A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-06-16 DOI:10.1016/j.iot.2025.101650

Yacoub Hanna , Jessica Bozhko , Samet Tonyali , Ricardo Harrilal-Parchment , Mumin Cebe , Kemal Akkaya

{"title":"A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices","authors":"Yacoub Hanna , Jessica Bozhko , Samet Tonyali , Ricardo Harrilal-Parchment , Mumin Cebe , Kemal Akkaya","doi":"10.1016/j.iot.2025.101650","DOIUrl":null,"url":null,"abstract":"<div><div>The computational capacity envisaged for quantum computers poses a significant threat to today’s traditional cryptographic algorithms. Although they are not yet large enough to compromise current cryptographic protocols, one can practice retrospective decryption since data packets traveling through the Internet can be easily sniffed. This threat extends to wireless communication security within consumer IoT devices that use lightweight cryptography due to limited computational power. Thus, countermeasures against potential quantum attacks should be preemptively adopted. NIST is leading efforts to standardize several algorithms as quantum-resistant Key Exchange Mechanisms (KEMs) and Digital Signatures. In this paper, we investigate the viability of these Post-Quantum algorithms in the Transport Layer Security (TLS) of power-constrained IoT devices. Specifically, it focuses on two widely used IoT network protocol stacks, i.e., Bluetooth Low Energy (BLE) and Wi-Fi. To this end, we build a realistic IoT testbed running IP over BLE. Our evaluation considers the impact of several realistic factors for the first time, such as using a chain of certificates on the server side and incorporating certificate validation methods such as Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL). We also evaluate the impact of mutual authentication between the server and the client. Utilizing the outcomes of this evaluation, we then propose a novel approach for IoT devices to dynamically choose the most efficient KEM algorithm for TLS based on the device’s physical network interface. The performance results provide valuable insights with respect to the TLS latency and energy consumption of consumer IoT devices.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101650"},"PeriodicalIF":6.0000,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525001647","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The computational capacity envisaged for quantum computers poses a significant threat to today’s traditional cryptographic algorithms. Although they are not yet large enough to compromise current cryptographic protocols, one can practice retrospective decryption since data packets traveling through the Internet can be easily sniffed. This threat extends to wireless communication security within consumer IoT devices that use lightweight cryptography due to limited computational power. Thus, countermeasures against potential quantum attacks should be preemptively adopted. NIST is leading efforts to standardize several algorithms as quantum-resistant Key Exchange Mechanisms (KEMs) and Digital Signatures. In this paper, we investigate the viability of these Post-Quantum algorithms in the Transport Layer Security (TLS) of power-constrained IoT devices. Specifically, it focuses on two widely used IoT network protocol stacks, i.e., Bluetooth Low Energy (BLE) and Wi-Fi. To this end, we build a realistic IoT testbed running IP over BLE. Our evaluation considers the impact of several realistic factors for the first time, such as using a chain of certificates on the server side and incorporating certificate validation methods such as Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL). We also evaluate the impact of mutual authentication between the server and the client. Utilizing the outcomes of this evaluation, we then propose a novel approach for IoT devices to dynamically choose the most efficient KEM algorithm for TLS based on the device’s physical network interface. The performance results provide valuable insights with respect to the TLS latency and energy consumption of consumer IoT devices.

查看原文本刊更多论文

对消费物联网设备的后量子安全进行全面而现实的性能评估

量子计算机的计算能力对当今传统的加密算法构成了重大威胁。虽然它们还没有大到足以危及当前的加密协议，但可以进行回溯解密，因为通过互联网传输的数据包很容易被嗅探到。这种威胁扩展到由于计算能力有限而使用轻量级加密的消费者物联网设备中的无线通信安全。因此，应对潜在的量子攻击应先发制人。NIST正在努力标准化一些算法，如抗量子密钥交换机制（kem）和数字签名。在本文中，我们研究了这些后量子算法在功率受限的物联网设备的传输层安全（TLS）中的可行性。具体来说，它侧重于两种广泛使用的物联网网络协议栈，即低功耗蓝牙（BLE）和Wi-Fi。为此，我们构建了一个在BLE上运行IP的现实物联网测试平台。我们的评估首次考虑了几个现实因素的影响，例如在服务器端使用证书链，并结合证书验证方法，如在线证书状态协议（OCSP）和证书撤销列表（CRL）。我们还评估了服务器和客户端之间相互身份验证的影响。利用这一评估结果，我们提出了一种新的方法，让物联网设备基于设备的物理网络接口动态选择最有效的TLS KEM算法。性能结果为消费者物联网设备的TLS延迟和能耗提供了有价值的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.