logo
allArticlesConferencesPresentations

Cryptographic Agility: Preparing Modern Apps for Quantum Safety and Beyond

Conference:  Cloud Native SecurityCon North America 2023

Authors:   Natalie Fisher

Summary

The presentation discusses the importance of cryptography in cybersecurity and the need for a crypto agile framework to manage it efficiently. It also highlights the challenges in implementing new cryptography and the need for involvement from all stakeholders.
  • Cryptography is essential in securing online transactions and IoT devices
  • The implementation of cryptography needs to be managed efficiently through a crypto agile framework
  • All stakeholders, including developers, IT infrastructure teams, and infosec teams, need to be involved in the process
  • The future landscape of cryptography will be independent of the app lifecycle, making it easier to manage and transition to new algorithms and standards
  • Implementation flaws and the threat of quantum computing make it crucial to be cryptographically agile
The presentation mentions the Specter and Meltdown attacks, which are classified as side channel attacks. The logos for these attacks are described as cute, but the point is that these attacks and others like them can be prevented through proper cryptography management.

Abstract

In 2012, the vulnerability, HeartBleed, was discovered then patched in 2014. But because organizations were slow to respond hackers managed to steal 4.5 million healthcare records. In 2019 over 200,000 systems were still unpatched. Why is it difficult to change or update these protocols? IT organizations are not aware of the encryption they are using, which applications are using it, or how it is used and customers have no unified way to transition between cryptography standards, libraries, and manage cryptographic configuration and compliance. Recent advances in quantum computing and global government initiatives have prompted a new sense of urgency in migrating public key cryptography to quantum-safe standards. Modern and legacy apps will benefit from crypto agility schemes leveraging proxies, policy-driven configuration, and orchestrated management. The session will help to prepare enterprises of every size for the cryptographic migration to come -- no matter where your apps are deployed.
Materials:
Tags:

Post a comment

Related work

Common Myths about PQ Migration and Standards Busted!

Conference:  RSA Conference 2023
Authors: Michael Jenkins
2023-04-24

Quantum Security and Cryptography: You Are (Probably) Doing it Wrong

Conference:  BlackHat EU 2020
Authors:
2020-12-10

DNSSEC Downgrade Attacks

Conference:  Black Hat USA 2022
Authors:
2022-08-11

B’Envoy-age to Pre-Quantum Encryption

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Doron Podoleanu, Daniel Rouhana, Emma Dickenson
2022-10-28

Quantum Computing: One Weird Trick to Break RSA Encryption

Conference:  RSA Conference 2021
Authors:
2021-05-17

Baby Sharks: Small-Subgroup Attacks to Disrupt Large Distributed Systems

Conference:  BlackHat USA 2021
Authors:
2021-08-05