Wireless and Fiber-Based Post-Quantum-Cryptography-Secured IPsec Tunnel
Abstract
:1. Introduction
2. Related Works
3. IPsec Protocol
IPsec Hardware Acceleration
4. Implementation
4.1. PQC-Algorithms
4.2. Algorithmic Procedure
5. Experimental Setup and Methodology
6. Results
6.1. Signature Algorithms
6.2. Key Exchange Mechanism
6.3. IPsec Tunnel
7. Discussion
8. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
AES | Advanced Encryption Standard |
AH | Authentication Header |
API | Application Programming Interface |
AVX2 | Advanced Vector Extensions |
CA | Certificate Authority |
CPU | Central Processing Unit |
CUDA | Compute Unified Device Architecture |
DOCA | Data Center-on-a-Chip Architecture |
DPDK | Data Plane Development Kit |
DPU | Data Processing Unit |
ESP | Encapsulation Security Payload |
GCM | Galois-counter mode |
GPU | Graphics Processing Unit |
IPsec | Internet Protocol security |
KEM | Key Exchange Mechanism |
MTU | Maximum Transmission Unit |
NIC | Network Interface Card |
NIST | National Institute of Standards and Technology |
NTT | Number Theoretic Transform |
PQC | Post-Quantum Cryptography |
QKD | Quantum Key Distribution |
SA | Security Association |
SIS | Short Integer Solution |
SPI | Security Parameter Index |
References
- Arute, F.; Arya, K.; Babbush, R.; Bacon, D.; Bardin, J.C.; Barends, R.; Biswas, R.; Boixo, S.; Brandao, F.G.S.L.; Buell, D.A.; et al. Quantum supremacy using a programmable superconducting processor. Nature 2019, 574, 505–510. [Google Scholar] [CrossRef]
- Crippa, L.; Tacchino, F.; Chizzini, M.; Aita, A.; Grossi, M.; Chiesa, A.; Santini, P.; Tavernelli, I.; Carretta, S. Simulating Static and Dynamic Properties of Magnetic Molecules with Prototype Quantum Computers. Magnetochemistry 2021, 7, 117. [Google Scholar] [CrossRef]
- Codognet, P.; Diaz, D.; Abreu, S. Quantum and Digital Annealing for the Quadratic Assignment Problem. In Proceedings of the 2022 IEEE International Conference on Quantum Software (QSW), Barcelona, Spain, 10–16 July 2022; pp. 1–8. [Google Scholar] [CrossRef]
- Hu, F.; Lamata, L.; Wang, C.; Chen, X.; Solano, E.; Sanz, M. Quantum Advantage in Cryptography with a Low-Connectivity Quantum Annealer. Phys. Rev. Appl. 2020, 13, 054062. [Google Scholar] [CrossRef]
- Sharma, M.; Choudhary, V.; Bhatia, R.S.; Malik, S.; Raina, A.; Khandelwal, H. Leveraging the power of quantum computing for breaking RSA encryption. Cyber-Phys. Syst. 2021, 7, 73–92. [Google Scholar] [CrossRef]
- Dworkin, M.J.; Barker, E.B.; Nechvatal, J.R.; Foti, J.; Bassham, L.E.; Roback, E.; Dray, J.F., Jr. Advanced Encryption Standard (AES). 2001. Available online: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf (accessed on 17 January 2024).
- Bonnetain, X.; Naya-Plasencia, M.; Schrottenloher, A. Quantum Security Analysis of AES. IACR Trans. Symmetric Cryptol. 2019, 2019, 55–93. [Google Scholar] [CrossRef]
- Alagic, G.; Cooper, D.; Dang, Q.; Dang, T.; Kelsey, J.M.; Lichtinger, J.; Liu, Y.K.; Miller, C.A.; Moody, D.; Peralta, R.; et al. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. 2022. Available online: https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413.pdf (accessed on 18 January 2024).
- Bernstein, D.J.; Buchmann, J.; Dahmen, E. (Eds.) Introduction to post-quantum cryptography. In Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2009; pp. 1–14. [Google Scholar] [CrossRef]
- Ding, J.; Schmidt, D. Rainbow, a New Multivariable Polynomial Signature Scheme. In Applied Cryptography and Network Security; Springer: Berlin/Heidelberg, Germany, 2005; pp. 164–175. [Google Scholar]
- Bernstein, D.J.; Hülsing, A.; Kölbl, S.; Niederhagen, R.; Rijneveld, J.; Schwabe, P. The SPHINCS+ Signature Framework. Cryptology ePrint Archive, Paper 2019/1086. 2019. Available online: https://eprint.iacr.org/2019/1086 (accessed on 20 December 2023).
