Next Article in Journal
BPDM-GCN: Backup Path Design Method Based on Graph Convolutional Neural Network
Previous Article in Journal
Railway Cloud Resource Management as a Service
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 17
Issue 5
10.3390/fi17050193
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Developing Quantum Trusted Platform Module (QTPM) to Advance IoT Security

by
Guobin Xu
*,
Oluwole Adetifa
,
Jianzhou Mao
,
Eric Sakk
and
Shuangbao Wang
The Department of Computer Science, Morgan State University, Baltimore, MD 21251, USA
*
Author to whom correspondence should be addressed.
Future Internet 2025, 17(5), 193; https://doi.org/10.3390/fi17050193 (registering DOI)
Submission received: 28 February 2025 / Revised: 12 April 2025 / Accepted: 23 April 2025 / Published: 26 April 2025
(This article belongs to the Special Issue Cyber Security in the New “Edge Computing and IoT” World, 2nd Edition)
Browse Figures
Versions Notes

Abstract

:
Randomness is integral to computer security, influencing fields such as cryptography and machine learning. In the context of cybersecurity, particularly for the Internet of Things (IoT), high levels of randomness are essential to secure cryptographic protocols. Quantum computing introduces significant risks to traditional encryption methods. To address these challenges, we propose investigating a quantum-safe solution for IoT-trusted computing. Specifically, we implement the first lightweight, practical integration of a quantum random number generator (QRNG) with a software-based trusted platform module (TPM) to create a deployable quantum trusted platform module (QTPM) prototype for IoT systems to improve cryptographic capabilities. The proposed quantum entropy as a service (QEaaS) framework further extends quantum entropy access to legacy and resource-constrained devices. Through the evaluation, we compare the performance of QRNG with traditional Pseudo-random Number Generators (PRNGs), demonstrating the effectiveness of the quantum TPM. Our paper highlights the transformative potential of integrating quantum technology to bolster IoT security.

1. Introduction

The Internet of Things (IoT) is defined as “a network of physical objects accessed over the internet”, which is a rapidly growing field that encompasses a wide range of applications, including smart grids, smart cities, smart homes, smart healthcare, smart agriculture, etc. [1,2,3]. The number of connected IoT devices has increased from 500 million in 2003 to approximately 19.6 billion in 2024. The typical IoT architecture is composed of four layers: physical/things layer, sensor/perception layer, network/communication layer, and service/application layer [4,5,6]. A key feature of IoT devices is their ability to sense and collect data from their environment, processing this information through network interactions. Despite its vast potential, IoT faces significant challenges, particularly in the areas of privacy and security [7]. There is a pressing need for a comprehensive security framework to safeguard all layers of IoT architecture. Proposed solutions include authentication and access control, encryption, intrusion detection systems (IDS), firmware updates, and privacy protection frameworks [8]. Among these, cryptographic solutions are considered crucial for addressing authentication and authorization challenges, as they form the foundation for ensuring data integrity and confidentiality.
One of the core security components for IoT systems is trusted computing, which establishes standards aimed at strengthening the integrity of communication between hardware and software. A key element of this framework is TPM, a hardware-based security solution that creates a secure environment to ensure the integrity of cryptographic operations. TPMs enable features such as secure boot, remote attestation, and encryption, supporting the four fundamental goals of cryptography: confidentiality, integrity, authentication, and non-repudiation. However, IoT devices face a low entropy issue, which further complicates their ability to generate strong cryptographic keys. This limitation arises from their resource constraints (e.g., low processing power, battery and power constraints, etc.), lack of diverse input sources, and limited operational environments, often leading to weaker randomness from pseudo-random number generators (PRNGs) and exposing devices to additional security risks.
Moreover, the emergence of quantum computing presents both new opportunities and threats to IoT security. Quantum computers, with their ability to solve complex mathematical problems exponentially faster than classical computers, threaten existing cryptographic schemes, which IoT systems rely on for secure communications. Quantum algorithms like Shor’s and Grover’s can break traditional encryption methods, making IoT devices that use these vulnerable to quantum attacks [9,10]. As a result, IoT devices that rely on these encryption schemes could face serious security risks. There is an urgent need for quantum-safe approaches to advance IoT security in the quantum era.
In this paper, we propose to develop and implement a lightweight quantum-enabled security solution to advance IoT security. Our proposed work makes the following novel contributions:
  • First, we present the first practical implementation of a quantum trusted platform module (QTPM) by integrating a QRNG with a software-based TPM (STPM) framework, providing a lightweight quantum-enhanced cryptographic solution for the IoT. This approach ensures a higher level of cryptographic strength by leveraging quantum-generated randomness, addressing the vulnerabilities of classical random number generators.
  • Second, a quantum entropy as a service (QEaaS) framework is introduced to provide quantum entropy to legacy IoT devices that are unable to integrate QTPM hardware, enhancing their cryptographic operations by supplying them with quantum-secure randomness for key generation and other cryptographic functions.
  • In addition, we provide a comparative performance evaluation of quantum and classical RNGs in terms of randomness quality, runtime performance, and memory usage to validate the feasibility of QRNG integration under real-world constraints. Our evaluation results demonstrate that the QTPM can significantly harden IoT security against emerging quantum computing threats.
The remainder of this paper is organized as follows: Section 2 provides an overview of key concepts, including TPMs, randomness, randomness assessment, PRNGs, and QRNGs. Section 3 delves into the design and implementation of the proposed QTPM. Then, Section 4 introduces the QEaaS framework, which supports legacy IoT systems and devices while enhancing their security. Section 5 evaluates the performance of the QTPM by comparing the QRNG with traditional PRNGs. Finally, Section 6 concludes the paper by summarizing the key findings and contributions.

