Full Post-Quantum Datagram TLS Handshake in the Internet of Things

Abstract

Quantum computers are a threat to the current standards for secure communication. The Datagram Transport Layer Security (DTLS) protocol is a common protocol used by Internet of Things (IoT) devices that will be broken by such computers. Although quantum computers are yet to become commercially available, IoT devices are generally long-lived. Thus the transition to quantum secure cryptography, as soon as possible, is necessary. IoT devices are generally resource-constrained and Post-Quantum (PQ) cryptography is often more resource intensive computationally compared to current cryptographic standards, adding to the complexity of the transition. In this paper, we propose a PQ version of DTLS 1.3 in IoT, at some additional costs. We first identify a suitable PQ digital signature scheme and Key Encapsulation Mechanism (KEM) to be used in a PQ version of the DTLS protocol. Using the selected PQ algorithms, we implement and evaluate a full PQ DTLS 1.3 handshake on a Raspberry Pi 4B. We find that CPU usage is actually lower compared to current cryptographic schemes used in DTLS 1.3. We notice a significant increase of up to 6x as many packets sent when establishing a connection, depending on the security level. Moreover, memory usage is significantly greater, requiring at least an extra 800 KiB of memory to connect 100 devices.