we don't really know when these quantum computers will come online. But because NIST has given us this 2030 date, if you're thinking about cryptography updates, cryptography upgrades take a really long time. Historically, we've seen with cryptography from 2004, MB5 algorithm, if you've heard of the MB5 algorithm, in 2004, that algorithm was broken and we still use MB5. today all over the place i'm still getting people messaging here like i found mp5 used in postgres and they're still using it for something in postgres it is very hard to get rid of it and so the sooner you can start the better and the less likely you are to be right up against q day and trying to like frantically update all your system because they're all broken and that's why we started broken so you know let's get into the specific product line that we upgraded as part of this project and this new feature that we're releasing for birthday week so kobo can you walk us through what is the Cloudflare One Warp Client. What does it do? Who uses it? So Cloudflare One Warp Client is our next generation VPN solution here in Cloudflare. So it allows you to tunnel traffic from end device to our edge in Cloudflare, where all of your traffic for going to apps or going to go into the internet resources just... goes through a protected tunnel that encrypts and prevents people from being able to hijack what you're doing on the internet. We have this with a consumer client as well as an enterprise version of the client. The consumer client is 1 .1 .1 .1 .1 app, which is a mouthful. I say quad one all the time, but the consumer client. It has the same benefits of having a tunnel that allows you to protect yourself from the internet. So then we also have the enterprise version of this consumer. It has a few more perks, and it goes hand -in -hand with our full Cloudflare One suite of things. So you'd be able to also monitor your device health with our Warp client checks that we have built. in or bring in a third -party integration and do that and then use that, apply it into some access or gateway rules to monitor and make sure that the people who are using the devices, usually in a workplace, are doing so in a way that is safe for them and for this company to work in and our consumer. Yeah, so it's really like our full on-ramp. So the enterprise warp client, if you are a Cloudflare customer and you're using us as your VPN replacement or as your SASE platform or as your SASE platform, you probably have warp client deployed on all your employee devices. I have it online right now. And it is really just the gateway. It's the on -ramp into our entire secure web gateway, our entire zero -trust suite, everything that we built in Cloudflare 1 around SASE. The warp client is the way that most people. most humans access that part of that network and and then on on the you know we have been doing post -quantum upgrades across the company for years now like you've probably gotten used to hearing Cloudflare every six months releasing news about like the latest feature that we've upgraded to post -quantum and we continue to do so and there's still things that we need to do but I think what's really cool about the work client is that when you install the work client on a machine it kind of takes all your internet traffic and shoves it into a tunnel um and if we make that tunnel post quantum protected that means that even if the traffic that you're sending through the tunnel itself isn't yet post quantum or the services that you're speaking to don't yet support post -planning cryptography we have that tunnel wrapping all your traffic and protecting it as it goes across the internet or at least until it reaches the cloud flow network so i think that's around post-planning cryptography that's one of the things that I'm really excited about as the post-quantum janitor here is as much as we can wrap our customers traffic in post -quantum tunnels we can save the trouble of having people upgrade individual services and links and protocols and web servers and whatever to post -quantum just by creating these tunnels that they can shove their traffic to you and I think that's what's really cool about the warp line but despite how useful it is it took us a while to actually get to the warp line it wasn't the first thing we upgraded in our product line. So Hodo, can you walk us through like some of the challenges of why was it tricky to actually do this upgrade and how is it different from the other upgrades we've done at Fazlera Rampus One? Yeah, making changes in the warp client is quite difficult sometimes because of the way that we push updates out there to people. So for the client specifically, we try to keep a number. releases every quarter that we put out with something new in there and when we were looking at post -quantum the whole idea of how do we get this into the hands of the people with the minimal amount of effort on their end how the benefits of post -quantum we had to think through okay well let's put some flags within our client as well let's make sure that people aren't prevented from accessing the internet if for some reason post -quantum doesn't work on the first check or something? How do we downgrade people from the post -quantum into the regular cryptography that we were using before in the client just in case anything has to happen? And then how do we make sure that people have the ability to control it on their end too? So we need an MDM flag too for people. People to say, turn on and turn it off at my whim during this transition time. So, yeah, there are a number of things that we had to think through of making sure connectivity wasn't lost, no matter what we were doing and the changes in the tunnel. And then also making sure, at least for our Zero Trust users, because we don't want to keep anyone from being able to do their work, making sure that you guys have the control to all. say okay I'm having something going on turn it off for now. Yeah and I think what's really interesting about this is that you know unlike some of our other products which are basically inside our network that we fully control both ends when we have the warp client it's deployed out in the wild on people's devices and we don't control those devices obviously and so we have to be so careful every time we make a change and so we were like extremely careful with this change. For any cryptographers that are listening here I just want to mention one thing that Coco mentioned about downgrades we wrestled very hard with how are we going to make this upgrade go seamlessly so there was no performance impact but still have security benefits and so what we ended up doing was we with for the first initial rollout the way we rolled it out is if the connection fails to establish with post quantum we will actually downgrade it to classical photography for now because we're wanting to make sure that we don't have too many downgrades in wild as we're rolling it out. And we're actually watching and tracking what's happening as we do the rollout. And we support those downgrades automatically now. But those downgrades long term are a security risk. And so once we see that this stabilizes and we don't have any issues with some latent error that we didn't expect, or maybe a middle box or something really weird going on in a network causing the postponed connection not to establish, which is really, really rare. By the way, we've already seen that in our data that it's really, really rare. But we wanted to be super careful about that. And so we actually will automatically downgrade to classical cryptography for now. And we're expecting by next year, we're going to turn off that automatic downgrade because we're not going to see these kinds of risks as much in the data as we're watching the rollout. So last thing before we go, Coco, can you show how, if you're a ClubslerOne user, either consumer or enterprise, how would someone have a look and see if they're actually speaking post-blind cryptography right now? Yes, happy to. So if you are a Cloudflare 1 user, that's our Enterprise Zero Trust Solution user, in Terminal, you can use a couple of our commands to make sure that PostQuantum is on or disabled if you've changed your setting. So one of them is our Warp CLI command Tunnel Stats. So if I enter this command... in, it will give me information about the protocol mask, which is the one that works with post -quantum today. And it will tell me if the post -quantum is on or not. Yeah, it's the elliptic curve. So if you look at elliptic curve, we've got P256, which is the P256 elliptic curve, which is classical cryptography. And then next to it, you see Kyber, Kyber 7 .6. That is the post -quantum MLPIM algorithm that we're using. and so what we're actually doing is we're running classical photography which is that p256 elliptic curve in parallel with kyber which is the post quantum elliptic curve because you're running them in parallel you get the security benefits of both because if one's broken the other one's still secure and vice versa and so we run them in parallel this is called ink photography hybrid mode and so if you're seeing an elliptic curve that's got kyber in there that means you're running post quantum photography on your warp client and that's the way to check okay so that's it from us um you will more of us on post quantum updates we continue to upgrade different parts of our platform lots of really cool post quantum stuff coming from us but i was really happy to do the janitation on this product uh with coco and the team so yeah thanks everyone for joining us and i hope you try it out thanks so much sharon and one more thing to say everyone knows if you're a consumer user post quantum is on for you today if you're using mask protocol 100 if you are a zt user You can opt in to PostQuantum, but we are going to continue our rollout. Check out the blog. It has information about our timeline and our phases for this rollout for PostQuantum.