2. Preliminaries

2.1. Trusted Platform Modules (TPMs)

TPMs and similar silicon-integrated security solutions offer promising approaches to address IoT security weaknesses. TPMs provide hardware-based security for storing cryptographic keys, authenticating devices, and ensuring secure communication between IoT devices [11]. They enhance node authentication with improved energy efficiency, making them suitable for applications with strict safety standards [12]. Silicon-integrated security solutions, which are part of the larger system-on-chip (SoC), bridge service-level security functionalities with hardware-anchored protection, offering increased security for IoT devices [13]. These approaches complement existing embedded security technologies by enforcing the principle of least privilege and actively monitoring system communications to detect and mitigate policy violations. Overall, hardware-based security solutions like TPMs and integrated SoC security functions play a crucial role in ensuring the integrity, trustworthiness, and reliability of IoT systems.
TPMs can be combined with distributed object storage to provide secure and highly available key management solutions, offering a cost-effective alternative to traditional hardware security modules (HSMs) [14]. TPMs also serve as a foundation for trust, key generation, and authentication in cloud-based cryptographic key management systems (CKMS) [15]. In mobile ad hoc networks, TPMs can be used for protected storage and management of multiple node keys generated using identity-based cryptography [16]. The importance of standardized encryption key management (EKM) systems is emphasized, with proposals for protection profile modules based on common criteria to enhance security and consumer confidence [17]. These studies highlight the versatility of TPMs in addressing various key management challenges across different network environments.
TPM plays a crucial role in device authentication across various domains. In smart grids, TPM integration enhances IoT device security through attestation and X.509 certificates, ensuring device authenticity and software integrity [18]. For medical sensor networks, a novel sidechain-based TPM (s-TPM) authentication method offers improved security resilience and energy efficiency compared to traditional protocols such as LEAP and TinySec [19]. TPM can also be used for SSL client authentication by issuing certificates to TPM-generated keys, such as attestation identity keys (AIK) and binding keys (BK), enabling secure device identification [20]. To authenticate the TPM chip itself, a method utilizing the public endorsement key and unique processor responses has been proposed [21]. These approaches collectively demonstrate TPM’s versatility and effectiveness in enhancing device authentication across different applications.

2.2. Randomness

Randomness describes the unpredictability or lack of pattern in the generated data sequences or events, which refers to a process or algorithm that produces results without specific predictable attributes. The sources of randomness in computer science include hardware-based sources (e.g., RNG uses physical phenomena such as atmospheric noise or thermal noise to generate random data [22]) and software-based sources (e.g., algorithms are used to simulate randomness based on mathematical formulas and seed values). Randomness is applied in various areas of computer science, including cryptography, simulations, artificial intelligence, and machine learning. For example, in cryptography, randomness is used to generate keys, salts, and initialization vectors that are critical for securing data. In simulations and modeling, randomness is employed to generate datasets to reflect real-world scenarios. In artificial intelligence and machine learning, randomness is utilized to train models and introduce variability to improve their performance.

2.3. Randomness Assessment

A range of studies have explored the effectiveness of various tests in evaluating the randomness of random number generators. The numbers generated by the VIC-20 computer were found by [23] to be sufficiently random for practical use, using eight standard tests. Statistical distribution theory was applied by [24] to test the typical random number generator GGNRF, checking for independence and distributional properties. The need for resources to analyze the randomness of cryptographic RNGs was addressed by [25], introducing new metrics developed by NIST. An empirical test on an additive random number generator identified non-randomness when n is less than 16 [26]. To assess the quality of random number generators, statistical tests were discussed in [24,27], including those for independence, distributional properties, and bit pattern recurrence. The empirical analysis involves evaluating RNG through practical experimentation, which includes measuring the statistical properties of the generated sequences, such as the mean, variance, and autocorrelation, and comparing them to expected values for true random sequences [25,28]. The empirical spectral test is developed to assess the spatial uniformity of random number sequences [29]. In [26], empirical tests evaluated based on an additive random number generator found that uniformly distributed numbers can be produced with no significant serial correlation but exhibited non-randomness for specific parameters.

2.4. Pseudo Random Number Generator (PRNG)

In classical computers, randomness is derived from algorithms that use mathematical formulas to produce sequences of random numbers. It starts from an arbitrary starting state using a seed state, which is an initial value that determines the randomness of the generator. This kind of number generator is called PRNG since it lacks true randomness, which is also called a “deterministic random bit generator (DRBG)”. A volume of numbers can be generated in a brief period and can be replicated at a later time if the starting point in the sequence is known [30,31]. The linear congruential generation algorithm is the most commonly used pseudo random number generation method [32]. Additionally, the XOR shift algorithm is also used for random number generation.
However, since PRNG’s output is deterministic, an attacker can predict the entire sequence of generated numbers if the seed value is known. As a result, PRNGs are inappropriate for applications requiring high security, such as cryptographic protocols or random password creation. Another limitation is that PRNGs can only create a finite sequence of numbers before repeating the same sequence. This number repetition is known as the period, and it limits the number range that a PRNG can generate [32,33]. In some applications, a long period of time is required, which PRNGs may fail to supply. In addition, PRNGs generate numbers that appear random but are not genuinely random. They use a deterministic algorithm to generate a series of numbers that approach randomness. While PRNG output is statistically indistinguishable from truly random numbers, it is not truly random and may exhibit patterns that can be exploited. The seed value used to initialize the PRNG determines the quality of the generated sequence of integers. The generated sequence of numbers may be subject to assaults if a weak or predictable seed value is utilized.

2.5. Quantum Random Number Generator (QRNG)

In contrast to traditional random number generators that depend on deterministic approaches, a QRNG produces truly random numbers by utilizing the principles of quantum physics. The intrinsic unpredictability of quantum mechanics assures that these observations yield random and unpredictable results [34,35]. QRNGs derive randomness from the observation of quantum system states such as photon polarization [36,37] or electron spin [38]. For example, when a photon travels through a polarizing beam splitter, its direction towards one of two outputs is determined randomly based on its polarization. This action forms the basis of QRNG operation. The photons that emerge from the outputs are detected, and the photon’s destination, either output “0” or “1”, is recorded. The measurement of photon polarization yields a random and unpredictable result because photon polarization is intrinsically random. This randomness is then used to produce a sequence of random numbers. Another method of generating random numbers through QRNGs involves measuring the spin of electrons or the states of other quantum systems. Such measurements also result in random outputs, which serve as a wellspring of genuine randomness. The Quantis generator from ID Quantique is predominantly based on physically random processes, with only minor non-random contributions [35]. An ultrafast QRNG based on quantum phase fluctuations is developed, which can achieve a high rate of over 6 Gbits/s [39], while the post-processing-free QRNG using gated single-photon detection can generate random bits at a rate of 4.01 Mbit/s [40]. While existing studies explore the use of QRNGs in cryptographic systems [41,42,43], few demonstrate real-world integration into trusted computing environments like TPMs, particularly for IoT use cases. Our work fills this gap by implementing a practical QTPM prototype and evaluating its impact on performance and entropy quality.

