Post-Quantum Cryptography: Building Resilience Against Tomorrow’s Threats
🎯 Summary
[{“key_takeaways”=>[“The transition to Post-Quantum Cryptography (PQC) primarily involves updating the TLS handshake protocol, specifically moving from TLS 1.2 to TLS 1.3.”, “Implementing PQC requires defining a new cipher rule that explicitly incorporates the necessary post-quantum algorithms.”, “A new cipher group must be created, referencing the PQC-enabled cipher rule, to bundle these new cryptographic suites.”, “A new SSL client profile must be configured, based on the existing profile, to enable TLS 1.3 and assign the newly created PQC cipher group.”, “The virtual server configuration must then be updated to utilize this new PQC-enabled SSL client profile.”, “Successful implementation is verified by observing that the connection now utilizes TLS 1.3, incorporating the quantum-safe handshake, even if the bulk data encryption remains unchanged.”], “overview”=>”This session provides a practical, step-by-step guide on migrating a standard TLS 1.2 web server configuration to one that supports post-quantum cryptography (PQC) using a Big IP device. The core process involves enabling TLS 1.3 and defining new cipher rules and groups that incorporate PQC algorithms to secure the handshake against future quantum threats. Although the underlying traffic encryption remains the same initially, the critical handshake mechanism is successfully upgraded to a quantum-resistant standard.”, “themes”=>[“Post-Quantum Cryptography (PQC) Implementation”, “TLS Protocol Migration (TLS 1.2 to TLS 1.3)”, “Network Security Configuration (Big IP)”, “Cipher Suite Management”, “Building Cryptographic Resilience”]}]
🏢 Companies Mentioned
💬 Key Insights
"The difference when we move to post-quantum will be the handshake algorithm is going to be different."
"We're still using the same encryption for the traffic. But the handshake is now using the post-quantum encryption."
"We need to add the post-quantum algorithms."
"First of all we need to enable TLS1.3. In order to enable TLS1.3 we need to define a cipher rule and a cipher group."
"You'll see that there's no tls1.3 as an option here. We need to disable that."
"We can use inherited capabilities from there. And then we're going to add our own settings for this particular configuration."