- Overbeck, R.; Sendrier, N. Code-based cryptography. In Post-Quantum Cryptography; Bernstein, D.J., Buchmann, J., Dahmen, E., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; pp. 95–145. [Google Scholar] [CrossRef]
- Albrecht, M.R.; Bernstein, D.J.; Chou, T.; Cid, C.; Gilcher, J.; Lange, T.; Maram, V.; Von Maurich, I.; Misoczki, R.; Niederhagen, R.; et al. Classic McEliece: Conservative Code-Based Cryptography. 2022. Available online: https://inria.hal.science/hal-04288769/document (accessed on 13 January 2024).
- Fouque, P.-A.; Hoffstein, J.; Kirchner, P.; Lyubashevsky, V.; Pornin, T.; Prest, T.; Ricosset, T.; Seiler, G.; Whyte, W.; Zhang, Z. Fast-Fourier Lattice-Based Compact Signatures over NTRU. 2019. Available online: https://falcon-sign.info/ (accessed on 15 January 2024).
- Ducas, L.; Kiltz, E.; Lepoint, T.; Lyubashevsky, V.; Schwabe, P.; Seiler, G.; Stehlé, D. CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2018, 238–268. [Google Scholar] [CrossRef]
- Bos, J.; Ducas, L.; Kiltz, E.; Lepoint, T.; Lyubashevsky, V.; Schanck, J.M.; Schwabe, P.; Seiler, G.; Stehle, D. CRYSTALS—Kyber: A CCA-Secure Module-Lattice-Based KEM. In Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK, 24–26 April 2018; pp. 353–367. [Google Scholar] [CrossRef]
- Fitzgibbon, G.; Ottaviani, C. Constrained Device Performance Benchmarking with the Implementation of Post-Quantum Cryptography. Cryptography 2024, 8, 21. [Google Scholar] [CrossRef]
- Vidaković, M.; Miličević, K. Performance and Applicability of Post-Quantum Digital Signature Algorithms in Resource-Constrained Environments. Algorithms 2023, 16, 518. [Google Scholar] [CrossRef]
- Rubio García, C.; Rommel, S.; Takarabt, S.; Vegas Olmos, J.J.; Guilley, S.; Nguyen, P.; Tafur Monroy, I. Quantum-resistant Transport Layer Security. Comput. Commun. 2024, 213, 345–358. [Google Scholar] [CrossRef]
- Paul, S.; Kuzovkova, Y.; Lahr, N.; Niederhagen, R. Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3. In Proceedings of the ASIA CCS ’22: 2022 ACM on Asia Conference on Computer and Communications Security, New York, NY, USA, 30 May–3 June 2022; pp. 727–740. [Google Scholar] [CrossRef]
- Karabulut, E.; Aysu, A. A Hardware-Software Co-Design for the Discrete Gaussian Sampling of FALCON Digital Signature. IACR Cryptol. ePrint Arch. 2023, 2023, 908. [Google Scholar]
- Howe, J.; Oder, T.; Krausz, M.; Güneysu, T. Standard Lattice-Based Key Encapsulation on Embedded Devices. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2018, 372–393. [Google Scholar]
- Gupta, N.; Jati, A.; Chauhan, A.K.; Chattopadhyay, A. PQC Acceleration Using GPUs: FrodoKEM, NewHope, and Kyber. IEEE Trans. Parallel Distrib. Syst. 2021, 32, 575–586. [Google Scholar]
- Gupta, N.; Jati, A.; Chattopadhyay, A.; Jha, G. Lightweight Hardware Accelerator for Post-Quantum Digital Signature CRYSTALS-Dilithium. Cryptology ePrint Archive, Paper 2022/496. 2022. Available online: https://eprint.iacr.org/2022/496 (accessed on 16 January 2024).
- Karl, P.; Schupp, J.; Fritzmann, T.; Sigl, G. Post-Quantum Signatures on RISC-V with Hardware Acceleration. Cryptology ePrint Archive, Paper 2022/538. 2022. Available online: https://eprint.iacr.org/2022/538 (accessed on 20 January 2024).
