As the Internet of Things (IoT) rolls out today to devices whose lifetime may
well exceed a decade, conservative threat models should consider attackers with
access to quantum computing power. The SUIT standard (specified by the IETF)
defines a security architecture for IoT software updates, standardizing the
metadata and the cryptographic tools-namely, digital signatures and hash
functions-that guarantee the legitimacy of software updates. While the
performance of SUIT has previously been evaluated in the pre-quantum context,
it has not yet been studied in a post-quantum context. Taking the open-source
implementation of SUIT available in RIOT as a case study, we overview
post-quantum considerations, and quantum-resistant digital signatures in
particular, focusing on lowpower, microcontroller-based IoT devices which have
stringent resource constraints in terms of memory, CPU, and energy consumption.
We benchmark a selection of proposed post-quantum signature schemes (LMS,
Falcon, and Dilithium) and compare them with current pre-quantum signature
schemes (Ed25519 and ECDSA). Our benchmarks are carried out on a variety of IoT
hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the
bulk of modern 32-bit microcontroller architectures. We interpret our benchmark
results in the context of SUIT, and estimate the real-world impact of
post-quantum alternatives for a range of typical software update categories.
CCS CONCEPTS $bullet$ Computer systems organization $rightarrow$ Embedded

Go to Source of this post
Author Of this post: <a href="">Gustavo Banegas</a> (GRACE), <a href="">Koen Zandberg</a> (TRiBE ), <a href="">Adrian Herrmann</a> (Freie Universit&#xe4;t Berlin), <a href="">Emmanuel Baccelli</a> (TRiBE ), <a href="">Benjamin Smith</a> (GRACE)

By admin