DTLS with Post-quantum Secure Source Authentication and Message Integrity

Abstract

Recent advances in quantum computing and Shor’s discovery of quantum algorithms that efficiently solve computational problems (integer factorization and discrete logarithm problems) form the basis of the Internet cryptographic infrastructure. It has fueled intensive research into the design and development of post-quantum (PQ) cryptographic systems that maintain their security when a quantum computer is built.We consider the PQ security of DTLS (Datagram Transport Layer Security), a communication security protocol that protects against eavesdropping, tampering, and packet forgery for datagrams. DTLS is the UDP counterpart of TLS (Transport Layer Security) and proposed to secure control messages in 5G networks. We offer a novel and efficient approach for providing secure source authentication and message integrity for DTLS that removes the need for a computationally expensive key exchange for message integrity by using PQ TESLA (Timed Efficient Stream Loss-tolerant Authentication) that relies on delayed key release mechanism to provide integrity and use a PQ hash-based signature for providing PQ source authentication. We analyze the security of our design, implement it in a widely used library called TinyDTLS, report the result of our experiments, and propose direction for future research.