Secure SSL/TLS Communication System Based on Quantum Keys

doi:10.12142/ZTECOM.202403013

ZTE Communications ›› 2024, Vol. 22 ›› Issue (3): 106-115.DOI: 10.12142/ZTECOM.202403013

• Research Papers • Previous Articles Next Articles

Secure SSL/TLS Communication System Based on Quantum Keys

WANG Jigang¹^,², LU Yuqian³, WEI Liping¹^,², JIANG Xinzao³(), ZHANG Han¹^,²

^1.State Key Laboratory of Mobile Network and Mobile Multimedia, Shenzhen 518055, China
^2.Department of Cyberspace Security, ZTE Corporation, Shenzhen 518057, China
^3.School of Cyber Science and Engineering, Southeast University, Nanjing 211102, China

Received:2023-10-28 Online:2024-09-25 Published:2024-09-29
About author:WANG Jigang received his PhD degree in computer science from Harbin Engineering University, China in 2007. From May 2007 to June 2009, he held a postdoctoral position in Institute of Computer Science, Tsinghua University, China. From August 2009, He has been with Cyber Security Product Line, ZTE Corporation as the general manager. His recent research interests include operating systems, network and information security, and artificial intelligence.
LU Yuqian is a master student at School of Cyber Science and Engineering, Southeast University, China. Her research interests include IoT and information security.
WEI Liping received his bachelor's degree in electronic information engineering from Zhejiang University, China in 2005. Since 2020, he has been a product manager of cyber security products at ZTE Corporation. His recent research interests include mobile communication, network and information security, and artificial intelligence.
JIANG Xinzao (230229200@seu.edu.cn) is a PhD student at School of Cyber Science and Engineering, Southeast University, China. His research interests include privacy-preserving computation and IoT.
ZHANG Han received his MSc degree in information technology and management from ITC Institute of Twente University, the Netherlands. He is currently pursuing his PhD degree in School of Cyber Science and Engineering, Southeast University, China. He is a senior system architect of ZTE Corporation, China and the director of Jiangsu Provincial Key Laboratory of Big data Storage and Application, China. He is also an associate researcher at the State Key Laboratory of Mobile Network and Mobile Multimedia Technology, China. His research interests include information security, cloud computing, big data, IoT, 5G technology, and human computer interactions.
Supported by:
ZTE Industry?University?Institute Cooperation Funds(HC?CN?20221029003)

Abstract

Abstract:

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols facilitates a secure framework for identity authentication, data encryption, and message integrity verification. However, with the recent development in quantum computing technology, the security of conventional key-based SSL/TLS protocols faces vulnerabilities. In this paper, we propose a scheme by integrating the quantum key into the SSL/TLS framework. Furthermore, the application of post-quantum algorithms is used to enhance and complement the existing encryption suites. Experimental results show that the proposed SSL/TLS communication system based on quantum keys exhibits high performance in latency and throughput. Moreover, the proposed system showcases good resilience against quantum attacks.

Key words: SSL/TLS protocols, quantum key, post-quantum cryptography

WANG Jigang, LU Yuqian, WEI Liping, JIANG Xinzao, ZHANG Han. Secure SSL/TLS Communication System Based on Quantum Keys[J]. ZTE Communications, 2024, 22(3): 106-115.

