Post-quantum MACsec key agreement for ethernet networks

Abstract

The industrial demand on MACsec in Ethernet networks is increasing substantially, in particular for 5G networks, mainly due to its efficiency paired with strong security. MKA (MACsec Key Agreement) is a companion protocol of MACsec that provides methods of authentication and cryptographic key establishment. In this paper, the MACsec and MKA protocol are analysed under a quantum attack scenario. Even though the threat of quantum computers should not be overstated, it is necessary to provide a new countermeasure that is robust against this potential, yet critical risk. Symmetric-key crypto algorithms defined in MACsec and MKA can achieve 128-bit quantum security if 256-bit keys are mandated. However, classical public-key crypto schemes are known to be vulnerable to quantum attacks so that MKA protocol needs to support post-quantum public-key crypto schemes. We implemented a McEliece-based key establishment which is the most conservative post-quantum public-key cryptosystem with a large size of key, yet feasible for MKA. For entity authentication, we implemented a XMSS hash-based signature scheme that is standardised in IETF. We verified by experiments that selected schemes fit well for a MACsec-enabled Ethernet network.