Secure and Scalable Internet of Things Model Using Post-Quantum MACsec

Abstract

For the secure deployment of network platforms tailored for IoT devices, the encryption of data transmission is equally as crucial as the process of authentication. In this context, we introduce the Secure and Scalable IoT network (SSI) network platform, designed to accommodate a diverse range of IoT devices. It provides scalability and implements effective many-to-many and end-to-end encryption across extensive regions. With the emergence of quantum computing, secure public key exchange mechanisms have become important. Among the various post-quantum cryptography (PQC) algorithms assessed, Nth Degree Truncated Polynomial Ring Units (NTRUs) have emerged as an optimally suited PQC algorithm for IoT devices constrained by limited computational capabilities. We have integrated NTRUs with SSI as a lightweight PQC solution. Moreover, SSI-PQM (Post-Quantum MACsec) enhances the SSI’s initial authentication structure to minimize PQC-TLS session attempts and protect the SSI’s important configuration information. When applying TLS with PQC for secret key exchange purposes, it was verified that this approach ensures stable performance in IoT environments. Upon the implementation of our proposed SSI-PQM on Raspberry Pi 3B+ based IoT devices, SSI-PQM exhibited acceptable performance at security levels from 80 to 128 and achieved a minimum speed improvement of 161% over RSA at security levels above 160. It can be concluded that SSI-PQM stands out as an effective Zero Trust-based IoT network platform, demonstrating its viability and efficiency in safeguarding data transmission against potential quantum computing threats.

1. Introduction

IoT devices have become ubiquitous due to advances in seamless communication, wireless sensors, radio frequency identification (RFID), and cloud computing [1,2]. The application of these devices has led to tremendous expansion that has even extended into our daily lives, including mobile devices, medical devices, wearable devices, home appliances, automotive devices, and industrial equipment [3,4,5,6]. Moreover, the growth of smart devices has been significant in the automotive, healthcare, and retail fields [7]. The most critical feature of these devices is their ability to connect with humans, other devices, and systems without environmental constraints via an IoT network.

As IoT architecture evolved from a closed and centralized network to a distributed cloud over the Internet, the network architecture of these devices has been proposed to mitigate IoT security threats while minimizing the security function load on embedded devices [8]. However, these proposed models do not concurrently offer many-to-many and end-to-end encryption and network separation from client to server. A Secure and Scalable IoT (SSI) network platform has been developed to handle security risks while managing the computing resources used by the IoT devices [9]. The SSI provides a layer 2 VPN, which incurs a lower load compared to the TCP/IP-based VPNs and offers data link frame encryption. It combines L2TP and VXLAN for scalable layer 2 VPN, with the MACsec algorithm. However, a distinct public key encryption method for MACsec encrypted communication is not delineated.

Quantum computers and quantum information science exploit nature’s fundamental properties to facilitate a fundamentally different computation paradigm [10]. The primary distinction between a classical and quantum computer lies in the basic unit of information—the “bit”. Unlike a classical bit, which can exist in one of two states (0 or 1), a “qubit” (quantum bit) can exist in both states simultaneously, a principle known as superposition and a cornerstone of quantum theory. The field of quantum algorithm development has experienced significant progress and innovation in recent years [11]. The key quantum algorithms developed include “Shor’s algorithm”, “Grover’s algorithm”, the “Quantum Approximate Optimization Algorithm (QAOA)”, and the “Harrow–Hassidim–Lloyd (HHL) algorithm”. Significantly, Shor’s algorithm poses a major threat to public-key cryptosystems due to its ability to solve the prime factorization problem [12]. The RSA-2048, a leading public-key cryptosystem, is vulnerable with the availability of 4000 qubits [13].

Since quantum computing can potentially break traditional cryptographic algorithms, post-quantum cryptography (PQC) is required to ensure security against any attack by a quantum computer. PQC aims to provide the necessary security measures that remain robust in the era of quantum computing. Among the several types of PQC algorithms, Nth Degree Truncated Polynomial Ring Units (NTRUs) are notable for their minimal computing resource consumption and swift encryption/decryption processes [14]. However, NTRUs typically require a longer duration for encryption and decryption compared to RSA and ECC, necessitating a comprehensive evaluation of their application in IoT devices [15]. Thus, it is not advisable to simply apply NTRUs to the IoT network architecture due to their above-mentioned drawbacks.