Figures/Tables 10

References 20

1	JOSEPH D, MISOCZKI R, MANZANO M, et al. Transitioning organizations to post-quantum cryptography [J]. Nature, 2022, 605(7909): 237–243. DOI: 10.1038/s41586-022-04623-2
2	DASTRES R, SOORI M. Secure socket layer (SSL) in the network and web security [J]. International journal of computer and information engineering, 2020, 14(10): 330–333
3	DUDDU S, RISHITA SAI A, SOWJANYA C L S, et al. Secure socket layer stripping attack using address resolution protocol spoofing [C]//Proc. 4th International Conference on Intelligent Computing and Control Systems (ICICCS). IEEE, 2020: 973–978. DOI: 10.1109/ICICCS48265.2020.9120993
4	IBRAHIM A. Secure socket layer: fundamentals and certificate verification [EB/OL]. [2023-08-20].
5	AHMAD KHAN N, KHAN A S, KAR H A, et al. Employing public key infrastructure to encapsulate messages during transport layer security handshake procedure [C]//Proc. Applied Informatics International Conference (AiIC). IEEE, 2022: 126–130. DOI: 10.1109/AiIC54368.2022.9914605
6	SHAKYA S. An efficient security framework for data migration in a cloud computing environment [J]. Journal of artificial intelligence and capsule networks, 2019, 1(1): 45–53. DOI: 10.36548/jaicn.2019.1.006
7	ZENG P, ZHOU H Y, WU W J, et al. Mode-pairing quantum key distribution [J]. Nature communications, 2022, 13(1): 3903. DOI: 10.1038/s41467-022-31534-7
8	XU F H, MA X F, ZHANG Q, et al. Secure quantum key distribution with realistic devices [J]. Reviews of modern physics, 2020, 92(2): 025002. DOI: 10.1103/RevModPhys.92.025002
9	MEHIC M, NIEMIEC M, RASS S, et al. Quantum key distribution [J]. ACM computing surveys, 2021, 53(5): 1–41. DOI: 10.1145/3402192
10	MA W K, CHEN B W, LIU L, et al. Equilibrium allocation approaches of quantum key resources with security levels in QKD-enabled optical data center networks [J]. IEEE Internet of Things journal, 2022, 9(24): 25660–25672. DOI: 10.1109/JIOT.2022.3195104
11	EMURA K, MORIAI S, NAKAJIMA T, et al. Cache-22: a highly deployable end-to-end encrypted cache system with post-quantum security [EB/OL]. [2023-08-20].
12	ALAGIC G, ALPERIN-SHERIFF J, APON D, et al. Status report on the first round of the NIST post-quantum cryptography standardization process [EB/OL]. [2023-08-20].
13	ASIF R. Post-quantum cryptosystems for Internet-of-Things: a survey on lattice-based algorithms [J]. IoT, 2021, 2(1): 71–91. DOI: 10.3390/iot2010005
14	DANG V B, MOHAJERANI K, GAJ K. High-speed hardware architectures and FPGA benchmarking of CRYSTALS-kyber, NTRU, and saber [J]. IEEE transactions on computers, 2023, 72(2): 306–320. DOI: 10.1109/TC.2022.3222954
15	HUANG Y M, HUANG M Q, LEI Z K, et al. A pure hardware implementation of CRYSTALS-KYBER PQC algorithm through resource reuse [J]. IEICE electronics express, 2020, 17(17): 20200234. DOI: 10.1587/elex.17.20200234
16	JATI A, GUPTA N, CHATTOPADHYAY A, et al. A configurable CRYSTALS-kyber hardware implementation with side-channel protection [J]. ACM transactions on embedded computing systems, 2024, 23(2): 1–25. DOI: 10.1145/3587037
17	WALDEN J. OpenSSL 3.0.0: an exploratory case study [C]//Proc. 19th International Conference on Mining Software Repositories. ACM, 2022: 735–737. DOI: 10.1145/3524842.3528035
18	AHN J, KWON H Y, AHN B, et al. Toward quantum secured distributed energy resources: adoption of post-quantum cryptography (PQC) and quantum key distribution (QKD) [J]. Energies, 2022, 15(3): 714. DOI: 10.3390/en15030714
19	YANG Y H, LI P Y, MA S Z, et al. All optical metropolitan quantum key distribution network with post-quantum cryptography authentication [J]. Optics express, 2021, 29(16): 25859–25867. DOI: 10.1364/OE.432944
20	WANG L J, ZHANG K Y, WANG J Y, et al. Experimental authentication of quantum key distribution with post-quantum cryptography [J]. NPJ quantum information, 2021, 7(1): 67. DOI: 10.1038/s41534-021-00400-7

Grade	Encryption Suite
1	TLS_QKD_SHA_RSA_WITH_OTP_MD5
2	TLS_QKD_DHE_DSS_WITH_DES_CBC_UHAH1
3	TLS_QKD_UHASH1_PSK_WITH_OPT_ UHAH2
4	TLS_QKD_MD5_DH_RSA_WITH_AES_128_CBC_SHA

Grade	Encryption Suite
1	TLS_QKD_SHA_RSA_WITH_OTP_MD5
2	TLS_QKD_DHE_DSS_WITH_DES_CBC_UHAH1
3	TLS_QKD_UHASH1_PSK_WITH_OPT_ UHAH2
4	TLS_QKD_MD5_DH_RSA_WITH_AES_128_CBC_SHA

Grade	Encryption Suite
1	TLS_Kyber_SHA_RSA_WITH_OTP_MD5
2	TLS_Kyber_DHE_DSS_WITH_DES_CBC_UHAH1
3	TLS_Kyber_UHASH1_PSK_WITH_OPT_ UHAH2
4	TLS_Kyber_MD5_DH_RSA_WITH_AES_128_CBC_SHA

Grade	Encryption Suite
1	TLS_Kyber_SHA_RSA_WITH_OTP_MD5
2	TLS_Kyber_DHE_DSS_WITH_DES_CBC_UHAH1
3	TLS_Kyber_UHASH1_PSK_WITH_OPT_ UHAH2
4	TLS_Kyber_MD5_DH_RSA_WITH_AES_128_CBC_SHA

Key Negotiation Method	Key Size	Handshake Delay/ms
Quantum key distribution	Quantum key 512 kB	16.2
Quantum key distribution	Quantum key 16 kB	15.7
Quantum key distribution	Quantum key 160 B	15.6
Classical public key algorithm	RSA 4 096 bit	15.3
Classical public key algorithm	RSA 2 048 bit	3.7
Classical public key algorithm	RSA 1 024 bit	2.1

Secure SSL/TLS Communication System Based on Quantum Keys

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 20

Related Articles 0

Recommended Articles

Metrics