In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing. Cryptographic agility enables organizations to seamlessly transition to post-quantum algorithms without disrupting existing systems.
Leonhard also emphasizes its broader role in adapting to new vulnerabilities, regulations, and industry standards.
With the advent of quantum computing, how does cryptographic agility play a role in mitigating potential security risks?
Quantum computing poses a significant threat to widely used cryptographic algorithms, such as RSA and ECC, and requires organizations to take measures for planning the transition to presumably quantum resistant algorithms. Here cryptographic agility plays an essential role as it allows for the replacement of cryptographic algorithms and parameters, with no notable change to system infrastructure nor applications.
This allows for an organization to switch to PQC based algorithms without introducing major disruptions across the business. The benefit of cryptographic agility however extends beyond the threats of quantum computing, as it will enable organizations to adapt to the evolving threat landscape based on identified vulnerabilities, new standards and regulations, or updated best practices.
The need for cryptographic agility is not new as we have seen algorithms failing, and parameters changing over time:
- RC4, SHA 1, DES
- RSA 768 to 1024 to 2048 to 3072 bits
- Diffie-Hellman parameters to minimum of 3000 bits
- Edwards Curves added to EC parameters
Looking specifically at quantum computing and PQC, there will not be a single algorithm. As by now NIST has published the first standards for PQC Key-Establishment Mechanism (KEM) and Digital Signature algorithms, but with the ongoing KEM competition and the call for additional digital signature schemes (to focus on short signatures and fast verification), more standards will come. On top of this we see deviating recommendations from national schemes, e.g. the CNSA 2.0 mandate vs the recommendations in Europe (BSI, ANSSI).
Cryptographic agility should therefore be considered the backbone of any organization or industry that rely on secure communication, data protection, and/or regulatory compliance, as it is key for establishing a future-proof cybersecurity infrastructure, which provides long-term security as well as flexibility.
What are the technical and organizational challenges that businesses typically face when implementing cryptographic agility?
There are several organizational challenges associated with implementing cryptographic agility into an organization. First and foremost, it is crucial that the business (leaders and decision-makers) understands the value and importance of cryptographic agility, as they will need to drive the initiative to secure organizational support and funding. Placing the responsibility for the implementation of cryptographic agility within individual siloed projects and teams will reduce the chance for success, as the cybersecurity infrastructure typically extends across multiple teams and projects within an organization.
Once the organizational support and funding is in place, the need for cryptography and cryptographic agility experts to drive the project is eminent, which may highlight a gap within the organization itself. Not having the necessary expertise to drive the project increases the risk of insufficient implementation.
And finally different parts of the underlying cybersecurity infrastructure might depend on vendor specific solutions, which might need to be included in the scope of the project.
When we then look at the technical side of things the first obstacle will be for an organization to identify and build an inventory of their cryptographic assets (keys, algorithms, protocols, …) – also referred to as CBOM (Cryptography Bill of Materials). This can especially be challenging for large enterprise organizations, where their usage of cryptography is spread across hundreds of projects or teams – typically with ownership of the assets placed within each of these projects.
Cryptographic agility requires streamlined and robust key management practices, ensuring that keys are rotated, revoked or replaced securely. However, many organizations struggle with inadequate key management, which makes updating or replacing keys very difficult and error prone.
Organizations and industries might be depending on legacy systems, which are using hardcoded cryptographic algorithms and maybe even keys, based on older standards. Updating these systems might be very complex and costly and might very well affect other dependent systems.
How can companies balance the cost of implementing cryptographic agility with its long-term benefits? Are there industries where this balance is tricky to achieve?
Balancing the cost of implementing cryptographic agility with its long-term benefits requires a strategic approach.
Risk vs cost – The first step is to conduct a risk assessment clarifying the risk associated with cryptographic vulnerabilities, as this will help them to justify the associated cost.
Phased approach – Based on the risk assessment and the criticality for individual systems within the organization they should define a gradual rollout of cryptographic agility, initially focusing on the most critical systems, and then rolling it out to the rest of the cybersecurity infrastructure.
