Quantum-Resistant and Secure MQTT Communication
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 156, Pages 1 - 8
Abstract
In this paper, we deal with the deployment of Post-Quantum Cryptography (PQC) in Internet of Things (IoT). Concretely, we focus on the MQTT (Message Queuing Telemetry Transport) protocol that is widely used in IoT services. The paper presents our novel quantum-resistant security proposal for the MQTT protocol that supports secure broadcast. Our solution omits using TLS with the handshake causing delay and is suitable for sending irregular short messages. Finally, we show how our solution can practically affect concrete use cases by the performance results of the proposed solution.
References
[1]
Y. M. Agus, M. A. Murti, F. Kurniawan, N.D.W. Cahyani, and G.B. Satrya. 2020. An Efficient Implementation of NTRU Encryption in Post-Quantum Internet of Things. In 2020 27th International Conference on Telecommunications (ICT). 1–5. https://doi.org/10.1109/ICT49546.2020.9239560
[2]
Nicolas Aragon, Paulo SLM Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Philippe Gaborit, Shay Gueron, Tim Guneysu, Carlos Aguilar Melchor, 2017. BIKE: bit flipping key encapsulation. (2017).
[3]
Jon Barton, Nikolaos Pitropakis, William Buchanan, Sarwar Sayeed, and Will Abramson. 2022. Post quantum cryptography analysis of TLS tunneling on a constrained device. In In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP. 551–561.
[4]
Daniel J Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O’Hearn. 2015. SPHINCS: practical stateless hash-based signatures. In Advances in Cryptology–EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I 34. Springer, 368–397.
[5]
Joppe Bos, Leo Ducas, Eike Kiltz, T Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehle. 2018. CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). 353–367.
[6]
Jessica Bozhko, Yacoub Hanna, Ricardo Harrilal-Parchment, Samet Tonyali, and Kemal Akkaya. 2023. Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices. In 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC). IEEE, 230–235.
[7]
Tung Chou, Carlos Cid, S UiB, J Gilcher, T Lange, V Maram, R Misoczki, R Niederhagen, KG Paterson, and E Persichetti. 2020. Classic McEliece: conservative code-based cryptography, 10 October 2020.
[8]
Chia-Chin Chung, Chu-Chi Pai, Fu-Shiang Ching, Chao Wang, and Ling-Jyh Chen. 2022. When post-quantum cryptography meets the Internet of Things: An empirical study. In Proceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services. 525–526.
[9]
Markus Dahlmanns, Jan Pennekamp, Ina Berenice Fink, Bernd Schoolmann, Klaus Wehrle, and Martin Henze. 2021. Transparent end-to-end security for publish/subscribe communication in cyber-physical systems. In Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. 78–87.
[10]
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2018. CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 1 (Feb. 2018), 238–268. https://doi.org/10.13154/tches.v2018.i1.238-268
[11]
Armando Faz-Hernández and Kris Kwiatkowski. 2019. Introducing CIRCL: An Advanced Cryptographic Library. Cloudflare. Available at https://github.com/cloudflare/circl. v1.3.3 Accessed May, 2023.
[12]
Federal Office for Information Security (BSI). 2021. Quantum-safe cryptography – fundamentals, current developments and recommendations.
[13]
Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Prest, Thomas Ricosset, Gregor Seiler, William Whyte, Zhenfei Zhang, 2018. Falcon: Fast-Fourier lattice-based compact signatures over NTRU. Submission to the NIST’s post-quantum cryptography standardization process 36, 5 (2018).
[14]
Mohammad Hamad, Andreas Finkenzeller, Hangmao Liu, Jan Lauinger, Vassilis Prevelakis, and Sebastian Steinhorst. 2023. SEEMQTT: Secure End-to-End MQTT-Based Communication for Mobile IoT Systems Using Secret Sharing and Trust Delegation. IEEE Internet of Things Journal 10, 4 (2023), 3384–3406. https://doi.org/10.1109/JIOT.2022.3221857
[15]
Lukas Malina, Gautam Srivastava, Petr Dzurenda, Jan Hajny, and Radek Fujdiak. 2019. A secure publish/subscribe protocol for internet of things. In Proceedings of the 14th international conference on availability, reliability and security. 1–10.
[16]
Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loıc Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Gilles Zémor, and IC Bourges. 2018. Hamming quasi-cyclic (HQC). NIST PQC Round 2, 4 (2018), 13.
[17]
Felipe José Aguiar Rampazzo and Marco Aurélio Amaral Henriques. 2023. Assessment of the Impact of Hybrid Post-Quantum Cryptography on the Performance of the MQTT Communication Protocol. In 2023 Symposium on Internet of Things (SIoT). IEEE, 1–5.
[18]
Mélissa Rossi. 2023. PQC TRANSITION IN FRANCE ANSSI VIEWS. In Real World Post-Quantum Crypto.
[19]
Kumar Sekhar Roy and Hemanta Kumar Kalita. 2019. A survey on post-quantum cryptography for constrained devices. International Journal of Applied Engineering Research 14, 11 (2019), 2608–2615.
[20]
PC Sajimon, Kurunandan Jain, and Prabhakar Krishnan. 2022. Analysis of Post-Quantum Cryptography for Internet of Things. In 2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS). IEEE, 387–394.
[21]
Eduardo Buetas Sanjuan, Ismael Abad Cardiel, Jose A Cerrada, and Carlos Cerrada. 2020. Message queuing telemetry transport (MQTT) security: A cryptographic smart card approach. IEEE Access 8 (2020), 115051–115062.
[22]
Maximilian Schöffel, Frederik Lauer, Carl C Rheinländer, and Norbert Wehn. 2021. On the energy costs of post-quantum kems in tls-based low-power secure iot. In Proceedings of the International Conference on Internet-of-Things Design and Implementation. 158–168.
Index Terms
- Quantum-Resistant and Secure MQTT Communication
Recommendations
On Deploying Quantum-Resistant Cybersecurity in Intelligent Infrastructures
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and SecurityAs quantum-safe algorithms are increasingly implemented in security protocols used in current and emerging digital services, there is also a corresponding need to map the current state of security protocols and applications and their preparedness for the ...
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityThis paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK+ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
AbstractCode-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Ministry of the Interior of the Czech Republic
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 233Total Downloads
- Downloads (Last 12 months)233
- Downloads (Last 6 weeks)94
Reflects downloads up to 22 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in