Tao Liu,Gowri Ramachandran,Raja Jurdak

2024-01-31

Abstract:Due to recent development in quantum computing, the invention of a large quantum computer is no longer a distant future. Quantum computing severely threatens modern cryptography, as the hard mathematical problems beneath classic public-key cryptosystems can be solved easily by a sufficiently large quantum computer. As such, researchers have proposed PQC based on problems that even quantum computers cannot efficiently solve. Generally, post-quantum encryption and signatures can be hard to compute. This could potentially be a problem for IoT, which usually consist lightweight devices with limited computational power. In this paper, we survey existing literature on the performance for PQC in resource-constrained devices to understand the severeness of this problem. We also review recent proposals to optimize PQC algorithms for resource-constrained devices. Overall, we find that whilst PQC may be feasible for reasonably lightweight IoT, proposals for their optimization seem to lack standardization. As such, we suggest future research to seek coordination, in order to ensure an efficient and safe migration toward IoT for the post-quantum era.

Cryptography and Security

Tiago M. Fernandez-Carames

DOI: https://doi.org/10.1109/JIOT.2019.2958788

2024-02-02

Abstract:This article provides a survey on what can be called post-quantum IoT systems (IoT systems protected from the currently known quantum computing attacks): the main post-quantum cryptosystems and initiatives are reviewed, the most relevant IoT architectures and challenges are analyzed, and the expected future trends are indicated. Thus, this paper is aimed at providing a wide view of post-quantum IoT security and give useful guidelines to the future post-quantum IoT developers.

Cryptography and Security

Ponnuru Raveendra Babu,Sathish A.P. Kumar,Alavalapati Goutham Reddy,Ashok Kumar Das

DOI: https://doi.org/10.1016/j.cosrev.2024.100676

IF: 8.757

2024-09-03

Computer Science Review

Abstract:This study provides an in-depth survey of quantum secure authentication and key agreement protocols, investigating the dynamic landscape of cryptographic techniques within the realm of quantum computing. With the potential threat posed by quantum computing advancements to classical cryptographic protocols, the exploration of secure authentication and key agreement in the quantum era becomes imperative for safeguarding communication systems. The research scrutinizes evolving methodologies and innovations designed to enhance the security of authentication processes and key agreements in the context of quantum computing. A comprehensive examination of existing protocols is conducted, elucidating their strengths, limitations, and potential vulnerabilities. The research includes a comparative assessment of security features and computational burdens associated with various quantum secure authentication and key agreement protocols. The survey concludes by underscoring the urgent need for further research in the development of secure and efficient quantum cloud computing environments, as well as lightweight post-quantum cryptographic primitives, to ensure the viability of quantum secure authentication protocols on a universal scale. This comprehensive overview serves as a valuable resource for researchers, practitioners, and policymakers in the rapidly evolving field of quantum secure communication.

computer science, information systems, theory & methods, software engineering

Yi-Kai Liu,Dustin Moody

DOI: https://doi.org/10.1103/physrevapplied.21.040501

Abstract:We review the current status of efforts to develop and deploy post-quantum cryptography on the Internet. Then we suggest specific ways in which quantum technologies might be used to enhance cybersecurity in the near future and beyond. We focus on two goals: protecting the secret keys that are used in classical cryptography, and ensuring the trustworthiness of quantum computations. These goals may soon be within reach, thanks to recent progress in both theory and experiment. This progress includes interactive protocols for testing quantumness as well as for performing uncloneable cryptographic computations; and experimental demonstrations of device-independent random number generators, device-independent quantum key distribution, quantum memories, and analog quantum simulators.

