Home // International Journal On Advances in Security, volume 17, numbers 1 and 2, 2024 // View article

Supporting Cryptographic Algorithm Agility with Attribute Certificates

Authors:
Steffen Fries
Rainer Falk

Keywords: communication security; cryptographic agility; post-quantum cryptography; attribute certificates; industrial automation and control system; Internet of Things; automation control systems

Abstract:
Asymmetric cryptography is broadly used to protect confidentiality, integrity, and authenticity of data during transfer, and potentially also at rest. Typical applications are authentication and key agreement in secure communication protocols, and digital signatures for authentication and integrity protection of documents and messages. These are used in daily life applications like online banking but are specifically used in critical infrastructures to protect against misuse and manipulation. Asymmetric cryptographic algorithms are most often used with digital certificates binding a user identity to a public key of the user. These certificates are used for authentication performed during the handshake by common cryptographic security protocols like Transport Layer Security, Datagram Transport Layer Security, or by authentication and key agreement protocols like the Internet Key Exchange or Group Domain of Interpretation. The cryptographic algorithm for public-key-based user authentication is fixed by the user’s certificate. More flexibility to support multiple cryptographic algorithms for user authentication is needed, e.g., by the introduction of new, quantum-safe cryptographic algorithms. Attribute certificates can be used to support flexibly multiple cryptographic algorithms for user authentication, supporting a stepwise transition towards newer cryptographic algorithms.

Pages: 92 to 98

Copyright: Copyright (c) to authors, 2024. Used with permission.

Publication date: June 30, 2024

Published in: journal

ISSN: 1942-2636