A Framework for Migrating to Post-Quantum Cryptography: Security Dependency Analysis and Case Studies

Khondokar Fida Hasan; Leonie Simpson; Mir Ali Rezazadeh Baee; Chadni Islam; Ziaur Rahman; Warren Armstrong; Praveen Gauravaram; Matthew McKague

doi:10.1109/ACCESS.2024.3360412

IEEE Access (Jan 2024)

A Framework for Migrating to Post-Quantum Cryptography: Security Dependency Analysis and Case Studies

Khondokar Fida Hasan,
Leonie Simpson,
Mir Ali Rezazadeh Baee,
Chadni Islam,
Ziaur Rahman,
Warren Armstrong,
Praveen Gauravaram,
Matthew McKague

Affiliations

Khondokar Fida Hasan: ORCiD; Canberra School of Professional Studies, University of New South Wales (UNSW), Canberra, ACT, Australia
Leonie Simpson: ORCiD; School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia
Mir Ali Rezazadeh Baee: ORCiD; School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia
Chadni Islam: School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia
Ziaur Rahman: ORCiD; School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia
Warren Armstrong: ORCiD; QuintessenceLabs Pty Ltd., Canberra, ACT, Australia
Praveen Gauravaram: ORCiD; Cybersecurity Research & Innovation, Tata Consultancy Services Ltd., Australia & New Zealand, Brisbane, QLD, Australia
Matthew McKague: ORCiD; School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia

DOI: https://doi.org/10.1109/ACCESS.2024.3360412
Journal volume & issue: Vol. 12
pp. 23427 – 23450

Abstract

Read online

Quantum computing is emerging as a significant threat to information protected by widely used cryptographic systems. Cryptographic methods, once deemed secure for decades, are now at risk of being compromised, posing a massive threat to the security of sensitive data and communications across enterprises worldwide. As a result, there is an urgent need to migrate to quantum-resistant cryptographic systems. This is no simple task. Migrating to a quantum-safe state is a complex process, and many organisations lack the in-house expertise to navigate this transition without guidance. In this paper, we present a comprehensive framework designed to assist enterprises with this migration. Our framework outlines essential steps involved in the cryptographic migration process, and leverages existing organisational inventories. The framework facilitates the efficient identification of cryptographic assets and can be integrated with other enterprise frameworks smoothly. To underscore its practicality and effectiveness, we have incorporated case studies that utilise graph-theoretic techniques to pinpoint and assess cryptographic dependencies. This is useful in prioritising crypto-systems for replacement.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords