Practical Evaluation of the Crypto-Agility Maturity Model
Leonie Wolf, Samson Umezulike, Gurur Öndarö, Sebastian Schinzel, Fabian Ising
TLDR
This paper evaluates the Crypto Agility Maturity Model (CAMM), identifying significant design flaws and proposing improvements for more reliable assessments.
Key contributions
- First evaluation of the Crypto Agility Maturity Model (CAMM) against established design principles.
- Identified CAMM's ambiguous scope, unclear acceptance criteria, and flawed dependency relations.
- Confirmed issues by applying CAMM to a real-world scenario, finding requirements inapplicable.
- Proposed concrete improvements to CAMM for more consistent and reliable assessments.
Why it matters
Cryptographic agility is crucial for long-term digital security, especially with post-quantum transitions. This paper critically assesses a key model (CAMM) for evaluating this agility, revealing its practical limitations. By proposing improvements, it helps ensure that tools for assessing crypto-agility are robust and reliable, which is vital for future-proofing security.
Original Abstract
Cryptographic agility is a key prerequisite for maintaining the long-term security of digital communication, particularly in light of the transition to post-quantum cryptography. To systematically assess this capability, Hohm et al. proposed the Crypto Agility Maturity Model (CAMM). In this work, we present the first evaluation of the CAMM against established design principles for maturity models. Our analysis reveals that the CAMM only partially satisfies these principles: its scope and target groups remain ambiguous; acceptance criteria are insufficiently operationalized, limiting verifiability and replicability; and dependency relations exhibit redundancies, cycles, and omissions. Applying the CAMM to a simple real-world scenario further confirmed these issues, as several requirements at higher maturity levels proved inapplicable or unclear. Based on these findings, we propose concrete improvements to the CAMM to enable more consistent and reliable assessments of cryptographic agility.
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.