This paper introduces Post-Quantum MACsec-based SSI (SSI-PQM), which implements PQC in an IoT network platform by integrating NTRUs with SSI. It also employs MACsec for Layer 2 encryption communication. This study contributes to the literature by proposing an IoT network platform that efficiently provides post-quantum cryptography (PQC) in environments with low computing-power IoT devices and by validating the appropriate encryption level through experiments. We propose a unique approach that is distinct from the existing IoT network platforms for PQC:

• The confidentiality of L2TP and MACsec is enhanced, and the utilization of computing resources for PQC-TLS is optimized by improving the SSI’s structure.
• A strategy to prevent unauthorized IoT device access to the IoT network platform has been proposed for Zerotrust.
• Experimental validation has confirmed that SSI-PQM, which incorporates the NTRU algorithm as PQC, is well-suited for IoT devices.

The rest of this paper is organized as follows: Section 2 addresses the vulnerabilities in the security of the existing MACsec in a quantum computing environment. The Section 3 elaborates on how MACsec and NTRUs are applied in this study. A detailed description of the methodology for integrating NTRUs with SSI is provided in Section 4. Section 5 evaluates the impact of the NTRU algorithm on computing performance in SSI-PQM. We conclude with a discussion in Section 6.

2. Problem Analysis

2.1. Secret Key Exchange in Quantum Computing Environment

Quantum computing utilizes quantum phenomena such as superposition and entanglement to perform computations. Quantum computers, which operate on these principles, use qubits that are capable of representing multiple states simultaneously, a concept known as superposition [16]. This fundamental difference enables quantum computers to solve certain problems much more efficiently than classical computers. For example, Shor’s algorithm, introduced in 1994, solves the prime factorization problem in quantum settings, posing a significant threat to public-key encryption systems like RSA, which rely on the difficulty of factorizing large prime numbers [10,17]. In a similar vein, quantum environments might compromise other public key cryptosystems that depend on the solutions to discrete logarithm problems. Current Transport Layer Security (TLS) communications leveraging RSA, Diffie–Hellman (DH), and Elliptic Curve Diffie–Hellman (ECDH) are at a heightened risk of public key exposure with the emergence of quantum computers.

Given these circumstances, the development of cryptographic systems has become crucial because they safeguard against quantum computing attacks. PQC encompasses such systems. Efforts have been directed toward developing “multivariate cryptography”, “code-based cryptography”, “lattice-based cryptography”, and “supersingular elliptic curve isogeny-based cryptography”, all of which have been deemed secure in a quantum computing environment [18].

The advent of quantum computing necessitates the replacement of current cryptosystems across all devices, including those with limited computing power, such as IoT devices. Hence, the exploration of lightweight post-quantum cryptography is essential. NTRUEncrypt, employed in the current study, represents one such lightweight PQC. It is a lattice-based cryptography solution centered around the shortest vector problem in a lattice. NTRU operations, performed on objects within a truncated polynomial ring featuring convolution multiplication, enable significantly faster operations compared to RSA in OpenSSL, by a factor of 20× to 200× [19].

2.2. Vulnerabilities of the SSI Network Platform

The security risks vary across different IoT networks and devices, as depicted in Figure 1. These risks include latency in fast wireless networks such as 5G, DoS (Denial of Service (DoS) attacks targeting cloud application servers, increased power usage in low-power and limited-mobility devices, data interception in home IoT setups, and replay attacks across IoT systems. While traditional endpoint, network, and application systems share these security concerns, the unique constraints of IoT environments necessitate novel solutions.