3. Quantum Trusted Platform Module (QTPM)

3.1. QTPM Design

A QTPM combines quantum technology with TPM to enhance IoT security. Using a quantum random number generator, the QTPM can address the inherent limitations of classical random number generators (RNGs) that are vulnerable to biases or attacks. The use of quantum technology ensures a more robust and truly random generation of keys, mitigating RNG-related security risks. With QTPM, IoT devices can achieve higher levels of trust, confidentiality, and integrity, ensuring highly secure communication and data protection.
In this paper, we focus on the implementation of QTPM using a software-based TPM (STPM) framework. STPM is a software emulation of a hardware-based TPM (HTPM), which can support key generation, secure storage, and cryptographic operations. For a system with a lack of HTPM support, STPM can provide a more adaptable and accessible alternative to data security. STPM is useful for testing and development purposes, but it may not offer the same level of protection as HTPM. STPM is generally less secure than HTPM due to its software-based operation, making it more susceptible to attacks, such as code injection or key extraction. In future work, we plan to develop QTPM at the hardware chip level.
The IBM TPM, which uses a deterministic random bit generator, is a widely used STPM that has been extensively adopted in experimental or commercial applications. Specifically, the IBM TPM software implementation typically employs a SHA-1 or SHA-256-based DRBG as defined by the National Institute of Standards and Technology (NIST) in its Special Publication 800-90A. The seed is derived from an entropy source and is used to produce a stream of random numbers. However, since it is algorithmic and deterministic, the same seed will always produce the same output, which brings a fundamental limitation. Random numbers are generated from a seed relying on secure cryptographic hash functions (such as SHA-1 or SHA-256). These hash functions add complexity to the number generation process, making it difficult (but not impossible) for an attacker to reverse the process and determine the seed. The DRBG needs to periodically reseed itself with new entropy to improve randomness and mitigate predictability. IBM TPM is generally secure. However, its quality and security heavily depend on the entropy source, and it remains vulnerable to seed predictability or entropy source weaknesses, especially if attackers can compromise the underlying software or access the seed.

3.2. QTPM Implementation

The QTPM testbed is built with a Raspberry Pi 4 and an IDQ QRNG PCIe card, which is shown in Figure 1. The IDQ QRNG leverages the inherent unpredictability of quantum processes to generate true random numbers. The IDQ QRNG is certified to pass all major NIST randomness tests, ensuring a high level of security and unpredictability. One key advantage of QRNG is that, unlike PRNG, it is free from environmental biases that can affect the entropy source and reduce the randomness of generated numbers. The IDQ Quantis library is a software library that interfaces with and utilizes the IDQ QRNG card. The library supports multiple programming languages, including Java, C, C++, and C++11. However, it requires Ubuntu 18.04 due to the specific kernel requirements for the QRNG driver. During the installation process, an obsolete function within the source code file (xdma-core.c) has to be configured, which is the memory-mapped I/O write barrier. Both the EasyQuantis application and the Quantis library are recompiled using the buildx tool in Docker. Visual Studio Code (VSCode) (1.74.3) is used as the IDE for the integration. The C/C++ Microsoft extension and code runner are adopted to simplify compilation and debugging. The “onRun” function in the IBM TPM is responsible for calling the random number generation function during runtime. A customizable function is created to replace the “onRun” function to call the IDQ QRNG instead of the inbuilt PRNG when randomness is required. Furthermore, an additional function is developed that enables the switch between the QRNG and the default PRNG, thereby providing greater flexibility for the randomness source. In addition, a fallback mechanism is implemented in case the IDQ QRNG becomes unfunctional due to hardware or driver issues, and the TPM can revert to using the default PRNG without crashing or causing failures in security operations. Below is an example Listing 1.
Listing 1. Enhanced tpm2_getrandom Function for Quantum Entropy Integration.
static tool_rc get_random_custom(ESYS_CONTEXT *ectx, unit8_t *
   custom_bytes, UINT16 custom_size){
   tool_rc rc = tpm2_getrandom(ectx, custom_size, &ctx.random_bytes,
       &ctx.cp_hash,  &ctx.rp_hash, ctx.aux_session_handle[0], ctx.
      aux_session_handle[1], ctx.aux_session_handle[2], ctx.
      parameter_hash_algorithm);
   if (rc != tool_rc_success){
      LOG_ERR (“Failed getrandom);
      return rc;
   }
 
   // Replace the generated random bytes with custom_bytes
   memcpy(ctx.random_bytes->buffer, Quantis.Read(size));
   ctx.random_bytes->size = custom_size;
 
   return rc;
}
The Listing 1 is part of the TPM Software Stack (TSS), which is to generate custom size random bytes. This function takes three parameters:
  • ectx: It is a pointer to TPM’s Enhanced System API and is responsible for executing commands.
  • custom_bytes: It is a pointer to an array of 8-bit unsigned integers. This is where the generated random bytes are stored.
  • custom_size: It is a 16-bit unsigned integer representing the number of random bytes to be generated.
The tpm2_getrandom function generates random bytes by receiving all the necessary parameters for context, and the result is stored in the rc variable, which represents the return code. This is a static function that outputs a success or failure return code. Error handling is implemented to ensure the operation is successful. If the return code indicates failure, the system returns the message “FAILED getrandom”. If the return code indicates success, the TPM’s random bytes are replaced with those obtained from the Quantis library. The Quantis.Read() function is responsible for generating random raw bytes from the QRNG. It automatically generates the correct number of bytes by matching the size originally requested by the user, ensuring that the byte size requested and the output generated always correspond correctly.

