Post-quantum MACsec in Ethernet Networks

Cho, Joo Yeon; Sergeev, Andrew

doi:10.13052/jcsm2245-1439.1016

Cited by 5 publications

(1 citation statement)

References 11 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A significant body of research has been dedicated to the augmentation of network security infrastructure with PQC capabilities, including X.509 certificates [18][19][20][21][22], Media Access Control security (MACsec) [23], Internet Protocol Security (IPSec) [24,25], Transport Layer Security (TLS) [26][27][28][29][30][31][32][33][34][35][36], Secure Shell (SSH) [32,37], and WireGuard [38][39][40]. In addition, PQC algorithms have been implemented in devices as part of their secure boot capability [41,42].…”

Section: Device Security and Spdmmentioning

confidence: 99%

Post Quantum Design in SPDM for Device Authentication and Key Establishment

2022

View full text Add to dashboard Cite

The Security Protocol and Data Model (SPDM) defines a set of flows whose purpose includes the authentication of a computing device’s hardware identity. SPDM also allows for the creation of a secure session wherein data communication between two devices has both confidentiality and integrity protection. The present version of SPDM, namely version 1.2, relies upon traditional asymmetric cryptographic algorithms, and these algorithms are known to be vulnerable to quantum attacks. This paper describes the means by which support for post-quantum (PQ) cryptography can be added to the SPDM protocol in order to prepare SPDM for the upcoming world of quantum computing. As part of this paper, we examine the SPDM 1.2 protocol and discuss various aspects of using PQC algorithms, including negotiation of the use of post-quantum cryptography (PQC) algorithms, support for device identity reporting, mechanisms for device authentication, and establishing a secure session. We consider so-called “hybrid modes’’ where both classical and PQC algorithms are used to achieve security properties, especially given the fact that these modes are important during the transition period from the classical to the quantum computing regime. We also share our experience with implementing a software embodiment of PQC in SPDM, namely “PQ-SPDM’’, and we provide benchmarks that evaluate a subset of the winning NIST PQC algorithms.

show abstract