Chujiao Ma, Comcast Cable Communications, LLC
Crypto agility refers to the ability to replace existing crypto primitives, algorithms, or protocols with a new alternative quickly and inexpensively, with no or acceptable risk exposure. These changes may be driven by regulatory action, advances in computing, or newly discovered vulnerabilities. Yet everyday operational needs may put crypto agility considerations on the back burner when deploying technology, designing processes, or developing products/services. Consequently, changes are often performed in an ad hoc manner. Transition from one crypto solution to another can then take a long time and expose organizations to unnecessary security risk. This presentation presents a framework to analyze and evaluate the risk that results from the lack of crypto agility. The proposed framework can be used by organizations to determine an appropriate mitigation strategy commensurate with their risk tolerance. We demonstrate the application of this framework with a case study of quantum computing threats to cryptography.
Chujiao Ma, Comcast Cable Communications, LLC
Chujiao Ma is a security research and development engineer at Comcast. Her research includes a wide range of topics from de-identification of data, crypto agility, open source, and quantum computing to security metrics. Chujiao holds a Ph.D. in Computer Science & Engineering from University of Connecticut and a Bachelor degree in Electrical and Computing Engineering from Franklin W. Olin College of Engineering.
author = {Chujiao Ma},
title = {Crypto Agility: Adapting and Prioritizing Security in a {Fast-Paced} World},
year = {2021},
publisher = {USENIX Association},
month = jun
}
