Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
92 tokens/sec
Gemini 2.5 Pro Premium
50 tokens/sec
GPT-5 Medium
22 tokens/sec
GPT-5 High Premium
21 tokens/sec
GPT-4o
97 tokens/sec
DeepSeek R1 via Azure Premium
87 tokens/sec
GPT OSS 120B via Groq Premium
459 tokens/sec
Kimi K2 via Groq Premium
230 tokens/sec
2000 character limit reached

Post-Quantum Cryptography (PQC) Network Instrument: Measuring PQC Adoption Rates and Identifying Migration Pathways (2408.00054v3)

Published 31 Jul 2024 in cs.NI, cs.CR, and quant-ph

Abstract: The problem of adopting quantum-resistant cryptographic network protocols or post-quantum cryptography (PQC) is critically important to democratizing quantum computing. The problem is urgent because practical quantum computers will break classical encryption in the next few decades. Past encrypted data has already been collected and can be decrypted in the near future. The main challenges of adopting post-quantum cryptography lie in algorithmic complexity and hardware/software/network implementation. The grand question of how existing cyberinfrastructure will support post-quantum cryptography remains unanswered. This paper describes: i) the design of a novel Post-Quantum Cryptography (PQC) network instrument placed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign and a part of the FABRIC testbed; ii) the latest results on PQC adoption rate across a wide spectrum of network protocols (Secure Shell -- SSH, Transport Layer Security -- TLS, etc.); iii) the current state of PQC implementation in key scientific applications (e.g., OpenSSH or SciTokens); iv) the challenges of being quantum-resistant; and v) discussion of potential novel attacks. This is the first large-scale measurement of PQC adoption at national-scale supercomputing centers and FABRIC testbeds. Our results show that only OpenSSH and Google Chrome have successfully implemented PQC and achieved an initial adoption rate of 0.029% (6,044 out of 20,556,816) for OpenSSH connections at NCSA coming from major Internet Service Providers or Autonomous Systems (ASes) such as OARNET, GTT, Google Fiber Webpass (U.S.) and Uppsala Lans Landsting (Sweden), with an overall increasing adoption rate year-over-year for 2023-2024. Our analyses identify pathways to migrate current applications to be quantum-resistant.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (55)
  1. T. Simonite, “Ibm’s condor quantum computer aims for ’utility-scale’ quantum computing,” IEEE Spectrum, 2024, accessed 30 July 2024. [Online]. Available: https://spectrum.ieee.org/ibm-condor
  2. C. Pham, P. Cao, Z. Kalbarczyk, and R. K. Iyer, “Toward a high availability cloud: Techniques and challenges,” in IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).   IEEE, 2012, pp. 1–6.
  3. Y. Cao, P. Cao, H. Chen, K. M. Kochendorfer, A. B. Trotter, W. L. Galanter, P. M. Arnold, and R. K. Iyer, “Predicting icu admissions for hospitalized covid-19 patients with a factor graph-based model,” in Multimodal AI in healthcare: A paradigm shift in health intelligence.   Springer, 2022, pp. 245–256.
  4. D. Sikeridis, P. Kampanakis†, and M. Devetsikiotis, “Post-quantum authentication in tls 1.3: A performance study,” https://eprint.iacr.org/2020/071.pdf, 2020, (Accessed on 08/12/2023).
  5. M. Friedl, J. Mojzis, and S. Josefsson, “Secure shell (ssh) key exchange method using hybrid streamlined ntru prime sntrup761 and x25519 with sha-512: sntrup761x25519-sha512,” Internet Engineering Task Force, Tech. Rep., 2024, accessed 21 Apr. 2024. [Online]. Available: https://www.ietf.org/archive/id/draft-josefsson-ntruprime-ssh-02.html
  6. “openssh.com/txt/release-9.0,” https://www.openssh.com/txt/release-9.0, (Accessed on 04/21/2024).
  7. C. Q. Choi, “The beating heart of the world’s first exascale supercomputer,” IEEE Spectrum, 2022.
  8. “[ms-rdpbcgr]: Remote desktop protocol: Basic connectivity and graphics remoting — microsoft learn,” https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5073f4ed-1e93-45e1-b039-6e30c385867c?redirectedfrom=MSDN, (Accessed on 07/31/2024).
  9. B. Chen, Y. Wang, P. Shome, C. W. Fletcher, D. Kohlbrenner, R. Paccagnella, and D. Genkin, “Gofetch: breaking constant-time cryptographic implementations using data memory-dependent prefetchers,” in USENIX Security, 2024.
  10. “The state of the post-quantum internet,” https://blog.cloudflare.com/pq-2024, (Accessed on 04/28/2024).
  11. D. Sikeridis, P. Kampanakis, and M. Devetsikiotis, “Post-quantum authentication in tls 1.3: a performance study,” Cryptology ePrint Archive, 2020.
  12. G. Twardokus, N. Bindel, H. Rahbari, and S. McCarthy, “When cryptography needs a hand: Practical post-quantum authentication for v2v communications,” Cryptology ePrint Archive, 2022.
