Skip to content

Added Quantum Threat and Mitigation in Cbom (#727) #728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sudhirverma merged 2 commits into from
Jul 8, 2025
Merged

Added Quantum Threat and Mitigation in Cbom (#727) #728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2169902
Added Quantum Threat and Mitigation in Cbom (#727)
sudhirverma Jul 8, 2025
37c84e4
Added Quantum Threat and Mitigation in Cbom (#729)
sudhirverma Jul 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/apiDetailsConfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@
"token": ""
},
"activeTool": "github",
"version": "0.28.7",
"version": "0.28.8",
"labName": "Be-Secure Community Lab"
}
84 changes: 77 additions & 7 deletions src/pages/BesVersionHistory/AssessmentReport/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,25 @@ import FetchSastReport from './FetchSastReport';
import { PieChart, Pie, Legend, Cell, Tooltip, Sector } from 'recharts';

import cryptoDictionary from '../../../resources/crypto-dictionary.json';
import rawCryptoAsset from '../../../resources/crypto-assets.json';

import * as d3 from 'd3';
import { ArrowBackIos, ArrowForwardIos } from '@mui/icons-material';

type CryptoPrimitive = keyof typeof cryptoDictionary

type CryptoAssetEntry = {
"Quantum Threat": string;
Mitigation: string;
};

type CryptoAssetMap = {
[key: string]: CryptoAssetEntry; // index signature
};

const cryptoAsset = rawCryptoAsset as CryptoAssetMap;


export const fetchJsonData = async (link: any, setJsonData: any, defaultJson?: any) => {
try {
const response = await fetchJsonReport(link, defaultJson);
Expand Down Expand Up @@ -522,6 +536,8 @@ const TABLE_HEAD = [
},
{ id: 'Primitive', label: 'Primitive', alignRight: false },
{ id: 'Location', label: 'Location', alignRight: false },
{ id: 'Quantum Threat', label: 'Quantum Threat', alignRight: false },
{ id: 'Mitigation', label: 'Mitigation', alignRight: false },
];

type BubbleData = {
Expand Down Expand Up @@ -946,6 +962,52 @@ const SortedLegend = ({
);
};

const interpolate = (template: string, context: Record<string, any>) => {
return template.replace(/\$\{(\w+)\}/g, (_, key) =>
context[key] !== undefined && context[key] !== null ? context[key] : 'unknown'
);
};

const getBaseName = (str: string) =>
str.split('@')[0] || str;

const getMatchKey = (name: string, cryptoGraphyAsset: any) => {
const baseName = getBaseName(name).toLowerCase();
return (
Object.keys(cryptoGraphyAsset).find(
(key) => key.toLowerCase() === baseName
) || 'Unspecified'
);
};

const renderThreatInfo = (row: any, cryptoGraphyAsset: any) => {
const props = row.cryptoProperties || {};
const algProps = props.algorithmProperties || {};
const relProps = props.relatedCryptoMaterialProperties || {};
const primitive = algProps.primitive || relProps.type || '';
const curve = algProps.curve || '';
const keySize = algProps.parameterSetIdentifier || 'unknown';
const usage = (algProps.cryptoFunctions || []).join(', ') || '';

const matchKey = getMatchKey(row.name, cryptoGraphyAsset);
const threatInfo = cryptoGraphyAsset[matchKey];

const context = { keySize, curve, usage, primitive };
if (matchKey === "Unspecified") {
return {
threat: "Quantum threat unknown or not assessed.",
mitigation: "Review cryptographic asset for quantum-safe alternatives.",
isKnown: false
};
}

return {
threat: interpolate(threatInfo["Quantum Threat"], context),
mitigation: interpolate(threatInfo.Mitigation, context),
isKnown: true
};
};

