Crypto-agility, or cryptographic agility, is the capacity for an information security system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure. NIST guidelines state “maintaining crypto agility is imperative” to prepare for the quantum computing era. Crypto-agility may be achieved through the adoption of new frameworks for incident response and application development, as well as the acquisition of a service software layer to facilitate crypto-agility in legacy applications.
Background on Crypto-Agility
The use of cryptography to conceal information dates to 1900 BCE, and the use of cryptanalysis methods to break ciphers is likely nearly as old. In NIST’s terminology, the best possible classification for an algorithm is “acceptable,” which means “an algorithm or key is safe to use; no security risk is currently known when used in accordance with any associated guidance.”
NIST’s recommendations for the immediate adoption of crypto-agility are informed by the potential of quantum computing to render all current public key cryptosystems powerless. For example, in 1994, Peter Shor of Bell Laboratories demonstrated the potential of quantum computers to dramatically speed up the process of factorizing primes in comparison to using classical computers, thereby breaking the RSA algorithm.
While it is challenging to predict a timeline for the realization of quantum computing, efforts are underway to develop post-quantum cryptography methods. Developing agility in the digital infrastructure is essential to preparing for contemporary and quantum computing risks.
Why Crypto-Agility Matters
Public key encryption, digital signatures, and key exchange are the core of modern information systems, payment systems, and the global communications infrastructure. However, no single method of encryption is unbreakable. Recent discoveries of vulnerabilities in major algorithms has provided evidence that organizations must be prepared to transition between standards quickly.
In July 2018, NIST published draft guidance proposing a five-year timeline to disallow the use of the 3DES algorithm. This retirement followed discovery of the Sweet32 vulnerability which exploited a known vulnerability to collision attacks in 3DES and other 64-bit block cipher suites. 3DES is rooted in systems, standards and technology in the finance industry, and its retirement could create challenges around infrastructure, payments, and interoperability.
In October 2017, the ROCA vulnerability was discovered in a software library implementing the RSA asymmetric cipher, which impacted billions of security devices and smartcards.
In cryptography, the discovery of vulnerabilities and the retirement of algorithms is inevitable. Organizations should adopt crypto-agility capabilities, or a stance in which encryption methods can be updated within protocols, systems and technology as vulnerabilities are discovered.
Agile cryptography requires the evolution of organizational policies prior to the discovery of vulnerabilities and risks. Gartner recommends the collaboration of security and incident response leadership to facilitate organizational change, including a three-part framework for transitioning to crypto-agility:
- Adapt application development and procurement workflows to reflect crypto-agility
- Conduct a comprehensive inventory of information systems which use cryptography. Identify and evaluate algorithms in use
- Update incident response plans to include cryptographic alternatives and methods for updating existing methods of encryption
Traditional response methods to the discovery of cryptographic vulnerabilities include time-consuming updates to code bases, algorithm replacement, application rebuilding, and patching. While this approach creates a solution, hard-coded changes do not facilitate protection or efficiency in future discovery of vulnerabilities. Technological agility is best achieved with the adoption of new development frameworks and service software for applications that rely on strong cryptography.
Development methods for crypto-agility could include the adoption of object-oriented frameworks such as Java Development Kit (JDK) and .NET. These frameworks allow algorithms to be represented as classes that derive from abstract classes, which allow the loading of changes to algorithms post-implementation from a database or configuration file.
While new development frameworks can safeguard future applications, conducting a complete overhaul of legacy IT systems for intrinsic crypto-agility is not pragmatic. Crypto-agility can also be facilitated with the adoption of a service software layer, or gateway application, between applications and hardware security modules. Solutions for cryptography as a service can enable agility in key management, policy enforcement, algorithm updates, monitoring, and usability.
Organizations need the capacity to quickly update cryptographic methods without significant change to information systems to retain regulatory compliance and mitigate security risks. The discovery of the Sweet32 vulnerability and retirement of the 3DES cipher suite is evidence for the immediate adoption of new frameworks and technologies to proactively respond to risks.
While adopting new methods of application development can facilitate crypto-agility, the complete re-engineering of existing information systems is not realistic. Solutions for cryptography as a service, such as Crypto Service Gateway, can facilitate crypto-agility in legacy and new IT systems by allowing organizations to immediately adopt new methods of encryption without code updates.
- Selected articles about Crypto-Agility (2014-today), by Duncan Jones, Jasmine Henry, Rob Stubbs, and more.
- NISTIR: Report on Post-Quantum Cryptography (April 2016), by the National Institute of Standards and Technology
- The Code Book: The Secret History of Codes and Code Breaking (1999), by Simon Singh.
- Draft NIST Special Publication 800-131A Revision 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths (July 2018), by the National Institute of Standards and Technology.
- The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli (October 2017), by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas,
- Better Safe than Sorry: Preparing for Crypto Agility (April 2018), by Mark Horvath and David Anthony Mahdi.
- Cryptographic Agility by Bryan Sullivan, July 2010.
- Cryptomathic Answers Compliance-Driven Call for Crypto-Agility by Cryptomathic, May 2018.