Quantum Resistant Authenticated Key Exchange for OPC UA using Hybrid X.509 Certificates

View/Open
Cita com:
hdl:2117/191775
Document typeMaster thesis
Date2020-04
Rights accessOpen Access
All rights reserved. This work is protected by the corresponding intellectual and industrial
property rights. Without prejudice to any existing legal exemptions, reproduction, distribution, public
communication or transformation of this work are prohibited without permission of the copyright holder
Abstract
While the current progress in quantum computing opens new opportunities in a wide range of scientific fields, it poses a serious threat to today?s asymmetric cryptography. New quantum resistant primitives are already available but under active investigation. To avoid the risk of deploying immature schemes we combine them with well-established classical primitives to hybrid schemes, thus hedging our bets. Because quantum resistant primitives have higher resource requirements, the transition to them will affect resource constrained IoT devices in particular. We propose two modifications for the authenticated key establishment process of the industrial machine-to-machine communication protocol OPC UA to make it quantum resistant. Our first variant is based on Kyber for the establishment of shared secrets and uses either Falcon or Dilithium for digital signatures in combination with classical RSA. The second variant is solely based on Kyber in combination with classical RSA. We modify existing opensource software (open62541, mbedTLS) to integrate our two proposed variants and perform various performance measurements
SubjectsQuantum communication, Internet of things, Computer security, Comunicació quàntica, Internet de les coses, Seguretat informàtica
DegreeMÀSTER UNIVERSITARI EN ENGINYERIA DE TELECOMUNICACIÓ (Pla 2013)
Files | Description | Size | Format | View |
---|---|---|---|---|
thesis_patrik_scheible.pdf | 11,55Mb | View/Open |