3.3. Quantum Cryptographic Module Development on FPGA

Building on the QTPM software implementation described in Section 3.2, we propose a hardware-oriented approach to realize QTPM functionality using FPGA technology. Field Programmable Gate Arrays (FPGAs) offer an ideal platform for the direct deployment of cryptographic functions due to their scalability, speed, and flexibility. By embedding a QRNG into an FPGA, IoT devices can benefit from the superior randomness of quantum entropy while maintaining the performance and efficiency advantages of hardware-based security. The resulting FPGA-based quantum cryptographic module (QCM) is designed to support secure key generation and encryption, representing a critical step toward a full hardware realization of the QTPM architecture and its deployment in real-world IoT systems.
Figure 2 presents the design of QRNG integration with FPGA. The Xilinx Vivado platform and Verilog programming language can be used to design, simulate, and program the FPGA. The FPGA can directly integrate with the QRNG card via the PCIe interface, utilizing built-in FPGA drivers such as a PCIe controller to efficiently manage data exchanges with the QRNG. This seamless integration enables cryptographic algorithms, including AES and RSA, to be implemented within the FPGA while leveraging true random bits from the QRNG for dynamic and highly secure key generation. Each cryptographic function (e.g., AES encryption, RSA key generation) is encapsulated in an independent hardware module. QRNG-based random numbers can be used to generate keys/tokens to enhance secure communication between IoT devices. The FPGA handles all encryption operations in hardware, which can improve performance and resistance to cyberattacks. We plan to use the AMD Kintex FPGA board. The exact HDL modules and the complete FPGA integration are under development and are part of our future planned work.
Moreover, the QRNG-FPGA design can be converted to a custom application-specific integrated circuit (ASIC), and the QRNG can be directly integrated into a chip. While both the QRNG and cryptographic functions are directly embedded into the chip, latency can be significantly reduced since no external communication is required for random number generation or cryptographic processing. The chip can generate high-quality session keys, encrypt sensor data, authenticate IoT devices, and enable secure IoT network communication while ensuring data integrity and confidentiality.

4. Quantum Entropy as a Service (QEaaS)

Ensuring the scalability of quantum-secure key solutions across diverse IoT environments is a significant challenge due to the presence of millions of legacy devices that lack the hardware to support advanced quantum technologies. While modern IoT devices can integrate quantum technologies, upgrading or replacing legacy devices is costly and disruptive. Legacy devices remain vulnerable to future quantum-based attacks, making it critical to develop solutions that enable both modern and legacy devices to utilize quantum-secure keys without requiring extensive hardware upgrades.
QEaaS can be designed to enhance the security of legacy IoT systems and devices. QEaaS is a practical approach to address the challenge of obtaining high-quality quantum entropy that can be delivered to IoT devices and systems on demand. QRNG can serve as a source to provide high-entropy random numbers, while IoT devices can request them through a cloud environment and use them to perform local security functions. By leveraging quantum entropy, IoT networks can secure cryptographic operations such as key generation, authentication, and secure communications with unprecedented levels of randomness and unpredictability. Quantum entropy services can be deployed in cloud-based or distributed IoT environments, ensuring resource-constrained IoT devices benefit from the security advantages of quantum technology. While direct integration of QRNG hardware into each IoT node remains costly, QEaaS offers a scalable alternative. By centralizing entropy generation, QEaaS can significantly reduce costs, simplify maintenance, and scale well across large resource-constrained IoT networks.

4.1. QEaaS Platform Design

The design of the overall QEaaS infrastructure is shown in Figure 3. A cloud-based infrastructure can be built to host the QRNG. On the cloud provider side, a system can be implemented to manage the quantum entropy pool and develop algorithms for monitoring the entropy pool’s capacity and ensuring sufficient entropy is maintained in high-demand scenarios. In addition to that, load balancing shall be considered to dynamically allocate entropy requests to minimize latency and optimize persistence and reliability. IoT clients can request entropy via API or Websocket to securely communicate with the QEaaS provider. Authentication and authorization mechanisms can ensure that only trusted and authorized IoT devices can access quantum entropy. Secure protocols like mutual TLS (Transport Layer Security) or OAuth can be leveraged to ensure that only legitimate IoT devices can request entropy. Moreover, post-quantum cryptography (PQC) can be used to generate digital signatures (e.g., using Dilithium or Falcon) to authenticate clients and ensure the integrity of requests and responses. Ensuring quantum entropy is securely delivered to the IoT clients without tampering or interception is a critical task. End-to-end encryption is required, and quantum-safe cryptographic algorithms such as lattice-based cryptography can be adopted to protect against potential quantum attacks.
In addition, to guarantee that cryptographic operations are not required to request entropy in real time and can be executed efficiently in environments with intermittent connectivity, IoT devices can maintain a buffer or entropy pool to store quantum entropy locally. The new quantum entropy can be requested periodically or following specific cryptographic operations to ensure that the IoT device maintains high-quality randomness without exhausting its pool.

4.2. Distributed Entropy Sourcing for Enhanced Privacy

When a single server provides all the entropy to an IoT device, it could potentially track or infer sensitive data about the device’s operations, such as cryptographic keys. By requesting entropy from multiple sources, no single entity has complete visibility into the randomness used by the IoT device. Even if one server is compromised or malicious, the combined entropy from multiple sources can still maintain the desired randomness and unpredictability. The idea is to ensure that the final random value used by the IoT device is unpredictable unless all servers are compromised.
The IoT device pre-configures a set of entropy sources (QEaaS servers) to request entropy from, while these servers could be operated by different entities or organizations to reduce the risk of collusion or a single point of failure. The IoT device sends entropy requests to multiple servers, ideally in parallel, to minimize latency. These requests should be structured to ensure that each server only provides part of the total entropy needed. Once the entropy is received from all servers, the IoT device combines the different entropy inputs using a secure combination method, such as bitwise XOR operation or hashing. The entropy combination operation ensures that if even one of the entropy sources is truly random and unpredictable, the final result will also be random and secure. The IoT device uses the combined entropy for cryptographic operations, such as key generation. Since the final entropy is derived from multiple sources, it is highly secure and ensures privacy, as no single server can infer the actual randomness used. One potential issue of the proposed method is the added latency from requesting entropy from multiple servers. To mitigate this, we can consider caching entropy locally at IoT devices for short-term use, pre-fetching entropy during periods of low activity, and utilizing parallel requests to minimize waiting times. Implementing the QEaaS platform will be pursued as part of our future work.

