Quantum Readiness - All your Crypto are belong to us
By Carl.net on Tuesday, September 17 2024, 18:46 - Cryptography - Permalink
The risk of quantum computing to cryptography, is that much of your current cryptography will no longer be sufficiently secure to protect your data. This is not a potential risk but a guarantee, and unfortunately, much of your current crypto is not safe from future quantum threats. So the question is, how do you get ready?
Imagine your security team identifying a drastic problem you will experience that is far enough in the future that you can plan for and make changes slowly over time. Further, imagine that the solutions you can apply to fix the issue will help improve your ability to manage and operate your current and future IT infrastructure and systems. The risk of quantum computing to cryptography, is that much of your current cryptography will no longer be sufficiently secure to protect your data. This is not a potential risk but a guarantee, and unfortunately, much of your current crypto is not safe from future quantum threats. Though the media has named the issue the Quantum Apocalypse, there is no reason to throw your hands in the air screaming as there is a reasonable process you can follow that will move you safely into the quantum era.
Issue one is that Quantum computers are fast for certain types of math problems. Think of your current fastest computers as tricycles and quantum-based computers as fighter jets. Or, to provide a more concrete example, Google's Sycamore quantum computer prototype solved a problem in seconds that would have taken the Frontier supercomputer (the world's fastest supercomputer as of June 2024) 47 years to solve. This extraordinary increase in computing speed will overwhelm your current cryptography's protections because many of the math problems used in cryptography are the exact ones quantum computing is very good at solving.
Unfortunately, the speed of quantum computers is not the only issue. Issue two is that people keep developing new ways to solve problems using quantum computers like Shor's quantum factoring and Grover's quantum search algorithms. Shor’s algorithm allows quantum computers to halve the time it takes to work on specific math problems, including many of those we use for cryptography. Essentially, it's optimized to solve for prime factors by reducing the number of steps necessary (close to half) to find a number’s prime factors. And those are precisely the numbers you need, to find the private key associated with a public key. Grover’s Algorithm allows a quantum computer to search through an unordered list for specific items in a novel, very quantum way. Instead of just brute forcing its way through the search, which is essentially what standard computers do, Grover's Algorithm gauges the probabilities of various potential states of the system and produces one high-probability result using considerably fewer iterations. In short, the level of protection provided by some of the cryptography you currently have has just been cut in half by a quantum algorithm. As quantum computing is better understood, the number of algorithms available to improve efficiency will increase, so Shor and Grover’s algorithms are only the start.
The third issue is the value of information over time, otherwise known as store now decrypt later. Most information becomes less valuable as time progresses, but that is not always true. Some data retains its value over time. If we look at most data breaches, the data stolen has a high value immediately, but over time, as the subject the data covers changes, the data becomes less valuable as it is less accurate about the subject. But there are use cases where this is not true. For example, a site named Ashley Madison was breached nine years ago, and its entire database was leaked. This site was specifically for people who wanted to cheat on their partner, so it could be construed to contain a list of people who are more likely to lie and cheat. There are any number of global organizations that make use of the Ashly Madison breach data to help them cull out potential bad apples from their executive pools and other at-risk employees. Further, anyone looking to fill a public office will, at some point, be approached about their membership. The encrypted data you have now may be collected and saved for future analysis, which quantum cryptography will enable later.
The fourth issue is that governments and regulators have taken notice of this issue and are requiring solutions sooner rather than later. Using the US as an example, the Office of Management and Budget under the President of the United States issued memorandum M-23-02, which provides direction for agencies to comply with National Security Memorandum 10 (NSM-10) on Promoting United States Leadership in Quantum Computing. The summary is that by 2035, government agencies and their vendors must be quantum-ready. So, in the very best case, you have nine years to be compliant if you service the US government or are in a regulated industry, and if history repeats itself, you will have less time as each regulator works to ensure you are ready sooner.