Hadi Gharavi,Jorge Granjal,Edmundo Monteiro

DOI: https://doi.org/10.1109/comst.2024.3355222

IF: 35.6

2024-01-01

IEEE Communications Surveys & Tutorials

Abstract:Blockchain is becoming increasingly popular in the business and academic communities because it can provide security for a wide range of applications. Therefore, researchers have been motivated to exploit blockchain characteristics, such as data immutability, transparency, and resistance to single-point failures in the Internet of Things (IoT), to increase the security of the IoT ecosystem. However, many existing blockchains rely on classical cryptosystems such as the Elliptic Curve Digital Signature Algorithm (ECDSA) and SHA-256 to validate transactions, which will be compromised by Shor and Grover’s algorithms running on quantum computers in the foreseeable future. Post-Quantum Cryptosystems (PQC) are an innovative solution for resisting quantum attacks that can be applied to blockchains, resulting in the creation of a new type of blockchain known as Post-Quantum Blockchains (PQB). In this survey, we will look at the different types of PQC and their recent standard primitives to determine whether they can enable security for blockchain-based IoT applications. It also briefly introduces blockchain and outlines recent blockchain-IoT application proposals. To the best of our knowledge, this is the first study to examine how post-quantum blockchains are being developed and how they can be used to create security mechanisms for different IoT applications. Finally, this study explores the main challenges and potential research directions that arise from integrating quantum-resistance blockchains into IoT ecosystems.

computer science, information systems,telecommunications

Gustavo Banegas,Koen Zandberg,Adrian Herrmann,Emmanuel Baccelli,Benjamin Smith

DOI: https://doi.org/10.48550/arXiv.2106.05577

2021-06-11

Abstract:As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider attackers with access to quantum computing power. The SUIT standard (specified by the IETF) defines a security architecture for IoT software updates, standardizing the metadata and the cryptographic tools-namely, digital signatures and hash functions-that guarantee the legitimacy of software updates. While the performance of SUIT has previously been evaluated in the pre-quantum context, it has not yet been studied in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we overview post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on lowpower, microcontroller-based IoT devices which have stringent resource constraints in terms of memory, CPU, and energy consumption. We benchmark a selection of proposed post-quantum signature schemes (LMS, Falcon, and Dilithium) and compare them with current pre-quantum signature schemes (Ed25519 and ECDSA). Our benchmarks are carried out on a variety of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. We interpret our benchmark results in the context of SUIT, and estimate the real-world impact of post-quantum alternatives for a range of typical software update categories. CCS CONCEPTS $\bullet$ Computer systems organization $\rightarrow$ Embedded systems.

Cryptography and Security

Dr. G S Mamatha,Namya Dimri,Rasha Sinha

2024-03-18

Abstract:The advent of quantum computing poses a profound threat to traditional cryptographic systems, exposing vulnerabilities that compromise the security of digital communication channels reliant on RSA, ECC, and similar classical encryption methods. Quantum algorithms, notably Shor's algorithm, exploit the inherent computational power of quantum computers to efficiently solve mathematical problems underlying these cryptographic schemes. In response, post-quantum cryptography (PQC) emerged as a critical field aimed at developing resilient cryptographic algorithms impervious to quantum attacks. This paper delineates the vulnerabilities of classical cryptographic systems to quantum attacks, elucidates the principles of quantum computing, and introduces various PQC algorithms such as lattice-based cryptography, code-based cryptography, hash-based cryptography, and multivariate polynomial cryptography. Highlighting the importance of PQC in securing digital communication amidst quantum computing advancements, this research underscores its pivotal role in safeguarding data integrity, confidentiality, and authenticity in the face of emerging quantum threats.

