GlobalPlatform: Cryptography Algorithm Classification and Crypto Agility (G12b)
During its almost 20-year history, industry association, GlobalPlatform has held security at its core. The association develops specifications that enable collaborative and open ecosystems where digital services and devices can be trusted and managed securely while privacy is supported.
The association has established a dedicated Security Task Force, which engages and collaborates with external security organizations to ensure that security requirements from a broad range of use cases and market sectors are brought into GlobalPlatform. As each industry has different security and functionality requirements, GlobalPlatform has defined a number of specifications – using cryptographic algorithms – for different uses cases related to the management of Secure Components that are relevant to a wide range of sectors. This includes: payment, telecoms, transportation, automotive, smart cities, smart home, utilities, healthcare, premium content, government and enterprise ID.
As part of this activity, GlobalPlatform has defined a table of recommendations for cryptographic algorithms with associated key length (based on the recommendations of several national agencies), which is continually updated according to new recommendations or security threats.
Within this presentation, GlobalPlatform will explain why a classification and reference table is certainly a must, but on its own, is not enough. If an algorithm is deployed and a flaw is discovered for example, it is challenging to deploy new algorithms once a technology is live in the field. The association will therefore explain why it is important to be ‘cryptographically agile’ to meet the changing requirements of a given market sector and integrate those requirements into its specifications.
This cryptographic agility allows for security updates to be deployed in the event that the initial cryptographic algorithm is deemed to be vulnerable. This needs to be prepared in advance as any modification in the edge may impact updates in the backend and associated security procedure.
GlobalPlatform will also introduce its certification program, which enables device manufacturers to proactively market their products as meeting the functional and / or security needs of digital service providers. The association’s program objectively illustrates that a device manufacturer’s GlobalPlatform-based Secure Component (an on-device trust anchor) and digital service management capabilities are interoperable and meet market defined security requirements, aiding service providers in their selection of products which match their needs. By integrating crypto agility along with the initial cryptography into a device from the offset, the need to recertify a device is removed should the initial algorithms become broken.