Overview
Certificates are a crucial part of the IT security infrastructure, allowing to identify and authenticate machines and users and to create secure network connections. Certificates must be emitted, regularly renewed, and possibly revoked which makes their lifecycle management non-trivial. For large organisations, this task is handled by a certificate management software. essendi currently provides such a software essential for IT security.
The emergence of quantum computers poses a threat to current cryptographic methods used in certificates. They will have to be replaced by so-called post-quantum cryptography to withstand attacks by quantum computers. Migrating algorithms may, however, break network connectivity and cause downtime. As an additional challenge, not all algorithms are suitable for all device types, protocols and use cases.
Certificate management can support this algorithmic change and ensure it happens smoothly in a running system. It is therefore crucial that the certificate management solution is able to deal with post-quantum cryptography on a technical and process level and that it encompasses all parts of a network. Certificate management is, however, essentially missing in e.g. operational technology (OT) networks.
This project aims to:
1) develop a crypto-agile and, in particular, quantum-safe certificate management software to enable a migration of algorithms without downtime and ensure robust security against the emerging quantum computing threat.
2) extend certificate management to OT networks.
