Network Security
Post-Quantum Cryptography Detection and Control
Table of Contents
Post-Quantum Cryptography Detection and Control
NGFWs can detect, block or allow, and log TLSv1.3 sessions that use post-quantum
cryptography.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Depending on the products you're using, you need at least one
of...
|
Post-quantum cryptography (PQC) algorithms and
hybrid PQC algorithms (classical and PQC algorithms combined) are accessible through
open-source libraries and integrated into web browsers and other technologies. Traffic
encrypted by PQC or hybrid PQC algorithms can't be decrypted yet, making these
algorithms vulnerable to misuse. However, you can prevent the misuse of PQC and hybrid
PQC algorithms and make informed decisions by monitoring PQC activity on your
network.
Using a Palo Alto Networks Next-Generation Firewall (NGFW), you can
detect, block, and log the use of PQC and hybrid PQC algorithms in TLSv1.3 sessions.
This is done automatically based on the settings in your decryption policy rules. Review your rules and update your decryption configuration as needed to
get the most visibility into PQC activity. These actions should be part of your post-quantum migration planning and
preparation strategy.
- How the NGFW Detects and Handles Post-Quantum Cryptography
- Post-Quantum Cryptography and Decryption Logs
- Decryption Configuration Recommendations
How the NGFW Detects and Handles Post-Quantum Cryptography
If SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection decryption
policy rule, the NGFW prevents negotiation with PQC, hybrid PQC, and other
unsupported algorithms. The
following detection and blocking process enables the NGFW to continuously decrypt
and identify threats during a session:
- ClientHello Inspection. The NGFW checks the ClientHello for the supported_groups TLS extension. This extension specifies the groups that the client supports for key exchange.
- Comparison of Values. The NGFW compares the hexadecimal value in the supported-groups extension to a set of known values for PQC and hybrid PQC algorithms. This is how the NGFW identifies the specific algorithms supported by the client.
- Removal of Unsupported Algorithms. When SSL Forward Proxy and Inbound Inspection decryption policy rules are applied, the NGFW removes PQC, hybrid PQC, and other unsupported algorithms from the ClientHello. This forces the client to negotiate exclusively with classical algorithms.
- Session Restart and Negotiation with Classical Algorithms. The session restarts, and the client and server negotiate with classical algorithms. (For a list of supported cipher suites, see PAN-OS 11.1 Decryption Cipher Suites.)
However, if the client strictly negotiates PQC, hybrid PQC, or other unsupported
algorithms, the NGFW drops the session.
If SSL traffic matches a “no-decrypt” decryption policy rule or doesn’t match any
decryption policy rules, the NGFW allows negotiation with PQC or hybrid PQC
algorithms. However, details of sessions that negotiate these algorithms are
available in decryption logs only when session traffic matches a “no-decrypt”
decryption policy rule.
Post-Quantum Cryptography and Decryption Logs
Decryption logs provide visibility into
post-quantum cryptography activity on your network for sessions that negotiate PQC
or hybrid PQC algorithms and match a “no decrypt” decryption policy rule. The
decryption logs for sessions matching this criteria include details such as the key
exchange (KE) and the negotiated EC curve.
In the case where SSL traffic matches an SSL Forward Proxy or SSL Inbound
Inspection decryption policy rule and the client only supports post-quantum
algorithms, the session is dropped. The error column in the corresponding
decryption log states that the client only supports post-quantum
algorithms.
By default, the NGFW generates decryption logs for all unsuccessful TLS
handshake traffic. However, you can log both successful and unsuccessful TLS
handshakes in the Log Settings of decryption policy rules (). Configure Decryption Logging shares
additional considerations.
| If Decryption Policy Rule Triggered | If Decryption Policy Rule with No-Decrypt Action Triggered | If No Decryption Policy Rule Is Triggered | ||
|---|---|---|---|---|
| Client Supports Classical Algorithms | Client Only Supports PQC or Hybrid PQC Algorithms | |||
| Session Status | PQC and hybrid PQC algorithms are stripped from the ClientHello, and the session restarts with classical algorithms | PQC algorithms are stripped from the ClientHello, and the session is dropped | Session successfully negotiates with a PQC or hybrid PQC algorithm (no decryption) | Session successfully negotiates with PQC or hybrid PQC algorithm (no decryption) |
| Decryption Log Behavior | Decryption logs note negotiation of a classical algorithm (a PQC algorithm isn’t noted as it wasn’t negotiated) | Log records the “Client only supports Post-Quantum algorithms" error message | The Negotiated EC Curve column records the name of the PQC or hybrid PQC algorithm negotiated | No log generated |
Decryption Configuration Recommendations
Review the logging settings in your decryption policy rules and use other tools for
enhanced visibility and control over PQC and hybrid PQC activity in your network.
The following recommendations assume a security-first approach to detection,
enforcement, and logging:
- Log successful and unsuccessful handshakes in the Log Settings of decryption policy rules. Select , and then select Log Successful SSL Handshakes and Log Unsuccessful SSL Handshakes.Logging all TLS handshakes may increase the volume of logs on your system. The default quota for decryption logs is one percent of your NGFW's log storage capacity. To configure a larger log storage space quota for decryption logs, select . (Configure Decryption Logging provides more details.)
- Create exclusions or separate rules for internal testing of PQC and hybrid PQC algorithms.
- To log traffic that you don’t decrypt, create a policy-based decryption exclusion or apply a “no decrypt” decryption profile to the decryption policy rules that govern this traffic.
- Review the global counter for PQC and hybrid PQC algorithms. The counter increments whenever a client attempts to negotiate with a PQC or hybrid PQC algorithm. Use the following CLI command: show counter global name ssl_pqc_session_cnt.