The SSI was proposed to implement MACsec for Layer 2 encryption communication, providing Connectivity Association Keys (CAKs) to authenticated IoT devices for symmetric key generation [9]. The CAK, used as the initial key to create the SAK for session encryption, usually remains the same for a long time; thus, it is crucial to protect it from exposure [20]. In SSI, IoT devices receive configuration information in plaintext after initial authentication for the L2TP session setup. This vulnerability may invite hackers to intercept, a risk not explicitly addressed by SSI. Moreover, vulnerabilities exist in the exchange of secret keys for MACsec encryption. The MACsec CAKs, distributed over the public internet using the Extensible Authentication Protocol Transport Layer Security (EAP-TLS) protocol, aim to safeguard against CAK exposure. However, the advent of quantum computing undermines the security assurances of current EAP-TLS implementations employing RSA, DH, and ECC cipher suites becasue PKI systems like RSA, DH, and ECC risk becoming obsolete with the advancement of quantum computing capabilities.

2.3. Security Threat Modeling Using STRIDE

Table 1. STRIDE security threat Analysis: The SSI network platform has exposed authentication and session connection information for L2TP tunnel connections. However, vulnerabilities and security threats associated with SSI network platform can be effectively countered through data encryption using PQC.

STRIDE	SSI Vulnerabilities	SSI Security Threats	Countermeasures
Spoofing	Opened network for authenticationInsecure public key encryption in quantum computing	Unauthorized access	Data Encryption with PQC
Tampering	Opened network for 1st authentication	Response: false information	Data Encryption with PQC
Repudiation	Opened network for 1st authentication	Authentication failure	Data Encryption with PQC
Information Disclosure	Opened network for 1st authenticationInsecure public key encryption in quantum computing	Eavesdropping	Data Encryption with PQC
Denial of Service	Opened network for 1st authentication	Response: false informationUnauthorized access	Network Access Control
Elevation of Privilege	Insecure public key encryption in quantum computing	Unauthorized access	Data Encryption with PQC

presents the IoT vulnerabilities, security threats, and countermeasures classified by STRIDE [21]. Most of the security vulnerabilities stem from insecure public key encryption, which uses RSA, DH, and ECC in an internet-exposed SSI network platform. To mitigate these security risks, it is crucial to apply data encryption using PQC and to enhance network access control in the SSI network. Moreover, Table 1 identifies specific vulnerabilities, such as authentication and insecure public key encryption in quantum computing. These vulnerabilities expose the network to several security threats, e.g., unauthorized access, response to false information, authentication failure, eavesdropping, data interception in home IoT setups, and replay attacks across IoT systems.

For each category of threats identified by STRIDE, Table 1 also lists the countermeasures, with a strong emphasis on data encryption using PQC as the primary method of safeguarding against these vulnerabilities. Additionally, for DoS threats, network access control is listed as a countermeasure. The primary reason for implementing robust security measures is to protect the SSI network platform against various vulnerabilities and threats.

3. Related Work

3.1. MACsec (802.1AE, MAC Security)

MACsec represents a Layer 2 security protocol that ensures the authenticity and integrity of data frames to provide robust protection against replay attacks [22]. It offers multiple advantages in terms of network security, such as reduced header size and support for physical port-level encryption and decryption. Since Layer 2 IoT networks, such as LoRa WAN (Long Range Wide Area Network), are characterized by limited bandwidth, the smaller size of headers improves transmission efficiency compared with IPSec. Additionally, physical port-level encryption and decryption in MACsec significantly enhances network security by protecting data right from their point of origin, ensuring confidentiality, integrity, and authenticity. On top of that, MACsec contributes to high-speed network connections by directly ensuring security at the data link layer. Although there are several implementation options, such as unicast, broadcast, and multicast communications, MACsec’s security mechanisms are independent of upper-layer processes to avoid unnecessary modifications when user applications change.

In MACsec communication, hosts within the same CA share a common CAK. The CA leader periodically initiates an EAP request to other hosts to ensure all nodes within the CA use the same CAK. A CAK distributed among the hosts within the same CA is used to generate an Integrity Check Value-Key (ICK) and a Key Encrypting Key (KEK) through AES-ECB. The KEK, derived from the CAK, encrypts the Secure Association Key (SAK) using AES Key Wrap, while the ICK, also derived from the CAK, facilitates message authentication. The SAK encrypts the user data alongside the Security Tag (SecTAG) values in a sequence similar to that of the distributed SAKs, determined by the Association Number (AN) [23].

