The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks undermine current asymmetric cryptographic algorithms, rendering them ineffective. Even symmetric key cryptography is vulnerable, albeit to a lesser extent, suggesting longer keys or extended hash functions for security. Thus, current cryptographic solutions are inadequate against emerging quantum threats. Organizations must transition to quantum-safe environments with robust continuity plans and meticulous risk management. This study explores the challenges of migrating to quantum-safe cryptographic states, introducing a comprehensive security risk assessment framework. We propose a security risk assessment framework that examines vulnerabilities across algorithms, certificates, and protocols throughout the migration process (pre-migration, during migration, post-migration). We link these vulnerabilities to the STRIDE threat model to assess their impact and likelihood. Then, we discuss practical mitigation strategies for critical components like algorithms, public key infrastructures, and protocols. Our study not only identifies potential attacks and vulnerabilities at each layer and migration stage but also suggests possible countermeasures and alternatives to enhance system resilience, empowering organizations to construct a secure infrastructure for the quantum era. Through these efforts, we establish the foundation for enduring security in networked systems amid the challenges of the quantum era.

翻译：大规模量子计算的兴起对传统密码安全措施构成了重大威胁。量子攻击削弱了当前非对称密码算法的有效性，使其失效。尽管对称密钥密码受攻击影响程度较低，但仍存在脆弱性，需通过延长密钥或使用增强型哈希函数来保障安全性。因此，现有密码解决方案难以应对新兴的量子威胁。组织必须向量子安全环境过渡，制定稳健的连续性计划并进行细致风险管理。本研究探讨了向量子安全密码状态迁移所面临的挑战，并提出了一套全面的安全风险评估框架。我们提出的安全风险评估框架考察了迁移全过程（迁移前、迁移中、迁移后）中算法、证书及协议的脆弱性。通过将这些脆弱性与STRIDE威胁模型关联，我们评估了其影响及发生概率。随后，针对算法、公钥基础设施及协议等关键组件，讨论了实际缓解策略。本研究不仅识别了各层级及迁移阶段的潜在攻击与脆弱性，还提出了增强系统韧性的应对措施及替代方案，助力组织构建面向量子时代的安全基础设施。通过上述工作，我们为量子时代挑战下网络系统的持久安全奠定了基础。