In the Vision and Innovation solution keynote of VMworld 2021, we identified an important industry need known as cryptographic agility — the ability to update cryptography in the systems and applications we deploy. We also demonstrated how a simple configuration change could enable an application’s selection of cryptography algorithms.
Some key takeaways include:
- Crypto algorithms and implementations have a lifecycle, so we must be prepared for change.
- Quantum safety and associated standards will affect all organizations moving forward.
- Crypto libraries are too often “baked in” to code and applications, preventing quick upgrades.
- VMware is exploring new approaches to making our products cryptographically agile.
The big picture
Cryptography standards change over time as our compute devices become more powerful, as cryptanalysis techniques evolve, and as new and better algorithms become available. Even more frequent are changes to cryptography libraries as vulnerabilities or bugs are discovered and as major releases address protocol changes (e.g., TLS 1.2 and 1.3).
Given this need for change, it may be surprising to learn that updating cryptography within software systems and applications can be a difficult proposition. Many applications tightly couple application code to cryptography library calls and/or hardcode configurations. The result is that responding quickly to changes in cryptography configuration — even for common applications — can be difficult. We often lack the flexibility to be able to configure application cryptography across multiple usage contexts. What is needed is a more agile approach to the way the software industry manages cryptography.
VMware has been exploring cryptographic agility as a solution to these problems. Among the motivations for developing a framework are the upcoming public key cryptography standards under development by the National Institute of Standards and Technology (NIST). Known collectively as post-quantum cryptography, the standards will replace or be used in combination with today’s widely deployed algorithms, including RSA, DSA, and elliptic curve cryptography.
Exploring crypto agility
VMware’s work in crypto agility considers several criteria for demonstrating the utility of crypto-agile systems and applications. First, agility should support the transition to post-quantum cryptography. Second, changing cryptographic algorithms should not require rebuilding an application. Finally, a crypto-agility solution should enable cryptography updates with legacy applications, too.
To investigate how an application may meet these requirements, VMware has developed a prototype version of the Unified Access Gateway (UAG). UAG is a specialized, authenticating reverse proxy that supports VMware’s Horizon and Workspace One. Like all enterprise software, the UAG has naturally developed complexity over time — support for new services, multiple compliance configurations, and ongoing support for legacy components. These considerations make the UAG a perfect testing ground for crypto agility.
The architectural diagram above shows UAG and the many services it supports, each of which have independent versions and releases. Upgrading each service to support post-quantum cryptography would take hundreds of developer hours. Instead, by making use of a single quantum-safe proxy component, we can enable quantum-safe cryptography on behalf of many applications communicating through UAG. The proxy component can be designed to support a range of cryptographic algorithms and libraries — including those that are not supported by the underlying services. Meanwhile, communication between services can continue to use existing cryptography capabilities.
As mentioned above, a key change we anticipate in the future is the use of quantum-safe cryptography (PQC), a.k.a. post-quantum cryptography. For this part of the demo, we made use of the Open Quantum Safe (OQS) project. Developed by the University of Waterloo and several industry partners, the experimental branch of OpenSSL includes implementations of PQC algorithm candidates under consideration by NIST, along with support for multiple tools and programming languages. Importantly, this support includes hybrid configurations in which two algorithms are used in tandem — a likely transition mechanism for PQC as Federal Information Processing Standards (FIPS) compliant implementations remain an industry standard moving forward. You can check out their work on GitHub.
To make the UAG cryptographically agile, the quantum-safe UAG should not be a separate release from the default UAG, but rather dynamically configurable. In our demo, you’ll see that UAG’s configuration file is edited to select this configuration option.
By merely changing configuration settings, we can rapidly speed up the pace at which customers can respond to changing cryptography requirements.
As we saw in the demonstration, beyond our need to update our applications and services to support cryptographic configuration, we must update the client systems that will make use of them. In the window below, a standard Firefox client shows an error indicating that it does not understand any of the quantum-safe ciphers advertised during the TLS handshake process.
Fortunately for us, the team at OQS have also produced a custom quantum-safe Chromium client. This client can be configured to negotiate quantum-safe ciphers in TLS.
With this custom browser, we can see a successful communication using these new ciphers. In particular, the exchange uses Kyber768 with a Dilithium2 certificate.
You’ll note that the Certificate Signature Algorithm field above only specifies an OSID, rather than the name of the algorithm, because of its experimental status. The connection is “Not Secure,” because our certificate is generated locally and is self-signed.
The Unified Access Gateway as a reverse proxy is an effective way to create a quantum-safe tunnel across the open Internet for application services. Meanwhile, unmodified applications can continue to operate until they eventually can be migrated.
This demonstration (video below) shows an early step in VMware’s initiatives in crypto agility. To learn more, take a look at our session and stay tuned for further developments.