Industrial IoT devices and their onboarding infrastructures currently rely largely on classical public-key cryptography. At the same time, initial finalized PQC standards such as FIPS 203, 204, and 205 are available, while BSI, ETSI, and NIST recommend early migration and the design of crypto-agile architectures. The key open questions are which vulnerabilities and migration obstacles exist in FDO, BRSKI, OPC UA, and EST, how these protocols can be extended with finalized standardized PQC methods, and what technical costs and risks arise under realistic IoT boundary conditions.
The goal of this work is to develop a robust, IoT-specific requirements catalog for PQC and crypto-agility in onboarding protocols, the prototypical specification extension of FDO (as well as BRSKI, OPC UA, and EST) with PQC or hybrid methods, and the experimental validation of the technical feasibility using FDO as an example.
- What quantum-relevant attack and migration risks arise for FDO, BRSKI, OPC UA, and EST from their current use of classical signature, certificate, and key exchange procedures?
- Which PQC and hybrid procedures are technically sensible, standardization-compatible, and economically justifiable under IoT boundary conditions for onboarding protocols?
- At which points can protocols and formats be extended with reasonable effort, and where are the migration-critical breaking points in voucher, certificate, trust-anchor, and CA processes?
Requirements:
- Good programming skills.
- Good knowledge of cryptographic protocols.
The master thesis will be supervised by DEVITY (https://devity.eu/). Please contact Sven Uthe (sven.uthe@devity.eu).