Quantum computing threatens traditional public-key algorithms such as RSA and ECC, both vulnerable to Shor’s algorithm, making the transition to NIST-standardized Post-Quantum Cryptography (PQC) urgent for most TLS deployments. We present an open-source framework for automated TLS packet analysis to detect quantum-vulnerable algorithms using hierarchical filtering and hybrid certificate extraction that enables TLS 1.3 analysis without full decryption, achieving over 96% detection accuracy. This hierarchical filtering is expected to be particularly effective for large-scale packet analysis, enabling efficient and selective inspection of relevant TLS sessions. A practical evaluation of our work on real TLS traffic demonstrates its applicability in real-world environments, showing that most major service providers have largely transitioned to TLS 1.3, with a few already experimenting with hybrid handshake mechanisms. These findings illustrate that the framework can be readily applied for practical cryptographic inventory and migration planning, providing visibility into actual deployments rather than relying solely on theoretical compliance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Toward Crypto Agility: Automated Analysis of Quantum-Vulnerable TLS via Packet Inspection

  • Subeen Cho,
  • Yulim Hyoung,
  • Hagyeong Kim,
  • Minjoo Sim,
  • Anupam Chattopadhyay,
  • Hwajeong Seo,
  • Hyunji Kim

摘要

Quantum computing threatens traditional public-key algorithms such as RSA and ECC, both vulnerable to Shor’s algorithm, making the transition to NIST-standardized Post-Quantum Cryptography (PQC) urgent for most TLS deployments. We present an open-source framework for automated TLS packet analysis to detect quantum-vulnerable algorithms using hierarchical filtering and hybrid certificate extraction that enables TLS 1.3 analysis without full decryption, achieving over 96% detection accuracy. This hierarchical filtering is expected to be particularly effective for large-scale packet analysis, enabling efficient and selective inspection of relevant TLS sessions. A practical evaluation of our work on real TLS traffic demonstrates its applicability in real-world environments, showing that most major service providers have largely transitioned to TLS 1.3, with a few already experimenting with hybrid handshake mechanisms. These findings illustrate that the framework can be readily applied for practical cryptographic inventory and migration planning, providing visibility into actual deployments rather than relying solely on theoretical compliance.