Hybrid OPC UA: Enabling Post-Quantum Security for the Industrial Internet of Things

Cyber-physical systems (CPS) are considered a crucial part for providing connectivity in industrial environments. However, the recent increase in connectivity has led to an extended attack vector. Therefore, it is important that CPS are secured against current and - due to their long life span - als...

Full description

Saved in:
Bibliographic Details
Main Authors: Paul, Sebastian, Guerin, Esther
Format: Conference Proceeding
Language:English
Subjects:
Computers
Encapsulation
Hybrid key exchange
Industrial communication
Industrial IoT
OPC UA
Performance evaluation
Post-quantum cryptography
Protocols
Quantum computing
Solids
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber-physical systems (CPS) are considered a crucial part for providing connectivity in industrial environments. However, the recent increase in connectivity has led to an extended attack vector. Therefore, it is important that CPS are secured against current and - due to their long life span - also against future threats, such as quantum computers. The security of present communication can be broken once a sufficiently powerful quantum computer is available. To protect against this attack vector, applications and protocols should start utilizing quantum-resistant primitives. One approach that maintains common security guarantees and protects against quantum computer attacks is to use hybrid constructions: a combination of classically secure and quantum-resistant schemes. In this work, we propose a hybrid key exchange mechanism for the industrial communication protocol Open Platform Communications Unified Architecture (OPC UA). We describe four distinct instantiations based on selected quantum-resistant key encapsulation mechanisms (KEMs), namely NewHope, NTRU, CRYSTALS-Kyber, and Saber. We implement our resulting quantum-resistant modifications of OPC UA on two different ARM based platforms and present detailed performance footprints. Finally, we show the feasibility of employing hybrid quantum-resistant key exchange within OPC UA preserving industrial communication against future threats.
ISSN:1946-0759
DOI:10.1109/ETFA46521.2020.9212112