Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Quantum-Resistant Security for Software Updates on Low-power Networked Embedded Devices

Gustavo Banegas 1 Koen Zandberg 2 Adrian Herrmann 3 Emmanuel Baccelli 2 Benjamin Smith 1 
1 GRACE - Geometry, arithmetic, algorithms, codes and encryption
LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau], Inria Saclay - Ile de France
2 TRiBE - inTeRnet BEyond the usual
Inria Saclay - Ile de France
Abstract : As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider attackers with access to quantum computing power. The SUIT standard (specified by the IETF) defines a security architecture for IoT software updates, standardizing the metadata and the cryptographic tools-namely, digital signatures and hash functions-that guarantee the legitimacy of software updates. While the performance of SUIT has previously been evaluated in the pre-quantum context, it has not yet been studied in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we overview post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on lowpower, microcontroller-based IoT devices which have stringent resource constraints in terms of memory, CPU, and energy consumption. We benchmark a selection of proposed post-quantum signature schemes (LMS, Falcon, and Dilithium) and compare them with current pre-quantum signature schemes (Ed25519 and ECDSA). Our benchmarks are carried out on a variety of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. We interpret our benchmark results in the context of SUIT, and estimate the real-world impact of post-quantum alternatives for a range of typical software update categories. CCS CONCEPTS • Computer systems organization → Embedded systems.
Document type :
Preprints, Working Papers, ...
Complete list of metadata

https://hal.inria.fr/hal-03255844
Contributor : Benjamin Smith Connect in order to contact the contributor
Submitted on : Thursday, June 10, 2021 - 12:11:08 PM
Last modification on : Friday, January 21, 2022 - 3:13:32 AM

Files

paper.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03255844, version 2
  • ARXIV : 2106.05577

Citation

Gustavo Banegas, Koen Zandberg, Adrian Herrmann, Emmanuel Baccelli, Benjamin Smith. Quantum-Resistant Security for Software Updates on Low-power Networked Embedded Devices. 2021. ⟨hal-03255844v2⟩

Share

Metrics

Record views

42

Files downloads

143