This article featuring ETSI’s perspective is the fourth in a series of different perspectives on post quantum migration.
ETSI is a European Standards Organization that supports European regulations and legislation by creating Harmonized European Standards. Registered in France, this non-profit organization also supports the development, ratification and testing of globally applicable standards for the use of ICT while collaborating with partners around the globe.
In its recent Technical Report, TR 103 619 V1.1.1 (2020-07): CYBER; Migration strategies and recommendations to Quantum Safe schemes, ETSI focuses on the problem of migrating from a non-Quantum Safe Cryptographic State to a Fully Quantum Safe Cryptographic State (FQSCS). The document contains ETSI’s recommendations to ensure a safe migration between the two states through a staged approach.
Staged Approach to Quantum-Safe Schemes Migration
ETSI’s report includes a framework for the actions that organizations should take to enable their migrations to a Fully Quantum Safe Cryptographic State (FQSCS). This migration framework and its plan consists of three stages:
1. Inventory compilation
2. Preparation of the migration plan
3. Migration execution
Stage 1 – Compiling Inventory
Before a Quantum Safe Cryptographic migration can begin, there must be knowledge of the organization’s assets that could be impacted by quantum computing and quantum computers. Therefore, the first stage of the migration must be to inventory the organization’s cryptographic assets and processes in the system. These assets typically include both hardware and software.
ETSI offers two resources for use in compiling the system inventory. A least one of the following resources should be used:
- Questions listed in clause A.1 of TR 103 619 V1.1.1 (2020-07)
- Methods as described in ETSI TR 103 305-1 [i.3]
It might be possible that some of the assets are not under the control of the organization. The third party responsible for such assets would be liable to assure the asset’s migration. Key management entities and functions that provide cryptographic protections are also subject to migration.
Stage 2 – Preparing the Migration Plan
Creation of the migration plan
Once the inventory compilation has been completed in stage 1, stage 2, the creation of the migration plan can begin. ETSI recommends that the questions listed in clause A.2 of TR 103 619 V1.1.1 (2020-07) should be used in the creation of the migration plan. The following should also be included in the migration plan:
1. Full inventory of assets previously listed in clause 5
2. For each asset:
- Will the asset be migrated, retired or made obsolete?
- When will the asset be migrated?
- Determine an orderly migration sequence for inter-dependent assets based on their cryptographic relationships and any identified dependencies.
- Dependency and any other relevant testing
Migration can be defined as the set of processes, procedures and technologies needed for transitioning from non-QSC to QSC.
Considerations for migration impact on hardware-based security environment
The QC risk to a Hardware Based Security Environment (HBSE) is that each implementation might not be optimized for QSC.
Key management during migration
Key management is essential for all cryptographic applications. It may be likely that many Key Management Systems are used with multiple different formats.
Trust management during migration
According to the information in clause 5, the inventory has identified trust infrastructures.
Isolation approaches during migration
Because not all systems will be updated at the same time, sub-systems should be isolated to discrete security domains.
Access to non-QSC protected resources after migration
It may not be economically feasible to migrate all encrypted assets to a QSS. Non-QSC assets should be physically moved to explicitly identified quarantine zones where they can be risk managed.
Migration requires certain requirements to be met to enable the migration to be executed. Business processes need planning, including
- Appointing a migration manager
- Allocation of budget for migration
- Management of down time
Stage 3 – Executing Migration
You can begin stage 3, executing migration after completing inventory compilation (stage 1) and preparation of the migration plan (stage 2). The purpose of stage 3 is to implement the stage 2 plan against stage 1’s inventory.
Management checkpoints provide the metrics needed to track the progress of the migration. When these checkpoints are missed, the mitigations included in the plan should be followed. An essential part of mitigation management is conducting exercises that simulate and test the migration. The goal of this is to determine whether the plan is viable.
Making an organization quantum resistant requires an understanding of the requirements and their translation into a roadmap.
Stage 3 business process requirements
There are three elements of management required during a QSC to Fully Quantum Safe Cryptographic State migration. To promote successful management, the migration manager should:
1. Be in charge of and responsible for the process
2. Be given organizational and financial backing
3. Not stop partway through any phase of the migration plan
ETSI focuses on migrating from a non-Quantum Safe Cryptographic State to a Fully Quantum Safe Cryptographic State (FQSCS). ETSI’s recommendation is also to ensure a safe migration through a staged approach. In order to commence migration, testing the readiness of an organization’s infrastructure is a strong recommendation. By identifying and evaluating vulnerabilities, security measures may need to be replaced or upgraded and this should allow for a realistic time frame for the implementation. Start by testing PQC algorithms in your environment!
ETSI TR 103 619 V1.1.1 (2020-07) CYBER: Migration strategies and recommendations to Quantum Safe schemes (2020), by the ETSI Technical Committee Cyber Security (CYBER)