Towards a maturity model for crypto-agility assessment
The Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the crypto-agility of a particular software or IT landscape, is presented. CAMM consists of five levels, and for each level a set of requirements have been formulated based on existing crypto-agility literature that apply at that level. With the help of CAMM, organizations should be able to better prepare for potential threats that need to be addressed in a timely manner as vulnerabilities in cryptographic processes become known. The requirement for crypto-agility is motivated by the potential threat posed by powerful quantum computers.
Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.
Please log in or register in advance so that you can take part in actions or watch the action videos!
This action has already taken place. This action will soon be available as a video.
This action has already taken place. Please scroll down to watch the video.
This action has already taken place. Please login or register to watch the video.
This action has already taken place. It's not available any more.
You are in!
Your ticket / access to the action was sent to you by email.
Under the leadership of the U.S. National Institute of Standards and Technology (NIST), asymmetric cryptography methods are currently being standardized that are also intended to withstand an attack using powerful quantum computers. The first methods will probably be standardized in 2-4 years. Although current quantum computers are not yet powerful enough, Shor's algorithm has been known since 1997 as a method that breaks classical methods such as RSA.
Thus, research institutions and companies are already dealing with the question of how a migration process from classical, asymmetric cryptography to post-quantum cryptography can be designed. Asymmetric cryptography methods are found in practically all relevant IT security solutions and Internet protocols, which means that migration will be a masive task.
In this context, the question of crypto-agile approaches is also increasingly being discussed, i.e., how can an IT environment be designed in such a way that it can exchange cryptography methods in the future in a simple manner and without major effort. Along the way, it can be helpful to determine the crypto-agility of an existing IT landscape using a maturity model.
In this talk, the Crypto Agility Maturity Model (CAMM) will be presented, a 5-level maturity model that was developed in the working group of Prof. Heinemann at Darmstadt University of Applied Sciences in the context of the ATHENE project "Agile and Easy-to-use Integration of PQC Schemes". In the form of a stage model, 5 maturity levels are defined that build on each other. For each level, a set of requirements is formulated that must be met.
On the basis of these requirements, a company can then derive measures and steps which, after successful implementation, transfer the IT landscape to a higher level, i.e., come one step closer to meeting the requirement for crypto-agility and thus counter the potential threat posed by quantum computer-based attacks.