625 research outputs found
Post-Quantum Authentication in TLS 1.3: A Performance Study
The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees. Since PQ algorithms present significant differences over classical ones, their overall evaluation should not be performed out-of-context. This work presents a detailed performance evaluation of the NIST signature algorithm candidates and investigates the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In addition, we investigate their impact on TLS session throughput and analyze the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations.
Our results demonstrate that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argue that many NIST PQ candidates can effectively be used for less time-sensitive applications, and provide an in-depth discussion on the integration of PQ authentication in encrypted tunneling protocols, along with the related challenges, improvements, and alternatives. Finally, we propose and evaluate the combination of different PQ signature algorithms across the same certificate chain in TLS. Results show a reduction of the TLS handshake time and a significant increase of a server\u27s TLS tunnel connection rate over using a single PQ signature scheme
Hybrid post-quantum cryptography in network protocols
Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2023.A segurança de redes é essencial para as comunicações do dia-a-dia. Protocolos como o Transport Layer Security (TLS) e o Automatic Certificate Management Environment (ACME) permitem comunicações seguras para várias aplicações. O TLS fornece canais seguros com autenticação de pares comunicantes, desde que estes pares já possuam um certificado digital para comprovar sua identidade. Já o protocolo ACME contribui com a adoção de TLS com funcionalidades para envio e gerenciamento de certificados digitais. Tanto o TLS quanto o ACME dependem da Criptografia de Chaves Públicas para autenticação e troca de chaves (Key Exchange - KEX). No entanto, o advento do Computador Quântico Criptograficamente Relevante (CQCR) enfraquece os protocolos de KEX e certificados digitais criados com a criptografia clássica usada atualmente, tais como RSA e Diffie-Hellman. Dada a grande adoção do TLS e ACME, esta ameaça alcança uma escala global. Neste contexto, trata-se de tese dos desafios da adoção da Criptografia Pós-Quântica (CPQ) no TLS e ACME, focando-se na abordagem recomendada chamada de CPQ híbrido (ou modo híbrido). A CPQ é criada usando suposições matemáticas diferentes das em uso atualmente. Essas suposições são viáveis ??para construção de esquemas criptográficos resistentes ao computador quântico, pois não se conhece algoritmo (clássico ou quântico) eficiente. Porém, a transição para CPQ é assunto complexo. No modo híbrido, a transição para CPQ é suavizada, pois ela é combinada com a criptografia tradicional. Assim, esta tese defende uma estratégia de adoção de CPQ pelo modo híbrido com as seguintes contribuições: um estudo secundário classificando e mostrando a eficiência e segurança do modo híbrido; uma ferramenta para verificar as garantias quantum-safe em conexões TLS de usuários; um estudo e uma otimização para a emissão de certificados digitais com CPQ no ACME; o projeto e implementação de uma abordagem híbrida para uma alternativa de TLS chamada KEMTLS; e um conceito híbrido inovador, com implementação, para autenticação usando certificados embrulhados. Na maioria dos cenários de avaliações com modo híbrido propostos neste trabalho, as previsões de desempenho não são significativas quando comparadas com a implantação de CPQ sem o modo híbrido. O conceito inovador da autenticação híbrida também habilitou um plano de contingência para o modo híbrido, contribuindo com a adoção do CPQ. Por meio das propostas e avaliações em diferentes cenários, abordagens e protocolos, esta tese soma esforços em direção ao uso de CPQ híbrido para mitigar os efeitos preocupantes da ameaça quântica à criptografia.Abstract: Network security is essential for today?s communications. Protocols such as Transport Layer Security (TLS) and Automatic Certificate Management Environment (ACME) enable secure communications for various applications. TLS provides secure channels with peer authentication, given that the peer already has a digital certificate to prove its identity. ACME contributes to TLS adoption with facilities for issuing and managing digital certificates. Both protocols depend on Public-Key Cryptography for authentication and Key Exchange (KEX) of symmetric key material. However, the advent of a Cryptographically Relevant Quantum Computer (CRQC) weakens KEX and digital certificates built with today?s classical cryptography (like RSA and Diffie-Hellman). Given the widespread adoption of TLS and ACME, such a threat reaches a global scale. In this context, this thesis aims at the challenges of adopting Post- Quantum Cryptography (PQC) in TLS and ACME, focusing on the recommended approach called Hybrid PQC (or hybrid mode). PQC is created using different mathematical assumptions in which there is no known efficient solution by classical and quantum computers. Hybrids ease the PQC transition by combining it with classical cryptography. This thesis defends the