3.2. NTRUs (Nth Degree Truncated Polynomial Ring Units)

Quantum computers can quickly solve public-key cryptography systems like RSA that rely on problems like integer factorization and discrete logarithms. By finding the period r in a function $f\left(x\right)=a^{x}modN$ involving modular arithmetic, where $f(x+r)=f\left(x\right)$, one can rapidly determine the factors of N. They can efficiently compute the quantum Fourier Transform in parallel processing, making it useful for discovering the period r.

However, the NTRU algorithm is based on solving problems such as finding the shortest vector in high-dimensional lattice structures or solving equations with added noise. These problems often involve searching every lattice point or finding solutions through random sampling, which results in exponential time complexity. Due to these characteristics, lattice-based encryption methods like NTRUs resist Shor’s algorithm, which quantum computers utilize. NTRUs provide well-suited encryption and decryption processes with limited resources. Additionally, NTRUs’ flexibility allows for customizable security levels, ensuring scalability and adaptability in various applications. There are two components in NTRUs: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. The patent for NTRUEncrypt was released into the public domain in 2017, while NTRUSign remains patented but is available under the GPL for software use [24].

Based on a complex mathematical problem, NTRUs generate two polynomials, $m\left(x\right)$ and $r\left(x\right)$, from an initial polynomial $f\left(x\right)$. These polynomials are then utilized in the encryption and decryption processes. Notable for its rapid processing speed and minimal memory requirements, NTRUs effectively balance efficiency and security, although increases in key length enhance computational complexity [25]. The NTRU algorithm includes a key generation phase that produces the polynomials $r\left(x\right)$ and $m\left(x\right)$, followed by encryption and decryption phases that utilize these polynomials. Predominantly, NTRUs enhance network communications across various domains to facilitate the secure transmission of data in services such as email, online banking, and file transfers.

Distinguished by their reliance on the lattice-based shortest distance problem, NTRUs offer superior cryptographic strength to counter quantum computer threats. Their swift speed primarily results from polynomial manipulations and the potential for complexity reduction through methods such as the Fast Fourier Transform to $nlogn$, thereby making NTRUs more efficient [14].

4. Methodology

4.1. Overview

SSI-PQM provides authentication, network access control, data encryption with PQC, route management, and network separation. It also offers configuration information for accessing SSI’s communication node (CN) during initial authentication. Unlike the original SSI, the novel SSI scheme encrypts this information using PQC-TLS to ensure secure transmission instead of transmitting configuration information in plaintext. During the authentication of VXLAN, SSI-PQM delivers network separation information and encryption key details. Furthermore, the secret key for MACsec and the CAK transmitted are securely protected in externally exposed network segments via encrypted EAP communication utilized by PQC-TLS.

The MACsec was employed for data encryption as an end-to-end encryption algorithm characterized by low CPU usage and compatibility with various network protocols. For network separation, a Layer 2 overlay network based on L2TP and VXLAN was provided. L2TP sessions positioned in public internet segments use PQC-TLS so that data transmission is safe from quantum computer threats. Figure 2 illustrates the functionality of SSI-PQM modules. In the following subsections, the description of MACsec, L2TP, VXLAN, and NTRUs are provided. Next, we will elaborate in detail on the elements of the SSI-PQM platform and the entire operation process, including authentication.

4.2. PQC-TLS Using NTRUs

Since NTRUs are favored for IoT because of their security and efficiency, they have been applied to SSI-PQM in the current study. IoT devices are usually characterized by limited processing power, small storage, and low energy consumption. Thus, NTRUs’ lightweight encryption capability is suitable for an IoT system. NTRUs are secure against quantum attacks, protecting against the vulnerabilities common in traditional methods, namely, RSA and ECC. NTRU encryption and decryption processes are faster than many public key methods, which makes them ideal for resource-limited devices [26]. They offer high security with smaller keys, saving valuable storage space. NTRUs consume less power, which is important for battery-dependent IoT devices. Their adaptability to various protocols supports a wide range of applications of IoT. In summary, NTRUs stand out as an effective solution for IoT security, addressing the challenges of quantum computing and resource constraints [14].

