Open Access

Journal of Cybersecurity

, volume 7 , issue 1

CARAF: Crypto Agility Risk Assessment Framework

Chujiao Ma ¹

Luis Colón ¹

Joe Dera ¹

Bahman Rashidi ¹

Vaibhav Garg ¹

Hide authors affiliations Show authors affiliations: 1 affiliation

Comcast CyberSecurity, Comcast Cable, 1800 Arch Street, Philadelphia, PA 19103, USA |

Publication type: Journal Article

Publication date: 2021-01-01

Oxford University Press

Journal of Cybersecurity

scimago Q1

wos Q1

SJR: 0.938

CiteScore: 8.1

Impact factor: 3.2

ISSN: 20572093, 20572085

DOI: 10.1093/cybsec/tyab013

Copy DOI

Computer Science (miscellaneous)

Law

Computer Networks and Communications

Political Science and International Relations

Safety, Risk, Reliability and Quality

Social Psychology

Abstract

Crypto agility refers to the ability of an entity to replace existing crypto primitives, algorithms, or protocols with a new alternative quickly, inexpensively, with no or acceptable risk exposure. These changes may be driven by regulatory action, advances in computing, or newly discovered vulnerabilities. Yet everyday operational needs may put crypto agility considerations on the back burner when deploying technology, designing processes, or developing products/services. Consequently, changes are often performed in an ad hoc manner. Transition from one crypto solution to another can then take a long time and expose organizations to unnecessary security risk. This paper presents a framework to analyze and evaluate the risk that results from the lack of crypto agility. The proposed framework can be used by organizations to determine an appropriate mitigation strategy commensurate with their risk tolerance. We demonstrate the application of this framework with a case study of quantum computing and related threats to cryptography in the context of TLS for Internet of Things.

Found

Top-30

Journals

	1 2 3
IEEE Access	IEEE Access, 3, 18.75% IEEE Access 3 publications, 18.75%
Computers and Security	Computers and Security, 2, 12.5% Computers and Security 2 publications, 12.5%
Lecture Notes in Computer Science	Lecture Notes in Computer Science, 1, 6.25% Lecture Notes in Computer Science 1 publication, 6.25%
Journal of Cybersecurity and Privacy	Journal of Cybersecurity and Privacy, 1, 6.25% Journal of Cybersecurity and Privacy 1 publication, 6.25%
Government Information Quarterly	Government Information Quarterly, 1, 6.25% Government Information Quarterly 1 publication, 6.25%
Lecture Notes in Business Information Processing	Lecture Notes in Business Information Processing, 1, 6.25% Lecture Notes in Business Information Processing 1 publication, 6.25%
Information and Software Technology	Information and Software Technology, 1, 6.25% Information and Software Technology 1 publication, 6.25%
Discover Global Society	Discover Global Society, 1, 6.25% Discover Global Society 1 publication, 6.25%
Information Discovery and Delivery	Information Discovery and Delivery, 1, 6.25% Information Discovery and Delivery 1 publication, 6.25%
Electronics (Switzerland)	Electronics (Switzerland), 1, 6.25% Electronics (Switzerland) 1 publication, 6.25%
	1 2 3

Publishers

	1 2 3 4
Elsevier	Elsevier, 4, 25% Elsevier 4 publications, 25%
Institute of Electrical and Electronics Engineers (IEEE)	Institute of Electrical and Electronics Engineers (IEEE), 4, 25% Institute of Electrical and Electronics Engineers (IEEE) 4 publications, 25%
Springer Nature	Springer Nature, 3, 18.75% Springer Nature 3 publications, 18.75%
MDPI	MDPI, 2, 12.5% MDPI 2 publications, 12.5%
Association for Computing Machinery (ACM)	Association for Computing Machinery (ACM), 1, 6.25% Association for Computing Machinery (ACM) 1 publication, 6.25%
Wiley	Wiley, 1, 6.25% Wiley 1 publication, 6.25%
Emerald	Emerald, 1, 6.25% Emerald 1 publication, 6.25%
	1 2 3 4

We do not take into account publications without a DOI.
Statistics recalculated weekly.

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.

PDF

Metrics

Cite this

GOST |

Cite this

GOST Copy

Ma C. et al. CARAF: Crypto Agility Risk Assessment Framework // Journal of Cybersecurity. 2021. Vol. 7. No. 1.

GOST all authors (up to 50) Copy

Ma C., Colón L., Dera J., Rashidi B., Garg V. CARAF: Crypto Agility Risk Assessment Framework // Journal of Cybersecurity. 2021. Vol. 7. No. 1.

RIS |

Cite this

RIS Copy

TY - JOUR

DO - 10.1093/cybsec/tyab013

UR - https://doi.org/10.1093/cybsec/tyab013

TI - CARAF: Crypto Agility Risk Assessment Framework

T2 - Journal of Cybersecurity

AU - Ma, Chujiao

AU - Colón, Luis

AU - Dera, Joe

AU - Rashidi, Bahman

AU - Garg, Vaibhav

PY - 2021

DA - 2021/01/01

PB - Oxford University Press

IS - 1

VL - 7

SN - 2057-2093

SN - 2057-2085

ER -

BibTex

Cite this

BibTex (up to 50 authors) Copy

@article{2021_Ma,

author = {Chujiao Ma and Luis Colón and Joe Dera and Bahman Rashidi and Vaibhav Garg},

title = {CARAF: Crypto Agility Risk Assessment Framework},

journal = {Journal of Cybersecurity},

year = {2021},

volume = {7},

publisher = {Oxford University Press},

month = {jan},

url = {https://doi.org/10.1093/cybsec/tyab013},

number = {1},

doi = {10.1093/cybsec/tyab013}

}

Publisher

Oxford University Press

Journal

Journal of Cybersecurity

scimago Q1

wos Q1

SJR

0.938

CiteScore

8.1

Impact factor

3.2

ISSN

20572093 (Electronic)

20572085 (Print)