Cryptography and Security

Aditya Kumar Sharma,Mritunjay Shall Peelam,Brijesh Kumar Chauasia,Vinay Chamola

DOI: https://doi.org/10.1049/blc2.12059

2023-11-18

IET Blockchain

Abstract:Data underpins modern society and the economy, enabling informed choices and innovation. Protecting data from tampering is crucial, leading to encryption using cryptography, blockchain, and zero trust models. Quantum computing advances aid post‐quantum security, yet adoption hurdles persist. A quantum‐IoT data protection plan is explored here, vital for Industry 4.0, while ongoing quantum innovations promise solutions for present and future challenges. The modern world has its foundation built on data. Data is generated all the time, and many aspects of the society and economy are built upon it. In today's world, data is employed in better decision‐making, innovation, and improving the efficiency of systems. It becomes essential to protect it from being tampered with or misused. Encryptions based on cryptographic systems are used in mainstream data protection these days. There have been newer iterations of mechanisms based on new techniques using blockchain and the zero trust model and even systems that employ fog computing along with content delivery networks. The advent of computation through quantum technologies also helped in developing data security with post‐quantum mechanisms. The critical conditions for the working of these mechanisms hinder their adoption primarily. This also leads current systems to lack one or more of these technologies. Thus, the importance of a unified system that can employ quantum technologies effectively becomes prominent and requires a definitive investigation. In this article, a Quantum‐IoT‐based data protection scheme that can be of value to Industry 4.0 is analyzed. Light is also shed on innovations in quantum computing that can help solve not just current problems but also the future.

Dione Doudou,Seck Boly,Diop Idy,Cayrel Pierre-Louis,Faye Demba,Gueye Ibrahima,Doudou Dione,Boly Seck,Idy Diop,Pierre-Louis Cayrel,Demba Faye,Ibrahima Gueye

DOI: https://doi.org/10.4236/jis.2023.144014

2023-01-01

Journal of Information Security

Abstract:The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.

Yu-Jen Chen,Chien-Lung Hsu,Tzu-Wei Lin,Jung-San Lee

DOI: https://doi.org/10.3390/electronics13081575

IF: 2.9

2024-04-21

Electronics

Abstract:With the rapid development of Internet of Things (IoT) technology, the number of IoT users is growing year after year. IoT will become a part of our daily lives, so it is likely that the security of these devices will be an important issue in the future. Quantum computing is maturing, and the security threat associated with quantum computing will be faced in the transmissions of IoT devices, which mainly use wireless communication technologies. Therefore, to ensure the protection of transmitted data, a cryptographic algorithm that is efficient in defeating quantum computer attacks needs to be developed. In this paper, we propose a device authentication and secure communication system with post-quantum cryptography (PQC) for AIoT environments using the NTRU and Falcon signature mechanism, which can resist quantum computer attacks and be used in AIoT environments to effectively protect the confidentiality, integrity, and non-repudiation of transmitted data. We also used Raspberry Pi to simulate AIoT devices for implementation.

engineering, electrical & electronic,computer science, information systems,physics, applied

Silong Li,Yuxiang Chen,Lin Chen,Jing Liao,Chanchan Kuang,Kuanching Li,Wei Liang,Naixue Xiong

DOI: https://doi.org/10.3390/s23218744

IF: 3.9

2023-10-27

Sensors

Abstract:Cryptography is very essential in our daily life, not only for confidentiality of information, but also for information integrity verification, non-repudiation, authentication, and other aspects. In modern society, cryptography is widely used; everything from personal life to national security is inseparable from it. With the emergence of quantum computing, traditional encryption methods are at risk of being cracked. People are beginning to explore methods for defending against quantum computer attacks. Among the methods currently developed, quantum key distribution is a technology that uses the principles of quantum mechanics to distribute keys. Post-quantum encryption algorithms are encryption methods that rely on mathematical challenges that quantum computers cannot solve quickly to ensure security. In this study, an integrated review of post-quantum encryption algorithms is conducted from the perspective of traditional cryptography. First, the concept and development background of post-quantum encryption are introduced. Then, the post-quantum encryption algorithm Kyber is studied. Finally, the achievements, difficulties and outstanding problems in this emerging field are summarized, and some predictions for the future are made.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ashwin Balaji,Sanjay Kumar Dhurandher

