Toward Crypto Agility: Automated Analysis of Quantum-Vulnerable TLS via Packet Inspection
摘要
Quantum computing threatens traditional public-key algorithms such as RSA and ECC, both vulnerable to Shor’s algorithm, making the transition to NIST-standardized Post-Quantum Cryptography (PQC) urgent for most TLS deployments. We present an open-source framework for automated TLS packet analysis to detect quantum-vulnerable algorithms using hierarchical filtering and hybrid certificate extraction that enables TLS 1.3 analysis without full decryption, achieving over 96% detection accuracy. This hierarchical filtering is expected to be particularly effective for large-scale packet analysis, enabling efficient and selective inspection of relevant TLS sessions. A practical evaluation of our work on real TLS traffic demonstrates its applicability in real-world environments, showing that most major service providers have largely transitioned to TLS 1.3, with a few already experimenting with hybrid handshake mechanisms. These findings illustrate that the framework can be readily applied for practical cryptographic inventory and migration planning, providing visibility into actual deployments rather than relying solely on theoretical compliance.