Abstract
AbstractAs the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider adversaries with access to quantum computing power. The IETF-specified SUIT standard defines a security architecture for IoT software updates, standardizing metadata and cryptographic tools—digital signatures and hash functions—to guarantee the update legitimacy. SUIT performance has been evaluated in the pre-quantum context, but not yet in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we survey post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on low-power, microcontroller-based IoT devices with stringent memory, CPU, and energy consumption constraints. We benchmark a range of pre- and post-quantum signature schemes on a range of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. Interpreting our benchmarks in the context of SUIT, we estimate the real-world impact of transition from pre- to post-quantum signatures.KeywordsPost-quantumSecurityIoTMicrocontrollerEmbedded Systems
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