  13. Cybersecurity and Infrastructure Security Agency, National Security Agency, and National Institute of Standards and Technology, “Quantum-readiness: Migration to post-quantum cryptography,” U.S. Department of Defense, Tech. Rep., 8 2023, accessed 30 July 2024. [Online]. Available: https://media.defense.gov/2023/Aug/21/2003284212/-1/-1/0/CSI-QUANTUM-READINESS.PDF
  14. I. Baldin, A. Nikolich, J. Griffioen, I. I. S. Monga, K.-C. Wang, T. Lehman, and P. Ruth, “Fabric: A national-scale programmable experimental network infrastructure,” IEEE Internet Computing, vol. 23, no. 6, pp. 38–47, 2019.
  15. V. Paxson, “Bro: a system for detecting network intruders in real-time,” Computer networks, vol. 31, no. 23-24, pp. 2435–2463, 1999.
  16. A. Withers, B. Bockelman, D. Weitzel, D. Brown, J. Gaynor, J. Basney, T. Tannenbaum, and Z. Miller, “Scitokens: Capability-based secure access to remote scientific data,” in Proceedings of the Practice and Experience on Advanced Research Computing, ser. PEARC ’18.   New York, NY, USA: Association for Computing Machinery, 2018. [Online]. Available: https://doi.org/10.1145/3219104.3219135
  17. “kubernetes/kubernetes: Production-grade container scheduling and management,” https://github.com/kubernetes/kubernetes, (Accessed on 04/28/2024).
  18. “Kerberos: The network authentication protocol,” https://web.mit.edu/kerberos/, (Accessed on 04/28/2024).
  19. “Globus,” https://www.globus.org/, (Accessed on 04/28/2024).
  20. “Slurm workload manager - overview,” https://slurm.schedmd.com/overview.html, (Accessed on 04/28/2024).
  21. P. Cao, E. C. Badger, Z. T. Kalbarczyk, R. K. Iyer, A. Withers, and A. J. Slagell, “Towards an unified security testbed and security analytics framework,” in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, ser. HotSoS ’15.   New York, NY, USA: Association for Computing Machinery, 2015. [Online]. Available: https://doi.org/10.1145/2746194.2746218
  22. P. M. Cao, Y. Wu, S. S. Banerjee, J. Azoff, A. Withers, Z. T. Kalbarczyk, and R. K. Iyer, “{{\{{CAUDIT}}\}}: Continuous auditing of {{\{{SSH}}\}} servers to mitigate {{\{{Brute-Force}}\}} attacks,” in 16th USENIX symposium on networked systems design and implementation (NSDI 19), 2019, pp. 667–682.
  23. Y. Wu, P. Cao, A. Withers, Z. T. Kalbarczyk, and R. K. Iyer, “Poster: Mining threat intelligence from billion-scale ssh brute-force attacks,” in Proc. Netw. Distrib. Syst. Security, 2020, pp. 1–3.
  24. P. Cao, H. Li, K. Nahrstedt, Z. Kalbarczyk, R. Iyer, and A. J. Slagell, “Personalized password guessing: a new security threat,” in Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, ser. HotSoS ’14.   New York, NY, USA: Association for Computing Machinery, 2014. [Online]. Available: https://doi.org/10.1145/2600176.2600198
  25. D. J. Bernstein, C. Chuengsatiansup, T. Lange, and C. van Vredendaal, “Ntru prime: Reducing attack surface at low cost,” Cryptology ePrint Archive, vol. 2016, no. 461, pp. 1–29, 2016, last accessed 30 July 2024. [Online]. Available: https://eprint.iacr.org/2016/461
  26. J. Hoffstein, J. Pipher, and J. H. Silverman, “Ntru: A ring-based public key cryptosystem,” pp. 267–288, 1998.
  27. D. J. Bernstein, B. B. Brumley, M.-S. Chen, C. Chuengsatiansup, T. Lange, A. Marotzke, B.-Y. Peng, N. Tuveri, C. van Vredendaal, and B.-Y. Yang, “Ntru prime: Round 3,” National Institute of Standards and Technology, Tech. Rep., 10 2020, accessed 30 July 2024. [Online]. Available: https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf
  28. D. J. Bernstein, “Curve25519: New Diffie-Hellman speed records,” in Public Key Cryptography - PKC 2006, ser. Lecture Notes in Computer Science, vol. 3958.   Springer, 2006, pp. 207–228, accessed 30 July 2024. [Online]. Available: https://www.iacr.org/cryptodb/archive/2006/PKC/3351/3351.pdf
  29. National Institute of Standards and Technology, “Secure hash standard (shs),” U.S. Department of Commerce, Federal Information Processing Standards Publication 180-4, 8 2015, accessed 30 July 2024. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
  30. S. Josefsson, “Hybrid X25519 and Streamlined NTRU Prime sntrup761 with SHA3-256: Chempat-X,” Internet Engineering Task Force, Internet-Draft draft-josefsson-ntruprime-hybrid-01, Jan. 2024, work in Progress. [Online]. Available: https://datatracker.ietf.org/doc/draft-josefsson-ntruprime-hybrid/01/
  31. A. G. John Shier, “It’s oh so quiet (?): The sophos active adversary report for 1h 2024,” https://news.sophos.com/en-us/2024/04/03/active-adversary-report-1h-2024/, April 2024, (Accessed on 07/30/2024).
