Workshop on Cryptographic Agility and Interoperability
The Forum on Cyber Resilience facilitates and enhances the exchange of ideas among scientists, practitioners, and policy makers concerned with urgent and important issues related to the resilience of the nation's computing and communications systems, including the Internet, other critical infrastructures, and commercial systems. Forum activities help to inform and engage a broad range of stakeholders around issues related to technology and policy in the context of cyber resilience, cybersecurity, privacy, and related emerging issues. A key role for the Forum is to surface and explore topics that can help advance the national conversation around these issues.
We rely on established cryptographic algorithms, protocols, and implementations to secure our data and communications. Greater agility with respect to cryptosystems could potentially help stakeholders better adjust to rapidly-changing cybersecurity and privacy landscapes. For example, security leaders might desire the ability to quickly substitute one algorithm, protocol, or implementation for another following the discovery of significant weakness. Individual users may desire the ability to customize the security and speed of their communications, depending on the nature of their use. Governments may wish to set their own standards, especially if they do not trust those developed by other entities. Achieving such agility, however, poses both technical and policy challenges.
The workshop will feature presentations on the drivers and technical and societal implications of increased cryptographic agility, addressing:
- Motivations for and benefits of increased agility (security, technical, social, political);
- Challenges to implementation (technical, social, political); and
- Impacts (security, technical, social, political)
Questions for speakers and participants to consider:
- Why is cryptographic agility useful and what are its potential risks and impacts?
- What approaches have been attempted for improving cryptographic agility, and how successfully have they been? For example, how easy is it today to replace defeated or outdated cryptographic tools in widely-deployed commercial software and systems?
- How should the tradeoff be made between supporting multiple algorithms (thus enabling agility in case of future problems) and supporting fewer algorithms? How does that tradeoff differ by domain? What economic, social, and policy factors enter into that decision?
- What are the consequences of supporting crypto-agility on legacy data and systems. What are the trade-offs related to continuity (e.g. allowing continued use of existing encrypted, signed, or hashed data) and compatibility (such as systems having varying configuration settings and update status) when cryptographic regimes are deprecated?
- How might more control over (and more variation in) cryptographic routines affect trust in systems by individuals, companies, and governments? For example, are there ways to address concerns that updates may (accidentally or intentionally) create new security vulnerabilities?
- Does the complexity of agility mechanisms themselves or the security modes they enable create security risks?
- How might privacy and human rights be affected by cryptographic agility?
- What likely market or economic drivers affect how and whether companies support and improve crypto agility in their products? What might happen if support is not maintained for deprecated routines given longer-lasting embedded systems, such as found in an Internet of Things devices?
- What are likely geopolitical drivers of more crypto-agile systems, and what might be the impacts on the global Internet and international politics?
- What are the consequences of cryptographic agility for the interoperability and usability of communications systems?
- How and on what basis should efforts to improve cryptographic agility be prioritized?
- What are the key opportunities for standards bodies, governments, researchers, systems developers, and other stakeholders with regard to cryptographic agility?
The workshop will take place May 9, 2016 at the National Academies Keck Center, 500 Fifth Street, NW, Washington DC. A draft agenda will be posted when it is available.
|10 a.m. ||Welcome & Overview |
Fred Schneider, Forum chair and Session Moderator
| ||Context Setting |
|10:05 a.m. ||Bob Blakley |
|10:30 a.m. ||Paul Kocher |
|10:55 a.m. ||Break |
| ||Government and Infrastructure |
Session Moderator: Steven Lipner
|11:10 a.m. ||Kerry McKay |
|11:35 a.m. ||Richard George |
|Noon ||Break for Lunch |
| ||Standards and Security Implications |
Session Moderator: Mary Ellen Zurko
|1 p.m. ||Russ Housley |
|1:25 p.m. ||David McGrew |
|1:50 ||Break |
| || |
Engineering at Scale and User Implications
Session Moderator: Eric Grosse
|2:05 p.m. ||Matthew Green |
|2:30 p.m. ||Adam Langley |
|2:55 p.m. ||Sara Brody |
|3:20 p.m. ||Break |
| ||Research, Industry, and Policy Implications |
Session Moderator: Bob Blakley
|3:35 p.m. ||Steve Bellovin |
|4 p.m. ||John Manferdelli |
|4:25 p.m. ||Wrap-up Discussion & Q&A |
Moderator: Paul Kocher
|5 p.m. ||Reception |
Forum members, speakers, and attendees