GSM Association Non-Confidential
Official Document PQ.03 – Post Quantum Cryptography – Guidelines for Telecom Use Cases
PQ.03 Version 1.0 Page 59 of 104
requirements. Private keys, used to establish the secure VPN connection, must also be
securely stored and used, though this falls under the scope of PKI.
4.11.3 Cryptographic Inventory
VPNs typically use cryptographic methods for authentication, establishing a shared secret,
and encrypting transmitted data. A cryptographic inventory should cover each of these aspects,
describing properties such as the protocols used, the digital signature options used/available
for authentication, and available options for sharing a secret and encrypting the data. The
primary quantum vulnerabilities for VPNs relate to the authentication and secret-sharing
procedures. For the purpose of planning a migration to PQC, it is therefore important that
these aspects are covered by the inventory. Although symmetric encryption algorithms are
less vulnerable to quantum attacks, they typically have different security options, relating to
choice of key-size, which is influenced by the security demands of the context. Including this
information in the inventory may also prove useful.
With regard to the most pressing security threat posed by quantum computers, namely the
harvest now, decrypt later attack, identifying the methods used for establishing shared secrets
may be considered the highest priority. Accordingly, a cryptographic inventory should, as a
minimum, identify such mechanisms, as used by the VPN protocol.
Unlike the mechanism of shared secret establishment, which directly impacts the future
security properties of a VPN session (i.e., after the session has ended), authentication
protocols may only need to remain secure for the duration of a session. Hence, the
consequences are typically less severe if an adversary attacks an authentication protocol after
the session terminates. Signature schemes used during authentication will ultimately need to
be migrated to a quantum safe status. Consequently, it will be beneficial to include both
authentication and secret establishment data in the cryptographic inventory, even if an
organisation decides to transition key establishment mechanisms to quantum safe status prior
to transitioning digital signature schemes.
Operators will also benefit from determining where pre-shared secrets are employed in VPNs
since symmetric encryption keys that derive from such pre-shared secrets are not expected
to be vulnerable to attacks using Shor’s algorithm.
4.11.4 Migration Strategy Analysis and Impact Assessment
Sensitive long-lived data reliant on the confidentiality assurances of a VPN will remain
susceptible to the harvest now, decrypt later attack if the VPN protocol is not upgraded to
quantum safe status. As mentioned, VPNs are widely deployed in the telco context, including
internal usage for enterprise purposes (e.g. connecting corporate offices to each other and to
remote workers), usage for establishing secure network services (e.g., connecting base
stations to security gateways), and usage by enterprise customers to facilitate business
functioning. Since confidentiality is a key security function offered by VPNs, and VPNs are so
widely deployed in the telco context, the impact of breaking this confidentiality assurance by
a quantum attack could be significant, both to telcos themselves and their customers.
Migrating to a quantum safe method of establishing shared keys used within VPNs therefore
has strategic importance for both an organisation and any customers who rely on
confidentiality assurances provided by the organisation’s products and services.