DoPQM: Devices Oriented Post-quantum Cryptographic Migration Strategies for an Enterprise Network
摘要
Quantum computing poses a major threat to classical cryptographic primitives (RSA, ECC, etc.), demanding an urgent migration to quantum-safe solutions, in any sensitive IT sectors such as banking enterprises. Merely replacing classical cryptographic primitives does not fully address this migration. This migration requires upgrades to network devices (e.g., routers, firewalls, servers) to ensure compatibility with future quantum-safe security protocols. Due to the scale of enterprise networks, a phased upgrade is necessary, as simultaneous migration of all devices is infeasible. However, a quantitative method for identifying network device vulnerabilities in large-scale enterprise networks is currently lacking. We propose DoPQM: Devices Oriented Post-Quantum Migration, a framework for identifying network device vulnerabilities to quantum threats within enterprises network topologies. The primary objective of this work is to assist network administrators in identifying which network devices are more vulnerable to future quantum threats. DoPQM formalizes the Harvest Now, Decrypt Later (HNDL) adversarial model using a risk scoring mechanism that estimates HNDL attack likelihoods across network nodes. By leveraging graph theory, we identify central nodes based on the volume of data they handle. Each node is then assigned a criticality score that reflects its priority for post-quantum migration. Evaluation on a representative baking network reveals the Demilitarized Zone (DMZ) as the most HNDL vulnerable component.