Abstract
AbstractThe term crypto-agility means the ability to quickly and securely change cryptographic algorithms and related data, in the case of their compromise. In this context, the advent of quantum computing constitutes a new paradigm, which poses existential threats to current cryptographic algorithms. Even if these attacks are not an imminent danger, we must be prepared to change the cryptographic algorithms at risk with new, quantum resistant ones. This is by no means an easy task, because cryptographic algorithms are used everywhere and are often also implemented on the hardware. In this paper, we analyze the similarities and the differences between traditional agility and crypto-agility, and investigate the prospects of using agile and lean practices in the context of crypto-agility to introduce quantum resistant algorithms. In particular, for the main agile and lean practices we discuss if and how they can be useful for obtaining crypto-agility. We also investigate how the features key to crypto-agility can be helped by the agile and lean approach.
Publisher
Springer Nature Switzerland
Reference18 articles.
1. Beck, K., Beedle, M., Van Bennekum, A., et al.: The agile manifesto (2001)
2. Beznosov, K.: Extreme security engineering: on employing XP practices to achieve’ good enough security’ without defining it (2003)
3. Fitzgerald, B., Stol, K.J., O’Sullivan, R., O’Brien, D.: Scaling agile methods to regulated environments: an industry case study (2013)
4. Ghani, I., Azham, Z., Jeong, S.R.: Integrating software security into agile-scrum method. Trans. Internet Inf. Syst. 8(2), 646–663 (2014)
5. Grote, O., Ahrens, A., Benavente-Peces, C.: Paradigm of post-quantum cryptography and crypto-agility: strategy approach of quantum-safe techniques (2019)