- Yaman, F.; Mert, A.C.; Öztürk, E.; Savaş, E. A Hardware Accelerator for Polynomial Multiplication Operation of CRYSTALS-KYBER PQC Scheme. In Proceedings of the 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 1–5 February 2021; pp. 1020–1025. [Google Scholar]
- Mert, A.C.; Öztürk, E.; Savaş, E. Design and Implementation of a Fast and Scalable NTT-Based Polynomial Multiplier Architecture. In Proceedings of the 2019 22nd Euromicro Conference on Digital System Design (DSD), Kallithea, Greece, 28–30 August 2019; pp. 253–260. [Google Scholar] [CrossRef]
- Şah Özcan, A.; Savaş, E. Two Algorithms for Fast GPU Implementation of NTT. Cryptology ePrint Archive, Paper 2023/1410. 2023. Available online: https://eprint.iacr.org/2023/1410 (accessed on 20 January 2024).
- Schmid, M.; Amiet, D.; Wendler, J.; Zbinden, P.; Wei, T. Falcon Takes Off—A Hardware Implementation of the Falcon Signature Scheme. Cryptology ePrint Archive, Paper 2023/1885. 2023. Available online: https://eprint.iacr.org/2023/1885 (accessed on 20 January 2024).
- Ullah, S.; Choi, J.; Oh, H. IPsec for high speed network links: Performance analysis and enhancements. Future Gener. Comput. Syst. 2020, 107, 112–125. [Google Scholar] [CrossRef]
- Aguilera, A.C.; Clemente, X.A.I.; Lawo, D.; Monroy, I.T.; Olmos, J.V. First end-to-end PQC protected DPU-to-DPU communications. Electron. Lett. 2023, 59, e12901. [Google Scholar] [CrossRef]
- Lawo, D.C.; Frantz, R.; Aguilera, A.C.; Clemente, X.A.I.; Podleś, M.P.; Imaña, J.L.; Monroy, I.T.; Olmos, J.J.V. Falcon/Kyber and Dilithium/Kyber Network Stack on Nvidia’s Data Processing Unit Platform. IEEE Access 2024, 12, 38048–38056. [Google Scholar] [CrossRef]
- Aguilera, A.C.; Abu Bakar, R.; Alhamed, F.; Garcia, C.R.; Imaña, J.; Monroy, I.T.; Cugini, F.; Olmos, J.V. First Line-rate End-to-End Post-Quantum Encrypted Optical Fiber Link Using Data Processing Units (DPUs). In Proceedings of the 2024 Optical Fiber Communications Conference and Exhibition (OFC), San Diego, CA, USA, 26–28 March 2024; pp. 1–3. [Google Scholar]
- Alia, O.; Huang, A.; Luo, H.; Amer, O.; Pistoia, M.; Lim, C. Quantum-safe 10 Gbps Site-to-Site IPsec VPN Tunnel over 46 km Deployed Fibre. In Proceedings of the Optical Fiber Communication Conference (OFC) 2024, San Diego, CA, USA, 24–28 March 2024; Optica Publishing Group: Washington, DC, USA, 2024; p. Th3B.5. [Google Scholar] [CrossRef]
- Rencis, E.; Vīksna, J.; Kozlovičs, S.; Celms, E.; Lāriņš, D.J.; Petručeņa, K. Hybrid QKD-based framework for secure enterprise communication system. Procedia Comput. Sci. 2024, 239, 420–428. [Google Scholar] [CrossRef]
- Bae, S.; Chang, Y.; Park, H.; Kim, M.; Shin, Y. A Performance Evaluation of IPsec with Post-Quantum Cryptography. In Information Security and Cryptology—ICISC 2022; Seo, S.H., Seo, H., Eds.; Springer: Cham, Switzerland, 2023; pp. 249–266. [Google Scholar]
- Kumar, S.; Dalal, S.; Dixit, V. The osi model: Overview on the seven layers of computer networks. Int. J. Comput. Sci. Inf. Technol. Res. 2014, 2, 461–466. [Google Scholar]
- Hamed, H.; Al-Shaer, E.; Marrero, W. Modeling and verification of IPSec and VPN security policies. In Proceedings of the 13TH IEEE International Conference on Network Protocols (ICNP’05), Boston, MA, USA, 6–9 November 2005; pp. 10–278. [Google Scholar] [CrossRef]
- Dhall, H.; Dhall, D.; Batra, S.; Rani, P. Implementation of IPSec Protocol. In Proceedings of the 2012 Second International Conference on Advanced Computing & Communication Technologies, Rohtak, India, 7–8 January 2012; pp. 176–181. [Google Scholar] [CrossRef]
- Sadikin, M.A.; Wardhani, R.W. Implementation of RSA 2048-bit and AES 256-bit with digital signature for secure electronic health record application. In Proceedings of the 2016 International Seminar on Intelligent Technology and Its Applications (ISITIA), Lombok, Indonesia, 28–30 July 2016; pp. 387–392. [Google Scholar] [CrossRef]
- Maurer, U.M.; Wolf, S. The Diffie–Hellman Protocol. Des. Codes Cryptogr. 2000, 19, 147–171. [Google Scholar] [CrossRef]
- Gentry, C.; Peikert, C.; Vaikuntanathan, V. Trapdoors for Hard Lattices and New Cryptographic Constructions. Cryptology ePrint Archive, Paper 2007/432. 2007. Available online: https://eprint.iacr.org/2007/432 (accessed on 20 January 2024).
