- Firewall & VPN Appliance with quantum-resistant. VPN key exchange and approval from the German Federal Office for Information Security (BSI) for German classification level "Restricted"
- Certified by the BSI according to the international "Common Criteria" (CC) standard at the level EAL 4+
- Protection against "store now, decrypt later" attacks
Kirchheim near Munich, October 23, 2024 – Communicate with reliable confidentiality, even in the age of quantum computers: genua presents genuscreen 8.4 – a highly secure Firewall & VPN Appliance that has integrated a post-quantum cryptography (PQC) process for the key exchange in VPNs and is approved by the German Federal Office for Information Security (BSI) for communication involving sensitive data up to German classification level "Restricted". The BSI approval is an important quality criterion that helps companies and authorities to select particularly secure and reliable IT security components. In addition, genuscreen 8.4 fulfills the requirements of the international classifications RESTREINT UE/EU RESTRICTED and NATO RESTRICTED.
Using genuscreen 8.4, VPNs (virtual private networks) based on the protocols IPsec/IKEv2 (Internet Protocol Security/Internet Key Exchange Version 2) can already be reliably protected against the real threat of "store now, decrypt later" attacks. The German IT security specialist genua is currently presenting the new version 8.4 of its Firewall & VPN Appliance genuscreen at the leading IT security trade fair it-sa in Nuremberg (hall 9, booth 235).
Protect Today's Communications Against Tomorrow's Attacks by Quantum Computers
Quantum computers are making rapid progress. In the near future, these machines will provide huge amounts of computing power specifically for attacking cryptographic processes. The BSI believes that cryptographically relevant quantum computers could pose a realistic risk to current encryption techniques from the mid-2030s.
But users should already be protecting their digital communications against these threats. The reason: So-called "store now, decrypt later" attacks will become a serious cyber threat in the future. In such attacks, entities such as intelligence services record encrypted data traffic now so that it can be decrypted and analyzed later, once powerful quantum computers have become available. The key exchange for setting up a VPN is particularly susceptible: It must be quantum resistant for the data transferred through the encrypted tunnel to remain protected in the future.
genuscreen 8.4: Hybrid Approach For Particularly High Security
genua has developed a solution to this problem: The new Firewall & VPN Appliance genuscreen 8.4 enables the quantum-resistant exchange of cryptographic keys for setting up IPsec/IKEv2-based VPN tunnels. For this purpose, genua uses a hybrid solution comprising the PQC process Kyber768 and the elliptic-curve Diffie–Hellman (ECDH) key agreement protocol based on Brainpool256, which is part of the recommended cryptographic process in the BSI's Technical Directive BSI-TR-02102-1. Via a VPN coupling established in this way, genuscreen enables a highly secure data exchange between company locations via the internet.
The firewall of the appliance allows only explicitly requested connections and consistently blocks all others. Thanks to its integrated stateful packet filter, genuscreen can also be used in conjunction with the two-level Firewall genugate to set up a highly secure firewall system that complies with German classification level "Restricted" and has a P-A-P structure, thus meeting all relevant security requirements and ensuring impenetrable protection against external attacks.
genuscreen is certified by the BSI according to the international Common Criteria (CC) standard at the level EAL 4+. This is the highest level that is usefully applicable to a complex system of this kind. All genuscreen hardware models from revision 2.0 and genuscreen S in revision 1.0 can be used in conjunction with software 8.4 for approved operation.
"With the new version 8.4 of our Firewall & VPN Appliance genuscreen, we are enabling users to already transfer data via quantum-resistant encrypted VPN connections," says Daniel Herzinger, a cryptologist at genua. "This will keep our customers' communications secure even in the future."
"We've been offering approved, quantum-resistant software updates for our genuscreen since 2018 and we are continuously working on PQC migration," says Stefan-Lukas Gazdag, a cryptographer at genua. "In this way, we make sure that our customers can face the future securely with genua products."
Background: What Is a Quantum Resistant Key Exchange?
A quantum-resistant key exchange, also called a post-quantum cryptography (PQC) key exchange, is a cryptographic protocol that is immune even to attacks using powerful quantum computers. Most current cryptographic processes, including key exchange, are based on mathematical problems that are very difficult to solve. An example of this is the problem of factorizing large numbers, on which for example the widely used RSA cryptosystem is based.
The problem: Experts believe that a powerful quantum computer will be able to solve these mathematical problems much more efficiently than a conventional computer. This hypothesis has already been proven for RSA with 16 bits. The consequence: Many cryptographic processes that are currently considered secure are potentially susceptible to attacks by quantum computers.
PQC key exchange protocols are therefore an important step forward in the development of new cryptographic processes that are also secure against attacks by quantum computers. By using new mathematical problems, these protocols should ensure the security of cryptographic applications even in a world with powerful quantum computers.
Further information:
Image caption:
With quantum-resistant VPN key exchange and BSI approval for German classification level "Restricted," genuscreen 8.4 protects today's confidential digital communication against the cyber threats of tomorrow.
© genua GmbH
Press Contact
Michael Eckstein
Presse & PR
genua GmbH
T +49 89 991950 527
E michael_eckstein@genua.de
About genua
Based in Kirchheim near Munich, genua GmbH secures sensitive IT networks in the public and enterprise sectors, for critical infrastructure organizations and in industries with an obligation to maintain secrecy with highly secure and scalable cyber security solutions. In doing so, the company has been focusing on the comprehensive protection of networks, communication and internal network security for IT and OT for more than 30 years. The range of solutions spans from firewalls and gateways, virtual private networks, remote maintenance systems, internal network security and cloud security to remote access solutions for mobile work and the home office.
genua GmbH is a company of the Bundesdruckerei Group. With more than 400 employees, it develops and produces IT security solutions exclusively in Germany. Since the founding of the company in 1992, regular certifications and approvals from the German Federal Office for Information Security (BSI) provide proof of the high security and quality standards of the products. Customers include, among others, Arvato Systems, BMW, the German Armed Services, THW as well as the Würth Group.
![[Translate to English:]](/fileadmin/_processed_/7/2/csm_genuscreen-s-rev-4-sfp-front_9a5339d170.png "[Translate to English:]")