《CNCF23_Cryptoagility.pptx (2).pdf》由会员分享,可在线阅读,更多相关《CNCF23_Cryptoagility.pptx (2).pdf(26页珍藏版)》请在三个皮匠报告上搜索。
1、Natalie FisherCryptographic Agility:Preparing Modern Apps for Quantum Safety and BeyondAgenda What is Cryptographic Agility?Why do you care?How to prepare VMwares PlansRequired DisclaimerWhat is Cryptographic Agility?Cryptographic AgilityCryptographic Agility The ability to reconfigure an applicatio
2、n or system with a different cryptographic algorithm(or implementation).Cryptographic Agility AdvantagesTransition to New AlgorithmsChange LibraryModifying ConfigCompliance StandardsRetiring AlgorithmsStreamline RemediationCurrent landscapeCurrent Landscape ProblemsLack of visibilityNo unificationRe
3、architecting requiredChallenges:The StakeholdersLibrary DevelopersApplication DevelopersHW Platform DevelopersStandards(e.g.,NIST,IETF)Business Operations TeamsIT InfoSec ProfessionalsCrypto ProvidersEnterprise ConsumersIT Infrastructure TeamsSolution ProvidersSystem Software DevelopersCloudPlatform
4、 DevelopersTraditional Building BlocksHave we provided adequate transition frameworks?Are we hearing them?Future LandscapeFuture landscape benefitsStandards migrationComplianceGood engineeringWhy do you care?15 PKI and crypto ARE critical infrastructure and usage is ever-expanding Crypto expert reso
5、urces are scarce and expensive Risks can be unknown because elements are not visible/managed Many organizations find out too late what it takes to manage crypto assets well Procedures,Policies and(crypto)platforms are not always robust or maintained Best practices are often inconvenient Certificates
6、 Keys Secrets Crypto Algorithm Crypto LibraryCrypto is Everywhere16Implementation FlawsHEARTBLEED Scaled Quantum Computers are on the HorizonRigetti Aspen-1118Decrypt later with scaled Quantum ComputerHarvest Now:Copy encrypted data communications.Store.Internet VPNHarvest Now,Decrypt Later(HNDL)The
7、 Quantum Computing Threat to Long-lived Information Assets20TimelineApr 2016:NISTIR 8105 Report on PQCDec 2016:Call for ProposalsNov 2017:Deadline for submissionsApr 2018:1st NIST PQC Std WorkshopJan 2019:Round 2 candidates announcedAug 2019:2nd NIST PQC Std WorkshopJuly 2020:Round 3 candidates anno
8、uncedJune 2021:3rd NIST PQC Std WorkshopJuly 2022:PQC Draft Standards announced2024:PQC Standards finalizedPost Quantum CryptographyNIST StandardizationHow to prepare?22What can you do now?Identify crypto libraries in organization Communicate policiesIdentify most valuable assetsPlan and build for c
9、hangeCreate backup plans for CAWhat is VMware doing?Project Newcastle24Project NewcastlePolicy-driven cryptography compliance and configuration platformCryptography ObservabilityDefine Cryptography PoliciesAutomate ReconfigurationSupport Post Quantum CryptographyAudit&Attest Cryptographic Compliance
10、25ChatGPT JokesBecause Security Can Be FunWhy was the crypto system always flexible?Because it had the agility to change keys at any time!Why did the encryption system never panic?Because it had the agility to switch to a stronger algorithm in a crisis!Why did the cryptography algorithm cross the road?To get to the other side of security and agility!Why did the encryption algorithm decide to take up yoga?To improve its crypto agility and be able to bend and stretch to different security requirements!Please scan the QR Code aboveto leave feedback on this session