hybrid mode adoption by the following contributions: a secondary study classifying and showing hybrid mode efficiency and security; a tool for users checking their TLS connections for quantum-safe guarantees; a study and an optimized approach for issuance of PQC digital certificates in ACME; a design and implementation of a hybrid approach for the TLS alternative called KEMTLS; and a novel hybrid concept (and implementation) for authentication using wrapped digital certificates. In all proposed hybrid mode evaluations, the penalty in performance was non-significant when compared to PQC-only deployment, except in certain situations. The novel concept for hybrid authentication also allows a contingency plan for hybrids, contributing to the PQC adoption. By proposing and evaluating different scenarios, approaches and protocols, this thesis sums efforts towards using hybrid PQC to mitigate the worrisome effects of the quantum threat to cryptography
Quantum-resistant Transport Layer Security
The reliance on asymmetric public key cryptography (PKC) and symmetric encryption for cyber-security in current telecommunication networks is threatened by the emergence of powerful quantum computing technology. This is due to the ability of quantum computers to efficiently solve problems such as factorization or discrete logarithms, which are the basis for classical PKC schemes. Thus, the assumption that communications networks are secure no longer holds true. Quantum Key Distribution (QKD) and post-quantum cryptography (PQC) are the first cyber-security technologies that allow communications to resist the attacks of a quantum computer. To achieve quantum-resistant communications, the aforementioned technologies need to be incorporated into a network security protocol such as Transport Layer Security (TLS). In this paper, we describe and implement two novel, hybrid solutions in which QKD and PQC are combined inside TLS for achieving quantum-resistant authenticated key exchange: Concatenation and Exclusively-OR (XOR). We present the results, in terms of complexity and security enhancement, of integrating state-of-the-art QKD and PQC technologies into a practical, industry-ready TLS implementation. Our findings demonstrate that the adoption of a PQC-only approach enhances the TLS handshake performance by approximately 9 % compared to classical methods. Furthermore, our hybrid PQC-QKD quantum-resistant TLS comes at a performance cost of approximately 117 % during the key establishment process. In return, we substantially augment the security of the handshake, paving the road for the development of future-proof quantum-resistant communication systems based on QKD and PQC.</p
Quantum-resistant Transport Layer Security
The reliance on asymmetric public key cryptography (PKC) and symmetric encryption for cyber-security in current telecommunication networks is threatened by the emergence of powerful quantum computing technology. This is due to the ability of quantum computers to efficiently solve problems such as factorization or discrete logarithms, which are the basis for classical PKC schemes. Thus, the assumption that communications networks are secure no longer holds true. Quantum Key Distribution (QKD) and post-quantum cryptography (PQC) are the first cyber-security technologies that allow communications to resist the attacks of a quantum computer. To achieve quantum-resistant communications, the aforementioned technologies need to be incorporated into a network security protocol such as Transport Layer Security (TLS). In this paper, we describe and implement two novel, hybrid solutions in which QKD and PQC are combined inside TLS for achieving quantum-resistant authenticated key exchange: Concatenation and Exclusively-OR (XOR). We present the results, in terms of complexity and security enhancement, of integrating state-of-the-art QKD and PQC technologies into a practical, industry-ready TLS implementation. Our findings demonstrate that the adoption of a PQC-only approach enhances the TLS handshake performance by approximately 9 % compared to classical methods. Furthermore, our hybrid PQC-QKD quantum-resistant TLS comes at a performance cost of approximately 117 % during the key establishment process. In return, we substantially augment the security of the handshake, paving the road for the development of future-proof quantum-resistant communication systems based on QKD and PQC.</p
Making Existing Software Quantum Safe: Lessons Learned
In the era of quantum computing, Shor's algorithm running on quantum
computers (QCs) can break asymmetric encryption algorithms that classical
computers essentially cannot. QCs, with the help of Grover's algorithm, can
also speed up the breaking of symmetric encryption algorithms. Though the exact
date when QCs will become "dangerous" for practical problems is unknown, the
consensus is that this future is near. Thus, one needs to start preparing for
the era of quantum advantage and ensure quantum safety proactively.
In this paper, we discuss the effect of quantum advantage on the existing
software systems and recap our seven-step roadmap, deemed 7E. The roadmap gives
developers a structured way to start preparing for the quantum advantage era.
