incorporating post quantum cryptography in a microservice
play

Incorporating Post-Quantum Cryptography in a microservice - PowerPoint PPT Presentation

Mar 12, 2024 •149 likes •349 views

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

  1. R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2

  2. Why think about post-quantum cryptography W. Buchanan et. al concluded ● Gate-based quantum computers pose a significant threat to a-symmetrical encryption (which is used in PKI) ○ Shor’s algorithm ● Likely theoretical → practical <10 years A-symmetric keys are used by: ● (D)TLS ● SSH ● WPA & WPA2 ● DNSSec ● IKEv2 (IPSec & VPN) ● S/MIME Incorporating post-quantum cryptography in 2 a microservice architecture

  3. Research questions What are the implications of transitioning to post-quantum cryptography in many-to-one microservice architectures where certificates are used for both encryption and mutual authentication ? Two sub questions: 1. Suitable algorithms 2. Practical feasibility Incorporating post-quantum cryptography in 3 3 a microservice architecture

  4. Related work National Institute of Standards and Technology (NIST) ● 2nd round with Post Quantum Cryptography (PQC) ○ 17 different Post Quantum Key Exchange Algorithms ○ 9 different Post Quantum Signature Algorithms E. Crockett et. al - OpenQuantum Safe ● Forked OpenSSH ● Forked OpenSSL ○ 8 different Post Quantum Key Exchange Algorithms ○ 3 different Post Quantum Signature Algorithms Incorporating post-quantum cryptography in 4 a microservice architecture

  5. Related work (cont) J. Kreps et. al - detailed insight about inner workings of Kafka K. Sheykh Esmaili et. al - important aspects of microservices: ● Correctness - Delivery guarantees & Ordering guarantees ● Availability - Maximize its uptime ● Transactions - Group messages into units ● Scalability - Evolve with growing amount of tasks ● Efficiency ○ Latency of a packet / message ○ Throughput (number / bytes of packets per time unit) Incorporating post-quantum cryptography in 5 a microservice architecture

  6. Background What is Kafka? - - Publish / subscribe mechanism Developed by LinkedIn - - Stands out in bulk messaging - Passive and stateless - Publisher (delivers data) pushes data Consumer (requests data) pulles data - - What is Post Quantum Cryptography? Classical key exchange relies on factorization (e.g. RSA) or - logarithmic (e.g. DH and ECC) mathematical problems - PQC relies on other mathematical problems - Not yet solvable by quantum computers Incorporating post-quantum cryptography in 6 a microservice architecture

  7. Open Quantum Safe OpenSSL fork Level Post Quantum Key Exchange Post Quantum Digital Signature Mechanisms Algorithms I bike1l1cpa, bike1l1fo, frodo640aes, dilithium2 frodo640shake, Kyber512, picnicl1fs newhope512cca, ntru_hps2048509, qteslapi lightsaber, sidhp434, sikep434 II Sidhp503, sikep503 dilithium3 III Bike1l3cpa, bike1l3fo, frodo976aes, dilithium4 frodo976shake, ntru_hps2048677, qteslapiii ntru_hrss701, Saber, Sidhp610, sikep610 IV None None V frodo1344aes, frodo1344shake, None kyber1024, newhope1024cca, Ntru_hps4096821, Firesaber, Sidhp751, sikep751 Incorporating post-quantum cryptography in 7 a microservice architecture

  8. Open Quantum Safe OpenSSL fork Hybrid Algorithms Level Hybrid Post Quantum Key Exchange Hybrid Post Quantum Digital Signature Mechanisms Algorithms I p256_bike1l1cpa, p256_bike1l1fo, rsa3072_dilithium2, p256_dilithium2, p256_frodo640aes, p256_frodo640shake, rsa3072_picnicl1fs, p256_picnicl1fs, p256_kyber512, p256_newhope512cca, rsa3072_qteslapi, p256_qteslapi p256_ntru_hps2048509, p256_lightsaber, p256_sidhp434, p256_sikep434. II None None III None p384_dilithium4, p384_qteslapiii IV None None V None None Incorporating post-quantum cryptography in 8 a microservice architecture

  9. Methodology: What are the handshake differences (elapsed time, peak heap - memory) between - Classical cryptography - Post-Quantum Cryptography Hybrid-Post-Quantum Cryptography - - Divide the algorithms per security level (provided by NIST) Level Security Description I At least as hard to break as AES128 (exhaustive key search) II At least as hard to break as SHA256 (collision search) III At least as hard to break as AES192 (exhaustive key search) IV At least as hard to break as SHA384 (collision search) V At least as hard to break as AES256 (exhaustive key search) Incorporating post-quantum cryptography in (NIST, 2019) 9 a microservice architecture

  10. Results Classical Cryptography algorithms Incorporating post-quantum cryptography in 10 a microservice architecture

  11. Results Handshake Level 1 - PQC Incorporating post-quantum cryptography in 11 a microservice architecture

  12. Results Handshake Level 1 - Hybrid PQC Incorporating post-quantum cryptography in 12 a microservice architecture

  13. Results Handshake Level 2 - PQC Incorporating post-quantum cryptography in 13 a microservice architecture

  14. Results Handshake Level 3 - PQC Incorporating post-quantum cryptography in 14 a microservice architecture

  15. Preliminary conclusions What are the implications of transitioning to post-quantum cryptography in many-to-one microservice architectures where certificates are used for both encryption and mutual authentication ? ● Suitable algorithms ○ L1 ■ Dilithium2 - Kyber512 / Lightsaber / NewHope512cca ■ Picnicl1fs - Kyber512 / Lightsaber / NewHope512cca ■ qTeslapi - Kyber512 / Lightsaber / NewHope512cca ○ L2 ■ Dilithium3 - SiDHp503 ○ L3 ■ Dilithium4 - Saber / Frodo / NTRU ■ qTeslapiii - Saber / Frodo / NTRU Incorporating post-quantum cryptography in 15 a microservice architecture