4.2.1. Notations

The NTRU cryptosystem depends on three integer parameters $(N,p,q)$ and four sets ${\mathcal{L}}_f,{\mathcal{L}}_g,{\mathcal{L}}_{\varphi },{\mathcal{L}}_m$ of polynomials of degree $N-1$ with integer coefficients. Note that p and q need not be prime, but p and q are relatively prime, and q is considerably larger than p. We work in the ring $R=\mathbb{Z}\left[X\right]/(X^N-1)$, and element $F\in R$ will be written as a polynomial or vector,

$$F={\int }_{i=0}^{N-1}{F}_i{x}^i=[F_0,F_1,\cdots ,F_{N-1}]$$

(1)

We use the symbol ⊛ to denote multiplication in R. This ’star multiplication’ is given explicitly as a cyclic convolution product,

$$F⊛G=Hwith{H}_k={\int }_{i=0}^k{F}_i{G}_{k-i}+{\int }_{i=k+1}^{N-1}{F}_i{G}_{N+k-i}={\int }_{i+j\equiv k\left(modN\right)}{F}_i{G}_j$$

(2)

where a multiplication modulo q involves reducing the coefficients module q.

Now, we will discuss the key generation process. First, two polynomials $f\in {\mathcal{L}}_f$ and $g\in {\mathcal{L}}_g$ are chosen. The polynomial f must satisfy the additional requirement of having inverses modulo q and modulo p, which we will denote by $F_q$ and $F_p$, respectively. Second, the quantity is computed as follows:

$$h\equiv F_q⊛g\left(modq\right)$$

(3)

Then, the public key is the polynomial h and private key is the polynomial f.

The encryption process consists of two steps. First, a message m is selected from the set of plaintexts ${\mathcal{L}}_m$.

Next, a polynomial $\varphi \in {\mathcal{L}}_{\varphi }$ is randomly chosen, and the public key h is used to compute

$$e\equiv p\varphi ⊛h+m\left(modq\right)$$

(4)

After the computation, e becomes the encrypted message, also known as the ciphertext.

Finally, we will review the method for decrypting encrypted messages. First, precompute the polynomial $F_p$ from private key f. Next, obtain the coefficients of a as follows:

$$a\equiv f⊛e\left(modq\right)$$

(5)

where a belongs to the interval from $-q/2toq/2$. After computing the following process, the final output becomes the recovered message.

$$F_p⊛a\left(modp\right)$$

(6)

4.2.2. Implementation

We have selected NTRUs as the key exchange algorithm to facilitate the sharing of a secret key within the SSI-PQM system. Figure 3 represents the integration of the NTRU encryption algorithm within the TLS 1.3 protocol, specifically designed to enable secure key exchanges between IoT devices and an Authentication Server or between CN and the CN controller (CN Cont.). It outlines a two-way process that focuses on the generation and decryption of a secret key through NTRUs, a public key encryption algorithm. This process is crucial for establishing a secure communication channel in a PQC environment.

On the IoT device side, the initial step involves generating an NTRU Key Pair. This key pair is crucial for the PQC mechanism to enable the IoT device to securely decrypt the secret key sent by the server. The decryption process using NTRUs ensures that only the intended recipient IoT device can access and utilize the secret key, thereby maintaining the confidentiality and integrity of the transmitted data. We highlight the secure key generation step in Figure 3, which is designed to safeguard the communication from potential eavesdroppers or attackers who might exploit vulnerabilities in classical cryptographic algorithms.

Conversely, the server side in Figure 3 shows the encryption of the secret key using NTRUs before its transmission to the IoT device. This encryption ensures that the secret key is protected throughout its journey from the server to the IoT device for further secure communication. The figure also displays the components of the PQC-TLS handshake process, including the “PQC-TLS Client Hello {+KeyShare}” and “PQC-TLS Server Hello {+KeyShare}, EncryptedExtensions, Certificate, Certificate Verify”, illustrating the comprehensive steps involved in establishing a secure TLS session. The visual representation emphasizes NTRUs’ role in enhancing security during key exchanges in the quantum computing era, ensuring protection against advanced cryptographic attacks.