We then report the results of a case study, which validates 7E. Our software
under study is the IBM Db2 database system, where we upgrade the existing
cryptographic schemes to post-quantum cryptography (using Kyber and Dilithium
schemes) and report our findings and learned lessons. The outcome of the study
shows that the 7E roadmap is effective in helping to plan the evolution of
existing software security features towards quantum safety
The impact of data-heavy, post-quantum TLS 1.3 on the Time-To-Last-Byte of real-world connections
It has been shown that post-quantum key exchange and authentication with ML-KEM and ML-DSA, NIST’s postquantum algorithm picks, will have an impact on TLS 1.3 performance used in the Web or other applications. Studies so far have focused on the overhead of quantum-resistant algorithms on TLS time-to-first-byte (handshake time). Although these works have been important in quantifying the slowdown in connection establishment, they do not capture the full picture regarding real-world TLS 1.3 connections which carry sizable amounts of data. Intuitively, the introduction of an extra 10KB of ML-KEM and ML-DSA exchanges in the connection negotiation will inflate the connection establishment time proportionally more than it will increase the total connection time of a Web connection carrying 200KB of data. In this work, we quantify the impact of ML-KEM and ML-DSA on typical TLS 1.3 connections which transfer a few hundreds of KB from the server to the client. We study the slowdown in the time-to-last-byte of postquantum connections under normal network conditions and in more unstable environments with high packet delay variability and loss probabilities. We show that the impact of ML-KEM and ML-DSA on the TLS 1.3 time-to-last-byte under stable network conditions is lower than the impact on the handshake and diminishes as the transferred data increases. The time-to-last-byte increase stays below 5% for high-bandwidth, stable networks. It goes from 32% increase of the handshake time to under 15% increase of the time-to-last-byte when transferring 50KiB of data or more under low-bandwidth, stable network conditions. Even when congestion control affects connection establishment, the additional slowdown drops below 10% as the connection data increases to 200KiB. We also show that connections under lossy or volatile network conditions could see higher impact from post-quantum handshakes, but these connections’ time-to-lastbyte increase still drops as the transferred data increases. Finally, we show that such connections are already significantly slow and volatile regardless of the TLS handshake
Quantum-Resistant TLS 1.3:A Hybrid Solution Combining Classical, Quantum and Post-Quantum Cryptography
Hybrid authenticated key exchange combines cryptography key material from different sources (classical, quantum and post-quantum cryptography) to build protocols that are resilient to catastrophic failures, technology advances and future cryptanalytic attacks. In this work, we propose and implement a triple-hybrid version of the transport layer security network protocol TLS 1.3, combining classical and post-quantum cryptography, and quantum key distribution. We evaluate the performance of this triple-hybrid TLS in an experimental network scenario and our analysis shows that the quantum-resistant feature comes at an increased communication cost of approximately 68 % over the total time of the composite handshakes. In exchange, our solution is an enhancement to the TLS 1.3 protocol by adding quantum-resistant cryptography schemes
PERFORMANCE OF HYBRID SIGNATURES FOR PUBLIC KEY INFRASTRUCTURE CERTIFICATES
The modern public key infrastructure (PKI) model relies on digital signature algorithms to provide
message authentication, data integrity, and non-repudiation. To provide this, digital signature algorithms,
like most cryptographic schemes, rely on a mathematical hardness assumption for provable security. As we
transition into a post-quantum era, the hardness assumptions used by traditional digital signature algorithms
are increasingly at risk of being solvable in polynomial time. This renders the entirety of public key
cryptography, including digital signatures, vulnerable to being broken. Hybrid digital signature schemes
represent a potential solution to this problem. In this thesis, we provide the first test implementation of true
hybrid signature algorithms. We evaluate the viability and performance of several hybrid signature schemes
against traditional hybridization techniques via standalone cryptographic operations. Finally, we explore
how hybrid signatures can be integrated into existing X.509 digital certificates and examine their
performance by integrating both into the Transport Layer Security 1.3 protocol.Outstanding ThesisGunnery Sergeant, United States Marine CorpsApproved for public release; distribution is unlimited
Post-Quantum Cryptography for Internet of Things: A Survey on Performance and Optimization
Due to recent development in quantum computing, the invention of a large
quantum computer is no longer a distant future. Quantum computing severely
threatens modern cryptography, as the hard mathematical problems beneath
classic public-key cryptosystems can be solved easily by a sufficiently large
quantum computer. As such, researchers have proposed PQC based on problems that
even quantum computers cannot efficiently solve. Generally, post-quantum
encryption and signatures can be hard to compute. This could potentially be a
problem for IoT, which usually consist lightweight devices with limited
computational power. In this paper, we survey existing literature on the
performance for PQC in resource-constrained devices to understand the
severeness of this problem. We also review recent proposals to optimize PQC
algorithms for resource-constrained devices. Overall, we find that whilst PQC
may be feasible for reasonably lightweight IoT, proposals for their
optimization seem to lack standardization. As such, we suggest future research
to seek coordination, in order to ensure an efficient and safe migration toward
IoT for the post-quantum era.Comment: 13 pages, 3 figures and 7 tables. Formatted version submitted to ACM
Computer Survey
- …