DataPower Gateway serves as the primary defense mechanism for a corporation, acting as a critical barrier that safeguards sensitive data and shields critical systems and applications from unauthorized access. 

And how? Through the implementation of cryptographic schemes. In its simplest form, cryptography is the practice of secure communication by transforming plaintext data into unreadable data, and is a fundamental component of the digital world, underpinning internet protocols, enterprise applications, and critical infrastructure, thereby safeguarding the confidentiality, integrity, and authenticity of data in the modern digital landscape.

By controlling incoming and outgoing traffic, a gateway ensures that only trusted parties can enter the network, thereby protecting the organization's most valuable assets from potential threats and malicious activities.

DataPower ensures the confidentiality, authenticity, and integrity of data transmitted through the gateway, thereby restricting access and modifications to authorized parties only.

The Looming Threat of Quantum Computing

So, all good? No, there is a looming threat to common cryptography. The advent of quantum computing poses a significant risk to traditional cryptographic schemes, as quantum computers can potentially break certain classical encryption algorithms, such as RSA, which has long protected global data, much faster than classical computers. This puts the confidentiality, integrity, and authenticity of sensitive information at risk, threatening the very foundations of modern cybersecurity.

Why worry now? Malicious actors can already employ a "harvest now, decrypt later" strategy, capturing and storing encrypted data today to decrypt it in the future when a quantum computer becomes available, putting sensitive information at risk.

From Quantum Vulnerability to Quantum Resistance: The Emergence of PQC

In August 2024, National Institute of Standards and Technology (NIST) published three approved standards - which include three post-quantum cryptographic algorithms: two of them, ML-KEM and ML-DSA were developed by IBM researchers in collaboration with several industry and academic partners. The third published algorithm, SLH-DSA was co-developed by a researcher who has since joined IBM.

1.      FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard - ML-KEM (derived from CRYSTALS-Kyber) a key encapsulation mechanism selected for general encryption, such as for accessing secured websites

2.      FIPS 204, Module-Lattice-Based Digital Signature Standard - ML-DSA (derived from CRYSTALS-Dilithium) a lattice-based algorithm chosen for general-purpose digital signature protocols

3.      FIPS 205, Stateless Hash-Based Digital Signature Standard - SLH-DSA (derived from SPHINCS+)

For more information, see IBM-Developed Algorithms Announced as NIST's First Published Post-Quantum Cryptography Standards

DataPower incorporating PQC algorithms into transport protocols

In our technical preview introduced with DataPower 10.6.2, we're adding support for three PQC KEM algorithms in our TLS client and server profiles:

• ML-KEM-512: A key encapsulation mechanism with a 512-bit key size
• ML-KEM-768: A key encapsulation mechanism with a 768-bit key size
• ML-KEM-1024: A key encapsulation mechanism with a 1024-bit key size

These algorithms are based on the NIST-approved FIPS 203 standard for post-quantum cryptography and provide a range of security strengths to suit different use cases.

Take the next step

The introduction of PQC in DataPower marks a significant milestone in our journey to provide future-proof security solutions. With this technical preview, you can start exploring the benefits of PQC and prepare your organization for the post-quantum era. Try out this new feature today and discover how DataPower can help you stay ahead of the security curve.