By Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Janet Jones, Microsoft; Souheil Moghnie, NortonLifeLock; Brian Rosenberg, Raytheon Technologies; Steve Lipner, SAFECode
In our initial blog, we discussed the impact that migration to Post Quantum Cryptography will have on existing IT environments, and in our second blog we outlined a series of actions that organizations can take to prepare for PQC migration. One of the challenges noted in both blogs comes from the significant number of changes that will need to be made to the current cryptographic implementations in our applications, products, services and IT infrastructure. In addition, such changes will be frequent during initial PQC adoption as algorithms, protocols and implementations are refined and evolve. In this blog we explore what organizations can do today to make these frequent cryptographic transitions easier to handle by applying Crypto(graphic) Agility concepts. Embracing Crypto Agility also brings more immediate benefits to organizations by providing a framework to manage cryptographic changes in an agile manner.
Crypto Agility is the concept of designing cryptographic-enabled applications, products and services in a way that allows changes to cryptographic algorithms and parameters with minimal impact to the applications, products and services. Software developers and architects need to use this concept as early as possible in the development cycle to create more coherent and portable code.
Crypto Agility design principles include:
- Ensuring that configuration interfaces (e.g. UIs, APIs) are flexible to allow introduction of new algorithms, key sizes, random number generators, etc.
- Avoiding making assumptions based on the characteristics of just one algorithm (e.g. size of cryptographic keys) when designing and coding cryptographic implementations.
- Designing products, applications or services containing cryptographic capabilities, so that the underlying cryptographic implementations (modules) are abstracted from product, application or service code.
- Enable support of multiple cryptographic modules to address different requirements or markets.
- Allow cryptographic modules to be changed with minimal impact.
- Automate the maintenance of cryptographic inventory changes.
- Create shared libraries or dedicated classes and wrapper functions for all crypto-related functions.
When it comes to implementing cryptographic functions, use of open source and third-party software is a common practice, unless you choose to violate one of the important cryptographic principles, which is to “Never roll your own crypto”. Therefore, Crypto Agility design principles should not only be applied to code developed by your organization but should also be considered when evaluating and integrating open source and third-party components.
Not Just for PQC Migration
Crypto Agility has added benefits beyond putting organizations in a better position for PQC Migration.
Agile cryptographic implementations often result in quicker resolution of cryptographic-related vulnerabilities and are helpful for adapting offerings for new markets, emerging regulations and changing customer policies.
Crypto Agility can be leveraged to drive improvements in the Software Development process. Also, development and procurement workflows and processes can be adopted to account for Crypto Agility requirements. For example, it’s a good idea to augment the Secure Development Lifecycle with control and verification activities at specific checkpoints or phases of system development or implementation.
There is also an opportunity to innovate by applying Crypto Agility within product and service offerings. New technologies, development methods and/or deployment models could be leveraged to automate and decouple from application logic the selection of algorithm and cryptographic configuration based on policy and context. For instance, cryptographic functions could be implemented within a container or micro-service that is leveraged as a shared resource.
Beyond Algorithms and Parameters
In addition to the need for Crypto Agility in code, software developers and architects need to be cognizant of the infrastructure in which the software operates and should not make assumptions that it will not change. That is, PQC may require migrating your software solution from on-prem to the cloud, or from one cloud provider to another (e.g. AWS to Azure). Designing the code without allowing for flexibility in how it generates, obtains and manages its cryptographic resources (e.g. certificates, keys, etc.) may hamper a smooth transition to PQC.
It is important to ensure that secrets, keys and certificates are stored and managed in a secure and agile manner. These domains are complex and often error-prone so weaving in Crypto Agility needs careful consideration; especially when migrating from on-prem to the cloud or from one cloud provider to another.
In this blog we discussed how Crypto Agility design principles enable rapid implementation and adoption of new algorithms into existing applications, products and solutions and provide valuable flexibility to organizations as they prepare for PQC Migration. In a subsequent blog we will discuss strategies, priorities and roadmaps for achieving Crypto Agility in new and existing native and third-party code.