5. Evaluation

To evaluate the performance of the QTPM, we compare three RNGs: Xorshift PRNG, Mersenne twister PRNG, and IDQ QRNG. The comparison focuses on three key metrics: runtime performance, memory usage, and randomness quality [44]. In this evaluation, PRNGs were selected based on their simplicity, speed, and periodicity. For example, the Mersenne twister is selected in the evaluation due to its high randomness quality (the period is 2 19937 1 ), while the Xorshift is selected because of the simplicity of the design and speed. Both algorithms were selected because they are known for their overall effectiveness. The PRNG algorithms will be implemented in Java. Additionally, the IDQ Quantis library, which supports languages such as C, C++, and Java, will be utilized to support its evaluation. The Java wrappers are used to evaluate both PRNG and QRNG under the same conditions. Runtime and memory utilization will be measured using a built-in Java class.

5.1. Xorshift PRNG

The Xorshift PRNG is a type of Linear Feedback Shift Register (LFSR) PRNG that uses a set of bitwise operations to create a series of random numbers. This PRNG was first introduced by George Marsaglia in 2003 and is known for its simplicity, speed, and efficiency, which was improved in 2022 [45]. The Xorshift PRNG has the advantage of statistical quality and can generate a sequence of high-quality random numbers, which reduces skewing and gives more uniformity in distribution. The Xorshift32 PRNG takes an initial seed value and uses a series of bitwise XOR operations (left shift 13 bits, right shift 17 bits, and left shift 15 bits) to generate the next value in the random number sequence, which makes it much faster than other more complex PRNGs [45]. This PRNG has a period of 2 32 1 , which means it can create 2 32 1 unique numbers before repeating itself. The workflow of Xorshift32 is shown in Algorithm 1.
Algorithm 1 Xorshift32 Algorithm
/* Initialization: state = seed */
/* Output: A 32-bit pseudorandom number */
 
FUNCTION Xorshift32()
   state ^= (state << 13); // Left shift by 13 bits and XOR
   state ^= (state >> 17); // Right shift by 17 bits and XOR
   state ^= (state << 5);  // Left shift by 5 bits and~XOR
 
   seed = state;           // Update seed with new state
   RETURN state;           // Return the new pseudorandom number
END FUNCTION

5.2. Mersenne Twister PRNG

The Mersenne twister (MT) PRNG is another well-known PRNG that was created in 1997. There are different variations, but the initial one was called MT19937, which had a period of 2 19937 1 (it can generate a sequence of 2 19937 1 different random numbers before replicating) and a 623-dimensional equidistribution property. MT19937 is an improvement of the twisted generalized feedback shift register (TGFSR) generator [46], and it generates the next value in the sequence by starting with a seed value and running a series of matrix operations on it. The MT PRNG is extremely fast and efficient, making it a favored option for various applications such as simulations, gaming, and cryptography.

5.3. IDQ QRNG

The Quantis PCIe-240M device generates random data using elementary quantum optical processes. It employs a multi-mode LED to illuminate a CMOS image sensor. The number of photoelectrons stored in each pixel follows a Poissonian distribution, providing a source of quantum randomness. After digitization by an analog-to-digital converter (ADC), only the bits that remain unaffected by non-quantum noise are retained. Post-processing techniques can be applied if necessary, although Quantis entropy sources are exceptionally reliable and pass most statistical tests.
The Quantis device incorporates an auto-calibration function that controls the optical power of the LED and the exposure time of the CMOS image sensor. This ensures that the produced random bits are unpredictable and independent of environmental and operating conditions. The auto-calibration process guarantees high randomness, contributing to the device’s security and suitability for applications requiring strong cryptographic properties.

5.4. Results

5.4.1. Time Efficiency and Memory Usage

Speed and memory usage are essential in computer science, especially in algorithmic complexity. Seemingly infinitesimal time can significantly affect an algorithm’s efficiency. Different sets of random numbers are generated and used for comparing the performance among Xorshift PRNG, Mersenne twister PRNG, and IDQ QRNG. The system class in Java is leveraged to measure the elapsed time in nanoseconds, while the runtime class helps calculate the total memory usage in bytes.
Figure 4 demonstrates that QRNG takes significantly more time to generate random numbers, which is expected due to the complex process of harnessing quantum randomness through photon counting. In contrast, PRNGs generate numbers using deterministic mathematical formulas, allowing them to produce outputs much faster. While QRNG provides true randomness, its higher computational cost makes PRNGs more efficient for applications requiring high-speed random number generation. To mitigate latency impact, the configurable fallback mechanism and entropy caching can be adopted, which allows the system to temporarily revert to PRNGs or use pre-fetched QRNG data when low-latency performance is critical.
Figure 5 compares the memory usage of QRNG, Mersenne twister, and Xorshift on different data sizes. QRNG exhibits significantly lower memory consumption because it generates truly random numbers without maintaining an internal state, unlike PRNGs, which require storage for previous values to ensure high-quality randomness. The Xorshift result for 103 is omitted because its memory usage fell below the Java Virtual Machine (JVM)’s measurement resolution and was indistinguishable from baseline noise. At this scale, the algorithm’s register-based operations and JVM optimizations left no detectable heap allocation, unlike at larger quantities. Mersenne twister has the highest memory usage due to its large state array, while Xorshift, though more lightweight, still requires state storage. As data size increases, PRNGs consume more memory, whereas QRNG remains more efficient, making it ideal for low-memory environments like IoT systems.
While the higher latency of QRNG compared to PRNG is anticipated, our results quantify the performance trade-offs involved and confirm that QRNG integration remains feasible for IoT applications, which do not require continuous real-time entropy. This validation is important for assessing the readiness for deployment in constrained environments.

