By Matthew Lyon, Dell Technologies and Souheil Moghnie, NortonLifeLock with Brian Rosenberg, Raytheon Technologies; Janet Jones, Microsoft; Judith Furlong, Dell Technologies
Introduction
In our fourth post in the ongoing SAFECode Post Quantum Cryptography (PQC) blog series, we discussed the key concept of Crypto(graphic) Agility. We outlined the need for organizations to adopt an agile Cryptographic Strategy today. The intention of this post is to provide guidance on practices that organizations can implement now to enable their journey to a comprehensive Crypto Agility strategy.
Cryptographic Agility Strategies
In many organizations, use of cryptography is often tightly coupled with critical business processes and functions. Therefore, careful planning, sound prioritization, and informed decision making based on risk management are required to establish Crypto Agility. Organizing work into a set of logical buckets allows for sequenced application of strategies that drive agility.
There are many drivers that ultimately make up an organization’s Crypto Agility requirements including:
- Time, scope, and resource constraints.
- Business and technical constraints that gate an organization’s ability to make prompt cryptographic adjustments.
- Harmonization of cryptographic implementations with Agile design patterns to enable rapid iteration.
- Compliance with Privacy Laws that may mandate adjustments to the use of cryptography.
What Can Be Done Right Now?
The strategic approach outlined below outlines a logically sequenced set of actions to implement Crypto Agility.
Understand
Understanding the landscape and requirements is a foundational strategy for achieving Cryptographic Agility. In our first blog post in this series, Start the Countdown Now: Your Cryptography’s Time is Running Out, we outlined the impetus for quantum-resistant cryptography and the industry response to this challenge. Organizations should closely monitor the progression of the NIST Third Round PQC Algorithm Finalists and Candidates.
In our second blog post, Preparing for PQC: Roadmap & Initial Guidance, we discussed the high-level phases for PQC transition. These phases encapsulate many activities, from inception to application. Understanding these phases and activities will help organizations formulate a roadmap and timeline for adoption of PQC.
In our third blog post, Identifying Your Cryptographic Dependencies, we outlined the need to identify all of the current implementations of cryptography within your organization. Conducting and maintaining a comprehensive cryptographic inventory is a prerequisite for implementation of Crypto Agility. It is important to understand who the users are, what the use cases are, and what the business context is for each element identified.
Define
Understanding is all about identification, but definition is about planning. As we discussed in our earlier blog posts, we can strategically define a Crypto Agility plan by logically grouping the implementations identified in the Understand phase into use cases. For example:
- Data-in-Motion (i.e., mTLS, Key Exchange, etc.)
- Data-at-Rest (i.e., Asymmetric and Symmetric encryption and decryption of stored data)
- Code Signing (i.e., digital signing to certify code authenticity and integrity, hardware root-of-trust, etc.)
As we discussed in our fourth blog post, How Agile Is Your Cryptographic Strategy?, once this inventory of use cases is established, organizations should differentiate implementations in source code from implementations within the context of shared IT infrastructure in order to identify the dependencies for each element. With the groupings established and the dependencies mapped, organizations can formulate a strategy for adapting each element for PQC in an agile manner and sequence these milestones on a road map to ensure organizational alignment on the strategy, approach, and priorities for Crypto Agility transformation.
Decide
Our earlier posts brought up the fundamental principles of Crypto Agility. These principles should guide the analysis and decision-making activities that an organization performs. For implementations of cryptography within source code, in addition to modularizing the source code as was discussed in our previous blogs, consider the following steps:
- Ensure that Memory management is implemented to ensure that variables representing certificates, keys, and cryptographic digests are easy to adjust to account for larger sizes.
- Investigate possibilities for operating in hybrid modes that enable adoption of new PQC algorithms that are tightly coupled with a fallback to classical cryptographic schemes such as RSA and ECC.
- Consider migrating to development languages and frameworks that provide robust native support for PQC.
Organizations can also weigh the benefits of using on-premises managed infrastructure or adopting third-party, cloud services to address their needs. The decision-making process should be informed by carefully considering whether the use of on-premises infrastructure or of cloud services may introduce Crypto Agility benefits. Ultimately, use of external third-party services will also create dependencies on the service provider cryptography stack, so that potential dependency must also be factored into the decision-making process.