  32. K. Easterbrook and C. Paquin, “Post-quantum tls,” https://www.microsoft.com/en-us/research/project/post-quantum-tls/, (Accessed on 04/29/2024).
  33. “ncsa/bhr-site: Blackhole router site,” https://github.com/ncsa/bhr-site, (Accessed on 04/29/2024).
  34. “krb5/krb5: mirror of mit krb5 repository,” https://github.com/krb5/krb5, (Accessed on 04/29/2024).
  35. “Rfc 1964 - the kerberos version 5 gss-api mechanism,” https://datatracker.ietf.org/doc/html/rfc1964, (Accessed on 04/29/2024).
  36. “Mb tcp security v21.pdf,” https://www.modbus.org/docs/MB-TCP-Security-v36_2021-07-30.pdf, (Accessed on 04/29/2024).
  37. “mysql/mysql-server: Mysql server, the world’s most popular open source database, and mysql cluster, a real-time, open source transactional database.” https://github.com/mysql/mysql-server, (Accessed on 04/29/2024).
  38. “Freeradius/freeradius-server: Freeradius - a multi-protocol policy server.” https://github.com/FreeRADIUS/freeradius-server, (Accessed on 04/29/2024).
  39. “Freerdp,” https://www.freerdp.com/, (Accessed on 04/29/2024).
  40. “samba-team/samba: https://gitlab.com/samba-team/samba is the official gitlab mirror of https://git.samba.org/samba.git – merge requests should be made on gitlab (not on github),” https://github.com/samba-team/samba, (Accessed on 04/29/2024).
  41. “open-quantum-safe/oqs-provider: Openssl 3 provider containing post-quantum algorithms,” https://github.com/open-quantum-safe/oqs-provider, (Accessed on 04/29/2024).
  42. S. Chen, M. McCutchen, P. Cao, S. Qadeer, and R. K. Iyer, “Svauth–a single-sign-on integration solution with runtime verification,” in Runtime Verification: 17th International Conference, RV 2017, Seattle, WA, USA, September 13-16, 2017, Proceedings 17.   Springer, 2017, pp. 349–358.
  43. A. Withers, B. Bockelman, D. Weitzel, D. Brown, J. Gaynor, J. Basney, T. Tannenbaum, and Z. Miller, “Scitokens: capability-based secure access to remote scientific data,” in Proceedings of the practice and experience on advanced research computing, 2018, pp. 1–8.
  44. N. I. of Standards and Technology, “Nist announces first four quantum-resistant cryptographic algorithms,” July 2022, (Accessed on 04/27/2024).
  45. “Resources,” https://pq-crystals.org/dilithium/resources.shtml, (Accessed on 04/27/2024).
  46. “About falcon,” https://falcon-sign.info/, (Accessed on 04/27/2024).
  47. “Resources,” https://sphincs.org/resources.html, (Accessed on 04/27/2024).
  48. “What is ssl termination?” https://www.f5.com/glossary/ssl-termination, (Accessed on 04/29/2024).
  49. Y. Chen, “Quantum algorithms for lattice problems,” Cryptology ePrint Archive, Paper 2024/555, 2024, accessed 30 July 2024. [Online]. Available: https://eprint.iacr.org/2024/555
  50. V. Tay, X. Li, D. Mashima, B. Ng, P. Cao, Z. Kalbarczyk, and R. K. Iyer, “Taxonomy of fingerprinting techniques for evaluation of smart grid honeypot realism,” in 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).   IEEE, 2023, pp. 1–7.
  51. C. Pham, Z. Estrada, P. Cao, Z. Kalbarczyk, and R. K. Iyer, “Reliability and security monitoring of virtual machines using hardware architectural invariants,” in 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.   IEEE, 2014, pp. 13–24.
  52. P. Cao, E. Badger, Z. Kalbarczyk, R. Iyer, and A. Slagell, “Preemptive intrusion detection: Theoretical framework and real-world measurements,” in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, 2015, pp. 1–12.
  53. J. Basney, P. Cao, and T. Fleury, “Investigating root causes of authentication failures using a saml and oidc observatory,” in 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application (DependSys), 2020, pp. 119–126.
  54. K. Chung, P. Cao, Z. T. Kalbarczyk, and R. K. Iyer, “stealthml: Data-driven malware for stealthy data exfiltration,” in 2023 IEEE International Conference on Cyber Security and Resilience (CSR).   IEEE, 2023, pp. 16–21.
  55. B. Möller, T. Duong, and K. Kotowicz, “This poodle bites: exploiting the ssl 3.0 fallback,” Security Advisory, vol. 21, pp. 34–58, 2014.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now