PQC : Why Go with Fortanix DSM

Download Solution Brief

Request a Demo

pqc

Introduction

As we are transitioning to a new computational model with the advent of quantum computers the standard public key cryptography algorithms (RSA, Diffie-Hellman key exchange, elliptic curves) will all become obsolete due to the cryptanalytic tools enabled by quantum computing. Post Quantum Cryptography (PQC) is the term used to refer to cryptographic algorithms / post quantum algorithms that are secure from a cryptanalytic attack made through the use of a quantum computer. This will result in organizations being required to adopt the new set of post quantum encryption algorithms, replacing the currently in use standard algorithms within their infrastructure.

The overreaching character of the vulnerabilities introduced by quantum computer backed cryptanalysis necessitates transformational change in implementing mitigation measures (deployment of new ciphers, phasing out of older protocols), especially in regard to legacy systems.

Mitigation measures

The mitigation measures required can be summed up thus :

  • Full enumeration of cryptographic assets within an organization (deployments, keys, dedicated hardware etc.).
  • Adoption of cryptographic agility as part of an organization’s security posture (i.e. the rapid adoption and deployment of new ciphers within an organization’s infrastructure).
  • Identification of areas within an organization’s infrastructure that will require ‘cordoning off’ and more strictly managed from an access control perspective until the legacy cryptographic components are replaced and/or legacy equipment decommissioned.

In today’s hybrid infrastructures that incorporate both on premises and cloud assets, this is a complex problem with a huge number of moving parts and interdependencies.

Why Fortanix DSM is an ideal platform for enabling PQC transition?

Fortanix DSM is a platform combining HSM and KMS functionality that offers multiple features that make it a robust post quantum cryptography solution:

    • Already implements LMS algorithm, which is a stateful hash-based signing algorithm (with a strong cluster-based state management).
    • Strong authentication, authorization, and quorum-based controls available for PQC.
    • Accessible using REST APIs.

Apart from the above, Fortanix DSM is ideal for implementing a PQC transition strategy on multiple levels due to its unique architecture and feature set. The capabilities and features enabling it are as follows:

DSM hardware capabilities

Since Fortanix DSM is built on Intel SGX enclave technology it utilizes off-the-shelf technology to implement its platform, without needing to make use of custom hardware cryptographic accelerator components to improve efficiency for execution of cryptographic transactions. That, in turn, offers the capability for rapid development and inclusion of new algorithms in the product without significant performance impact to the platform due to larger key sizes or unoptimized hardware. Also, almost linear scaling of DSM clusters allows for covering any performance requirements posed by the introduction of post quantum algorithms.

DSM enumeration capabilities

Fortanix DSM offers, as a platform, unique flexibility in the management of a key estate. Its REST API-based architecture, key metadata handling, reporting, and auditing capabilities allow for automated and comprehensive management of a key estate. Reports can be produced that allow for estate enumeration per key type, key deployment and/or key metadata allowing the user to quickly map out the types, purposes and deployment locations of cryptographic keys.

Alongside the above, DSM includes the HSM Gateway feature that allows for direct interfacing with external HSMs (such as nCipher Connect and Luna HSM) to automatically discover and manage the keys stored therein.

The above capabilities allow for the efficient and complete enumeration of cryptographic assets of an organization with great automation capabilities for reporting and auditing.

DSM PQC transition capabilities

In addition to the capability of rapid inclusion of new algorithms to the platform, Fortanix DSM offers a range of advantages for the execution of a PQC transition strategy. It offers a vast range of integration options with almost all major applications, both on premises and in the cloud, functioning as a centralized, single pane of glass ‘command and control’ platform for cryptographic key management and cryptographic services provider, utilizing, apart from its inherent REST API capabilities, a variety of APIs for all commercially significant programming languages. All the above capabilities are offered within a platform whose design and architecture conforms to the zero trust architecture requirements, with inbuilt RBAC controls and mature MFA capabilities.

Significantly, it also offers the capability for executing a ‘crypto proxy’ approach for isolating areas of infrastructure that do not have the capability of adopting the new post quantum cryptography algorithms. This can be implemented with the automation of key wrapping non-PQC keys with PQC keys that can only be unwrapped once reaching the crypto proxy and, in turn, consumed from there. This enables the building of cryptographically isolated areas of an infrastructure as a mitigation strategy until they can be replaced with PQC enabled infrastructure.

banner image

Ready to Test Fortanix Runtime Encryption?

request a demo
laptop image
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712