cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Transitioning to Quantum-Safe Cryptography

Hi All

 

Cryptography is a foundational technology of security-critical systems and organizations; however, the correct and secure application of cryptographic algorithms is prone to error due to its inherent complexity, nuances of their configurations and cryptographic APIs, lack of domain knowledge by practitioners, etc. Moreover, assessing an organization or application’s cryptographic posture or targeting where upgrades are required is complex. The application of cryptography is often dispersed across various systems, opaque and hardcoded. Even when cryptography is applied correctly, secure software systems exist in an ever-evolving, adversarial ecosystem. New technological advances or weaknesses may immediately render previously accepted cryptographic approaches obsolete and insecure.

 

This whitepaper provides an overview of the concepts of a cryptography inventory, which is a complete list of cryptographic entities in a system or organization. A systematic representation of such an inventory is commonly referred to as a Cryptographic Bill of Materials (CBOM). We discuss what a CBOM is, its purpose, how it might be applied and where, and the challenges and considerations that must be undertaken in its development. The target audience is any individual or organization seeking to understand and explore the problem of creating an inventory, inventory tools, or standards of cryptography inventories. The goal is to initiate a dialogue towards developing maturity in cryptography inventory capabilities and practice and to enable an efficient long-term solution to discover and manage system cryptography.

 

 

https://pqcc.org/transitioning-to-quantum-safe-cryptography-exploring-the-role-and-value-for-develop...

 

Regards

 

Caute_Cautim

3 Replies
panosvl
Viewer III

Thanks for sharing this, very interesting and nicely presented. 
As far as I'm aware, there are already some offerings regarding crypto-inventory. 
Some of them are features of network-security products, others stand-alone products. 

Caute_cautim
Community Champion

@panosvl    Hi it would be good to collate and present those options, because everyone is going to do this discovery at some point in the future, even if they ignore today.

 

Regards

 

Caute_Cautim

panosvl
Viewer III

Here are some useful links regarding CBOM and automatic discovery through source and object code scanning.

Not sure if listing products/services here is beneficial, but something like IBM's Quantum Safe Explorer is what I had in mind. This page from them has some interesting use-cases as well.