Flexible hybrid post-quantum bidirectional multi-factor authentication and key agreement framework using ECC and KEM

Abstract

Post-quantum computing becomes a real threat in the coming years, resulting in vulnerable security protocols that rely on traditional public key algorithms. It is not evident to provide protection against it in a cost-efficient manner, especially for Internet of Things (IoT) devices with limited capabilities. There is a high variety of IoT applications, some require only short-term security (e.g. agriculture) and others long-term security (e.g. healthcare). In order to provide a unified security approach for such heterogenity in IoT, we propose a flexible hybrid authentication and key agreement framework for a client–server architecture, which relies both on the classical elliptic curve cryptography (ECC) and on a quantum secure key encapsulation mechanism (KEM). There are five versions that can be derived from the framework, going from a fully hybrid, and partial hybrid to classical construction. The trade-off between performance and security strength is demonstrated for each of these versions. The overall cost of the protocols is highly reduced thanks to the usage of multifactors in the authentication process, both on the user side by means of biometrics and the device side by means of physically unclonable functions (PUFs). We show that both Kyber and Mc Elience as KEM can offer reasonable performance, depending on the situation. The unified framework offers optimal security protection against the most well-known attacks.