Resilient cryptography for Internet of Things devices
Loading...
Author
Fatnassi, S.
Belloy, J.
Valencia, F.
Meier, L.
Vizár, D.
DOI
Abstract
IoT systems face two complimentary security challenges: ensuring boot-time integrity on resource-constrained devices against the impending attacks using quantum computers and enabling fleet-wide recovery after credential compromise. CSEM now offers a combined solution that integrates SPHINCS+, a hash-based post-quantum signature scheme, into MCUboot for secure boot, supported by a slice-based Keccak hardware accelerator to make SHAKE256 hashing practical. In addition, we design a Post-Compromise Security (PCS) overlay for Amazon Web Services (AWS) Internet of Things (IoT) Core that automates Transport Layer Security (TLS) certificate rotation and introduces a ratcheted channel for cryptographic healing without disrupting existing workflows. Our implementation demonstrates that hardware acceleration reduces SPHINCS+ verification time by up to 10.9× and cuts boot time from over four seconds to under 0.4 seconds for a 256 kB firmware. Optimized parameter sets (C9 and O2) further reduce signature size and verification cost while maintaining the US National Institute of Standards and Technology (NIST) security levels. Side-channel analysis reveals leakage in the slice-based Keccak core, which can be mitigated through masking for a total area of approximately 74 kGE. For PCS, cost modeling shows the additional cloud service costs for a weekly key rotation can be as low as 10-4 $ per device, making continuous healing economically feasible. These results provide a practical blueprint for deploying post-quantum secure boot and PCS in real-world IoT systems.
Publication Reference
CSEM Scientific and Technical Report 2025, p. 7–8
Year
2025