5.4.2. 2D Random Walk Test

The 2D walk test is a statistical test used to assess the randomness of a sequence of two-dimensional positions or movements, which helps ensure the quality and reliability of random number generators. It involves simulating a random walk in a two-dimensional space based on the given sequence of numbers or data. The random walk typically starts at the origin (0, 0) and moves in random directions according to the values in the sequence (e.g., −1, 0, or 1). The test examines the distribution and properties of the resulting positions or movements to evaluate the randomness of the sequence. The 2D walk test can help detect any patterns, correlations, or biases in the sequence that deviate from randomness.
We have conducted 2D random work tests to evaluate and compare the randomness of Xorshift PRNG, Mersenne twister PRNG, and IDQ QRNG. Figure 6 presents the test results. Figure 6 visualizations use consistent axes (x: −60 to 20; y: −50 to 30) for an equitable comparison. The clustering patterns observed in the results of Xorshift (Figure 6a) and Mersenne twister (Figure 6b) reveal the inherent spatial correlations characteristic of their deterministic algorithms. In contrast, the QRNG (Figure 6c) output maintains a uniform distribution. The results demonstrate the structural bias and dimensional limitations of the PRNGs while confirming that QRNG maintains a higher level of true randomness.

5.4.3. Mean Squared Displacement (MSD)

A measurement of the variance between a particle’s position and a reference position over time is the MSD. The most common method to assess the spatial extent of random mobility is to measure the area of the system that the random walker has explored. The distance between the two points is then square-calculated, and its value is then added to a list of MSD values. The particle’s average displacement increases in a manner that is proportional to the number of time steps over time.
Figure 7 shows the relationship between the MSD and the number of steps. The x-axis represents the number of steps taken in the random walk, and the y-axis represents the MSD. This figure provides insight into how the distance between points changes as more steps are taken. If the relationship between the MSD and the number of steps is linear, the movement is random. On the other hand, if the relationship is non-linear, it suggests that the movement is not random. As observed in the Xorshift and Mersenne twister QRNG results, the MSD exhibits a non-linear relationship with the number of steps, showing that these PRNG algorithms are not truly random. In contrast, the QRNG results display a linear MSD-to-steps relationship, confirming true randomness.

6. Conclusions

In conclusion, the QTPM has been successfully developed and implemented by integrating QRNG with TPM to enhance IoT security. By incorporating quantum randomness into the TPM framework, we significantly improve the security and unpredictability of cryptographic operations within TPM, which represents a novel and practical step toward quantum-secure IoT systems. Furthermore, the development of the QEaaS framework enables quantum-secure entropy provisioning for legacy IoT devices that cannot integrate QTPM hardware, eliminating the need for costly hardware upgrades. Our comparative evaluation of Xorshift PRNG, Mersenne twister PRNG, and IDQ QRNG highlights the superiority of quantum-generated randomness, particularly in maintaining the high-quality entropy crucial for secure IoT applications. Additionally, our analysis of performance and memory usage demonstrates the trade-offs between QRNG and PRNGs, reinforcing the necessity of optimized implementations for resource-constrained environments. By demonstrating a functioning QTPM prototype and a scalable QEaaS model, our future work will focus on implementing quantum cryptographic modules at the hardware level, optimizing QRNG integration for low-power IoT systems, and deploying the QEaaS platform to further strengthen IoT security protections.

Author Contributions

Conceptualization, G.X.; methodology, G.X.; software, O.A.; validation, G.X. and O.A.; formal analysis, G.X. and O.A.; investigation, G.X.; resources, G.X.; data curation, O.A. and J.M.; writing—original draft preparation, G.X. and O.A.; writing—review and editing, G.X., O.A., J.M., and E.S.; visualization, O.A.; supervision, S.W.; project administration, G.X.; funding acquisition, S.W. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by NSF grant number 2329053.

Data Availability Statement

Data available on request due to privacy.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

    The following abbreviations are used in this manuscript:
IoTInternet of Things
QRNGQuantum Random Number Generator
PRNGPseudo Random Number Generator
TPMTrusted Platform Module
QTPMQuantum Trusted Platform Module
FPGAField Programmable Gate Array
QEaaSQuantum Entropy as a Service

