Crypto Agility: Solving for the inevitable Urgent Comms – Urgent Communications

Security today relies on cryptography, an information-protection technology that uses algorithms to transform messages into a form that is difficult for a third party to decipher. For decades, computers and networks have relied on cryptography to provide confidentiality and integrity, and for common tasks like authentication. Arguably, it has become the backbone of modern cybersecurity as we put more of our lives online.

Cryptography depends on the fact that todays computers dont have the power to decode encrypted data in a realistic time frame (such as in our lifetimes). But that changes as we march closer toquantum computers machines that use the properties of quantum physical phenomena to perform algorithms at lightning speeds compared with todays fastest computers. A mature quantum computer could crack a private cryptography key from its public key counterpart in minutes (compared with thousands of years with a standard processor). Its important to note that quantum-computer prototypes are still gradually increasing in size and capabilities and dont yet pose a threat. Eventually, however, they will become powerful enough to attack widely used public key cryptography.

Cryptography and quantum computing are on a collision course that will threaten this cornerstone technology underlying cybersecurity. The systems weve built to power our digital lives arent ready for the strength of our public key cryptography standards (RSA, EC, and DSA)to be undermined. (Thisblog postexplains this in greater detail.) We must prepare for a future where many of ourcurrent cryptographic algorithms dont work. The solution will mean deploying necessary changes as anindustry, which will take time and is considerably more complex than it may seem.

Cryptography: Whats at StakeStored data is encrypted usingsymmetric key algorithms(such asAdvanced Encryption Standard, or AES), which are less threatened by quantum computing. Exposures are more about communication channels and the key establishment portion of theTransport Layer Security(TLS) protocol. In TLS, two parties use public key cryptography to authenticate one another and then negotiate a shared symmetric key for the session. The result is a session key that enables secure communication between the two parties.

Why does this matter if quantum computing is not yet a thing and the threat is limited to certain situations?

The first reason is that an attacker can record encrypted data now in preparation for breaking the encryption later, once scalable quantum computing is available. This is known as a harvest-now, decrypt-later attack, and it is particularly threatening for long-lived information assets (think bank account numbers, for example). As we get closer to thequantum-computing threat, vulnerable data with shorter lifespans also becomes a concern.

To read the complete article, visit Dark Reading.

Read more from the original source:

Crypto Agility: Solving for the inevitable Urgent Comms - Urgent Communications