BlackBerry has announced that it will support quantum-resistant secure boot signatures for NXP Semiconductors’ crypto-agile S32G vehicle networking processors as part of a demonstration to show how to mitigate the risk of potential quantum computing attacks on in-vehicle software.
The new integration will enable the software to be digitally signed using the recently endorsed CRYSTALS Dilithium quantum-resistant digital signature scheme by the National Institute of Standards and Technology (NIST), providing peace of mind to those relying on and delivering long-lifecycle assets such as systems in critical infrastructure, industrial controls, aerospace, and military electronics, telecommunications, transportation infrastructure, and connectivity. The collaboration is intended to safeguard against an increasingly perilous future in which quantum computers can easily defeat traditional code signing schemes.
Joppe Bos, Senior Principal Cryptographer at NXP Semiconductors commented, “As quantum computers continue to advance in development, it’s increasingly important to work to secure today’s systems against these future threats. Collaborating with BlackBerry strengthens our solution to address the critical need to harden code signing and software update infrastructure against future cryptosystem vulnerabilities.”
The NXP S32G chip’s secure boot flow feature enables BlackBerry’s Code Singing and Key Management Server to achieve agile and effective quantum protection. Utilizing the quantum-resistant signature schemes like Dilithium for low-level device firmware, over-the-air software updates, and software bills of materials (SBOMs) reduces the risk of potential quantum computing attacks on critical software updates, addressing a major security concern for a variety of industries.
Jim Alfred, VP, BlackBerry Technology Solutions commented, “In the lead up to Y2K, US business spent upwards of $100 billion to avoid calamity and the issue was simply a matter of adding two digits to the date field. Y2Q, when quantum attacks become possible, is on another level, posing a significant threat to industries selling or operating long-lived assets with updatable software. NXP shares our vision of mitigating the risk of quantum computing concerns and, thanks to their support for hash-based signatures, together we can provide cybersecurity teams with the tools they need now to prevent their existing security measures from becoming obsolete.”
Read more articles: