The Viability of Post-quantum X.509 Certificates

If quantum computers were built, they would pose concerns for public key cryptography as we know it. Among other cryptographic techniques, they would jeopardize the use of PKI X.509 certificates (RSA, ECDSA) used today for authentication. To overcome the concern, new quantum secure signature schemes have been proposed in the literature. Most of these schemes have significantly larger public key and signature sizes than the ones used today. Even though post-quantum signatures could work well for some usecases like software signing, there are concerns about the effect their size and processing cost would have on technologies using X.509 certificates. In this work, we investigate the viability of post-quantum signatures in X.509 certificates and protocols that use them (e.g. TLS, IKEv2). We prove that, in spite of common concerns, they could work in today\u27s protocols and could be a viable solution to the emergence of quantum computing. We also quantify the overhead they introduce in protocol connection establishment and show that even though it is significant, it is not detrimental. Finally, we formalize the areas of further testing necessary to conclusively establish that the signature schemes standardized in NIST\u27s PQ Project can work with X.509 certs in a post-quantum Internet

Post-Quantum Authentication in TLS 1.3: A Performance Study

The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees. Since PQ algorithms present significant differences over classical ones, their overall evaluation should not be performed out-of-context. This work presents a detailed performance evaluation of the NIST signature algorithm candidates and investigates the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In addition, we investigate their impact on TLS session throughput and analyze the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations. Our results demonstrate that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argue that many NIST PQ candidates can effectively be used for less time-sensitive applications, and provide an in-depth discussion on the integration of PQ authentication in encrypted tunneling protocols, along with the related challenges, improvements, and alternatives. Finally, we propose and evaluate the combination of different PQ signature algorithms across the same certificate chain in TLS. Results show a reduction of the TLS handshake time and a significant increase of a server\u27s TLS tunnel connection rate over using a single PQ signature scheme

Design of required recommendations for it solution deployment in a multinational environment

Català: El present projecte pretén donar una solució a una empresa multinacional que ha procedit a la adquisició de vàries fàbriques a diferents països arran d'Europa i el Nord d'Àfrica i es troba en un caos tecnològic degut a la variada naturalesa de components i proveïdors en matèria de telecomunicacions degut a les esmentades adquisicions. L'objectiu del projecte es la definició d'una sèrie de requisits que hauran de complir tots el elements involucrats per facilitar la feina de comparar entre diferents fabricants i escollir en cada cas el producte mes adient. Afegit a aquestes recomanacions per provar la bondat de les mateixes es duu a terme la posta en marxa d'una de les seus adquirides basant-se en els components escollits.Castellano: El presente proyecto pretende dar solución a una empresa multinacional que tras la adquisición de varias fábricas en diferentes países en Europa y Norte de África se halla sumida en un caos tecnológico debido a la variada naturaleza de componentes y proveedores en materia de telecomunicaciones derivada de dichas adquisiciones. El objetivo del proyecto es la definición de una serie de requisitos que deberán cumplir todos los elementos involucrados para poder comparar entre diferentes fabricantes y escoger en cada caso el producto más adecuado. Como añadido a la definición de las recomendaciones y a modo de prueba de las mismas se lleva a cabo la puesta en marcha de una de las sedes adquiridas basándose en los componentes escogidos.Encglish: The aim of current project is to give a solution to a multinational company that has recently acquired many factories around Europe and North Africa and itâ s currently in a technological chaos due to different nature of components and providers in telecommunications environment of recently acquired factories. The objective of the project is to define main requirements that should meet all involved components to be able to compare among manufacturers and to choose the right product in each field. Add to this recommendations definition and in order to verify the goodness of them, the implementation of one of them is carried out based on chosen components