Achieving 'Crypto Agility'

Graham Steel
January 21, 2019

A recent NIST paper recommending which steps to take to prepare for the advent of quantum computers proposes that users of cryptography look to achieve 'crypto agility' as soon as possible. The idea was further expanded by Gartner in a recent research note, and now crops up regularly. It's sometimes described as 'crypto-agnosticism', but what does it mean, and how does one achieve it?

Designers of cryptographic protocols have talked for a long time about the idea of algorithm agility. The principle is simple: that a protocol will be designed in such a way that its function is, to some extent, independent of the choice of cryptographic algorithm used, therefore allowing you to switch algorithm. You might even have a set of recommended cipher suites that can be negotiated in each protocol exchange - this is how TLS works for example. There are now whole RFCs dedicated to the topic.

Crypto agility extends this idea from network protocols to all of the cryptography in use in an organisation. This means that an organisation can only become crypto-agile when the security team knows all of the algorithms, keylengths, crypto libraries and protocols in use in their applications and infrastructure, and has a plan that would allow them to change if necessary.  

There are numerous reasons why an organisation might need to change algorithm; not least the impending arrival of a quantum computer that can break existing asymmetric crypto. Yet the change may also be due to a cryptanalysis breakthrough, a new mathematical discovery, or the slow march of available computing power that makes previously safe cryptography insecure. An organisation that knows where it uses the affected algorithms and has a change plan in place will be able to respond quickly to minimise the risk.So how do we get to a crypto-agile state? Gartner provide a programme (the outline is public, full report is for subscribers only), and fortunately crypto-testing tools, such as Cryptosense Analyzer, can help execute it.Gartner's programme suggests 3 steps:

Step 1. Build Crypto-Agility into Application Development or your Application Procurement Workflow

You can ensure that your applications are crypto-agile by adding crypto testing into your AppSec workflow. This allows you to test for issues that would prevent an easy algorithm switch - such as hard coded keys or use of deprecated hash functions (like SHA-1) - as well as ensure that you don't deploy vulnerable software into the wild. A crypto-specific IAST tool, such as Cryptosense Analyzer, can be integrated into CI and DevOps processes allowing you to monitor use of cryptography at every stage of the development lifecycle. You can also use it to test third party software, or ask your vendor to carry out crypto testing during the procurement process.

Step 2. Inventory the Applications that use Cryptography, and Identify and Evaluate your Dependence on Algorithms

Where's my crypto? That's one of the main questions that Cryptosense software aims to answer. Many companies do not know what type of encryption they're using, or how it's used, making crypto-agility impossible. However, finding out this type of information is easy using Cryptosense Analyzer.  The first output from a run of Cryptosense Analyzer is a map showing all the cryptography that your application actually uses (and not just the algorithms supported by your libraries). Periodic auditing of applications in this way gives you immediate up-to-date information.

Step 3. Include Cryptographic Alternatives and an Algorithm Swap-Out Procedure in your Existing Incident Response Plans

As you implement a transformation or refactoring in your cryptography, you will need to check that you don't make a mistake in key-management, randomness generation or other details that could compromise security. Employing a crypto-testing tool, such as Analyzer, whilst building your crypto-agility response plan will provide assurance that business critical systems will continue to function as expected in the  event of an algorithm change.  To try Cryptosense Analyzer, get in touch for a demo.