Arqit NetworkSecure™ Adaptor - Juniper

Juniper and Arqit VPN Encryption Solution

Integrated, Automated, On-Demand Quantum-Safe Protection of VPN Data Communications

NetworkSecure Adaptor

Arqit and Juniper have partnered to deliver an industry-leading security solution by integrating Juniper SRX firewalls and virtual SRX firewalls (vSRX) with the QuantumCloudTM Symmetric Key Agreement Platform.

The solution provides quantum-safe symmetric keys that can be created and rotated on demand to encrypt and protect sensitive data between point-to-point VPN links.

It also delivers enhanced security against today’s human-in-the-middle attacks and the future quantum threat, reducing the administrative burden and inefficiencies of current asymmetric encryption solutions

Book a Demo

Encryption is an essential security and compliance control for safeguarding sensitive data against an increasingly sophisticated threat landscape

Symmetric keys are universally used to encrypt internet traffic; however, current approaches for generating shared symmetric keys between two endpoints are vulnerable to attack and difficult to set up and administer. These approaches include:

01

PKI systems

These are often complex, and if not correctly configured, organisations increase their risk of attacks and data breaches. There are additional potential risks in the future, posed by adversaries using quantum technology for decryption.

02

Physical delivery of cryptographic keys

This can be inefficient and restricts the ability to achieve the high-frequency, rapid, and on-demand symmetric key rotation associated with the highest level of security.

03

Technology partnership

Arqit and Juniper have established a technology partnership to provide organisations with an additional layer of security to protect IPSec VPN traffic against current attacks and the quantum threat, both of which exploit weaknesses in asymmetric (public) key cryptography. The joint solution also improves efficiency, flexibility, and scalability at a lower cost.

Joint Solution

Integration of the Juniper vSRX firewall with Arqit’s QuantumCloud SKA Platform provides quantum-secure symmetric keys that can be used to enhance the security and manageability of IPSec connections between customer locations.

Each vSRX firewall connects securely to its designated Arqit Adaptor over the local network, using mutually authenticated and encrypted TLS sessions. When point-to-point VPN sessions are initiated by Juniper firewalls or re-keying of existing tunnels is required, each participating firewall requests a shared quantum-safe key from its respective local network adaptor server, using the standardized ETSI 014 network protocol. The Arqit Adaptors agree to a shared symmetric key with each other, using the QuantumCloud SKA Platform as the key broker.

The keys are delivered in near real time to the requesting firewalls over the ETSI interface. The vSRX firewall uses the keys in constructing the IPSec VPN tunnel to provide enhanced data protection.

The vSRX firewall mixes the QuantumCloud keys with the IKEv2 negotiated keys as per RFC 8784 to construct the IPSec VPN tunnel that provides enhanced data protection.

Get NetworkSecure Now

Solution Benefits

01

Creates quantum-secure data links and supports a quantum- secure deployment

02

Mitigates risks and complexities associated with PKI for data in transit protocols IPSec/IKE

03

Usable with existing and proven data encryption standards, such as AES 256 and compatible with RFC 8784 for mixing pre-shared keys in IKEv2

04

Scalable creation of shared symmetric keys between any connected SRX firewalls, no distribution of keys

05

Easy-to-use Arqit console for device management and policy enforcement, e.g. for device permissions, grouping, and key rotation rate

06

Supports zero-trust: Quantum-secure session keys are known only to SRX firewalls and never sent across the network

Arqit NetworkSecure™ Adaptor

Juniper SRX integration with QuantumCloud™ enables enhanced security of VPN tunnels between SRX (physical or virtual) site locations and cloud infrastructure, for Site-to-Site IPSec VPN use cases.