skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Assessing the Viability of Quantum-Resistant IKEv2 over Constrained and Internet-Scale Networks
Within 1–2 decades, quantum computers may become powerful enough to break current public-key cryptography, prompting authorities such as the IETF and NIST to push for adopting quantum-resistant cryptography (QRC) in ecosystems like Internet Protocol Security (IPsec). Yet, IPsec struggles to adopt QRC, primarily because Internet Key Exchange Protocol Version 2 (IKEv2), which sets up IPsec sessions, cannot easily tolerate the large public keys and digital signatures of QRC. Many IETF RFCs have been proposed to integrate QRC into IKEv2, but their performance and interplay remain largely untested in practice. In this paper, we measure the performance of these RFCs over constrained links by developing a flexible, reproducible measurement testbed for IPsec with quantum-resistant IKEv2 proposals. Deploying our testbed in lossy wireless links and on the internationally distributed FABRIC testbed for Internet scenarios, we reveal that bottlenecks arise with quantum-resistant IKEv2 under high round-trip times, non-trivial packet loss, or other constraints. Our results, including the revelation of a 400–1000-fold increase in data overhead over high-loss wireless links, expose the shortcomings of today’s RFCs and call for further work in this vital area of post-quantum network security.  more » « less
Award ID(s):
2239931
PAR ID:
10667667
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
ACM
Date Published:
Page Range / eLocation ID:
28 to 33
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, CSIAC journal)
    This article presents a novel network protocol that incorporates a quantum photonic channel for symmetric key distribution, a Dilithium signature to replace factor-based public key cryptography for enhanced authentication, security, and privacy. The protocol uses strong hash functions to hash original messages and verify heightened data integrity at the destination. This Quantum good authentication protocol (QGP) provides high-level security provided by the theory of quantum mechanics. QGP also has the advantage of quantum-resistant data protection that prevents current digital computer and future quantum computer attacks. QGP transforms the transmission control protocol/internet protocol (TCP/IP) by adding a quantum layer at the bottom of the Open Systems Interconnection (OSI) model (layer 0) and modifying the top layer (layer 7) with Dilithium signatures, thus improving the security of the original OSI model. In addition, QGP incorporates strong encryption, hardware-based quantum channels, post-quantum signatures, and secure hash algorithms over a platform of decryptors, switches, routers, and network controllers to form a testbed of the next-generation, secure quantum internet. The experiments presented here show that QGP provides secure authentication and improved security and privacy and can be adopted as a new protocol for the next-generation quantum internet. 
    more » « less
  2. ; ; ; ; ; (, Applied Cryptography and Network Security (ACNS))
    Quantum computing challenges the computational hardness assumptions anchoring the security of public-key ciphers, such as the prime factorization and the discrete logarithm problem. To prepare for the quantum era and withstand the attacks equipped with quantum computing, the security and cryptography communities are designing new quantum-resistant public-key ciphers. National Institute of Standards and Technology (NIST) is collecting and standardizing the post-quantum ciphers, similarly to its past involvements in establishing DES and AES as symmetric cipher standards. The NIST finalist algorithms for public-key signatures are Dilithium, Falcon, and Rainbow. Finding common ground to compare these algorithms can be difficult because of their design, the underlying computational hardness assumptions (lattice based vs. multivariate based), and the different metrics used for security strength analyses in the previous research (qubits vs. quantum gates). We overcome such challenges and compare the security and the performances of the finalist post-quantum ciphers of Dilithium, Falcon, and Rainbow. For security comparison analyses, we advance the prior literature by using the depth-width cost for quantum circuits (DW cost) to measure the security strengths and by analyzing the security in Universal Quantum Gate Model and with Quantum Annealing. For performance analyses, we compare the algorithms’ computational loads in the execution time as well as the communication costs and implementation overheads when integrated with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our work presents a security comparison and performance analysis as well as the trade-off analysis to inform the post-quantum cipher design and standardization to protect computing and networking in the post-quantum era. 
    more » « less
  3. ; ; ; ; (, IEEE Big Data 2023)
    With the ever-growing concern for internet security, the field of quantum cryptography emerges as a promising solution for enhancing the security of networking systems. In this paper, 20 notable papers from leading conferences and journals are reviewed and categorized based on their focus on various aspects of quantum cryptography, including key distribution, quantum bit commitment, post-quantum cryptography, and counterfactual quantum key distribution. The paper explores the motivations and challenges of employing quantum cryptography, addressing security and privacy concerns along with existing solutions. Secure key distribution, a critical component in ensuring the confidentiality and integrity of transmitted information over a network, is emphasized in the discussion. The survey examines the potential of quantum cryptography to enable secure key exchange between parties, even when faced with eavesdropping, and other applications of quantum cryptography. Additionally, the paper analyzes the methodologies, findings, and limitations of each reviewed study, pinpointing trends such as the increasing focus on practical implementation of quantum cryptography protocols and the growing interest in post-quantum cryptography research. Furthermore, the survey identifies challenges and open research questions, including the need for more efficient quantum repeater networks, improved security proofs for continuous variable quantum key distribution, and the development of quantum-resistant cryptographic algorithms, showing future directions for the field of quantum cryptography. 
    more » « less
  4. ; ; ; ; ; (, IEEE)
    Today's information society relies on cryptography to achieve security goals such as confidentiality, integrity, authentication, and non-repudiation for digital communications. Here, public-key cryptosystems play a pivotal role to share encryption keys and create digital signatures. However, quantum computers threaten the security of traditional public-key cryptosystems as they can tame computational problems underlying the schemes, i.e., discrete logarithm and integer factorization. The prospective arrival of capable-enough quantum computers already threatens today's secret communication in terms of their long-term secrecy when stored to be later decrypted. Therefore, researchers strive to develop and deploy alternative schemes.In this work, we evaluate a key exchange protocol based on combining public-key schemes with physical-layer security, anticipating the prospect of quantum attacks: If a powerful quantum attacker cannot immediately obtain a private key, legitimate parties have a window of short-term secrecy to perform a physical-layer jamming key exchange (JKE) to establish a long-term shared secret. Thereby, the protocol constraints the computation time available to the attacker to break the employed public-key cryptography. In this paper, we outline the protocol, discuss its security, and point out challenges to be resolved. 
    more » « less
  5. ; (, Springer Cham)
    Lenders, V; Blezinger, E; Jang-Jaccard; J; Mulder, V; Mermoud, A (Ed.)
    Emerging satellite networks integrated with terrestrial and aerial systems form a key part of next-generation infrastructures supporting the Internet of Everything (IoE). This chapter outlines the current status of PQC-based authentication in integrated Space-Aerial-Terrestrial Networks (SATIN), highlighting the technical challenges in achieving quantum-resilient security within constrained and complex environments. While quantum computing necessitates migration to post-quantum cryptography (PQC), existing standards often demand resources that are unsuited for SATIN’s limited hardware and fragile links. We analyze leading NIST PQC signature and key encapsulation schemes in the SATIN context, evaluating trade-offs in computational cost, signature size, and protocol compatibility. Emerging directions, including broader algorithm evaluations, advanced protocol integrations (e.g., EMSS and NIST-PQC with terrestrial backbone, PQ group key management), and some alternative PQ technologies are discussed. Addressing these challenges requires advanced simulation and experimental frameworks to enable scalable, practical, and quantum-resilient secure communications in future integrated networks. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email