{"title":"Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition","authors":"Yaser Baseri , Vikas Chouhan , Ali Ghorbani , Aaron Chow","doi":"10.1016/j.cose.2024.104272","DOIUrl":null,"url":null,"abstract":"<div><div>The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks, particularly targeting the mathematical foundations of current asymmetric cryptographic algorithms, render them ineffective. Even standard symmetric key cryptography is susceptible, albeit to a lesser extent, with potential security enhancements through longer keys or extended hash function outputs. Consequently, the cryptographic solutions currently employed to safeguard data will be inadequately secure and vulnerable to emerging quantum technology threats. In response to this impending quantum menace, organizations must chart a course towards quantum-safe environments, demanding robust business continuity plans and meticulous risk management throughout the migration process. This study provides an in-depth exploration of the challenges associated with migrating from a non-quantum-safe cryptographic state to one resilient against quantum threats. We introduce a comprehensive security risk assessment framework that scrutinizes vulnerabilities across algorithmic, certificate, and protocol layers, covering the entire migration journey, including pre-migration, through-migration, and post-migration stages. Our methodology links identified vulnerabilities to the well-established STRIDE threat model, establishing precise criteria for evaluating their potential impact and likelihood throughout the migration process. Moving beyond theoretical analysis, we address vulnerabilities practically, especially within critical components like cryptographic algorithms, public key infrastructures, and network protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104272"},"PeriodicalIF":4.8000,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005789","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks, particularly targeting the mathematical foundations of current asymmetric cryptographic algorithms, render them ineffective. Even standard symmetric key cryptography is susceptible, albeit to a lesser extent, with potential security enhancements through longer keys or extended hash function outputs. Consequently, the cryptographic solutions currently employed to safeguard data will be inadequately secure and vulnerable to emerging quantum technology threats. In response to this impending quantum menace, organizations must chart a course towards quantum-safe environments, demanding robust business continuity plans and meticulous risk management throughout the migration process. This study provides an in-depth exploration of the challenges associated with migrating from a non-quantum-safe cryptographic state to one resilient against quantum threats. We introduce a comprehensive security risk assessment framework that scrutinizes vulnerabilities across algorithmic, certificate, and protocol layers, covering the entire migration journey, including pre-migration, through-migration, and post-migration stages. Our methodology links identified vulnerabilities to the well-established STRIDE threat model, establishing precise criteria for evaluating their potential impact and likelihood throughout the migration process. Moving beyond theoretical analysis, we address vulnerabilities practically, especially within critical components like cryptographic algorithms, public key infrastructures, and network protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