const CryptographyModal = ({ cryptography }: any) => {
const cryptoPrimitivesData = generateCryptoStats(cryptography);
const cryptoFunctionsData = generateCryptoFunctionsData(cryptography);
Expand Down Expand Up @@ -1172,30 +1234,38 @@ const CryptographyModal = ({ cryptography }: any) => {
(occurrence: any) => ({
name: component.name.toUpperCase(),
primitive:
component.cryptoProperties?.algorithmProperties?.primitive.toUpperCase() ||
'Unspecified',
component.cryptoProperties?.algorithmProperties?.primitive.toUpperCase() ||
'Unspecified',
filename: `${occurrence.location.split('/').pop()}:${occurrence.line}`,
cryptoProperties: component.cryptoProperties,
})
)
)
.slice(
page * rowsPerPage,
page * rowsPerPage + rowsPerPage
) // <-- Apply pagination here
.map((row: any, index: any) => (
<TableRow key={ index }>
.map((row: any, index: any) => {
const threat = renderThreatInfo(row, cryptoAsset);
return (<TableRow key={ index }>
<TableCell>{ row.name }</TableCell>
<TableCell>
<div>{ row.primitive }</div>
<div style={ { color: '#888' } }>
{ cryptoDictionary?.[
row.primitive.toLowerCase() as CryptoPrimitive
row.primitive.toLowerCase() as CryptoPrimitive
]?.fullName || '' }
</div>
</TableCell>
<TableCell>{ row.filename }</TableCell>
</TableRow>
)) }
<TableCell style={ { color: threat.isKnown ? '#c9302c' : '#d9534f' } }>
{ threat.threat }
</TableCell>
<TableCell style={ { color: threat.isKnown ? '#449d44' : '#5cb85c' } }>
{ threat.mitigation }
</TableCell>
</TableRow>);
}) }
</TableBody>
</Table>
<TablePagination
Expand Down
130 changes: 130 additions & 0 deletions src/resources/crypto-assets.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
{
"ECDH": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can recover private keys).",
"Mitigation": "Transition to post-quantum key exchange (e.g., Kyber) or hybrid key exchange."
},
"SHA1": {
"Quantum Threat": "Weak against classical and quantum attacks. Grover’s algorithm halves security.",
"Mitigation": "Replace with SHA-256 or SHA-3 for better quantum and classical resistance."
},
"EC": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can recover private keys).",
"Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
},
"EC-secp521r1": {
"Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: secp521r1.",
"Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
},
"key": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"RAW": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"EdDSA": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
"Mitigation": "Use post-quantum signature algorithms (e.g., Dilithium, Falcon)."
},
"HMAC-SHA256": {
"Quantum Threat": "Grover’s algorithm halves effective key security.",
"Mitigation": "Use longer keys (e.g., 256 bits) and quantum-resistant hash functions."
},
"RSA-2048": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor 2048-bit keys).",
"Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based)."
},
"DSA": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
"Mitigation": "Transition to post-quantum signature algorithms."
},
"Ed25519": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
"Mitigation": "Use post-quantum signature algorithms."
},
"secret-key": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"EC-secp384r1": {
"Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
"Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
},
"AES": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"SHA512": {
"Quantum Threat": "Hash Function: Reduces security margin with the usage of a quantum computer",
"Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
},
"TLS": {
"Quantum Threat": "Protocol: TLS 1.2 uses RSA which is a threat due to Shor’s Algorithm",
"Mitigation": "Move to post-quantum or hybrid key exchange schemes, TLS 1.3 with Kyber 512(PQC)"
},
"HMACSHA2": {
"Quantum Threat": "Hash Function with Secret: Vulnerable due to Grover’s algorithm quadratic speed up.",
"Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
},
"MGF1": {
"Quantum Threat": "Mask Generation Function: Vulnerable due to Grover’s algorithm quadratic speed up.",
"Mitigation": "Move to post-quantum or hybrid key exchange schemes"
},
"AES128-CBC-PKCS5": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
"Mitigation": "Move to post-quantum or hybrid key exchange schemes"
},
"AES128-GCM": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"ConcatenationKDF": {
"Quantum Threat": "Key Derivation Function: Due to Grover’s algorithm for the underlying hash function.",
"Mitigation": "Move to post-quantum or hybrid key exchange schemes."
},
"SHA256": {
"Quantum Threat": "Hash Function: Reduces security margin with the usage of a quantum computer",
"Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
},
"AES128": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"RSASSA-PSS": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor ${keySize}-bit keys).",
"Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based);"
},
"EC-secp256r1": {
"Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
"Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
},
"RSA-4096": {
"Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor ${keySize}-bit keys).",
"Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based);"
},
"MD5": {
"Quantum Threat": "Hash Function: Not even safe in classical context;",
"Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
},
"HMAC-SHA512": {
"Quantum Threat": "Hash Function with Secret: Partially safe to quantum computer;",
"Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
},
"ELGAMAL": {
"Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
"Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
},
"PBES2": {
"Quantum Threat": "KDF Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"AES256": {
"Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
"Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
},
"PBKDF2-HMAC-SHA512": {
"Quantum Threat": "Hash Function with Secret: Partially safe to quantum computer;",
"Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
}
}