Cryptology ePrint Archive: Report 2021/1563

Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication

Sebastian Paul and Patrik Scheible and Friedrich Wiemer

Abstract: The threat of a cryptographically relevant quantum computer contributes to an increasing interest in the field of post-quantum cryptography (PQC). Compared to existing research efforts regarding the integration of PQC into the Transport Layer Security (TLS) protocol, industrial communication protocols have so far been neglected. Since industrial cyber-physical systems (CPS) are typically deployed for decades, protection against such long-term threats is needed.

In this work, we propose two novel solutions for the integration of post-quantum (PQ) primitives (digital signatures and key establishment) into the industrial protocol Open Platform Communications Unified Architecture (OPC UA): a hybrid solution combining conventional cryptography with PQC and a solution solely based on PQC. Both approaches provide mutual authentication between client and server and are realized with certificates fully compliant to the X.509 standard. We implement the two solutions and measure and evaluate their performance across three different security levels. All selected algorithms (Kyber, Dilithium, and Falcon) are candidates for standardization by the National Institute of Standards and Technology (NIST). We show that Falcon is a suitable option - especially - when using floating-point hardware provided by our ARM-based evaluation platform. Our proposed hybrid solution provides PQ security for early adopters but comes with additional performance and communication requirements. Our solution solely based on PQC shows superior performance across all evaluated security levels in terms of handshake duration compared to conventional OPC UA but comes at the cost of increased handshake sizes.

In addition to our performance evaluation, we provide a proof of security in the symbolic model for our two PQC-based variants of OPC UA. For this proof, we use the cryptographic protocol verifier ProVerif and formally verify confidentiality and authentication properties of our quantum-resistant variants.

Category / Keywords: implementation / cyber-physical systems, post-quantum cryptography, formal security models, OPC UA, ProVerif

Original Publication (in the same form): Journal of Computer Security

Date: received 29 Nov 2021, last revised 2 Dec 2021

Contact author: sebastian paul2 at de bosch com

Available format(s): PDF | BibTeX Citation

Note: This is an extended version of "Towards Post-Quantum Security for Cyber-Physical Systems" that originally appeared in Computer Security - ESORICS 2020, Springer, pp. 295-316, DOI: 10.1007/978-3-030-59013-0_15.

Version: 20211202:085323 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]