Finally, issue five is that even without the threat of quantum computing, the speed of our current cracking abilities is improving every year. For example, my old cryptography cracking rig that used four 1080Ti graphics cards can now be replaced with a single graphics card designed to be used by someone playing video games. It would not surprise me if my son asks for one this Christmas. Even without the Quantum threat, cryptography is under continuous attack by technological improvements.
It is worth stopping to discuss what is really at risk. Currently, asymmetric encryption, which is used for public key-based schemes like Public Key Infrastructure (PKI) and also, many hashing algorithms, are the type of crypto most in danger. Symmetric key-based encryption like Advanced Encryption Standard (AES), when using sufficiently large key lengths (think 265 bits), is not in as much danger. If you take issue five above and include some of the overall Quantum risks, you end up halving the protections of your symmetric encryption. So, symmetric encryption mitigation should not be your first consideration but it should be on your list to address.
Now that we have covered the issues, let's discuss the solutions. The best part is that if you run a relatively mature operation, you may already have most of what you need to start working on the problem. But you must still document where you are now and how you will become quantum-ready to be able to prove to your customers and regulators you have things under control. Your plan needs to include understanding where you are using cryptography, including the places you currently do not know about, what type of cryptography you are using, a risk assessment around your crypto, and then, over time, how you will migrate your affected systems, data, and vendors based on your risk assessment into a quantum ready stance.
Here is the skeleton of the plan we will discuss below:
1. Identify a crypto-knowledgeable program lead or resource
2. Create an initial plan
3. Communicate the issue and solution (ongoing)
4. Discover/Identify your systems, data, and vendors (ongoing)
5. Assess the risks based on your output from number 4, including future leaks (ongoing)
6. Prioritize your crypto and related systems, policies, procedures, and vendors
7. Update your plan based on your initial inputs
8. Mitigate your issues as per your risk assessment and plan
Identify a crypto-knowledgeable program lead or resource:
To keep your timelines as short as you can (you have less than nine years, closer to four, to retrofit your entire organization) and make sure you reach your goal, you need a program lead or team member who has a strong understanding of crypto (think direct experience implementing PKI, asymmetric, symmetric, and hashing at some point in their career) and has run very large diverse programs. They should also have vendor management experience to deal with all your vendors and how they are getting ready, system architecture experience, and applications security architecture/design experience. Finally, since you will either create or update your current policy and procedures to adapt to the quantum world, and hopefully, you will do it so that you are crypto-agile and any future changes will be easier, they need policy and procedure writing experience. You are not looking for a cryptographer but someone with practical experience implementing crypto in multiple environments. Part of finding your crypto program lead is also building the team they will work with. The team does not need to report to the lead; they just need to be assigned to be part of the overall team. This team will grow and shrink over time, so getting it perfect from the start is not a significant concern. If you are at a very large organization, you may also want to consider appointing an oversight council to help provide direction and support when organizational-level decisions need to be made. Also, the people on the oversight council become your cheerleaders and help drive your organizational changes.
Create an initial plan:
With the start of all programs, you need a plan to help you get moving, understand the scope, and drive your goal to completion. Your initial plan should include at least the nine items listed in the skeleton plan above. This initial plan is to get you started because your identification and assessment steps will fill out the knowledge you will need for the full plan. As part of this plan, you should consider an accelerated backup plan in case the quantum threat appears sooner than expected.
Communicate the issue and solution:
Communication is the key to every good program or project. The number of failed programs due to poor communication are too innumerable to count. Besides the regular communications like stakeholder and program communications, at a minimum, you will need; introductory communications to help educate people on the issue you are solving and gain their support, explanations of data collection requests and how to respond, updates on where the organization is with the program, policy/process change communications, new vendor requirements, updated development standards, updated hardware standards, and new or updated architecture standards communications. Don't forget to regularly remind people why you are doing the project and some of the extra benefits the organization will derive from the program.
Discover/Identify your systems, data, and vendors:
This is the part that is either really easy or really hard, depending on your organization's level of maturity and size. Even if it ends up being hard, the benefits of doing the work will pay for themselves over the long term. In this phase, you will use whatever tools you have to identify where you are using encryption, what that encryption is, and who owns/operates the asset. You may also need to budget for new tools if your current tool selection is lacking.
