ScienceGuard:
Agility is the characteristic of a system to adapt rapidly and simply. In a similar fashion, '''crypto-agility''' (also 'crypto agility' or 'cryptographic agility') refers to the characteristic of an information security system to swiftly switch over to alternative [[cryptographic primitive]]s and [[encryption|algroithms]]. Crypto-agility not only facilitates and encourages system upgrades and evolution but also acts as a safety measure or incidence response mechanism.<ref name="JasmineHenry-what-is"></ref>
=Example=
The retirement of the [[X.509]] [[public key certificate]] can serve as example to illustrate crypto agility. A public key certificate has [[cryptography|cryptographic parameters]] such as key type/length and [[hash function|hash algorithms]]. The most widely used certificate configuration was the X.509 certificate version v3 with key type/length RSA/1024-bit and the SHA-1 hash algorithm. As the time progressed, [[NIST]] recommended 1024-bit key length for [[RSA (cryptosystem)|RSA keys]] as weak key length made the [[SHA-1]] algorithm vulnerable to attacks. Information security systems shifted to the RSA 2048-bit key length and the [[SHA-2]] algorithms. The easier and automated such a system migration is, the more can concerned system be considered crypto-agile<ref></ref><ref name="Microsoft-Crypto-Agility"></ref>
=Importance of Crypto-Agility=
System designers and experts have sensed the need of keeping the latest crypto technologies and incorporation of new crypto infrastructures, which highlights the requirements of crypto-agile products. With the advent of e-commerce and modern communication, corporations have expanded their businesses across the globe with a growing number of users. With [[Business continuity]] being an important aspect to avoid a business loss, not only business evolution but also provisions business agility became important. Cryptographic techniques have been widely incorporated for the protection of business transactions and applications. Since the 2010s, [[public key infrastructure]] (PKI) has been progressively integrated into business applications via public key certificates which were used as trust foundation between network entities. PKI has better security features than the traditional access control mechanisms with the incorporation of cryptographic technologies such as digital certificates and signatures. Public key certificates acting as digital credentials are the core requirements for strong authentication and secure communication between entities over public networks to allow the access grant to confidential data and sensitive resources. With the continuously increasing amount of users and the corresponding threats, crypto-agility has emerged as a key step for business continuity.
Much research was done on [[quantum computing]], aiming at exponentially accelerating the speed of problem solving in the field of number theory and cryptography. A multitude of public key cryptography information security systems are based on RSA, which stands on the basis of large integer factorization and discrete logarithm problems. The invention of the first mass-scale quantum machine will also lead to the risk that these cryptosystems become compromizable.<ref name="AsimMehmood-crypto-agility"></ref>
=Awareness for Crypto-Agility=
There exists a clear difference between system evolution and crypto agility. System evolution progresses on the basis of the emerging business and technical requirements to ensure the up-to-date features and system readiness.
The awareness of crypto-agility requires to be highlighted from the security experts and system designers to the end level application developers. Cryptographic techniques and algorithms are devised and recommended as a security standard by organisations such as [[NIST]] or [[ISO]] for a specific time period. Vendors and application providers incorporate these cryptographic techniques and algorithms in their products. In cases where algorithms fail to stand [[cyberattack]]s, alternative cryptographic primitives need to be implemented. This is the reason why NIST restricted the usages of the [[3DES]] algorithm<ref name="Jasminehenry-3DES"></ref>.
Information security systems need to be developed in a crypto-agile approach to ensure the incorporation of the latest and up-to-date crypto technology. The process of development and deployment of public key based cryptosystems is progressing and in the advent of quantum computing, algorithms and infrastuctures need to be updated in a secure and efficient manner.<ref name="JasmineHenry-what-is" />
=Policy and Best Practices for Crypto Agility=
Achieving crypto-agility is not a one-unit or one-entity approach. First of all, the system designers need to have a clear vision, awareness and the advantages of crypto-agility then they can roll out a plan at whole business spectrum for its implementation at each level such as organizational and technical etc. Here are some policy highlights and best practices about dealing with crypto-agility<ref name="AsimMehmood-crypto-agility" />:
# A clear and concrete policy should be devised that all the business applications involving any sort of crypto technology should incorporate and support strong/latest algorithms and techniques before it comes too late.
# This policy has to be disseminated to all the existing vendors and solution providers and they must come with a way forward and time-based plan to comply it and update the existing firmware and software.
# As a future approach, the contract should only be signed with the vendors supporting the latest cryptographic standards, protocols, and algorithms.
