Public Key Infrastructure (PKI) generates and distributes digital certificates to provide the root of trust for securing digital networking systems. To continue securing digital networking in the quantum era, PKI should transition to use quantum-resistant cryptographic algorithms. The cryptography community is developing quantum-resistant primitives/algorithms, studying, and analyzing them for cryptanalysis and improvements. National Institute of Standards and Technology (NIST) selected finalist algorithms for the post-quantum digital signature cipher standardization, which are Dilithium, Falcon, and Rainbow. We study and analyze the feasibility and the processing performance of these algorithms in memory/size and time/speed when used for PKI, including the key generation from the PKI end entities (e.g., a HTTPS/TLS server), the signing, and the certificate generation by the certificate authority within the PKI. The transition to post-quantum from the classical ciphers incur changes in the parameters in the PKI, for example, Rainbow I significantly increases the certificate size by 163 times when compared with RSA 3072. Nevertheless, we learn that the current X.509 supports the NIST post-quantum digital signature ciphers and that the ciphers can be modularly adapted for PKI. According to our empirical implementations-based study, the post-quantum ciphers can increase the certificate verification time cost compared to the current classicalmore »
This content will become publicly available on December 16, 2023
Distributed Cyber-infrastructures and Artificial Intelligence in Hybrid Post-Quantum Era
Distributed cyber-infrastructures and Artificial Intelligence (AI) are transformative technologies that will play a pivotal role in the future of society and the scientific community. Internet of Things (IoT) applications harbor vast quantities of connected devices that collect a massive amount of sensitive information (e.g., medical, financial), which is usually analyzed either at the edge or federated cloud systems via AI/Machine Learning (ML) algorithms to make critical decisions (e.g., diagnosis). It is of paramount importance to ensure the security, privacy, and trustworthiness of data collection, analysis, and decision-making processes. However, system complexity and increased attack surfaces make these applications vulnerable to system breaches, single-point of failures, and various cyber-attacks. Moreover, the advances in quantum computing exacerbate the security and privacy challenges. That is, emerging quantum computers can break conventional cryptographic systems that offer cyber-security services, public key infrastructures, and privacy-enhancing technologies. Therefore, there is a vital need for new cyber-security paradigms that can address the resiliency, long-term security, and efficiency requirements of distributed cyber infrastructures.
In this work, we propose a vision of distributed architecture and cyber-security framework that uniquely synergizes secure computation, Physical Quantum Key Distribution (PQKD), NIST PostQuantum Cryptography (PQC) efforts, and AI/ML algorithms to achieve breach-resilient, functional, and efficient more »
- Award ID(s):
- 1917627
- Publication Date:
- NSF-PAR ID:
- 10388349
- Journal Name:
- 4th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (IEEE TPS)
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Lankes, R. David (Ed.)Resilience is often treated as a single-dimension system attribute, or various dimensions of resilience are studied separately without considering multi-dimensionality. The increasing frequency of catastrophic natural or man-made disasters affecting rural areas demands holistic assessments of community vulnerability and assessment. Disproportionate effects of disasters on minorities, low-income, hard-to-reach, and vulnerable populations demand a community-oriented planning approach to address the “resilience divide.” Rural areas have many advantages, but low population density, coupled with dispersed infrastructures and community support networks, make these areas more affected by natural disasters. This paper will catalyze three key learnings from our current work in public librarians’ roles in disaster resiliency: rural communities are composed of diverse sub-communities, each which experiences and responds to traumatic events differently, depending on micro-geographic and demographic drivers. Rural citizens tend to be very self-reliant and are committed to strengthening and sustaining community resiliency with local human capital and resources. Public libraries are central to rural life, providing a range of informational, educational, social, and personal services, especially in remote areas that lack reliable access to community resources during disasters. Public libraries and their librarian leaders are often a “crown jewel” of rural areas’ community infrastructure and this paper will present amore »
-
Lankes, R.David (Ed.)Resilience is often treated as a single-dimension system attribute, or various dimensions of resilience are studied separately without considering multi-dimensionality. The increasing frequency of catastrophic natural or man-made disasters affecting rural areas demands holistic assessments of community vulnerability and assessment. Disproportionate effects of disasters on minorities, low-income, hard-to-reach, and vulnerable populations demand a community-oriented planning approach to address the “resilience divide.” Rural areas have many advantages, but low population density, coupled with dispersed infrastructures and community support networks, make these areas more affected by natural disasters. This paper will catalyze three key learnings from our current work in public librarians’ roles in disaster resiliency: 1) rural communities are composed of diverse sub-communities, each which experiences and responds to traumatic events differently, depending on micro-geographic and demographic drivers; 2) public libraries are central to rural life, providing a range of informational, educational, social, and personal services, especially in remote areas that lack reliable access to community resources during disasters; and 3) rural citizens tend to be very self-reliant and are committed to strengthening and sustaining community resiliency with local human capital and resources. Public libraries and their librarian leaders are often a “crown jewel” of rural areas’ community infrastructure and thismore »
-
Audit logs play a crucial role in the security of computer systems and are targeted by the attackers due to their forensic value. Digital signatures are essential tools to ensure the authentication/integrity of logs with public verifiability and nonrepudiation. Especially, forward-secure and aggregate signatures (FAS) offer compromise-resiliency and append-only features such that an active attacker compromising a computer cannot tamper or selectively delete the logs collected before the breach. Despite their high-security, existing FAS schemes can only sign a small pre-defined number (K) of logs, and their key-size/computation overhead grows linearly with K. These limitations prevent a practical adoption of FAS schemes for digital forensics. In this paper, we created new signatures named COmpact and REsilient (CORE) schemes, which are (to the best of our knowledge) the first FAS that can sign (practically) unbounded number of messages with only a sub-linear growth in the keysize/computation overhead. Central to CORE is the creation of a novel K-time signature COREKBase that has a small-constant key generation overhead and public key size. We then develop CORE-MMM that harnesses COREK Base via forward-secure transformations. We showed that CORE-MMM significantly outperforms its alternatives for essential metrics. For instance, CORE-MMM provides more than two and onemore »
-
Many currently deployed public-key cryptosystems are based on the difficulty of the discrete logarithm and integer factorization problems. However, given an adequately sized quantum computer, these problems can be solved in polynomial time as a function of the key size. Due to the future threat of quantum computing to current cryptographic standards, alternative algorithms that remain secure under quantum computing are being evaluated for future use. One such algorithm is CRYSTALS-Dilithium, a lattice-based digital signature scheme, which is a finalist in the NIST Post Quantum Cryptography (PQC) competition. As a part of this evaluation, high-performance implementations of these algorithms must be investigated. This work presents a high-performance implementation of CRYSTALS-Dilithium targeting FPGAs. In particular, we present a design that achieves the best latency for an FPGA implementation to date. We also compare our results with the most-relevant previous work on hardware implementations of NIST Round 3 post-quantum digital signature candidates.
