DTLS with Post Quantum Security for Origin Authentication and Integrity
Date
2020-09-24
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
All public-key cryptography algorithms that are in use today, including RSA (Rivest–Shamir- Adleman) cryptosystem, DSA (Digital Signature Algorithm), and DH (Diffie-Hellman) key agreement, will be broken if quantum computers become a reality. Hence, applications and protocols must be transitioned to quantum-resistant designs. We consider post-quantum security of DTLS (Datagram Transport Layer Security) for source authentication and message integrity. These are essential security requirements for control plane communications in 5G networks. To provide message integrity while avoiding costly post-quantum secure key exchange protocols that rely on unproven computational assumptions, we will use TESLA (Timed Efficient Stream Loss-tolerant Authentication) protocol. TESLA is a data stream authentication protocol that uses symmetric-key cryptographic primitives and a digital signature scheme to achieve security. We first replace the digital signature in TESLA with a hash-based one to achieve post-quantum security, and then carefully revise the DTLS handshake and record layer protocol to include the new TESLA protocol such that it delivers the same properties for DTLS. We argue our design’s security and show our model’s feasibility using an efficient implementation for an open-source DTLS library, called TinyDTLS. Finally, we provide performance measurements for PQ-DTLS compared with original DTLS in authentication and integrity only mode.
Description
Keywords
PQ Security, Cryptography, Network protocols
Citation
Parveen, S. (2020). DTLS with Post Quantum Security for Origin Authentication and Integrity (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.