DOI: https://doi.org/10.1002/dac.5246

2022-06-06

International Journal of Communication Systems

Abstract:The proposed approach focuses on reliable end‐to‐end communication using post‐quantum location‐aware encryption, aiming confidentiality and integrity in an IoE environment. The approach also demonstrates a robust attack model which focuses on communication network threats namely, Man‐In‐The‐Middle and Sybil attacks intending to evaluate the overall performance of the network by analyzing the performance parameters like, number of nodes in the network, message size, execution time, and memory consumption by the nodes and aiming to achieve an appreciable accuracy. Summary Internet of Everything (IoE) is one of the emerging technologies in the advancement of digital life and innovation. But the major issue that is to be addressed is the security concerns over such an environment, especially in end‐to‐end device communication. The proposed approach primarily focuses on reliable end‐to‐end device communication using post‐quantum location‐aware encryption, aiming to achieve confidentiality and integrity in an Internet of Everything environment. Even though the post‐quantum techniques have shown to be one of the evolving solutions for reliable data communication, but its robustness against the Man‐In‐The‐Middle and Sybil attacks is still a wide‐open subject and undiscovered. Numerous traditional encryption algorithms are now in use, while post‐quantum encryption is being studied and considered as a quantum‐safe substitute. The proposed approach also demonstrates a robust attack model which focuses on communication network threats like namely, Man‐In‐The‐Middle and Sybil attacks intending to evaluate the overall performance of the network by analyzing the performance parameters like, number of nodes in the network, message size, execution time, and memory consumption by the nodes and aiming to achieve an appreciable accuracy in an IoE environment.

telecommunications,engineering, electrical & electronic

Javier Oliva del Moral,Antonio deMarti iOlius,Gerard Vidal,Pedro M. Crespo,Josu Etxezarreta Martinez

2024-06-11

Abstract:The machinery of industrial environments was connected to the Internet years ago with the scope of increasing their performance. However, this change made such environments vulnerable against cyber-attacks that can compromise their correct functioning resulting in economic or social problems. Moreover, implementing cryptosystems in the communications between operational technology (OT) devices is a more challenging task than for information technology (IT) environments since the OT networks are generally composed of legacy elements, characterized by low-computational capabilities. Consequently, implementing cryptosystems in industrial communication networks faces a trade-off between the security of the communications and the amortization of the industrial infrastructure. Critical Infrastructure (CI) refers to the industries which provide key resources for the daily social and economical development, e.g. electricity. Furthermore, a new threat to cybersecurity has arisen with the theoretical proposal of quantum computers, due to their potential ability of breaking state-of-the-art cryptography protocols, such as RSA or ECC. Many global agents have become aware that transitioning their secure communications to a quantum secure paradigm is a priority that should be established before the arrival of fault-tolerance. In this paper, we aim to describe the problematic of implementing post-quantum cryptography (PQC) to CI environments. For doing so, we describe the requirements for these scenarios and how they differ against IT. We also introduce classical cryptography and how quantum computers pose a threat to such security protocols. Furthermore, we introduce state-of-the-art proposals of PQC protocols and present their characteristics. We conclude by discussing the problematic of integrating PQC in industrial environments.

Cryptography and Security,Quantum Physics

Asif Alif,Khondokar Fida Hasan,Jesse Laeuchli,Mohammad Jabed Morshed Chowdhury

2024-12-08

Abstract:The Internet of Things (IoT) has transformed healthcare, facilitating remote patient monitoring, enhanced medication adherence, and chronic disease management. However, this interconnected ecosystem faces significant vulnerabilities with the advent of quantum computing, which threatens to break existing encryption standards protecting sensitive patient data in IoT-enabled medical devices. This chapter examines the quantum threat to healthcare IoT security, highlighting the potential impacts of compromised encryption, including privacy breaches, device failures, and manipulated medical records. It introduces post-quantum cryptography (PQC) and quantum-resistant techniques like quantum key distribution (QKD), addressing their application in resource-constrained healthcare IoT devices such as pacemakers, monitoring tools, and telemedicine systems. The chapter further explores the challenges of integrating these solutions and reviews global efforts in mitigating quantum risks, offering insights into suitable PQC primitives for various healthcare use cases.