4.3. Network Architecture of SSI-PQM

SSI-PQM features a network architecture similar to that of traditional SSI but introduces enhancements to improve the confidentiality of secret keys and control unauthorized access. The network diagram of SSI-PQM is depicted in Figure 4, where it is compared with the conventional SSI diagram. It introduces additional functionalities provided by the authentication server and CN to bolster the security against vulnerabilities inherent in the original SSI system. Authorized IoT devices gain access to the CN by receiving authentication information from the L2TP authentication server and updating access control settings accordingly. The Attribute Value Pairs (AVPs) received after 802.1X and the configuration information for L2TP authentication are encrypted using the AES algorithm with a secret key securely shared via PQC-TLS. This ensures that they are not exposed externally. Furthermore, the CN controller identifies authorized IoT devices, thereby preventing abnormal access attempts.

Figure 5 illustrates the two-layer end-to-end session formation process by SSI-PQM. The SSI framework undergoes a four-step process to establish end-to-end and many-to-many communications. SSI-PQM retains all of the functionalities of the SSI along with enhancing the confidentiality of config information and CAK and strengthening the access control of the IoT devices. Additionally, SSI-PQM applies the following enhancements to steps #1 to #3 of the SSI process:

Step #1: IoT Device Authentication and Config Info. Provision—When an IoT device attempts authentication, the server redirects communication to the nearest CN. Subsequently, the IoT device initiates a PQC-TLS handshake process with the CN. After successfully completing the handshake, the IoT device proceeds to authenticate via the CN. This step allows the IoT device to receive the necessary configuration information for L2TP from the authentication server.

Step #2: L2TP Tunnel with Communication Node (CN)—The CN receives the IP address of the authorized IoT device, along with the provisioned Tunnel ID and Session ID from the L2TP authentication server. When the IoT device attempts to establish an L2TP session, the CN grants access based on the provisioning information previously received from the authentication server.

Step #3: 802.1X Authentication/Authorization—The IoT devices access the CN via the L2TP tunnel and undergo 802.1X authentication using EAP. Upon receiving authorization from the 802.1X authentication server, the CN acquires AVPs through encrypted communication.

Figure 5 illustrates the detailed process of our proposal. Although NTRUs have reduced the encryption and decryption times compared with RSA, they have led to an increase in overall computing resource usage due to the enhanced security level. This trend could potentially degrade the performance of the IoT devices. Our SSI-PQM system integrates PQC-TLS into L2TP and MACsec to securely store critical information such as secret keys. One of the previous studies reported that NTRUs demonstrated shorter encryption and decryption times than RSA [27]. The authors observed that as the security level increased, so did the demand for computing resources, which in turn could have decreased the performance of IoT devices. In this study, we have designed a system that securely shares a secret key for encrypting essential information in L2TP and MACsec within a single PQC TLS session.

Table 2. The process of applying the pre-master secret used in PQC-TLS to EAP-PSK.

1. PQC -TLS Communication Setup in Step#1 (a) IoT device and CN initiate PQC-TLS handshake. (b) CN generates a pre-master secret randomly: $$\mathrm{Secret}\mathrm{Key}=\mathrm{KDF}(\mathrm{PreMasterSecret},“\mathrm{session}\mathrm{key}\mathrm{derivation}”)$$ (7) (c) CN securely distributes the pre-master secret to the IoT device. (d) IoT device and CN derive session keys from the pre-master secret: $$\mathrm{Secret}\mathrm{Key}=\mathrm{KDF}(\mathrm{PreMasterSecret},“\mathrm{session}\mathrm{key}\mathrm{derivation}”)$$ (8) 2. L2TP Authentication and 802.1X Authentication Preparation in Step#1 (a) IoT device attempts L2TP authentication with CN using the established PQC-TLS session. (b) if L2TP authentication succeeds then Proceed with 802.1X Authentication Preparation in Step#1. i. CN prepares IoT device’s account information, MAC address, and pre-master secret. ii. CN transmits the prepared information to the 802.1X authentication server. (c) else Terminate PQC-TLS communication and abort the process. 3. EAP-PSK-based 802.1X Authentication in Step#3 (a) IoT device initiates 802.1X authentication with CN, using EAP-PSK protocol. (b) PSK is derived from the previously exchanged pre-master secret: $$\mathrm{PSK}=\mathrm{KDF}(\mathrm{PreMasterSecret},“\mathrm{PSK}\mathrm{derivation}”)$$ (9)

details the process by which SSI-PQM minimizes the transmission of PQC-TLS’s public key and the encryption/decryption of the session key. PQC-TLS is applied once to share the pre-master secret between the CN and the IoT device. This pre-master secret is then relayed to the 802.1X authentication server. Subsequently, the pre-master secret is transmitted back to the CN, where it is reused for generating a Pre-Shared Key (PSK) for encrypted communication using EAP-PSK.

