Modern Internet of Things (IoT) systems need to rely on security now more than ever, but simply reusing already established security public key infrastructures (PKI) is challenging. These infrastructures often rely on complex protocols, such as TLS, which can be resource-demanding and unsuitable for constrained devices. In the world of cybersecurity, implicit certificates are a sophisticated cryptographic concept. They have gained popularity thanks to their efficiency and scalability and offer a unique approach to managing authentication and security. They differ from traditional explicit certificates in that they allow each entity to have its own certificate and calculate public keys on the go, ultimately requiring smaller certificate sizes.
Although implicit certificate schemes have been effective for networked embedded systems, latest research has revealed that they are not post-quantum secure. This is because these schemes rely on elliptic curves, which makes them vulnerable to quantum attacks. Our aim is to verify these strong claims and look for potential solutions. The goal set with this thesis will include a strong emphasis on protocol analysis, but also the implementation and testing on wireless embedded systems to replicate real-world cases.
Within this context, students can explore several directions and perform different tasks, such as: