diff --git a/content/docs/papers/agility.md b/content/docs/papers/agility.md index ef6c7affa0bff25d6f7ed9eefb95cb0f31b0502b..97ee4f47245695a15b35679d88cee19adbed67d0 100644 --- a/content/docs/papers/agility.md +++ b/content/docs/papers/agility.md @@ -5,4 +5,8 @@ draft: false type: docs weight: 2 --- -**In Progress!** +**Publication link coming soon!** + +Cryptographic primitives and protocols require constant modifications and adaptations in order to maintain the security of IT-systems. Many researchers argue that applying the notion of crypto-agility provides more feasible and practical updating of cryptographic systems, especially in the light of the expected transition to PQC. However, there is no unified definition for this notion, nor a common understanding of the requirements that can enable it. Moreover, it is not entirely clear what measures need to be taken in order to apply crypto-agility in practice, and which aspects and challenges exist towards this endeavor. We compare the various definitions of crypto-agility including its requirements and varying facets, and investigate the state of readiness of crypto-agility by surveying works dealing with general challenges and recommendations in this regard. We present the survey and discuss discovered challenges and solutions and utilize our findings to evaluate the state of readiness for crypto-agility. + + [AWG+22] N. Alnahawi, A. Wiesmaier, T. Graßmeyer, J. Geißler, A. Zeier, P. Bauspieß, and A. Heinemann.On the State of Crypto Agility. Accepted at 18. Deutscher IT-Sicherheitskongress, 2022 diff --git a/content/docs/papers/eIDs.md b/content/docs/papers/eIDs.md index dbd71262e42c9f2fc5ca6435eea2ad9605a1a07e..b5129e874c824004d71b070785ab435483cb38b4 100644 --- a/content/docs/papers/eIDs.md +++ b/content/docs/papers/eIDs.md @@ -5,4 +5,8 @@ draft: false type: docs weight: 5 --- -**In Progress!** +**Awaiting Acceptance** + +Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Passive Authentication (PA) are currently the standard European Union (EU) protocols for establishing secure communication between electronic identity cards (eID), machine readable travel documents (MRTD), and service terminals. They serve the mutual authentication of the communication parties, as well as the verification of the terminal's access to data stored on the proximity integrated circuit cards (PICC i.e. Chip Card). This work provides a first analysis of the feasibility of integrating post-quantum cryptography into these protocols, and their future suitability for usage in electronic documents. We address several aspects regarding the core cryptographic functionalities, design and implementation approaches, as well as required integration and migration strategies. Thus, we cover the whole spectrum of the PQC migration process tackling multifaceted issues and challenges facing this endeavor. + +[Alna22] N. Alnahawi. On Integrating Post-Quantum Cryptography in Standard Security Protocols of Electronic Identification Documents. Submittted to Doktorandenforum der Sicherheit 2022, Sicherheit, Schutz und Zuverlässigkeit (GI Sicherheit 2022 Doktorandenforum) diff --git a/content/docs/papers/migration.md b/content/docs/papers/migration.md index 2164eee41a2b5250b25922685e6f4a2b8adcb1e1..55aeb4aac6deaa7521b8e778c3f357fab0169c08 100644 --- a/content/docs/papers/migration.md +++ b/content/docs/papers/migration.md @@ -20,3 +20,5 @@ use our findings as starting point to initiate an open community project in the form of a [website](https://fbi.h-da.de/cma) to keep track of the ongoing efforts and the state of the art in PQC research. Thereby, we offer a single entry-point for the community into the subject reflecting the current state in a timely manner. + +[AWG+21] N. Alnahawi and A. Wiesmaier and T. Graßmeyer and J. Geißler and A. Zeier and P. Bauspieß and A. Heinemann. On the State of Post-Quantum Cryptography Migration. In INFORMATIK'21 --- PQKP-Workshop, Volume 308 of GI-Edition: Lecture Notes in Informatics (LNI), 2021.