Detail publikačního výsledku

Quantum-resistant hardware-accelerated IoT traffic encryptor

CÍBIK, P.; RICCI, S.; DOBIÁŠ, P.; HAJNÝ, J.; MALINA, L.; HAVLÍN, J.

Originální název

Quantum-resistant hardware-accelerated IoT traffic encryptor

Anglický název

Quantum-resistant hardware-accelerated IoT traffic encryptor

Druh

Článek WoS

Originální abstrakt

The rapid expansion of the Internet of Things (IoT) brings new security challenges, particularly with the potential risks posed by quantum computing. In this paper, we present a comprehensive approach to IoT security, offering two deployment options: a hardware-accelerated encryption solution using FPGAs for high-speed IoT aggregators, and a software-based version suited for lower-end IoT devices. Both versions share the same cryptographic architecture, ensuring consistency and compatibility across diverse use cases. Our proposed approach employs a hybrid key management mechanism that integrates classical, quantum, and post-quantum cryptographic schemes, including Elliptic Curve Diffie–Hellman (ECDH), CRYSTALS-Kyber, and Quantum Key Distribution (QKD). These key sources are combined using a custom-designed 3-key combiner to generate a secure hybrid key for AES-256 encryption in Galois-Counter Mode (GCM). Both solutions have been rigorously tested in real-world scenarios, including a pilot deployment between Czechia and Estonia and high-speed lab tests, validating their effectiveness and scalability. This dual approach caters to both resource-constrained edge devices and high-performance central systems, providing scalable and versatile post-quantum security for IoT environments.

Anglický abstrakt

The rapid expansion of the Internet of Things (IoT) brings new security challenges, particularly with the potential risks posed by quantum computing. In this paper, we present a comprehensive approach to IoT security, offering two deployment options: a hardware-accelerated encryption solution using FPGAs for high-speed IoT aggregators, and a software-based version suited for lower-end IoT devices. Both versions share the same cryptographic architecture, ensuring consistency and compatibility across diverse use cases. Our proposed approach employs a hybrid key management mechanism that integrates classical, quantum, and post-quantum cryptographic schemes, including Elliptic Curve Diffie–Hellman (ECDH), CRYSTALS-Kyber, and Quantum Key Distribution (QKD). These key sources are combined using a custom-designed 3-key combiner to generate a secure hybrid key for AES-256 encryption in Galois-Counter Mode (GCM). Both solutions have been rigorously tested in real-world scenarios, including a pilot deployment between Czechia and Estonia and high-speed lab tests, validating their effectiveness and scalability. This dual approach caters to both resource-constrained edge devices and high-performance central systems, providing scalable and versatile post-quantum security for IoT environments.

Klíčová slova

Security; Internet of Things; Post-quantum cryptography(PQC); IoT security; Encryption; Key establishment; Authentication; Hardware acceleration; FPGA Networktra

Klíčová slova v angličtině

Security; Internet of Things; Post-quantum cryptography(PQC); IoT security; Encryption; Key establishment; Authentication; Hardware acceleration; FPGA Networktra

Autoři

CÍBIK, P.; RICCI, S.; DOBIÁŠ, P.; HAJNÝ, J.; MALINA, L.; HAVLÍN, J.

Vydáno

04.03.2025

Nakladatel

Elsevier

ISSN

2542-6605

Periodikum

Internet of Things

Svazek

31

Číslo

6

Stát

Nizozemsko

Strany počet

18

URL

https://www.sciencedirect.com/science/article/abs/pii/S2542660525000678

BibTex

@article{BUT197235,
  author="Peter {Cíbik} and Sara {Ricci} and Patrik {Dobiáš} and Jan {Hajný} and Lukáš {Malina} and Jan {Havlín}",
  title="Quantum-resistant hardware-accelerated IoT traffic encryptor",
  journal="Internet of Things",
  year="2025",
  volume="31",
  number="6",
  pages="18",
  doi="10.1016/j.iot.2025.101554",
  issn="2543-1536",
  url="https://www.sciencedirect.com/science/article/abs/pii/S2542660525000678"
}