Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices

Abstract

Post-quantum (PQ) cryptographic algorithms are currently being developed to be able to resist attacks by quantum computers. The practical use of these algorithms for securing networks will depend on their computational and communication efficiency. In particular, this is critical for the security of wireless communications within the context of consumer IoT devices that may have limited computational power and depend on a constrained wireless bandwidth. To this end, there is a need to evaluate the performance of widely used application layer security standards such as transport layer security (TLS) to understand the use of the existing PQ algorithms that are being evaluated by NIST as a replacement to the current cryptographic algorithms. This paper focuses on two widely used IoT standards Bluetooth Low Energy (BLE) and WiFi to find out the optimal performing PQ algorithm for their security when used in end-to-end connections over the Internet. By implementing the capability for IP over BLE and all options of TLS connection establishment, we developed a client-server IoT testbed to measure the efficiency of PQ key encapsulation mechanisms (KEMs) and PQ digital signature algorithms. The test results showed that Kyber512 is the ideal KEM while Falcon-512 and Dilithium2 are the best signatures for BLE and WiFi devices. Based on this outcome, we developed a mechanism for IoT devices with multiple communication interfaces, that dynamically chooses a PQ KEM algorithm based on the MAC layer protocol being used at the time.