A Tale of Two Models: Formal Verification of KEMTLS via Tamarin

Celi, Sofía; Hoyland, Jonathan; Stebila, Douglas; Wiggers, Thom

doi:10.1007/978-3-031-17143-7_4

Cited by 5 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A significant body of research has been dedicated to the augmentation of network security infrastructure with PQC capabilities, including X.509 certificates [18][19][20][21][22], Media Access Control security (MACsec) [23], Internet Protocol Security (IPSec) [24,25], Transport Layer Security (TLS) [26][27][28][29][30][31][32][33][34][35][36], Secure Shell (SSH) [32,37], and WireGuard [38][39][40]. In addition, PQC algorithms have been implemented in devices as part of their secure boot capability [41,42].…”

Section: Device Security and Spdmmentioning

confidence: 99%

“…The first part is the traditional key ExchangeData with a fixed size, and the second part is the PQC key ExchangeData with a fixed size. The format of the PQC key ExchangeData, such as public key and cipher text, should be determined by the selected We did notice that the KEM-based authentication [61] was adopted by several standard proposals, such as WireGuard [38] and KEMTLS [27,35,36]. However, following this approach for SPDM will entail a significant impact for the SPDM KEY_EXCHANGE message flow, as well as other digital-signature-based commands such as SPDM CHALLENGE or GET_-MEASURMENT.…”

Section: Post-quantum Design For Spdm Secure Sessionmentioning

confidence: 99%

See 1 more Smart Citation

Post Quantum Design in SPDM for Device Authentication and Key Establishment

2022

View full text Add to dashboard Cite

The Security Protocol and Data Model (SPDM) defines a set of flows whose purpose includes the authentication of a computing device’s hardware identity. SPDM also allows for the creation of a secure session wherein data communication between two devices has both confidentiality and integrity protection. The present version of SPDM, namely version 1.2, relies upon traditional asymmetric cryptographic algorithms, and these algorithms are known to be vulnerable to quantum attacks. This paper describes the means by which support for post-quantum (PQ) cryptography can be added to the SPDM protocol in order to prepare SPDM for the upcoming world of quantum computing. As part of this paper, we examine the SPDM 1.2 protocol and discuss various aspects of using PQC algorithms, including negotiation of the use of post-quantum cryptography (PQC) algorithms, support for device identity reporting, mechanisms for device authentication, and establishing a secure session. We consider so-called “hybrid modes’’ where both classical and PQC algorithms are used to achieve security properties, especially given the fact that these modes are important during the transition period from the classical to the quantum computing regime. We also share our experience with implementing a software embodiment of PQC in SPDM, namely “PQ-SPDM’’, and we provide benchmarks that evaluate a subset of the winning NIST PQC algorithms.

show abstract