Your initial assessment, at a minimum, will need to include:
Systems (users, purpose, owners, encryption in use)
Data (type of data, purpose, owner, encryption being used)
Networks (users, purpose, owners, encryption in use)
Applications (users, purpose, owners, encryption in use)
Developers (What they are developing, what guidance they use, any external libraries they use)
External parties (what service is provided, how that service interfaces with your systems, how they are preparing)
Policies, procedures, and standards that address encryption or should
Once you have completed your initial assessment, you must identify missing items based on your team's expertise applied to the initial findings. Then, go back and expand the assessment to gather the missing things and add them to the overall assessment. Finally, you will have some blind spots in your assessment that will need to be filled in. For example, you might be using an access system provided by a vendor that uses poorly implemented crypto and cannot be updated. Or you might have one group using open-source libraries that were not found because they did not know their library used cryptography. Or, in the worst-case scenario, you have someone who tried to roll their own crypto and is now gone, and no one knows about it. In any case, this step is never complete, and you will find some interesting surprises.
Assess the risks based on your discovery phase:
It is time to look at what you have discovered and perform a risk assessment on your findings to determine where to start. Depending on the output of your discovery, you may also need to spin up some remediation projects to fix some things that you found to be of immediate concern. For example, the roll your own crypto from above. It is also worth noting that if your organization has a risk assessment methodology, use it. You do not want to waste time arguing over why you use another methodology versus addressing the real problem. At the end of the day, the people operating the risk assessment drive the quality of the assessment performed, not the methodology. Also, if your organization does not have a risk assessment methodology, ones like NIST SP 800-30 or ISO 31000 are reasonably good choices and well accepted. I think the NIST offering is easier and takes less time, but use what makes sense for you and your organization.
Based on the work being done by organizations like NIST, you should consider your crypto at risk in this order. The most risky is asymmetric encryption and hashing algorithms, and the least at risk is symmetric encryption with larger key sizes. Of course, you should do your own research and make a decision based on your assessment of the known facts.
Update your plan based on your initial inputs:
You have your database of everything that needs to be remediated and your risk assessment, including all the data, so it is time to fully develop your initial plan from earlier. This is also when you will need to consider where the standards bodies and vendors are in their process of meeting the need for quantum-ready crypto and adjust your plan as necessary.
Whatever your findings, prioritize the things required to get you ready and put off the things that cannot currently be done with today's technology. Most importantly, make sure that your policy, standards, and procedures are updated quickly so that you do not create more solutions that are not quantum-ready or at least quantum upgradeable.
Mitigate your issues as per your risk assessment and plan:
Now that you have accomplished the easy part :) it is time to work through the plan and accomplish the remediation. This step will, in all likelihood, take years in a large organization. If you have done your work well up to this point, you also will have better knowledge of everything that makes up your organization and better tools to identify and manage those things. Further, you will have improved your policy, procedures, processes, and ability to respond to future changes in all technologies, not just cryptography.
Further Considerations:
There are lots of related things that will affect your program and progress. One of the more interesting things you will need to consider is where cryptography is built into hardware. For example, most modern CPUs have
AES built into the hardware to speed up processing. Intel specifically calls out their long-term commitment to support FIPS-140-2 algorithms and that they are looking to support the new algorithms required to meet the needs of a quantum-ready future. So keep your vendor's hardware, including servers and personal computers, in mind when considering your future plans. Going from hardware support for cryptography back to software-only cryptography will slow communications and processing considerably.
Another thing to keep in mind is that the standards bodies are not yet where we need them to be for global support for quantum computing. People like you and I need to join the standards bodies to help move them forward quickly enough to meet everyone's needs. We require standards-based solutions because going back to the days of vendor unique solutions is not a world we want.
I wish you the best of luck in your program to achieve quantum-readiness.
© 2024 Carl Almond