- Soni, D.; Basu, K.; Nabeel, M.; Aaraj, N.; Manzano, M.; Karri, R. Hardware Architectures for Post-Quantum Digital Signature Schemes. In Hardware Architectures for Post-Quantum Digital Signature Schemes; Springer International Publishing: Cham, Switzerland, 2021. [Google Scholar] [CrossRef]
- Aragon, N.; Barreto, P.; Bettaieb, S.; Bidoux, L.; Blazy, O.; Deneuville, J.C.; Gaborit, P.; Ghosh, S.; Gueron, S.; Güneysu, T.; et al. BIKE: Bit Flipping Key Encapsulation. 2022. Available online: https://bikesuite.org/ (accessed on 15 January 2024).
- Jao, D.; Azarderakhsh, R.; Campagna, M.; Costello, C.; De Feo, L.; Hess, B.; Jalili, A.; Koziel, B.; LaMacchia, B.; Longa, P.; et al. SIKE: Supersingular Isogeny Key Encapsulation. 2017. Available online: https://static1.squarespace.com/static/5fdbb09f31d71c1227082339/t/5ff378bdac5ecf06b683b05b/1609791681245/2017-ECCinvitedtalk.pdf (accessed on 15 January 2024).
- Meher, K.; MidhunChakkaravarthy, D. New Approach to Combine Secret Keys for Post-Quantum (PQ) Transition. Indian J. Comput. Sci. Eng. 2021, 12, 629–633. [Google Scholar]
- Suzuki, T.; Kim, S.Y.; Kani, J.i.; Yoshida, T. Low-latency PON PHY implementation on GPUs for fully software-defined access networks. IEEE Netw. 2022, 36, 108–114. [Google Scholar]
Algorithm | I | II | III | V | |
---|---|---|---|---|---|
Kyber | Pub key | 800 | 1184 | 1568 | |
Kyber | Encaps | 768 | 1088 | 1568 | |
Dilithium | Pub key | 1312 | 1952 | 2592 | |
Dilithium | Sig | 2420 | 3293 | 4595 | |
Falcon | Pub key | 897 | 1793 | ||
Falcon | Sig | 666 | 1280 | ||
SPHINCS+ | Pub key | 32 | 48 | 64 | |
SPHINCS+ | Sig | 17,088 | 35,664 | 49,856 |
Algorithm | Pub Key | Sig |
---|---|---|
RSA 1024 | 128 | 128 |
RSA 2048 | 256 | 256 |
RSA 4096 | 512 | 512 |
SECP384r1 | 48 | 96 |
SECP521r1 | 65 | 132 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Lawo, D.C.; Abu Bakar, R.; Cano Aguilera, A.; Cugini, F.; Imaña, J.L.; Tafur Monroy, I.; Vegas Olmos, J.J. Wireless and Fiber-Based Post-Quantum-Cryptography-Secured IPsec Tunnel. Future Internet 2024, 16, 300. https://doi.org/10.3390/fi16080300
Lawo DC, Abu Bakar R, Cano Aguilera A, Cugini F, Imaña JL, Tafur Monroy I, Vegas Olmos JJ. Wireless and Fiber-Based Post-Quantum-Cryptography-Secured IPsec Tunnel. Future Internet. 2024; 16(8):300. https://doi.org/10.3390/fi16080300
Chicago/Turabian StyleLawo, Daniel Christian, Rana Abu Bakar, Abraham Cano Aguilera, Filippo Cugini, José Luis Imaña, Idelfonso Tafur Monroy, and Juan Jose Vegas Olmos. 2024. "Wireless and Fiber-Based Post-Quantum-Cryptography-Secured IPsec Tunnel" Future Internet 16, no. 8: 300. https://doi.org/10.3390/fi16080300