David Schatz, Friedrich Altheide, Hedwig Koerfgen, M. Rossberg, Guenter Schaefer
{"title":"Virtual Private Networks in the Quantum Era: A Security in Depth Approach","authors":"David Schatz, Friedrich Altheide, Hedwig Koerfgen, M. Rossberg, Guenter Schaefer","doi":"10.5220/0012121800003555","DOIUrl":null,"url":null,"abstract":": Conventional asymmetric cryptography is threatened by the ongoing development of quantum computers. A mandatory countermeasure in the context of virtual private networks (VPNs) is to use post-quantum cryptography (PQC) as a drop-in replacement for the authenticated key exchange in the Internet Key Exchange (IKE) protocol. However, the results of the ongoing cryptanalysis of PQC cannot be predicted. Consequently, this article discusses orthogonal methods for quantum-resistant key exchanges, like quantum key distribution (QKD) and multipath key reinforcement (MKR). As each method has limitations when used on its own, we conclude that it is best to maximize security by combining all available sources of symmetric key material to protect traffic inside a VPN. As one possible realization, we propose a lightweight proxy concept that uses available symmetric keys, like QKD and MKR keys, to implement a transparent cryptographic tunnel for all IKE packets, and consequently for PQC key exchanges. In contrast to combining PQC and symmetric key material within the IKE protocol, our approach provides security in depth: If secure symmetric keys are available, attacks on IKE and hence on PQC algorithms are infeasible. But even otherwise, the security properties of IKE and thus PQC are not weakened, so the overall security of the VPN is guaranteed to increase.","PeriodicalId":74779,"journal":{"name":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","volume":"15 1","pages":"486-494"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SECRYPT ... : proceedings of the International Conference on Security and Cryptography. International Conference on Security and Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012121800003555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
: Conventional asymmetric cryptography is threatened by the ongoing development of quantum computers. A mandatory countermeasure in the context of virtual private networks (VPNs) is to use post-quantum cryptography (PQC) as a drop-in replacement for the authenticated key exchange in the Internet Key Exchange (IKE) protocol. However, the results of the ongoing cryptanalysis of PQC cannot be predicted. Consequently, this article discusses orthogonal methods for quantum-resistant key exchanges, like quantum key distribution (QKD) and multipath key reinforcement (MKR). As each method has limitations when used on its own, we conclude that it is best to maximize security by combining all available sources of symmetric key material to protect traffic inside a VPN. As one possible realization, we propose a lightweight proxy concept that uses available symmetric keys, like QKD and MKR keys, to implement a transparent cryptographic tunnel for all IKE packets, and consequently for PQC key exchanges. In contrast to combining PQC and symmetric key material within the IKE protocol, our approach provides security in depth: If secure symmetric keys are available, attacks on IKE and hence on PQC algorithms are infeasible. But even otherwise, the security properties of IKE and thus PQC are not weakened, so the overall security of the VPN is guaranteed to increase.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