5. Experimental Environment and Results

5.1. Experimental Environment

To evaluate our proposal, we assessed the impact of applying the NTRU algorithm to PQC-TLS on IoT device performance. The performance gap was measured as the security level increased in terms of CPU usage and operation time. Experiments were conducted on an IoT device, which consists of Raspberry Pi 3B+, featuring a 64-bit ARM Cortex-A53 Quad-Core Processor and 1GB Memory to mimic the SSI experiment environment under identical conditions. In addition, a server was equipped with a 2.4 GHz 8-Core Intel Core i9 and 64 GB Memory to utilize the NTRU cryptographic algorithm across six security levels: 80, 112, 128, 160, 192, and 256 bits. Considering the issuance of certificates to the devices or the direct generation on the IoT devices, experiments were carried out on both the server and IoT devices to test the PQC key pair generation. Furthermore, we also measured the performance of the encryption of the secret key on the server and the decryption of the same on the IoT device within the PQC-TLS framework.

Table 3. Key size comparison between NTRUs and RSA: NTRU Key Size = N ${log}_2\left(q\right)$.

Security Level (bits)	Example Values	RSA Key Size (bits)	Notes
80	$N=251$, $p=3$, $q=2048$	1024	Constrained environments
112	$N=401$, $p=3$, $q=2048$	2048	Balanced security and performance
128	$N=439$, $p=3$, $q=2048$	3072	Standard security level
160	$N=487$, $p=3$, $q=2048$	4096	Higher security
192	$N=593$, $p=3$, $q=2048$	7680	Enhanced security
256	$N=743$, $p=3$, $q=2048$	15,360	Maximum security

compares the key sizes of the NTRUs and RSA across various security levels [15]. By measuring the computing resources required for key generation, encryption, and decryption at each security level for the NTRUs, we aimed to validate the effectiveness of SSI-PQM as an IoT network platform. Our findings were then compared to previous research that reported that NTRUs exhibit superior performance compared to RSA at similar security levels, with respect to key size [28].

Since the client, corresponding to the IoT device, is responsible for PQC key pair generation and the decryption of the ciphertext, we measured the time taken for these processes. Our implementation refers to the Python version of NTRUs by pointed sphere [14,29].

5.2. Results

Table 4. Comparison of the time (second) spent on public key generation, encryption, and decryption using the NTRU algorithm in PQC.

Security Level (bits)	Minimum Latency for TLS (s.) (➀+➁+➂)		➀ Key Generation (IoT)		➁ Encryption (Server)		➂ Descryption (IoT)
	NTRUs	RSA	NTRUs	RSA	NTRUs	RSA	NTRUs	RSA
80	123.4110	2.437	105.2439	2.3780	0.6336	0.0001	17.5335	0.0589
112	273.1801	58.4968	251.3992	58.1634	0.8043	0.0002	20.9766	0.3332
128	319.3766	245.786	293.9652	244.7936	0.7778	0.0004	24.6336	0.9920
160	409.9317	658.7048	381.2517	656.5520	0.9558	0.0006	27.7242	2.1522
192	612.2242	8214.6037	571.8158	8202.1173	1.0726	0.0017	39.3358	12.4847
256	978.7406	80,798.9095	916.3855	80,710.4963	1.2568	0.0070	61.0983	88.4062

displays the time taken for PQC key generation, encryption, and decryption across different security levels. At first glance, it is found that the CPU performance significantly impacts the time required for PQC key generation.