  16. Preliminary conclusions (cont) What are the implications of transitioning to post-quantum cryptography in many-to-one microservice architectures where certificates are used for both encryption and mutual authentication ? ● Practical feasibility ○ Kafka relies on Java ■ PQC not yet implemented in Java Security stack ■ Using the OpenSSL fork for Kafka requires additional customization ○ Using the OpenSSL fork ■ Using Hybrid for transitioning ■ Handshake time is not that much longer Incorporating post-quantum cryptography in 16 a microservice architecture

  17. Discussion - Algorithms still in development - NIST Round 2 still in progress - We did not test these algorithms in a microserver environment - CPU measurements not taken into account - Our setup was optimal, we did not test multiple concurrent sessions Incorporating post-quantum cryptography in 17 a microservice architecture

  18. Future work - Experiment with Java Security stack - development of general interface for third party libraries - Experiment with liboqs algorithms in the OpenSSL fork - Still in development - Not all are available for proper testing Incorporating post-quantum cryptography in 18 a microservice architecture

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
The Quantum Risk &amp; Post-Quantum Crypto JP Aumasson The Quantum Risk &amp; Post-Quantum

The Quantum Risk &amp; Post-Quantum Crypto JP Aumasson The Quantum Risk &amp; Post-Quantum

The Quantum Risk &amp; Post-Quantum Crypto JP Aumasson The Quantum Risk &amp; Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

894 views • 68 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum &amp; DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n &gt; k noisy channel noisy

783 views • 52 slides
OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

Presentation of the rank metric Description of the scheme Security and parameters OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography Standardization Conference Carlos AguilarMelchor 2 Nicolas Aragon 1 Slim

157 views • 15 slides
CONNECTING THE MOBILITY WORLD WITH 5G-V2X READY TO ROLL AT GLOBAL LEVEL GO-TO-MARKET TIMELINE

CONNECTING THE MOBILITY WORLD WITH 5G-V2X READY TO ROLL AT GLOBAL LEVEL GO-TO-MARKET TIMELINE

CONNECTING THE MOBILITY WORLD WITH 5G-V2X READY TO ROLL AT GLOBAL LEVEL GO-TO-MARKET TIMELINE VISHNU SUNDARAM VICE PRESIDENT , TELEMATICS BU HARMAN INTERNATIONAL INDUSTRIES 1 Preparations Round the Globe for C-V2X Rollout China C-V2X

249 views • 5 slides
MAINTAINING THE GO CRYPTO LIBRARIES Filippo Valsorda Google @FiloSottile WHO AM I { Go

MAINTAINING THE GO CRYPTO LIBRARIES Filippo Valsorda Google @FiloSottile WHO AM I { Go

QCon NYC 25 JUNE 2019 MAINTAINING THE GO CRYPTO LIBRARIES Filippo Valsorda Google @FiloSottile WHO AM I { Go security coordinator Go crypto/ packages owner and maintainer 00. INTRO SECTION 1 Cryptography is H ard

806 views • 46 slides
Introduction to Public Key Cryptography Toke Meier Carlsen University of the Faroe Islands eID

Introduction to Public Key Cryptography Toke Meier Carlsen University of the Faroe Islands eID

Introduction to Public Key Cryptography Toke Meier Carlsen University of the Faroe Islands eID the Corner Stone of digitalizing 2016-09-07 What is cryptography? What is cryptography? Hello Alice Hello Alice Bobs wants to send messages

400 views • 16 slides
PRESS RELEASE Trusted Objects expert on lightweight cryptography gives a presentation to the NIST

PRESS RELEASE Trusted Objects expert on lightweight cryptography gives a presentation to the NIST

PRESS RELEASE Trusted Objects expert on lightweight cryptography gives a presentation to the NIST Alexan Alexandre dre Adomn Adomnicai, icai, cryptograph cryptography y expert expert at at Truste Trusted d Obje Objects cts will will

174 views • 3 slides
RNS Modular Computations for Cryptographic Applications Karim Bigou CNRS IRISA CAIRN

RNS Modular Computations for Cryptographic Applications Karim Bigou CNRS IRISA CAIRN

RNS Modular Computations for Cryptographic Applications Karim Bigou CNRS IRISA CAIRN RAIM 2015: April 7 9 Karim Bigou RNS for Asymmetric Cryptography RAIM 2015: April 7 9 1 / 23 Context One objective of our research group:

510 views • 31 slides
Blockchain and Distributed Ledger Technologies: Opportunities, Challenges and Future Work Andrew

Blockchain and Distributed Ledger Technologies: Opportunities, Challenges and Future Work Andrew

Blockchain and Distributed Ledger Technologies: Opportunities, Challenges and Future Work Andrew Regenscheid Cryptographic Technology Group Cryptographic Technology Group Mission: Research, develop, engineer, and standardize cryptographic

321 views • 28 slides
Final Presentation Maggie Mallernee, Zachary Silber, Michael Tong, Richard Zhang, Joshua Zweig

Final Presentation Maggie Mallernee, Zachary Silber, Michael Tong, Richard Zhang, Joshua Zweig

Final Presentation Maggie Mallernee, Zachary Silber, Michael Tong, Richard Zhang, Joshua Zweig Overview What is C% (and however do you pronounce it)? Cryptography Implementation is Hard Why C%? Goals Encourage Improve Extensibility

217 views • 17 slides

More recommend