Quantum-Safe Migration with Crypto- Agile Certificates · 2018-11-12 · Quantum-safe...

Quantum-Safe Migration with Crypto-Agile Certificates

01 Long Term SecurityQuantum-safe security is a key enabler for long termsecurity. Healthcare will be able to benefit greatly from quantum-safe security.

02 Redundant DatabasesRedundancy with distributed databases are important for disaster recovery of data.

03 Quantum-safe DatabasesQuantum-safe distributed databases were constructed using QKD connections

Healthcare LINCOS (H-LINCOS)

Now that storage is quantum-safe, let’s look at access control…

Testbed of H-LINCOS

Shareholder

Layer-3 private channel

Secret sharing network

Shareholder

Science Center

Root CACertificates

NICTUser devices User devices

Kochi U Tech

Controller

Layer-2 private channel

Gateway server

Data owner server

Osaka

Otemachi

Certificates

Gateway server

ShareholderNagoya

KoganeiShareholder

Authentication Access control Access right

management

- PKI

- PKI/TLS

Legend

01 Requirements Use of Healthcare Public

Key Infrastructure (H-PKI) Quantum-safe

Authentication

02 Design Decisions Use of quantum-safe TLS

between terminals and gateway-server for secrecy

Use H-PKI with quantum-safe authentication

Use identity information is H-PKI Certificate for finer access control

03 Investigation Objectives Evaluate feasibility of

quantum-safe TLS with client authentication

Assess importance of Crypto Agility

Access Control in H-LINCOS

Challenges in Quantum-safe TLS/PKI - Crypto Uncertainty

Standardized at IETF In progress at NISTStateful signature algorithms: LMS XMSSCode signing and certificate signing by CA’s

Stateless signatures: These are signatures that are needed for end entity’s signing operation during the protocol handshake

01 02

Challenges in Quantum-safe TLS/PKI- Crypto UncertaintyFor entity’s signing, the cryptography must be agile to cope with: Parameter changes Slight algorithm changes

Challenges in Quantum-safe TLS/PKI- Size and Complexity

Refer to today’s PKI deployments: PKI is ubiquitous, complex, and

inter-dependent, e.g., Internet websites (https) Government and enterprise access

control T

Todays PKI uses RSA or ECC! We must migrate to Quantum-

Safe!

THE SOLUTION: CRYPTO-AGILITY

The ability to react to cryptographic threats quickly, at a systems level. It bridges the gap between current and quantum-safe security methods.

Today ?

Quantum-safe Cryptography

Current Public Key Cryptography

Crypto-agile solutions = current + quantum-safe

9

Maintain Interoperability

Maintain the current interoperability between your current systems and

allow for backwards compatibility

Migrate FasterBy implementing a crypto-

agile solution, you’ll be able to migrate critical systems

faster

Reduce Switching Costs

An agile switch will have no need to duplicate two entire

systems: one original and one quantum safe, thus

saving on switching costs.

Crypto-Agility Objectives

Catalyst: Crypto-Agile CertificateID Info

Classical Public Key

Quantum-safe Public Key

Quantum-safe Signature

Classical Signature

Secured by Classical

Secured by Quantum-safe

ISARA CatalystExtension

Phased Migration

IntermediateCA 1

IntermediateCA 2

IntermediateCA 3

Root CA

Classical Digital Certificate

Quantum-safe Digital Certificate

Experiment with Server Authentication of TLS

Classical ClientQuantum-safe

Client

Classical Signature

Quantum-safe Signature

Experiment with Client Authentication of TLS

Classical ClientQuantum-safe

Client

Classical Signature

Quantum-safe Signature

System Construction

Microsoft Windows 10Professional 64 bits

User device

Web browser

TLS

PQ-PKI certificate storeCertificate for healthcare worker

Root certificate

- PQ-signature- PQ-key exchange

CentOS 764 bits

Gateway server

Web server

TLS

- PQ-signature- PQ-key exchange

Medical records

PQ-TLS

TCP/IP

PQ-PKI certificate storeCertificate for gateway server

Root certificate

Some Preliminary Results

Server AuthenticationWorked.

Client AuthenticationWorked.

Crypto-agility Achieved

Future Study

Update Signatures

In future iterations of this project we would

look to update the Quantum-safe Digital

Signature Algorithms to their latest versions.

Introduce Intermediate CAs

We would look to introduce intermediate

CAs to assess the impacts of certificate

chains, and examine a larger scale network

migration.

Key Encapsulation

By considering a Key Encapsulation

Mechanism (KEM) instead of a Key

Exchange we could conform to NIST

proposals.

Deploy TLS 1.3

We would look into the possibility of deploying Transport Layer Security

(TLS) protocol 1.3, which is more KEM

friendly.

H-LINCOS - Summary & Next Steps

NICT has added the quantum-safe H-PKI based access control with quantum-safe TLS in the lab

Next Steps: Field tests for a larger network setting

TU Darmstadt introduced PROPYLA & ELSA to address APH and large data

Next Steps: Integrate into larger system to further study feasibility

ISARA provided quantum-safe TLS with Catalyst certificates

Next Steps: Update with NIST proposals and Catalyst certificate standards

www.isara.comquantumsafe@isara.com

Join us on social

@ISARACorp @ISARACorp @ISARACorporation

CLEARING THE PATH TOQUANTUM-SAFE SECURITY