Embed Size (px)
Citation preview
Quantum-Safe Migration with Crypto-Agile Certificates
01 Long Term SecurityQuantum-safe security is a key enabler for long termsecurity. Healthcare will be able to benefit greatly from quantum-safe security.
02 Redundant DatabasesRedundancy with distributed databases are important for disaster recovery of data.
03 Quantum-safe DatabasesQuantum-safe distributed databases were constructed using QKD connections
Healthcare LINCOS (H-LINCOS)
Now that storage is quantum-safe, let’s look at access control…
Testbed of H-LINCOS
Shareholder
Layer-3 private channel
Secret sharing network
Shareholder
Science Center
Root CACertificates
NICTUser devices User devices
Kochi U Tech
Controller
Layer-2 private channel
Gateway server
Data owner server
Osaka
Otemachi
Certificates
Gateway server
ShareholderNagoya
KoganeiShareholder
Authentication Access control Access right
management
- PKI
- PKI/TLS
Legend
01 Requirements Use of Healthcare Public
Key Infrastructure (H-PKI) Quantum-safe
Authentication
02 Design Decisions Use of quantum-safe TLS
between terminals and gateway-server for secrecy
Use H-PKI with quantum-safe authentication
Use identity information is H-PKI Certificate for finer access control
03 Investigation Objectives Evaluate feasibility of
quantum-safe TLS with client authentication
Assess importance of Crypto Agility
Access Control in H-LINCOS
Challenges in Quantum-safe TLS/PKI - Crypto Uncertainty
Standardized at IETF In progress at NISTStateful signature algorithms: LMS XMSSCode signing and certificate signing by CA’s
Stateless signatures: These are signatures that are needed for end entity’s signing operation during the protocol handshake
01 02
Challenges in Quantum-safe TLS/PKI- Crypto UncertaintyFor entity’s signing, the cryptography must be agile to cope with: Parameter changes Slight algorithm changes
Challenges in Quantum-safe TLS/PKI- Size and Complexity
Refer to today’s PKI deployments: PKI is ubiquitous, complex, and
inter-dependent, e.g., Internet websites (https) Government and enterprise access
control T
Todays PKI uses RSA or ECC! We must migrate to Quantum-
Safe!
THE SOLUTION: CRYPTO-AGILITY
The ability to react to cryptographic threats quickly, at a systems level. It bridges the gap between current and quantum-safe security methods.
Today ?
Quantum-safe Cryptography
Current Public Key Cryptography
Crypto-agile solutions = current + quantum-safe
9
Maintain Interoperability
Maintain the current interoperability between your current systems and
allow for backwards compatibility
Migrate FasterBy implementing a crypto-
agile solution, you’ll be able to migrate critical systems
faster
Reduce Switching Costs
An agile switch will have no need to duplicate two entire
systems: one original and one quantum safe, thus
saving on switching costs.
Crypto-Agility Objectives
Catalyst: Crypto-Agile CertificateID Info
Classical Public Key
Quantum-safe Public Key
Quantum-safe Signature
Classical Signature
Secured by Classical
Secured by Quantum-safe
ISARA CatalystExtension
Phased Migration
IntermediateCA 1
IntermediateCA 2
IntermediateCA 3
Root CA
Classical Digital Certificate
Quantum-safe Digital Certificate
Experiment with Server Authentication of TLS
Classical ClientQuantum-safe
Client
Classical Signature
Quantum-safe Signature
Experiment with Client Authentication of TLS
Classical ClientQuantum-safe
Client
Classical Signature
Quantum-safe Signature
System Construction
Microsoft Windows 10Professional 64 bits
User device
Web browser
TLS
PQ-PKI certificate storeCertificate for healthcare worker
Root certificate
- PQ-signature- PQ-key exchange
CentOS 764 bits
Gateway server
Web server
TLS
- PQ-signature- PQ-key exchange
Medical records
PQ-TLS
TCP/IP
PQ-PKI certificate storeCertificate for gateway server
Root certificate
Some Preliminary Results
Server AuthenticationWorked.
Client AuthenticationWorked.
Crypto-agility Achieved
Future Study
Update Signatures
In future iterations of this project we would
look to update the Quantum-safe Digital
Signature Algorithms to their latest versions.
Introduce Intermediate CAs
We would look to introduce intermediate
CAs to assess the impacts of certificate
chains, and examine a larger scale network
migration.
Key Encapsulation
By considering a Key Encapsulation
Mechanism (KEM) instead of a Key
Exchange we could conform to NIST
proposals.
Deploy TLS 1.3
We would look into the possibility of deploying Transport Layer Security
(TLS) protocol 1.3, which is more KEM
friendly.
H-LINCOS - Summary & Next Steps
NICT has added the quantum-safe H-PKI based access control with quantum-safe TLS in the lab
Next Steps: Field tests for a larger network setting
TU Darmstadt introduced PROPYLA & ELSA to address APH and large data
Next Steps: Integrate into larger system to further study feasibility
ISARA provided quantum-safe TLS with Catalyst certificates
Next Steps: Update with NIST proposals and Catalyst certificate standards
Join us on social
@ISARACorp @ISARACorp @ISARACorporation
CLEARING THE PATH TOQUANTUM-SAFE SECURITY