References

  1. Kiran, S.; Sriramoju, S.B. A Study on Applications of IoT. Manag. Desk (UGC CARE J.) 2020, 68, 34–38. [Google Scholar] [CrossRef]
  2. Jagannath, U.R.; Saravanan, S.; Sugunaa, S.K. Applications of the Internet of Things with the Cloud Computing Technologies: A Review. In Edge Computing From Hype to Reality; Springer: Cham, Switzerland, 2019; pp. 71–89. [Google Scholar]
  3. Gubbi, J.; Buyya, R.; Marusic, S.; Palaniswami, M. Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions. Future Gener. Comput. Syst. 2013, 29, 1645–1660. [Google Scholar] [CrossRef]
  4. Yu, W.; Xu, G.; Pham, K.; Blasch, E.; Chen, G.; Shen, D.; Moulema, P. A Framework for Cyber-Physical System Security Situation Awareness. In Principles of Cyber-Physical Systems: An Interdisciplinary Approach; Cambridge University Press: Cambridge, UK, 2020; pp. 229–238. [Google Scholar]
  5. Khalid, A. Internet of Thing Architecture and Research Agenda. Int. J. Comput. Sci. Mob. Comput. 2016, 5, 351–356. [Google Scholar]
  6. Middha, K.; Verma, A. Internet of Things (IoT) Architecture, Challenges, Applications: A Review. Int. J. Adv. Res. Comput. Sci. 2018, 9, 389–393. [Google Scholar] [CrossRef]
  7. Jain, D.; Krishna, P.V.; Saritha, V. A Study on Internet of Things based Applications. arXiv 2012, arXiv:1206.3891. [Google Scholar]
  8. Assiri, A.; Almagwashi, H. IoT Security and Privacy Issues. In Proceedings of the 2018 1st International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 4–6 April 2018; pp. 1–5. [Google Scholar]
  9. Wallden, P.; Kashefi, E. Cyber Security in the Quantum Era. Commun. ACM 2019, 62, 120. [Google Scholar] [CrossRef]
  10. Cheng, C.; Lu, R.; Petzoldt, A.; Takagi, T. Securing the Internet of Things in a Quantum World. IEEE Commun. Mag. 2017, 55, 116–120. [Google Scholar] [CrossRef]
  11. Papakotoulas, A.; Terzidis, A.; Hadjiefthymiades, S. ERITA: Ensuring the Reliability of Internet of Things-Based Applications. In Proceedings of the 2023 International Symposium on Networks, Computers and Communications (ISNCC), Doha, Qatar, 23–26 October 2023; pp. 1–6. [Google Scholar]
  12. Papakotoulas, A.; Mylonas, T.; Panagidi, K.; Hadjiefthymiades, S. Optimizing IoT Security via TPM Integration: An Energy Efficiency Case Study for Node Authentication. ITU J. Future Evol. Technol. 2024, 5, 73–87. [Google Scholar] [CrossRef]
  13. Spitz, S.; Lawall, A. Silicon-integrated Security Solutions Driving IoT Security. In Proceedings of the 10th International Conference on Information Systems Security and Privacy, Rome, Italy, 26–28 February 2024; pp. 398–402. [Google Scholar]
  14. Gopal, V.; Fadnavis, S.; Coffman, J. Low-Cost Distributed Key Management. In Proceedings of the 2018 IEEE World Congress on Services (SERVICES), San Francisco, CA, USA, 2–7 July 2018; pp. 57–58. [Google Scholar]
  15. Fehis, S.; Nouali, O.; Kechadi, M.T. Secure Encryption Key Management as a SecaaS based on Chinese Wall Security Policy. J. Inf. Secur. Appl. 2021, 63, 102975. [Google Scholar] [CrossRef]
  16. Yang, G.; Liu, J.; Han, L. An ID-based Node Key Management Scheme based on PTPM in MANETs. J. Secur. Commun. Networks 2016, 9, 2816–2826. [Google Scholar] [CrossRef]
  17. Sun, N.; Li, C.T.; Chan, H.; Islam, M.Z.; Islam, M.R.; Armstrong, W. On the Development of a Protection Profile Module for Encryption Key Management Components. IEEE Access 2023, 11, 9113–9121. [Google Scholar] [CrossRef]
  18. Sharma, G.; Joshi, A.M.; Mohanty, S.P. Fortified-grid: Fortifying Smart Grids through the Integration of the Trusted Platform Module in Internet of Things Devices. J. Inf. 2023, 14, 491. [Google Scholar] [CrossRef]
  19. Mane, D.K.; Hundekari, S.N.; Durgawale, P.M.; Khodaskar, M.; Lule, A.; Kulkarni, S.V. Robust and Energy-efficient Authentication Protocols for Medical Sensor Networks. J. Discret. Math. Sci. Cryptogr. 2024, 27, 383–395. [Google Scholar] [CrossRef]
  20. Kakei, S.; Mohri, M.; Shiraishi, Y.; Morii, M. SSL Client Authentication with TPM. IEICE Trans. Inf. Syst. 2016, 99-D, 1052–1061. [Google Scholar] [CrossRef]
  21. Rai, V.K.; Mishra, A. Authentication of Trusted Platform Module Using Processor Response. In Proceedings of the Second International Symposium on Security in Computing and Communications, Delhi, India, 24–27 September 2014; pp. 325–334. [Google Scholar]
  22. Cheung, R.C.; Lee, D.U.; Luk, W.; Villasenor, J.D. Hardware Generation of Arbitrary Random Number Distributions from Uniform Distributions via The Inversion Method. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2007, 15, 952–962. [Google Scholar] [CrossRef]
  23. Strube, M.J. Tests of Randomness for Pseudorandom Number Generators. Behav. Res. Methods Instrum. 1983, 15, 536–537. [Google Scholar] [CrossRef]
  24. Bohrer, R.; Putnam, D. Statistical Ttests of Random Number Generators. ACM SIGSIM Simul. Dig. 1976, 8, 85–91. [Google Scholar] [CrossRef]
  25. Soto, J. Statistical Testing of Random Number Generators. In Proceedings of the 22nd National Information Systems Security Conference, Arlington, VA, USA, 18–21 October 1999; p. 12. [Google Scholar]
  26. Green, B.F.; Smith, J.K.; Klem, L. Empirical Tests of an Additive Random Number Generator. J. ACM (JACM) 1959, 6, 527–537. [Google Scholar] [CrossRef]
  27. Garpman, S.; Randrup, J. Statistical Test for Pseudo-random Number Generators. Comput. Phys. Commun. 1978, 15, 5–13. [Google Scholar] [CrossRef]
  28. Sobotík, J.; Plátěnka, V. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Application. In Proceedings of the 2nd Scientific NATO Conference “Security and Protection of Information” (SPI), Brno, Czech Republic, 28–30 April 2003; pp. 161–168. [Google Scholar]
  29. Zeitler, D.W. Empirical Spectral Analysis of Random Number Generators. PhD Thesis, Western Michigan University, Kalamazoo, MI, USA, 2001. [Google Scholar]
  30. LEcuyer, P.; Hellekalek, P. Random Number Generators: Selection Criteria and Testing. In Random and Quasi-Random Point Sets; Springer: New York, NY, USA, 1998; pp. 223–265. [Google Scholar]
