In today's blog post, I will explain another intricately technical subject, exploring my experiment with OpenSSL 3.2 as an illustrative example. As always, I'll include some pearls of wisdom for Board Directors, NEDs, in plain English.
What is Cryptoagility?
I coined this term many years ago to define "the ability of a system to switch between different encryption methods without operational disruption". I genuinely believe that the 'show must go on' (my favourite song) even if some cryptographic algorithms were cracked.
In today's world, Cryptoagility is more relevant than ever to safeguard our stored data and confidential communication. My definition above still stands strong today, with only marginal tweaks in the current cyber literature.
Here's a simple example: Let's say you have a mobile phone that reads your fingerprint to unlock and uses AES128 to save your biometric data. If hackers find a way to break AES128, your mobile phone manufacturer (or the operating system provider) will need to update your system to work with a stronger cryptographic algorithm such as AES256. The ability to switch from AES128 to AES256 is an example of Cryptoagility; without it, you would need to erase, crush, and dispose of your mobile phone.
OpenSSL 3.2 Highlights
OpenSSL is a free open source software that has been my reliable favourite for many decades. Its latest version, OpenSSL 3.2, makes significant improvements over the previous version with the following features:
Multiple Cryptographic Primitives:
OpenSSL 3.2 now supports a broader spectrum of encryption algorithms, including the avant-garde Ed25519 and HPKE. Developers can choose the most fitting security mechanism for their needs, ensuring adaptability to future cryptographic leaps.
Deterministic ECDSA:
This feature eradicates randomness in ECDSA signatures, eliminating side-channel attacks exploiting timing variations. The result? Beefed-up digital signature robustness and protection against potential leaks.
Pluggable Signature Schemes:
OpenSSL 3.2's modularity welcomes third-party providers to integrate their signature algorithms, including post-quantum cryptography solutions. This move future-proofs systems against emerging threats, ensuring adaptability to evolving cryptographic landscapes.
Certificate Compression and TCP Fast Open:
Optimising cryptographic handshakes, these features trim the time needed to establish secure connections. Not just an upgrade in user experience, this also minimises exposure to potential handshake vulnerabilities.
(Personal view: Be very careful with compression, notwithstanding what OpenSSL's documentation says. There is always a risk of the BREACH attack when using compression. For this blog you are reading, I am using HTTP compression. But I am not using compression for the contact form or for TLS / SSH connections with the server as that would be poor cyber hygiene.)
Enhanced Visibility and Control:
OpenSSL 3.2 boasts improved tools for monitoring and managing cryptographic operations, empowering developers and security teams to identify potential weaknesses and implement new encryption methods proactively.
By tending to these facets of cryptoagility, OpenSSL 3.2 empowers developers to construct more secure and resilient systems, paving the way for cryptographic defenses to evolve as swiftly as threats arise.
In my books, despite my own reservations on the compression feature mentioned above, OpenSSL 3.2 marks a major stride forward in the pursuit of enhanced cryptoagility.
My experience with OpenSSL 3.2 experiments
I've been eagerly awaiting version 3.2 for what feels like eons! In the beta phase of September-October 2023, I ended up destroying my own servers, and the experiment was a disaster because other software (e.g. OpenSSH) that uses OpenSSL was yet to catch up.
The official release of OpenSSL 3.2 on 23 November 2023 brought cautious optimism, and I have spent about three weeks making and breaking things. Here are the results from my recent foray on 10 December 2023 on various operating systems:
* Ubuntu - Breaks the stack
* Debian - Works (with a side of rebuilding other packages from source. My script to rebuild 3.2 from source code is freely available to the public through my GitHub.)
* Arch Linux - Works like a charm
* Windows 11 Pro - It does not seem to work, and I even tried the 23H2 version 22631.2861 build that you are unlikely to be using unless you too are a member of the "Windows Insider Programme".
As of today (4 January 2024), OpenSSL 3.2 is fit for production on select operating systems, notably ArchLinux. Many cyber experts do not use ArchLinux for production systems because they find it challenging to maintain, but that is a separate issue.
Proof of concept
This very blog that you are reading is using OpenSSL 3.2 in the background for Nginx, OpenSSH server, and WireGuard VPN, successfully weathering numerous hacking attempts over the last month. I hired hackers from Belarus to break into my server, but they could not; so I am reasonably comfortable with the result of this proof-of-concept.
Suggestions for Board Directors
I harbour sincere doubts about the avant-garde status of many IT teams. However, in the digital marathon, a brisk walk won't cut it. As a former NED in the private sector, I ponder what steps I'd take.
In my opinion, an organisation's cryptoagility mirrors its "Cyber MOT". No business can claim to mitigate "decryption risk" without a comprehensive inventory of its cryptography internally and throughout its supply chain. Remember, "what gets listed, gets managed."
An astute NED should pose these elementary questions:
1) Do we have a formal encryption policy, aligned with expert recommendations, and fully implemented?
2) If need be, can we swap out cryptographic algorithms within, say, a week?
You're all smart enough to detect and challenge vague answers.
Final Thoughts
I've deliberately steered clear of Quantum Computing (QC) in this piece. Cryptoagility, in my reckoning, is a necessity, QC speculation notwithstanding. As we navigate 2024, let's collectively work on cryptoagility (and experimenting with OpenSSL 3.2 is a darn smart step in that direction).
It's your time to rise and shine!
Santosh Pandit
4 January 2024
Go to the Blog Collection