What is an appropriate threat modelling method to understand your enterprise’s exposure to quantum threats? We recommend Process for Attack Simulation and Threat Analysis (PASTA).
Quantum Computing Threat Modelling on a Generic CPS Setup
by Lee, C. C., Tan, T. G., Sharma, V., & Zhou, J.
The threat of quantum computers is real and will require significant resources and time for classical systems and applications to prepare for the remedies against the threat. At the algorithm-level, the two most popular public-key cryptosystems, RSA and ECC, are vulnerable to quantum cryptanalysis using Shor’s algorithm, while symmetric key and hash-based cryptosystems are weakened by Grover’s algorithm. Less is understood at the implementation layer, where businesses, operations, and other considerations such as time, resources, know-how, and costs can affect the speed, safety, and availability of the applications under threat.
We carry out a landscape study of 20 better-known threat modelling methods and identify PASTA, when complemented with Attack Trees and STRIDE, as the most appropriate method to be used for evaluating quantum computing threats on existing systems. We then perform a PASTA threat modelling exercise on a generic Cyber-Physical System (CPS) to demonstrate its efficacy and report our findings. We also include
mitigation strategies identified during the threat modelling exercise for CPS owners to adopt.
Published at https://link.springer.com/chapter/10.1007/978-3-030-81645-2_11
You may access the article here: https://pureadmin.qub.ac.uk/ws/portalfiles/portal/240369002/Quantum_Computing_Threat_Modelling_on_a_Generic_CPS_Setup_ACNS_Workshop_20210503.pdf
No responses yet