Exposed and Unprepared? Inventoring Quantum Threats
Mar 7, 2025
Salman Shabbir
The rapid advancement of quantum computing is accelerating the need for organizations to transition to post-quantum cryptography. A crucial first step is conducting a detailed quantum threat analysis—an in-depth inventory of IT assets and security algorithms that require protection. In our previous blog, we outlined commonly used security algorithms in Internet protocols, their quantum safety status, and potential quantum-safe alternatives. In this post, we illustrate an approach to exposure management with focus on quantum safety. We leverage Shodan to retrieve data, focusing on Germany as our case study.
Quantum-Relevant Protocol Usage Across Regions
Understanding which protocols are in widespread use is the first step in assessing quantum threat exposure. Our analysis highlights how Internet quantum-relevant protocols (such as HTTPS, SSH, IMAPS, POP3S, SMTPS, RDP, IKE, and LDAPS) are deployed across U.S., China, Europe, and Germany. As the figure shows - and as expected - HTTPS is the most used quantum-relevant Internet protocol across these regions.
In addition, the following figure depicts the share of these protocols relative to total assets, which helps provide deeper insight into quantum exposure.
The following observations can be made here:
- HTTPS accounts for over 10.8% in Germany and about 9% in China, but only 3% in the U.S.
- SSH shows a higher percentage in Germany (5.4%) and Europe (3.4%), contrasting with less than 1% in China and the U.S.
- IKE and LDAPS are among the lesser used protocols.
HTTP over TLS in the German Landscape
Zooming in on Germany—a region where quantum-relevant protocol usage percentages are notably high—we analyzed Shodan’s facet data for HTTP over TLS configurations. We compiled an inventory of German assets running HTTPS, which reveals the distribution of cryptographic primitives in use. The facet breakdown for Germany shows:
- TLS Cipher Suites: TLS_AES_256_GCM_SHA384 leads with approximately 43% of total assets, followed by TLS_AES_128_GCM_SHA256 and several ECDHE-based cipher suites.
- TLS Versions: TLSv1.3 and TLSv1.2 are prevalent, showing approximately 62% and 24% of total assets support these versions respectively. Unfortunately deprecated TLS versions like SSLv3 and TLSv1.0 are still in place.
- Certificate Algorithms: Certificate signature algorithms such as sha256withrsaencryption and traditional RSA-based schemes remain in heavy use. Unfortunately deprecated hash functions such as md5 and sha1 are still in use.
Integrating Quantum Safety Analysis into Exposure Management
A quantum threat analysis within exposure management primarily involves the following steps:
Identifying IT Assets
Utilize active and passive tools like Shodan to scan for and identify Internet-connected IT assets.Enumerating Services and Ports
Discover which protocols and ports are active. This step helps assess the scope of exposure, covering services from HTTPS to SSH and beyond.Analyzing Security Algorithms on Services and Ports
Gather detailed information on cryptographic primitives, e.g., TLS cipher suites, TLS versions, and certificates signature algorithms, to evaluate quantum resistance.Mapping Algorithms to a Quantum Safety Baseline
Compare the collected data against a quantum safety baseline (see next section) to gain insights into quantum safety issues.Providing Prioritized Insights on Quantum Threats
Based on a risk analysis, prioritize quantum-related issues that pose the greatest threat to the organization.
Quantum Safety Baseline for Internet Protocols
To address the risks posed by quantum computers, NIST is spearheading efforts to develop “quantum safe” algorithms designed to secure information against future quantum threats. Below is a simplified summary of commonly used security algorithms in Internet protocols, their current security status, and potential quantum safe alternatives.
| Security Algorithm | Domain Parameters [Bits] | Security Strength [Bits] | Current FIPS Status | Current Quantum Safety Status | Current Quantum Safe Alternatives | |
|---|---|---|---|---|---|---|
| Key Establishments | ||||||
| DH(E) | p, q <= 1024, 160 | < 112 | Disallowed | CRYSTALS-KYBER | ||
| p, q = 2048, 224 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| p, q >= 3072, 256 | >=128 | Disallowed after 2035 | ||||
| ECDH(E) | k<= 223 | < 112 | Disallowed | |||
| 223 < k < 256 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| k >= 256 | >=128 | Disallowed after 2035 | ||||
| RSA | k = 1024 | < 112 | Disallowed | |||
| k = 2048 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| k >= 3072 | >=128 | Disallowed after 2035 | ||||
| Digital Signatures | ||||||
| DSA | p, q <= 1024, 160 | < 112 | Disallowed | CRYSTALS-Dilithium, SPHINCS+, FALCON | ||
| p, q = 2048, 224 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| p, q >= 3072, 256 | >=128 | Disallowed after 2035 | ||||
| ECDSA | k<= 223 | < 112 | Disallowed | |||
| 223 < k < 256 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| k >= 256 | >=128 | Disallowed after 2035 | ||||
| RSA | k = 1024 | < 112 | Disallowed | |||
| k = 2048 | 112 | Acceptable | Deprecated after 2030, Disallowed after 2035 | |||
| k >= 3072 | >=128 | Disallowed after 2035 | ||||
| Block Ciphers | ||||||
| AES | k >=128 | >= 128 | Acceptable | AES >=256 | ||
| Hash Functions | ||||||
| SHA-1 | Any Length | < 112 | Disallowed | SHA-2, SHA-3 Families >= 256 | ||
| SHA-2 Family | h = 224 | 112 | Acceptable | |||
| SHA-2 Family | h >= 256 | >=128 | ||||
- p, q: Public key size, private key size
- n: Size of modulus for RSA; the order of the base point G for ECDH(E) and ECDSA
- k: Key size
- h: Hash value length
Conclusion
In today’s evolving digital landscape, with quantum computing on the horizon, integrating quantum threat analysis into the exposure management process is crucial. Laying a solid foundation today, through robust exposure management, is essential for building quantum-resilient networks of tomorrow.
Selected Glossary
AES: Advanced Encryption Standard
BSI: Bundesamt für Sicherheit in der Informationstechnik
DH: Diffie-Hellman
DHE: Diffie-Hellman Ephemeral
DSA: Digital Signature Algorithm
ECC: Elliptic Curve Cryptography
ECDH: Elliptic Curve Diffie-Hellman
ECDHE: Elliptic Curve Diffie-Hellman Ephemeral
ECDSA: Elliptic Curve Digital Signature Algorithm
FIPS: Federal Information Processing Standards
NIST: National Institute of Standards and Technology
RSA: Rivest-Shamir-Adleman
SHA: Secure Hash Algorithm