# Vendors must provide regular updates and reveal the crypto technology being used in their software and firmware.
# As expected by benefits of [[quantum computing]] which would compromise RSA based cryptosystems, RSA should be replaced by quantum-resistant [[elliptic curve]]s.<ref name="NIST Post-Quantum"></ref>
# [[Symmetric-key algorithm]] have to be used with higher key lengths.
# Hash algorithms have to be used with higher bit sizes.
Awareness and implementation of these policies and best practices aims at improving crypto-agility and enabling infrastructure to rapidly and swiftly respond to threats and attacks.<ref name="AsimMehmood-crypto-agility" />
=References=
[[Category:Cryptographic algorithms]]
=Example=
The retirement of the [[X.509]] [[public key certificate]] can serve as example to illustrate crypto agility. A public key certificate has [[cryptography|cryptographic parameters]] such as key type/length and [[hash function|hash algorithms]]. The most widely used certificate configuration was the X.509 certificate version v3 with key type/length RSA/1024-bit and the SHA-1 hash algorithm. As the time progressed, [[NIST]] recommended 1024-bit key length for [[RSA (cryptosystem)|RSA keys]] as weak key length made the [[SHA-1]] algorithm vulnerable to attacks. Information security systems shifted to the RSA 2048-bit key length and the [[SHA-2]] algorithms. The easier and automated such a system migration is, the more can concerned system be considered crypto-agile<ref></ref><ref name="Microsoft-Crypto-Agility"></ref>
=Importance of Crypto-Agility=
System designers and experts have sensed the need of keeping the latest crypto technologies and incorporation of new crypto infrastructures, which highlights the requirements of crypto-agile products. With the advent of e-commerce and modern communication, corporations have expanded their businesses across the globe with a growing number of users. With [[Business continuity]] being an important aspect to avoid a business loss, not only business evolution but also provisions business agility became important. Cryptographic techniques have been widely incorporated for the protection of business transactions and applications. Since the 2010s, [[public key infrastructure]] (PKI) has been progressively integrated into business applications via public key certificates which were used as trust foundation between network entities. PKI has better security features than the traditional access control mechanisms with the incorporation of cryptographic technologies such as digital certificates and signatures. Public key certificates acting as digital credentials are the core requirements for strong authentication and secure communication between entities over public networks to allow the access grant to confidential data and sensitive resources. With the continuously increasing amount of users and the corresponding threats, crypto-agility has emerged as a key step for business continuity.
Much research was done on [[quantum computing]], aiming at exponentially accelerating the speed of problem solving in the field of number theory and cryptography. A multitude of public key cryptography information security systems are based on RSA, which stands on the basis of large integer factorization and discrete logarithm problems. The invention of the first mass-scale quantum machine will also lead to the risk that these cryptosystems become compromizable.<ref name="AsimMehmood-crypto-agility"></ref>
=Awareness for Crypto-Agility=
There exists a clear difference between system evolution and crypto agility. System evolution progresses on the basis of the emerging business and technical requirements to ensure the up-to-date features and system readiness.
The awareness of crypto-agility requires to be highlighted from the security experts and system designers to the end level application developers. Cryptographic techniques and algorithms are devised and recommended as a security standard by organisations such as [[NIST]] or [[ISO]] for a specific time period. Vendors and application providers incorporate these cryptographic techniques and algorithms in their products. In cases where algorithms fail to stand [[cyberattack]]s, alternative cryptographic primitives need to be implemented. This is the reason why NIST restricted the usages of the [[3DES]] algorithm<ref name="Jasminehenry-3DES"></ref>.
Information security systems need to be developed in a crypto-agile approach to ensure the incorporation of the latest and up-to-date crypto technology. The process of development and deployment of public key based cryptosystems is progressing and in the advent of quantum computing, algorithms and infrastuctures need to be updated in a secure and efficient manner.<ref name="JasmineHenry-what-is" />
=Policy and Best Practices for Crypto Agility=
Achieving crypto-agility is not a one-unit or one-entity approach. First of all, the system designers need to have a clear vision, awareness and the advantages of crypto-agility then they can roll out a plan at whole business spectrum for its implementation at each level such as organizational and technical etc. Here are some policy highlights and best practices about dealing with crypto-agility<ref name="AsimMehmood-crypto-agility" />:
# A clear and concrete policy should be devised that all the business applications involving any sort of crypto technology should incorporate and support strong/latest algorithms and techniques before it comes too late.
# This policy has to be disseminated to all the existing vendors and solution providers and they must come with a way forward and time-based plan to comply it and update the existing firmware and software.
# As a future approach, the contract should only be signed with the vendors supporting the latest cryptographic standards, protocols, and algorithms.
# Vendors must provide regular updates and reveal the crypto technology being used in their software and firmware.
# As expected by benefits of [[quantum computing]] which would compromise RSA based cryptosystems, RSA should be replaced by quantum-resistant [[elliptic curve]]s.<ref name="NIST Post-Quantum"></ref>
# [[Symmetric-key algorithm]] have to be used with higher key lengths.
# Hash algorithms have to be used with higher bit sizes.
Awareness and implementation of these policies and best practices aims at improving crypto-agility and enabling infrastructure to rapidly and swiftly respond to threats and attacks.<ref name="AsimMehmood-crypto-agility" />
=References=
[[Category:Cryptographic algorithms]]
from Wikipedia - New pages [en] https://ift.tt/2BxT8Eb
via IFTTT
No comments:
Post a Comment