Migrating to quantum-resistant cryptography: it all starts with an inventory!
Publié le 22/5/2024
Author : Arnaud DUFOURNET, Chief Marketing Officer
Recent advances in quantum computing have prompted nation states and their cybersecurity agencies to actively encourage organizations to protect their sensitive digital infrastructure by adopting post-quantum cryptography as soon as possible. Coming from this same angle, the European Commission has just published a recommendation for coordinated and synchronized deployment across European Union member states. The starting point for any such transition must, without fail, be the building of a precise inventory of the cryptographic systems the organization concerned is using. A step that can prove extremely tedious, but one that is absolutely essential for effectively managing risks.
Cryptography is omnipresent in our digital lives
Computers and operating systems, network equipment, communications (telephony, e-mail, instant messaging, etc.), databases, smart cards, proprietary or third-party application software such as VPNs, SCADA systems, physical security systems (cameras, site access systems, etc.), the list goes on. The upshot is that cryptography is absolutely everywhere, and often completely transparent to users.
The first challenge when changing a cryptography algorithm is to identify all its use cases. And it is a substantial challenge at that. A report by Keyfactor informs us that 62% of organizations do not know exactly how many keys and certificates they actually use.
We reiterate at this point that only systems using public-key cryptography (such as RSA, ECDSA or ECDH) are reckoned to be vulnerable to quantum attacks. Symmetric cryptography (such as AES and Triple-DES) stands firm provided that 256-bit keys are used. The focus must therefore be on those situations where public-key cryptography is used, which is mainly in three processes:
- Electronic signature: cryptography is used to authenticate the signer. It also certifies integrity and ensures the non-repudiation of messages, documents, or stored data.
- Identity authentication process: cryptography is used here to establish an authenticated communication session, or authorization to perform a particular action.
- Key transport for symmetric keys: asymmetric cryptography is used for key encapsulation (KEM) within the TLS/SSL or IKE protocol.
The two uses that need to be targeted as a priority for migration are electronic signature and key transport, in order to counter HNDL attacks. At this point, no quantum computer is powerful enough to crack asymmetric cryptography. Consequently, switching to quantum-resistant algorithms for authentication, which by definition is instantaneous, can therefore wait. This is also why the NIST competition focused on electronic signatures and key exchange.
Starting an inventory of cryptography systems
The ubiquity of cryptography, sometimes combined with lack of knowledge of its existence, make inventorizing a particularly tough job. Yet this first step is crucial. Building a list of all the cryptography systems in an organization, meaning identifying all the algorithms and certificates in use, then allows priorities to be set.
Interviewing experts in, and managers of, in-house systems is obviously an excellent starting point for mapping where cryptography is used. However, it will certainly not suffice, because often not all deployments are necessarily accurately documented, or the system experts have forgotten about them. Fortunately, an investigation can be structured using specific tools and a CBOM model (Cryptographic Bill of Materials), which will also speed up the process. Similar to a software bill of materials (SBOM), a CBOM is an object model for describing cryptographic assets and their dependencies. IBM Quantum Safe Explorer, for example, is a toolkit used for cryptographic discovery (analyzing source code and object code to locate cryptographic assets, dependencies, and vulnerabilities) and creating a cryptographic bill of materials (the CBOM).
A CBOM model offers the advantage of storing the following information:
- Cryptographic algorithms and protocols used (type and version)
- Cryptographic elements currently in use (e.g. certificates with their expiry dates and key lengths)
- Physical equipment impacted (e.g. servers, information systems, smart cards and so on)
- Dependencies on other systems or data (such as Open Source libraries)
- Dependencies relative to external parties (hardware and software suppliers) When a dependency is of any significance, it is advisable to contact the suppliers concerned to inquire about their roadmap towards quantum-resistant cryptography.
Once you have gained visibility over your use of cryptography, it is vital to keep in mind that this is an ongoing process and not merely a snapshot at one point in time, and these records must therefore be constantly maintained.
Setting priorities
It is not feasible to migrate all systems simultaneously in a sort of Big Bang. Prioritization is necessary, which here means selecting the systems that need to be migrated first, on the basis of how critical they are. For example, in the United States, the NSA requested in September 2022 that national security systems (NSS) begin their migration to quantum-resistant cryptography in this order of priority:
- Software and firmware signing by 2025
- Web browsers and servers, plus cloud services, by 2025
- Traditional networking equipment (VPNs, routers, etc.) by 2026
- Operating systems by 2033
- Niche equipment (e.g. constrained devices) by 2033
- Custom applications and legacy equipment to be replaced or updated by 2033
Criticality can be assessed on the basis of a number of factors. First of all, it is advisable to examine the situations in which the cryptography employed is being used. This is the approach taken by NSA to guide NSSs in their transition. Other significant factors to consider are the lifespan and the sensitivity of the data to be protected. Priority will be given those cryptographic mechanisms that protect highly sensitive data with a long lifespan (longer than 10 years, for example). Lastly, the potential cost of a security breach by a quantum attack, and the time needed to migrate to PQC (known as a system’s “quantum readiness”), are two other useful criteria for assessing criticality.
Once the cryptographic resources inventory and the risk assessment are completed, the next step in a migration project will be the evaluation and integration testing of quantum-resistant algorithms. NIST announced on April 10th this year at its latest PQC conference that the first standards will be published this summer (2024). As you may know, these standards concern two electronic signature algorithms (Dilithium and Sphincs+) and one algorithm for the exchange of public keys (Kyber). The time has therefore come to familiarize ourselves with these new algorithms.
Moreover, confidence in this new cryptography is now high enough for many companies to have already started deploying it without waiting for the final standards to be published, the most high profile being Google and Apple. Since version 116, the Chrome browser has combined two algorithms, one post-quantum (Kyber-768) and the other pre-quantum, to create the session key used to encrypt TLS 1.3 connections. Apple, meanwhile, announced the launch of a new protocol called PQ3 used to secure its iMessage service in February 2024. PQ3 combines post-quantum algorithms (Kyber again) with existing elliptic-curve cryptography.
If securing your remote communications is among the use cases of quantum-resistant cryptography that you would like to test, please feel free to contact us and we can set out your PoC together.