Supporting PQC migration and cryptographic agility with automated CBOM generation

Abstract

The technological development of quantum computers has advanced dramatically in recent years as organizations and governments seek to take advantage of the increasing computing power of quantum computers. Although quantum computers have the potential to benefit people and economies in many areas, they also threaten the security of modern cryptography, especially the widely used public key cryptography such as RSA, DH, ECC, and DSA. Since these algorithms will be completely broken in the future, quantum-safe alternatives are being developed and researched to mitigate the threat. History has shown that replacing cryptographic algorithms is a long and difficult process, and given the complexity of modern information systems, automated tools are needed to support post-quantum cryptography migration and cryptographic agility. In this research, an automated Cryptography Bill of Materials (CBOM) generator was built as a solution to this need and it's feasibility was analyzed. Design science principles were used to guide the research process, as well as the building and evaluation of the created artifact. The main result of the research is an artifact capable of generating CBOMs by scanning cryptographic algorithms from JavaScript source files that implement the Node.js Crypto module. In addition, the research proved that an automated CBOM tool based on regular expression searches is a feasible and accurate solution for capturing cryptographic components.