Enhancing Network Security: Post-Quantum Cryptography Through Loadable Modules in OpenSSL : An Approach to Enhance OpenSSL’s Cryptographic Agility
Mehmood, Akif (2024)
2024
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
Hyväksymispäivämäärä
2024-12-30
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-2024122811700
https://urn.fi/URN:NBN:fi:tuni-2024122811700
Tiivistelmä
The emergence of cryptographically relevant quantum computers presents a serious threat to traditional cryptographic systems, potentially undermining the privacy and security of online communication. This growing concern has caught the attention of researchers and engineers worldwide to seek solutions. One such solution is the transition to Post-Quantum Cryptography (PQC). The transition to PQC introduces Post-Quantum (PQ) algorithms, which are based on problems considered difficult for Cryptographically Relevant Quantum Computers (CRQCs) to solve. The goal of this transition is to ensure the continued security of Internet communication in the quantum era.
OpenSSL, a widely used and well-known open-source toolkit, employs Transport Layer Security (TLS) protocol to protect the communication over computer networks. Starting from version 3.0, OpenSSL includes a modular subsystem called OpenSSL Provider. This subsystem supplies embedded cryptographic algorithm implementations to the OpenSSL library for performing cryptographic operations such as encryption, decryption, or signing, thereby securing Internet communication. These cryptographic algorithm implementations are made available to applications that use OpenSSL by a Provider for performing cryptographic operations.
This thesis work introduces a concept of “shallow Providers” that allows the cryptographic algorithm implementations to be externally plugged into OpenSSL. The term shallow refers to the fact that shallow Providers will not contain the cryptographic algorithm implementations; instead, the implementations will be engaged externally with shallow Providers. This distinction sets shallow Providers apart from a conventional OpenSSL Provider. Using the shallow Provider concept, this thesis presents the QUBIP Provider as a result. The QUBIP Provider will integrate standardized external PQ algorithm implementations to aid in transition to PQC. Moreover, it demonstrates how QUBIP Provider supports cryptographic agility, enabling OpenSSL to dynamically adapt to evolving PQC standards.
OpenSSL, a widely used and well-known open-source toolkit, employs Transport Layer Security (TLS) protocol to protect the communication over computer networks. Starting from version 3.0, OpenSSL includes a modular subsystem called OpenSSL Provider. This subsystem supplies embedded cryptographic algorithm implementations to the OpenSSL library for performing cryptographic operations such as encryption, decryption, or signing, thereby securing Internet communication. These cryptographic algorithm implementations are made available to applications that use OpenSSL by a Provider for performing cryptographic operations.
This thesis work introduces a concept of “shallow Providers” that allows the cryptographic algorithm implementations to be externally plugged into OpenSSL. The term shallow refers to the fact that shallow Providers will not contain the cryptographic algorithm implementations; instead, the implementations will be engaged externally with shallow Providers. This distinction sets shallow Providers apart from a conventional OpenSSL Provider. Using the shallow Provider concept, this thesis presents the QUBIP Provider as a result. The QUBIP Provider will integrate standardized external PQ algorithm implementations to aid in transition to PQC. Moreover, it demonstrates how QUBIP Provider supports cryptographic agility, enabling OpenSSL to dynamically adapt to evolving PQC standards.