Logo des Repositoriums
 

On Criteria and Tooling for Cryptographic Inventories

dc.contributor.authorSchmitt, Nicolai
dc.contributor.authorHenrich, Johanna
dc.contributor.authorHeinz, Dominik
dc.contributor.authorAlnahawi, Nouri
dc.contributor.authorWiesmaier, Alexander
dc.contributor.editorWendzel, Steffen
dc.contributor.editorWressnegger, Christian
dc.contributor.editorHartmann, Laura
dc.contributor.editorFreiling, Felix
dc.contributor.editorArmknecht, Frederik
dc.contributor.editorReinfelder, Lena
dc.date.accessioned2024-04-19T12:54:03Z
dc.date.available2024-04-19T12:54:03Z
dc.date.issued2024
dc.description.abstractWhen cryptography becomes insecure, a migration to new schemes is required. Often the migration process is very complicated, but the time available is very limited. Only if the used cryptographic algorithms, protocols and configurations are known can a system be efficiently and fully adapted to changed security situations. This creates the need for a crypto-inventory that gathers this knowledge. Consequently, the question arises what criteria a crypto-inventory must fulfill to support this adaptation. It also highlights the need for tools to assist compilation. We therefore conducted a literature survey and extracted key requirements. Missing content was supplemented by expanding existing requirements or adding new ones. Furthermore, appropriate metrics were assigned to assess the fulfillment of the requirements for a certain crypto-inventory implementation. Regarding the tooling, we identified five major areas of interest — installed software, connected hardware, communication, stored data and source code scanning — and provide prototypes for semi-automatic creation of crypto-inventories for three of them. This provides organizations with a starting point to understand their cryptographic landscape as a prerequisite for crypto-agility and crypto-migration. However, theoretical design and prototypes have not yet been evaluated. This will be done as a follow-up to this work. All types of organizations are invited to participate.en
dc.identifier.doi10.18420/sicherheit2024_003
dc.identifier.isbn978-3-88579-739-5
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/43967
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSicherheit 2024
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings Volume P-345
dc.subjectCrypto-Inventory
dc.subjectCrypto-Agility
dc.subjectAutomated
dc.subjectTooling
dc.subjectRequirements
dc.subjectMetrics
dc.subjectPQC
dc.subjectMigration
dc.subjectCryptography
dc.titleOn Criteria and Tooling for Cryptographic Inventoriesen
dc.typeText/Conference Paper
gi.citation.endPage63
gi.citation.publisherPlaceBonn
gi.citation.startPage49
gi.conference.date09.-11.04.2024
gi.conference.locationWorms
gi.conference.sessiontitleFull Paper Session 2 – Kryptographie

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
A2-1.pdf
Größe:
190.79 KB
Format:
Adobe Portable Document Format