In the context of key generation with a security level above 128, the NTRU algorithm demonstrated superior performance compared to RSA. However, in terms of encryption and decryption processes, RSA exhibited superior performance. Nevertheless, the time delay that occurred during NTRU encryption and decryption processes was negligible in comparison to the overall communication performance. In the SSI-PQM process, the NTRU-based public key encryption was utilized once in Step #1 for the transmission of the pre-master secret. Consequently, the time delay experienced during NTRU encryption and decryption did not affect the overall communication between the servers and IoT devices.

From these evaluation results, we identified that PQC-TLS corresponding to security levels 80 and 128 is the most suitable with respect to the performance of the IoT device. The performance of NTRUs significantly surpassed that of RSA, which can be attributed to faster generation of public key pairs for communications that require a security level above 160. These results lead to improvements ranging from at least 161% to as much as 8255%.

As the security level increases, the time required for generating RSA public keys rises exponentially. An RSA public key is based on the product of two large prime numbers, and the difficulty of finding large primes increases exponentially with their size. To generate these primes, random numbers must be created in the desired range. This process requires significant computational effort due to the scarcity and increased length of larger prime numbers, which increases the challenge of their discovery. In contrast, key generation in NTRUs involves generating random polynomials and performing arithmetic in modular polynomial rings. NTRUs are based on solving the shortest vector problem (SVP) in a lattice and specific polynomial equations, which remain computationally efficient even with longer key lengths. Moreover, NTRU key generation enhances security based on the probabilistic hardness assumptions underlying lattice problems and relies on random polynomial selection to ensure unpredictability to prevent attackers from predicting or reversing keys.

Moreover, for the effective operation of SSI-PQM, it is necessary to establish a separate certificate issuance system for generating PQC public keys and then providing them to the IoT devices. Since the PQC decryption performed by the IoT device is executed only once for secret key exchange, it has a insignificant impact on the encryption of communication using MACsec.

Table 5. Security function comparison with previously reported IoT platforms.

Function	SSI-PQM	SSI (2021) [9]	Linda et al. (2018) [33]	Kumar et al. (2019) [34]	McCormack et al. (2020) [35]	Irshad et al.(2023) [36]
PQC	Yes	No	No	No	No	Yes
layer 2 Communication	Yes	Yes	No	No	No	No
Net Separation	Yes	Yes	Yes	No	No	Yes
Authentication	Yes	Yes	No	Yes	No	Yes
Access Control	Yes	Yes	Yes	No	Yes	Yes
End-to-End Enc.	Yes	Yes	No	Yes	No	Yes
Many-to-Many Enc.	Yes	Yes	No	Yes	No	Yes
L2 Encryption	Yes	Yes	No	No	No	Yes
SDN	Yes	Yes	Yes	No	Yes	No
Detection	No	No	No	No	Yes	Yes

lists the comparison of the security function with the previous IoT platforms in terms of IoT network security aspects. It includes authentication, access control, network separation (or secure routing), encryption, detection, and SDN [30,31,32]. Our proposed scheme supports all the security aspects except detection. Detection can be easily applied without affecting the response time by mirroring traffic through the CN.

6. Conclusions and Outlooks

SSI-PQM effectively counters security threats, such as quantum computing-based Man-In-The-Middle (MITM) attacks, route tampering, and privacy breaches in open IoT networks, by employing an overlay network, end-to-end encryption, authentication, and PQC. Furthermore, the applications of MACsec and NTRU algorithms for encryption proved to be efficient for IoT devices due to their low CPU usage, while the Layer 2 overlay network facilitates the unrestricted use of various communication protocols. The experimental results showed satisfactory performance across security levels ranging from 80 to 128, and a minimum speed enhancement of 161% compared to RSA for security levels exceeding 160 was secured.

With the rise of SaaS-based IoT and edge computing, the significance of security in industrial IoT, smart home and city, and healthcare is in increasing demand. Following COVID-19, an uptick in telecommuting and remote work collaboration is expected to enhance the deployment of SSI-PQM. The current study can broaden its application spectrum with a VPN architecture to provide a network environment conducive to collaboration with offices, even remotely. Next, we will proceed with our research on applying Quantum Key Distribution (QKD) to SSI as an alternative to PQC-TLS, aiming to maintain the security of Layer 2 communications.