Avoid vendor lock-in – It is important that the implementation circumvents vendor lock-in, as this can result in future costs associated with switching to another vendor. As an example, if the infrastructure is tightly bound to specific HSMs, which might not be able to provide you with the necessary capabilities in the future.
While the initial investment could be high, the long-term benefits and potential savings should justify the costs:
- Enhanced security – Control and visibility of your cryptographic assets. Avoid potential data breaches due to cryptographic vulnerabilities.
- Compliance assurance – Easily adapt to regulatory changes.
- Future-proof infrastructure – Address future vulnerabilities and threats, and thereby avoid potential catastrophic failures and disruptions.
Taking a more centralized approach to managing an organization’s cryptographic assets will lead to additional savings:
- Reduced requirements for personnel and special talent.
- Reduced time and effort to go through audits.
- Establishing HSM-as-a-service will reduce the number of HSMs by increasing the overall utilization and thereby also the ROI.
For some industries the balance can however be trickier than for others, just to mention a few:
Financial industry – Financial institutions and banks are strongly tied to regulation and must comply with strict requirements for the usage of specific cryptographic standards. You’ll also often see that these institutions are depending on legacy systems that were built decades ago – these will be very costly to upgrade and will most likely require a complete overhaul to support cryptographic agility.
Automotive – It is a significant challenge for vehicle manufacturers to ensure that the cryptographic systems within vehicles stay secure for the entire lifetime of possible 15-20 years. Also, the nature of the complex supply chain, where ECUs and other systems are provided by many different suppliers, makes it difficult to consolidate and manage the associated cryptographic assets.
Critical infrastructure (utility and power systems) – Such systems rely on legacy systems and protocols. Industrial control systems (ICS) used to monitor and control industrial processes were not designed to support modern cryptographic algorithms. Updating these systems without service interruptions will be a major challenge.
What role does algorithm flexibility play in cryptographic agility, and how can organizations ensure they can switch algorithms seamlessly when needed?
Algorithm flexibility is one of the core aspects in being truly cryptographic agile, as this will allow changes to be applied transparently to the systems or applications using them.
With many existing applications and systems using cryptography we unfortunately still see a strong dependency towards specific algorithms and potential hardcoded primitives. To ensure that we can seamlessly switch between algorithms within an application it is therefore important that cryptography is fully decoupled from the application logic.
This can be achieved by encapsulating cryptographic keys and algorithms and enabling these to be replaced without affecting the application directly. This can either be done by enabling cryptographic providers or libraries to be replaced locally or by providing access to remote cryptographic services, which abstract away the cryptographic details.
A centralized system which can manage the cryptographic assets and associated policies is of significant help to continuously monitor and control how cryptography is used across all systems and applications. This will enable an organization to establish cryptographic services, where keys and algorithms are controlled and tailored for each application.
How can organizations future-proof their encryption systems without falling into the trap of overcomplicating their infrastructure?
The most important aspect when future-proofing an organization’s cybersecurity infrastructure is to maintain a balance between introducing new security measures while at the same time maintaining simplicity. Otherwise, there is a risk of overcomplicating the infrastructure which can lead to complex workflow and general inefficiencies.
To accomplish this, it is strongly recommended to establish centralized systems which assist in maintaining your cryptographic assets (keys, algorithms, etc.), as these systems will be the backbone of your cybersecurity infrastructure. Key management systems enable organizations to simplify and automate key life-cycle management while at the same time improving security. Additional tooling to manage and enforce cryptographic policies to control the key and algorithm usage across an organization will provide additional benefits in terms of the management of the cybersecurity infrastructure.
The implementation of security measures should then be done in phases based on risk assessments. Ensuring that the gradual rollout is done according to the criticality of individual systems, based on their vulnerability. Here it is particularly important that an organization starts small, but at the same time ensures that the infrastructure can be scaled according to the business needs.