TY - GEN
T1 - Quantum-Resistant Software Update Security on Low-Power Networked Embedded Devices
AU - Banegas, Gustavo
AU - Zandberg, Koen
AU - Baccelli, Emmanuel
AU - Herrmann, Adrian
AU - Smith, Benjamin
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022/1/1
Y1 - 2022/1/1
N2 - As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider adversaries with access to quantum computing power. The IETF-specified SUIT standard defines a security architecture for IoT software updates, standardizing metadata and cryptographic tools—digital signatures and hash functions—to guarantee the update legitimacy. SUIT performance has been evaluated in the pre-quantum context, but not yet in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we survey post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on low-power, microcontroller-based IoT devices with stringent memory, CPU, and energy consumption constraints. We benchmark a range of pre- and post-quantum signature schemes on a range of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. Interpreting our benchmarks in the context of SUIT, we estimate the real-world impact of transition from pre- to post-quantum signatures.
AB - As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider adversaries with access to quantum computing power. The IETF-specified SUIT standard defines a security architecture for IoT software updates, standardizing metadata and cryptographic tools—digital signatures and hash functions—to guarantee the update legitimacy. SUIT performance has been evaluated in the pre-quantum context, but not yet in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we survey post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on low-power, microcontroller-based IoT devices with stringent memory, CPU, and energy consumption constraints. We benchmark a range of pre- and post-quantum signature schemes on a range of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. Interpreting our benchmarks in the context of SUIT, we estimate the real-world impact of transition from pre- to post-quantum signatures.
KW - Embedded Systems
KW - IoT
KW - Microcontroller
KW - Post-quantum
KW - Security
U2 - 10.1007/978-3-031-09234-3_43
DO - 10.1007/978-3-031-09234-3_43
M3 - Conference contribution
AN - SCOPUS:85134308415
SN - 9783031092336
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 872
EP - 891
BT - Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings
A2 - Ateniese, Giuseppe
A2 - Venturi, Daniele
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Applied Cryptography and Network Security, ACNS 2022
Y2 - 20 June 2022 through 23 June 2022
ER -