Prototype
Prototyping the application of PQC is where the rubber meets the road and theory begins to become reality. We recommend that you experiment with adopting the PQC algorithms that are available today, using toolkits and SDKs as they become available. For example, Open Quantum Safe is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.
Where possible, implement hybrid modes of operation within your applications to cover all use cases. One example would be hybrid key establishment which relies on PQC and classical algorithms. Another example would be dual signature generation and verification using a mix of classical and PQC schemes.
Model the performance and functionality implications of performing data encryption and decryption operations with PQC algorithms. This analysis should be performed with a focus on usability. Remember that implementation decisions made today often live long into tomorrow.
When prototyping, it is also important to consider tradeoffs in software efficiency, hardware efficiency, flexibility, simplicity, and licensing. However, never lose sight of the end goal of Crypto Agility. The underlying ethos must be evolution from a reactive posture of unknown impact to proactively quantifying the impacts of PQC algorithms and the longer key, message, and signature sizes they introduce.
Consider Impact of PQC on TLS
While the symmetric ciphers used in TLS seem likely to survive into the PQC world (albeit with longer keys), the asymmetric algorithms used in key exchange and certificate validation will be susceptible to attacks on larger quantum computers.
Therefore, since TLS is a vital part of online communication, it is important to start prototyping your implementation of TLS using quantum-safe implementations such as the Open Quantum Safe OpenSSL repository. The prototype for the quantum-safe version of OpenSSL, v1.1.1, uses both hybrid and post-quantum key-exchange and certificate validation. For more details on the post-quantum algorithms that are being used for TLS key-exchange and signature validation, please refer to this article.
Design and Implement
You may have heard the term “Shift Left” to describe the importance of mitigating issues early in the software development lifecycle to reduce cost and impact on schedule and deliverables. Similarly, when it comes to Crypto Agility, “designing” your code with PQC in mind is a must. In other words, plan for the need to potentially change your crypto algorithms and their parameters even if you do not know what these changes might be.
Some examples may include expecting increased key lengths, algorithm changes, different random number generation functions (or PRNG), new initialization vectors and seedings, wrapper functions, removing hard coded constraints, and more.
Consider Cloud vs. On-Prem
While considering where to host software, we often make our decisions based on cost, speed, and ease of use. At this time, the upheaval caused by a transition to PQC should also factor into these hosting decisions.
For instance, well-known public cloud providers such as Amazon’s AWS, Google’s GCP, and Microsoft’s Azure are likely to introduce hardware, functions, services, and microservices necessary to support PQC sooner than most organizations will be able to obtain and/or develop them independently. We therefore recommend evaluating your own transition preparedness and that of any cloud or hosting service providers you rely on.
Consider Software Supply Chain
Essentially all modern software development relies on open-source software – often heavily [1]. PQC transition readiness should therefore also factor into your choice of open-source dependencies. We recommend using well-known open-source components with many contributors and recent and frequent code commits. Components with more permissive licenses are also preferable so that, if necessary, you can make the changes needed for PQC adoption within your ecosystem. These guidelines apply to purchased third-party software and products as well.
Consider Backward Compatibility
As it is unlikely that most software vendors will move to PQC swiftly, it is wise to plan to support both PQC and traditional cryptographic worlds concurrently. This may be more difficult than it sounds. Segregating traditional and post-quantum servers and services may be necessary to avoid downgrade attacks among others. If such segregation is not possible, you need to be aware of the weaknesses that may be introduced to systems that implement PQC technology by traditional cryptographic algorithms and re-examine your threat model and mitigations.
Validate
Validation is the last mile of the journey and requires monitoring and analyzing performance and usability impacts as changes to cryptography are introduced. Organizations can learn what does and does not work and apply these learnings to their strategy to continually improve Crypto Agility.
Conclusion
Crypto Agility must be driven by a comprehensive set of strategies. In this blog post, we outlined a sequenced approach composed of strategic and tactical steps that organizations can employ to drive their Crypto Agility transformation at speed and scale. In future posts in this series, we will delve into the potential impacts of PQC on organizations’ supply chain security, policies and standards, and regulatory and security compliance obligations.
[1] https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/