In 1994 mathematician Peter Shor developed an algorithm requiring a quantum computer to find the prime factors of a composite number in much less time than needed today. Shor's algorithm is especially relevant for cryptography as many encryption schemes are based on the assumption that finding prime factors of a sufficiently large number is a computationally hard problem. A quantum computer that could run Shor’s algorithm to attack today's cryptographic schemes does not yet exist, but recent advancements in the field of quantum computing suggest that such machines may become reality in the not too distant future.
Consequently, a new class of cryptographic schemes (called "quantum-resistant") which are secure against attacks from quantum computers is being developed. Although secure against quantum attacks, those new methods come with severe limitations compared to the ones used today. Most of them have keys several orders of magnitude bigger than in schemes used today, while others are a lot slower. Another problem with the majority of existing quantum-resistant schemes is their novelty, which implies a lack of security reviews and real world usage experience.
For secure network communication, most VPN solutions use a key exchange method, like the Diffie-Hellman key exchange, or an asymmetric encryption scheme, like RSA, to derive a shared session secret. A patient attacker may intercept today's network traffic including key exchange and encrypted data and use a quantum computer in the future to break the key exchange; they may then retrieve the shared session secret and would gain access to the confidential data.
In the IPsec protocol suite, the key exchange is handled by the IKEv2 protocol, which by design utilizes a single Diffie-Hellman key exchange. The purpose of this work is the analysis of existing quantum-resistant key exchange methods and their integration into the IKEv2 protocol to defy future quantum-based attacks. The challenge is to find ways for the IKEv2 protocol to support large keys and the other needs of quantum-resistant cryptography schemes while keeping the security properties of IKEv2 intact. On the other hand, a quantum-resistant key exchange protocol should retain the security properties of classical key exchanges, so that a potential weakness of quantum-resistant method does not harm the classical security. Possible solutions to these problems are the use of a hybrid key exchange and the fragmentation of big keys over several IKEv2 payloads and messages.
Prof. Dr. D. Kranzlmüller
Dauer der Arbeit:
Anzahl Bearbeiter: 1