Cryptography and Security

DOI: https://doi.org/10.1007/s11235-022-00979-y

2022-11-24

Telecommunication Systems

Abstract:Scientific and technological breakthroughs carry with themselves a pertinent question—"what's next". The evolution of mobile networks and spectrum technology over the last two decades has only confirmed this well-established fact. The ever-increasing need for broadening frequency bands, connectivity of devices which now run in billions of numbers, lower latency (so that we can enjoy interruption-free services 24 7), increasing intervention of artificial intelligence in our day-to-day life, remote connectivity, and virtual presence to increase our output and reach and many more aspects have only intensified the demand for a more reliable, robust, intelligent, secure and friendly infrastructure through which the data, touted as the new oil for 21st century can be produced, stored and transmitted efficiently. The existing 4G and 5G systems cannot handle the ever-growing latency and connectivity needs of the Internet of Everything. Therefore, in this article, we present the vision of 6G technology with its requirements and discuss the associated challenges and enabler technologies in detail. Yet, with the advent of the quantum computer, all public-key-based techniques employed to provide communication security in existing smart networks, irrespective of underlying communication technology, are prone to quantum attacks. Hence, case studies related to Internet-of-Vehicles and Internet-of-Things utilizing a newly proposed architecture based on quantum secured 6G enabled communication is discussed to realize the secure and efficient Internet of Everything.

telecommunications

Maximilian Schöffel,Frederik Lauer,Carl C Rheinländer,Norbert Wehn,Carl C. Rheinländer

DOI: https://doi.org/10.3390/s22072484

IF: 3.9

2022-03-24

Sensors

Abstract:Recent progress in quantum computers severely endangers the security of widely used public-key cryptosystems and of all communication that relies on it. Thus, the US NIST is currently exploring new post-quantum cryptographic algorithms that are robust against quantum computers. Security is seen as one of the most critical issues of low-power IoT devices—even with pre-quantum public-key cryptography—since IoT devices have tight energy constraints, limited computational power and strict memory limitations. In this paper, we present, to the best of our knowledge, the first in-depth investigation of the application of potential post-quantum key encapsulation mechanisms (KEMs) and digital signature algorithms (DSAs) proposed in the related US NIST process to a state-of-the-art, TLS-based, low-power IoT infrastructure. We implemented these new KEMs and DSAs in such a representative infrastructure and measured their impact on energy consumption, latency and memory requirements during TLS handshakes on an IoT edge device. Based on our investigations, we gained the following new insights. First, we show that the main contributor to high TLS handshake latency is the higher bandwidth requirement of post-quantum primitives rather than the cryptographic computation itself. Second, we demonstrate that a smart combination of multiple DSAs yields the most energy-, latency- and memory-efficient public key infrastructures, in contrast to NIST’s goal to standardize only one algorithm. Third, we show that code-based, isogeny-based and lattice-based algorithms can be implemented on a low-power IoT edge device based on an off-the-shelf Cortex M4 microcontroller while maintaining viable battery runtimes. This is contrary to much research that claims dedicated hardware accelerators are mandatory.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Maximilian Schöffel,Frederik Lauer,Carl C. Rheinländer,Norbert Wehn

