Wireless and Fiber-based Post-Quantum Cryptography Secured IPsec Tunnel

Daniel Lawo, Rana Abu Bakar, Abraham Cano Aguilera, Filippo Cugini, José L. Imana, Idelfonso Tafur Monroy (Corresponding author), J.J. Vegas Olmos

Research output: Contribution to journalArticleAcademicpeer-review

13 Downloads (Pure)

Abstract

In the near future, commercially accessible quantum computers are anticipated to revolutionize the world as we know it. These advanced machines are predicted to render traditional cryptographic security measures, deeply ingrained in contemporary communication, obsolete. While symmetric cryptography methods like AES can withstand quantum assaults if key sizes are doubled compared to current standards, asymmetric cryptographic techniques, such as RSA, are vulnerable to compromise. Consequently, there is a pressing need to transition towards post-quantum cryptography (PQC) principles in order to safeguard our privacy effectively. A challenge is to include PQC into existing protocols and thus into the existing communication structure. In this work we report on the first experimental IPsec tunnel secured by the PQC algorithms Falcon, Dilithium, and Kyber. We deploy our IPsec tunnel in two scenarios. The first scenario represents a high-performance data center environment where many machines are interconnected via highspeed networks. We achieve an IPsec tunnel with AES-256 GCM encrypted east-west throughput of 100 Gbit/ s line rate. The second scenario shows an IPsec tunnel between a wireless NVIDIA Jetson and the cloud that achieves a 0.486 Gbit/ s AES-256 GCM encrypted north-south throughput. This case represents a mobile device that communicates securely with applications running in the cloud.
Original languageEnglish
Article number300
JournalFuture Internet
Volume16
Issue number8
DOIs
Publication statusPublished - Aug 2024

Funding

This work was partly funded by the QUARC project by the European Union Horizon Europe research and innovation program within the framework of Marie Skłodowska-Curie Actions with grant number 101073355 and the CLEVER project by the Key Digital Technologies Joint Undertaking program with grant number 101097560.

FundersFunder number
European Union's Horizon 2020 - Research and Innovation Framework Programme
Marie Skłodowska‐Curie101073355, 101097560

    Keywords

    • Falcon
    • Dilithium
    • Kyber
    • data processing unit (DPU)
    • Data Center
    • IPsec
    • post-quantum cryptography
    • data processing unit
    • data center
    • dilithium
    • falcon
    • kyber

    Fingerprint

    Dive into the research topics of 'Wireless and Fiber-based Post-Quantum Cryptography Secured IPsec Tunnel'. Together they form a unique fingerprint.

    Cite this