Paper 2021/1563

Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication

Sebastian Paul, Patrik Scheible, and Friedrich Wiemer

Abstract

The threat of a cryptographically relevant quantum computer contributes to an increasing interest in the field of post-quantum cryptography (PQC). Compared to existing research efforts regarding the integration of PQC into the Transport Layer Security (TLS) protocol, industrial communication protocols have so far been neglected. Since industrial cyber-physical systems (CPS) are typically deployed for decades, protection against such long-term threats is needed. In this work, we propose two novel solutions for the integration of post-quantum (PQ) primitives (digital signatures and key establishment) into the industrial protocol Open Platform Communications Unified Architecture (OPC UA): a hybrid solution combining conventional cryptography with PQC and a solution solely based on PQC. Both approaches provide mutual authentication between client and server and are realized with certificates fully compliant to the X.509 standard. We implement the two solutions and measure and evaluate their performance across three different security levels. All selected algorithms (Kyber, Dilithium, and Falcon) are candidates for standardization by the National Institute of Standards and Technology (NIST). We show that Falcon is a suitable option - especially - when using floating-point hardware provided by our ARM-based evaluation platform. Our proposed hybrid solution provides PQ security for early adopters but comes with additional performance and communication requirements. Our solution solely based on PQC shows superior performance across all evaluated security levels in terms of handshake duration compared to conventional OPC UA but comes at the cost of increased handshake sizes. In addition to our performance evaluation, we provide a proof of security in the symbolic model for our two PQC-based variants of OPC UA. For this proof, we use the cryptographic protocol verifier ProVerif and formally verify confidentiality and authentication properties of our quantum-resistant variants.

Note: This is an extended version of "Towards Post-Quantum Security for Cyber-Physical Systems" that originally appeared in Computer Security - ESORICS 2020, Springer, pp. 295-316, DOI: 10.1007/978-3-030-59013-0_15.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Journal of Computer Security
DOI
10.3233/JCS-210037
Keywords
cyber-physical systemspost-quantum cryptographyformal security modelsOPC UAProVerif
Contact author(s)
sebastian paul2 @ de bosch com
History
2021-12-02: revised
2021-11-29: received
See all versions
Short URL
https://ia.cr/2021/1563
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1563,
      author = {Sebastian Paul and Patrik Scheible and Friedrich Wiemer},
      title = {Towards Post-Quantum Security for Cyber-Physical Systems: Integrating {PQC} into Industrial {M2M} Communication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1563},
      year = {2021},
      doi = {10.3233/JCS-210037},
      url = {https://eprint.iacr.org/2021/1563}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.