Titulo Estágio
Crypto agility – transition to secure encryption in an automated and secure way
Local do Estágio
DEI-FCTUC
Enquadramento
Today, public key cryptography underpins secure communication over the Internet, enabling online services, e-commerce transactions, and credit card payments. However, the rapid advancement of quantum computing has introduced a significant threat known as “Harvest Now, Decrypt Later” (HNDL). In this scenario, adversaries collect encrypted data today with the intention of decrypting it in the future, once quantum computers become powerful enough to break current cryptographic algorithms.
Recognizing this risk, organizations such as NIST, ETSI, and IETF have published guidelines for transitioning from traditional public key cryptography to post-quantum cryptography (PQC). Despite these efforts, the transition is complex, resource-intensive, and time-consuming. Many organizations may struggle to meet the transition timeline proposed by NIST (2030–2035).
Moreover, the migration to PQC is highly dependent on specific use cases and their unique requirements, leading to intricate and potentially error-prone processes. As a result, crypto-agility—the ability to swiftly and securely adapt cryptographic mechanisms—can be compromised, increasing the risk of insecure or inefficient implementations during the transition period.
Objetivo
Goal 1: Validate Crypto-Agility in Classic-to-Post-Quantum Cryptography Transitions
Ensure seamless and secure migration from classical public-key cryptography to post-quantum (PQC) standards. Key Components:
• Assess the feasibility of crypto-agile frameworks in a use case.
• Evaluate compliance with NIST/ETSI/IETF guidelines while minimizing implementation risks.
• Identify and mitigate vulnerabilities in hybrid (classical + PQC) transition architectures.
Goal 2: Validate LLM-Driven Automation for Crypto-Agility
Leverage Large Language Models (LLMs) to streamline and secure cryptographic transitions. Key Components:
• Automate protocol mapping and vulnerability detection during PQC migration.
• Reduce human error in cryptographic configuration updates through AI-assisted decision-making.
• Develop reproducible workflows for compliance auditing and cryptographic inventory management.
Plano de Trabalhos - Semestre 1
T1.1 – Analysis of Crypto-Agility Approaches
Review and evaluate crypto-agility strategies proposed by industry leaders and relevant standardization organizations (such as NIST, ETSI, IETF, others). Focus areas include modular cryptography, hybrid algorithms, algorithm negotiation, and automated cryptographic asset management.
T1.2 – Analysis of Large Language Models (LLMs)
Assess the capabilities, limitations, and applicability of LLMs for automating cryptographic transitions and enhancing crypto-agility.
T1.3 – Use Case Definition and Source Identification
Define representative use case for crypto-agility. Identify and catalogue authoritative sources of cryptographic standards and guidance, including NIST, IETF, ISO relevant for the use case.
T1.4 – Architecture Design for LLM-Driven Automation
Design the overall architecture for leveraging LLMs in automating the discovery, inventory, and management of cryptographic assets, including the development of an effective data scraping process.
T1.5 – Preparation of the Interim Report
Compile and document findings, analyses, and preliminary designs in an intermediary report for internal review and alignment with project objectives.
Plano de Trabalhos - Semestre 2
T2.1 – Deploy and Test the Automated Model
Implement the automation process for crypto agility, deploying the LLM-based system according to the architecture designed in T1.4. This includes setting up the model in a production-like environment. Conduct comprehensive testing to verify correct integration, operational stability, and baseline performance.
T2.2 – Evaluate the LLM Model for Crypto Agility
Assess the effectiveness of the deployed LLM in automating cryptographic transitions and detecting cryptographic misuses. Use established benchmarks and real-world datasets to measure detection accuracy, precision, recall, and actionability of the model’s recommendations. Compare results against traditional static analysis tools and analyse the specificity and usefulness of LLM-generated guidance for developers.
T2.3 – Prepare the Final Report and Scientific Publication
Document the implementation, evaluation results, and key findings in a comprehensive final report. Synthesize insights into a scientific publication, highlighting contributions to automated crypto agility, the strengths and limitations of LLM-driven approaches, and recommendations for future research and industry adoption.
Condições
The student will have access to all the computational resources necessary to carry out the work. A workspace at CISUC (Centre for Informatics and Systems of the University of Coimbra) will also be made available. Evaluation through simulation may be carried out using the computational resources available in the department.
Observações
Orientadores:
- Bruno Sousa
- João Campos
Orientador
Bruno Sousa
bmsousa@dei.uc.pt 📩