Flexible hybrid post-quantum bidirectional multi-factor authentication and key agreement framework using ECC and KEM

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS Future Generation Computer Systems-The International Journal of Escience Pub Date : 2024-11-30 DOI:10.1016/j.future.2024.107634

A. Braeken

{"title":"Flexible hybrid post-quantum bidirectional multi-factor authentication and key agreement framework using ECC and KEM","authors":"A. Braeken","doi":"10.1016/j.future.2024.107634","DOIUrl":null,"url":null,"abstract":"<div><div>Post-quantum computing becomes a real threat in the coming years, resulting in vulnerable security protocols that rely on traditional public key algorithms. It is not evident to provide protection against it in a cost-efficient manner, especially for Internet of Things (IoT) devices with limited capabilities. There is a high variety of IoT applications, some require only short-term security (e.g. agriculture) and others long-term security (e.g. healthcare). In order to provide a unified security approach for such heterogeneity in IoT, we propose a flexible hybrid authentication and key agreement framework for a client–server architecture, which relies both on the classical elliptic curve cryptography (ECC) and on a quantum secure key encapsulation mechanism (KEM). There are five versions that can be derived from the framework, going from a fully hybrid, and partial hybrid to classical construction. The trade-off between performance and security strength is demonstrated for each of these versions. The overall cost of the protocols is highly reduced thanks to the usage of multifactors in the authentication process, both on the user side by means of biometrics and the device side by means of physically unclonable functions (PUFs). We show that both Kyber and Mc Elience as KEM can offer reasonable performance, depending on the situation. The unified framework offers optimal security protection against the most well-known attacks.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"166 ","pages":"Article 107634"},"PeriodicalIF":6.2000,"publicationDate":"2024-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X24005983","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Post-quantum computing becomes a real threat in the coming years, resulting in vulnerable security protocols that rely on traditional public key algorithms. It is not evident to provide protection against it in a cost-efficient manner, especially for Internet of Things (IoT) devices with limited capabilities. There is a high variety of IoT applications, some require only short-term security (e.g. agriculture) and others long-term security (e.g. healthcare). In order to provide a unified security approach for such heterogeneity in IoT, we propose a flexible hybrid authentication and key agreement framework for a client–server architecture, which relies both on the classical elliptic curve cryptography (ECC) and on a quantum secure key encapsulation mechanism (KEM). There are five versions that can be derived from the framework, going from a fully hybrid, and partial hybrid to classical construction. The trade-off between performance and security strength is demonstrated for each of these versions. The overall cost of the protocols is highly reduced thanks to the usage of multifactors in the authentication process, both on the user side by means of biometrics and the device side by means of physically unclonable functions (PUFs). We show that both Kyber and Mc Elience as KEM can offer reasonable performance, depending on the situation. The unified framework offers optimal security protection against the most well-known attacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于ECC和KEM的灵活混合后量子双向多因素认证和密钥协议框架

后量子计算在未来几年将成为一个真正的威胁，导致依赖传统公钥算法的安全协议容易受到攻击。以经济有效的方式提供针对它的保护并不明显，特别是对于功能有限的物联网（IoT）设备。物联网应用种类繁多，有些只需要短期安全（如农业），而其他则需要长期安全（如医疗保健）。为了为物联网中的这种异质性提供统一的安全方法，我们提出了一种灵活的混合身份验证和密钥协议框架，用于客户端-服务器架构，该架构既依赖于经典椭圆曲线加密（ECC），也依赖于量子安全密钥封装机制（KEM）。从框架中可以衍生出五个版本，从完全混合，部分混合到经典结构。每个版本都演示了性能和安全强度之间的权衡。由于在身份验证过程中使用了多因素，用户端通过生物识别技术和设备端通过物理不可克隆功能（puf）大大降低了协议的总体成本。我们表明，Kyber和Mc Elience作为KEM都可以根据具体情况提供合理的性能。统一的框架提供最优的安全保护，防止最常见的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.