DOI: https://doi.org/10.1145/3450268.3453528

2021-05-18

Abstract:Recent achievements in designing quantum computers place a serious threat on the security of state-of-the-art public key cryptography and on all communication that relies on it. Meanwhile, security is seen as one of the most critical issues of low-power IoT devices even with pre-quantum public key cryptography since IoT devices have strict energy constraints and limited computational power. Thus, state-of-the-art dedicated hardware accelerators have been deployed to facilitate secure and confidential communication with well established protocols on such devices. It is common belief that the complexity of the cryptographic computations are also the bottleneck of the new, quantum-resistant algorithms and that hardware accelerators are necessary to use them efficiently on energy constrained embedded devices. In this paper, we carried out an in-depth investigation of the application of potential Post-Quantum Cryptography algorithms, which were proposed in the associated US NIST process, to a representative TLS-based low-power IoT infrastructure. First, we show that the main contributor to the TLS handshake latency are the higher bandwidth requirements of post-quantum Key-Encapsulation Mechanisms rather than the cryptographic computations itself. Second, from the perspective of crypto-agility we show that edge devices with code-based, isogeny-based as well as lattice-based algorithms have low energy consumption, which enables long battery run times in typical IoT scenarios without dedicated hardware accelerators. Third, we increase the level of security further by combining pre-quantum and post-quantum algorithms to a hybrid key exchange, and quantify the overhead in energy consumption and latency of it.

Mritunjay Shall Peelam,Anjaney Asreet Rout,Vinay Chamola

DOI: https://doi.org/10.1049/qtc2.12079

2023-11-30

IET Quantum Communication

Abstract:Quantum computing (QC) improves computer performance. Its speedier data processing solves several issues. QC is promising for unstructured search, quantum simulation, and network optimisation. Speed and precision may help machine learning and other technologies. QC may improve IoT accuracy, speed, and security, according to this research. QC can optimise IoT networks, increase endpoint processing, secure IoT, develop a quantum sensor, quantum digital marketing, a quantum‐secured smart lock, and more. The rapidly developing discipline of quantum computing (QC) employs ideas from quantum physics to improve the performance of traditional computers and other devices. Because of the dramatically improved speed at which it processes data, it can be applied to various issues. QC has many potential applications, but three of the most exciting applications are unstructured search, quantum simulation, and network optimisation. Several existing technologies, such as machine learning, may benefit from its increased speed and precision. In this study, the authors will explore how the principles of QC might be applied to the Internet of Things (IoT) to improve its accuracy, speed, and security. Several approaches exist for achieving this goal, such as network optimisation in IoT using QC, faster computation at IoT endpoints, securing IoT using QC, a quantum sensor for IoT, quantum digital marketing, quantum‐secured smart lock etc.

Emils Bagirovs,Grigory Provodin,Tuomo Sipola,Jari Hautamäki

DOI: https://doi.org/10.34190/eccws.23.1.2247

2024-09-17

Abstract:With the constantly advancing capabilities of quantum computers, conventional cryptographic systems relying on complex math problems may encounter unforeseen vulnerabilities. Unlike regular computers, which are often deemed cost-ineffective in cryptographic attacks, quantum computers have a significant advantage in calculation speed. This distinction potentially makes currently used algorithms less secure or even completely vulnerable, compelling the exploration of post-quantum cryptography (PQC) as the most reasonable solution to quantum threats. This review aims to provide current information on applications, benefits, and challenges associated with the PQC. The review employs a systematic scoping review with the scope restricted to the years 2022 and 2023; only articles that were published in scientific journals were used in this paper. The review examined the articles on the applications of quantum computing in various spheres. However, the scope of this paper was restricted to the domain of the PQC because most of the analyzed articles featured this field. Subsequently, the paper is analyzing various PQC algorithms, including lattice-based, hash-based, code-based, multivariate polynomial, and isogeny-based cryptography. Each algorithm is being judged based on its potential applications, robustness, and challenges. All the analyzed algorithms are promising for the post-quantum era in such applications as digital signatures, communication channels, and IoT. Moreover, some of the algorithms are already implemented in the spheres of banking transactions, communication, and intellectual property. Meanwhile, despite their potential, these algorithms face serious challenges since they lack standardization, require vast amounts of storage and computation power, and might have unknown vulnerabilities that can be discovered only with years of cryptanalysis.

Cryptography and Security,Emerging Technologies