  31. Brent, R.P.; Zimmermann, P. Random Number Generators with Period Divisible by a Mersenne Prime. In Proceedings of the International Conference on Computational Science and Its Applications, Montreal, QC, Canada, 18–21 May 2003; pp. 1–10. [Google Scholar]
  32. Percus, O.E.; Percus, J.K. An Expanded Set of Correlation Tests for Linear Congruential Random Number Generators. Comb. Probab. Comput. 1992, 1, 161–168. [Google Scholar] [CrossRef]
  33. Petrila, I.; Manta, V.; Ungureanu, F. Uniformity and Correlation Test Parameters for Random Numbers Generators. In Proceedings of the 2014 18th International Conference on System Theory, Control and Computing (ICSTCC), Sinaia, Romania, 17–19 October 2014; pp. 231–236. [Google Scholar]
  34. Marangon, D.G.; Vallone, G.; Zanforlin, U.; Villoresi, P. Enhanced Security for Multi-detector Quantum Random Number Generators. Quantum Sci. Technol. 2016, 1, 015005. [Google Scholar] [CrossRef]
  35. Petrov, M.; Radchenko, I.; Steiger, D.; Renner, R.; Troyer, M.; Makarov, V. Independent Quality Assessment of a Commercial Quantum Random Number Generator. EPJ Quantum Technol. 2022, 9, 17. [Google Scholar] [CrossRef]
  36. Kravtsov, K.S.; Radchenko, I.V.; Kulik, S.P.; Molotkov, S.N. Minimalist Design of a Robust Real-time Quantum Random Number Generator. J. Opt. Soc. Am. B 2015, 32, 1743–1747. [Google Scholar] [CrossRef]
  37. Kwon, O.; Cho, Y.W.; Kim, Y.S.; Lim, H.T.; Kim, Y.K.; Kim, Y.H. Quantum Random Number Generator using Photon Arrival Time. Appl. Opt. 2009, 48, 177–181. [Google Scholar] [CrossRef]
  38. Katsoprinakis, G.E.; Dellis, A.T.; Kominis, I.K. Quantum Random Number Generator based on Spin Noise. Phys. Rev. A 2008, 77, 054101. [Google Scholar] [CrossRef]
  39. Xu, F.; Qi, B.; Ma, X.; Xu, H.; Zheng, H.; Lo, H.K. Ultrafast Quantum Random Number Generation Based on Quantum Phase Fluctuations. Opt. Express 2012, 20, 12366–12377. [Google Scholar] [CrossRef]
  40. Dynes, J.F.; Yuan, Z.L.; Sharpe, A.W.; Shields, A.J. A High Speed, Postprocessing Free, Quantum Random Number Generator. Appl. Phys. Lett. 2008, 93, 031109. [Google Scholar] [CrossRef]
  41. Saini, A.; Tsokanos, A.; Kirner, R. Quantum randomness in cryptography—A survey of cryptosystems, RNG-based ciphers, and QRNGs. Information 2022, 13, 358. [Google Scholar] [CrossRef]
  42. Siswanto, M.; Rudiyanto, B. Designing of quantum random number generator (QRNG) for security application. In Proceedings of the 2017 3rd International Conference on Science in Information Technology (ICSITech), Bandung, Indonesia, 25–26 October 2017; pp. 273–277. [Google Scholar]
  43. Henry, E. The Role of Quantum Random Number Generation in Enhancing Encryption Security. 2024. Available online: https://ssrn.com/abstract=4966139 (accessed on 8 August 2024).
  44. Goldberg, I.; Wagner, D. Randomness and The Netscape Browser. Dr Dobb’s J. Softw. Tools Prof. Program. 1996, 21, 66–71. [Google Scholar]
  45. Bhattacharjee, K.; Das, S. A Search for Good Pseudo-random Number Generators: Survey and Empirical Studies. Comput. Sci. Rev. 2022, 45, 100471. [Google Scholar] [CrossRef]
  46. Matsumoto, M.; Kurita, Y. Twisted gfsr Generators ii. ACM Trans. Model. Comput. Simul. (TOMACS) 1994, 4, 254–266. [Google Scholar] [CrossRef]
Futureinternet 17 00193 g001
Figure 1. QTPM testbed (integrating IDQ QRNG PCIe card with raspberry Pi 4 to simulate IoT device secure key generation).
Figure 1. QTPM testbed (integrating IDQ QRNG PCIe card with raspberry Pi 4 to simulate IoT device secure key generation).
Futureinternet 17 00193 g001
Futureinternet 17 00193 g002
Figure 2. Quantum cryptographic module design: integrating QRNG with FPGA for secure key generation.
Figure 2. Quantum cryptographic module design: integrating QRNG with FPGA for secure key generation.
Futureinternet 17 00193 g002
Futureinternet 17 00193 g003
Figure 3. QEaaS framework for IoT security.
Figure 3. QEaaS framework for IoT security.
Futureinternet 17 00193 g003
Futureinternet 17 00193 g004
Figure 4. Time efficiency results of PRNGs and QRNG with different quantities of generated random numbers.
Figure 4. Time efficiency results of PRNGs and QRNG with different quantities of generated random numbers.
Futureinternet 17 00193 g004
Futureinternet 17 00193 g005
Figure 5. Memory usage results of PRNGs and QRNG with different quantities of generated random numbers.
Figure 5. Memory usage results of PRNGs and QRNG with different quantities of generated random numbers.
Futureinternet 17 00193 g005
Futureinternet 17 00193 g006
Figure 6. Results of 2D random work tests to evaluate and compare the randomness of (a) Xorshift PRNG, (b) Mersenne twister PRNG, and (c) IDQ QRNG.
Figure 6. Results of 2D random work tests to evaluate and compare the randomness of (a) Xorshift PRNG, (b) Mersenne twister PRNG, and (c) IDQ QRNG.
Futureinternet 17 00193 g006
Futureinternet 17 00193 g007
Figure 7. Results of mean squared displacement to evaluate and compare the randomness of (a) Xorshift PRNG, (b) Mersenne twister PRNG, and (c) IDQ QRNG.
Figure 7. Results of mean squared displacement to evaluate and compare the randomness of (a) Xorshift PRNG, (b) Mersenne twister PRNG, and (c) IDQ QRNG.
Futureinternet 17 00193 g007
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Xu, G.; Adetifa, O.; Mao, J.; Sakk, E.; Wang, S. Developing Quantum Trusted Platform Module (QTPM) to Advance IoT Security. Future Internet 2025, 17, 193. https://doi.org/10.3390/fi17050193

AMA Style

Xu G, Adetifa O, Mao J, Sakk E, Wang S. Developing Quantum Trusted Platform Module (QTPM) to Advance IoT Security. Future Internet. 2025; 17(5):193. https://doi.org/10.3390/fi17050193

Chicago/Turabian Style

Xu, Guobin, Oluwole Adetifa, Jianzhou Mao, Eric Sakk, and Shuangbao Wang. 2025. "Developing Quantum Trusted Platform Module (QTPM) to Advance IoT Security" Future Internet 17, no. 5: 193. https://doi.org/10.3390/fi17050193

APA Style

Xu, G., Adetifa, O., Mao, J., Sakk, E., & Wang, S. (2025). Developing Quantum Trusted Platform Module (QTPM) to Advance IoT Security. Future Internet, 17(5), 193. https://doi.org/10.3390/fi17050193

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop