Auflistung nach Schlagwort "PQC"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragHow Quantum Computers threat security of PKIs and thus eIDs(Open Identity Summit 2021, 2021) Vogt, Sebastian; Funke, HolgerQuantum computers threaten the security of asymmetric cryptography and thus the heart of a PKI - used for example to protect electronic data in passports. On the one hand, there are already promising candidates for post-quantum secure algorithms, but these also have disadvantages (stateful and / or with significantly larger public keys or signatures). On the other hand, there are some application areas for which a PKI should use post-quantum secure procedures as soon as possible. What is the situation regarding PQC in the market for secure, electronic identification (e.g. electronic travel documents)? What needs to be done to prepare electronic travel documents for a post-quantum world?
- KonferenzbeitragOn Criteria and Tooling for Cryptographic Inventories(Sicherheit 2024, 2024) Schmitt, Nicolai; Henrich, Johanna; Heinz, Dominik; Alnahawi, Nouri; Wiesmaier, AlexanderWhen cryptography becomes insecure, a migration to new schemes is required. Often the migration process is very complicated, but the time available is very limited. Only if the used cryptographic algorithms, protocols and configurations are known can a system be efficiently and fully adapted to changed security situations. This creates the need for a crypto-inventory that gathers this knowledge. Consequently, the question arises what criteria a crypto-inventory must fulfill to support this adaptation. It also highlights the need for tools to assist compilation. We therefore conducted a literature survey and extracted key requirements. Missing content was supplemented by expanding existing requirements or adding new ones. Furthermore, appropriate metrics were assigned to assess the fulfillment of the requirements for a certain crypto-inventory implementation. Regarding the tooling, we identified five major areas of interest — installed software, connected hardware, communication, stored data and source code scanning — and provide prototypes for semi-automatic creation of crypto-inventories for three of them. This provides organizations with a starting point to understand their cryptographic landscape as a prerequisite for crypto-agility and crypto-migration. However, theoretical design and prototypes have not yet been evaluated. This will be done as a follow-up to this work. All types of organizations are invited to participate.