Quantum-resistant hardware-accelerated IoT traffic encryptor

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F25%3APU155925" target="_blank" >RIV/00216305:26220/25:PU155925 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/abs/pii/S2542660525000678" target="_blank" >https://www.sciencedirect.com/science/article/abs/pii/S2542660525000678</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.iot.2025.101554" target="_blank" >10.1016/j.iot.2025.101554</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Quantum-resistant hardware-accelerated IoT traffic encryptor

Popis výsledku v původním jazyce

The rapid expansion of the Internet of Things (IoT) brings new security challenges, particularly with the potential risks posed by quantum computing. In this paper, we present a comprehensive approach to IoT security, offering two deployment options: a hardware-accelerated encryption solution using FPGAs for high-speed IoT aggregators, and a software-based version suited for lower-end IoT devices. Both versions share the same cryptographic architecture, ensuring consistency and compatibility across diverse use cases. Our proposed approach employs a hybrid key management mechanism that integrates classical, quantum, and post-quantum cryptographic schemes, including Elliptic Curve Diffie–Hellman (ECDH), CRYSTALS-Kyber, and Quantum Key Distribution (QKD). These key sources are combined using a custom-designed 3-key combiner to generate a secure hybrid key for AES-256 encryption in Galois-Counter Mode (GCM). Both solutions have been rigorously tested in real-world scenarios, including a pilot deployment between Czechia and Estonia and high-speed lab tests, validating their effectiveness and scalability. This dual approach caters to both resource-constrained edge devices and high-performance central systems, providing scalable and versatile post-quantum security for IoT environments.

Název v anglickém jazyce

Quantum-resistant hardware-accelerated IoT traffic encryptor

Popis výsledku anglicky

The rapid expansion of the Internet of Things (IoT) brings new security challenges, particularly with the potential risks posed by quantum computing. In this paper, we present a comprehensive approach to IoT security, offering two deployment options: a hardware-accelerated encryption solution using FPGAs for high-speed IoT aggregators, and a software-based version suited for lower-end IoT devices. Both versions share the same cryptographic architecture, ensuring consistency and compatibility across diverse use cases. Our proposed approach employs a hybrid key management mechanism that integrates classical, quantum, and post-quantum cryptographic schemes, including Elliptic Curve Diffie–Hellman (ECDH), CRYSTALS-Kyber, and Quantum Key Distribution (QKD). These key sources are combined using a custom-designed 3-key combiner to generate a secure hybrid key for AES-256 encryption in Galois-Counter Mode (GCM). Both solutions have been rigorously tested in real-world scenarios, including a pilot deployment between Czechia and Estonia and high-speed lab tests, validating their effectiveness and scalability. This dual approach caters to both resource-constrained edge devices and high-performance central systems, providing scalable and versatile post-quantum security for IoT environments.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2025

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Internet of Things

ISSN

2542-6605

e-ISSN

—

Svazek periodika

31

Číslo periodika v rámci svazku

6

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

18

Strana od-do

„“-„“

Kód UT WoS článku

001441747400001

EID výsledku v databázi Scopus

—