{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T19:17:37Z","timestamp":1772911057428,"version":"3.50.1"},"reference-count":79,"publisher":"SAGE Publications","issue":"4","license":[{"start":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T00:00:00Z","timestamp":1637625600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2022,8,25]]},"abstract":"<jats:p> The threat of a cryptographically relevant quantum computer contributes to an increasing interest in the field of post-quantum cryptography (PQC). Compared to existing research efforts regarding the integration of PQC into the Transport Layer Security (TLS) protocol, industrial communication protocols have so far been neglected. Since industrial cyber-physical systems (CPS) are typically deployed for decades, protection against such long-term threats is needed. <\/jats:p><jats:p> In this work, we propose two novel solutions for the integration of post-quantum (PQ) primitives (digital signatures and key establishment) into the industrial protocol Open Platform Communications Unified Architecture (OPC\u00a0UA): a hybrid solution combining conventional cryptography with PQC and a solution solely based on PQC. Both approaches provide mutual authentication between client and server and are realized with certificates fully compliant to the X.509 standard. We implement the two solutions and measure and evaluate their performance across three different security levels. All selected algorithms (Kyber, Dilithium, and Falcon) are candidates for standardization by the National Institute of Standards and Technology (NIST). We show that Falcon is a suitable option\u00a0\u2013 especially\u00a0\u2013 when using floating-point hardware provided by our ARM-based evaluation platform. Our proposed hybrid solution provides PQ security for early adopters but comes with additional performance and communication requirements. Our solution solely based on PQC shows superior performance across all evaluated security levels in terms of handshake duration compared to conventional OPC\u00a0UA but comes at the cost of increased handshake sizes. <\/jats:p><jats:p> In addition to our performance evaluation, we provide a proof of security in the symbolic model for our two PQC-based variants of OPC\u00a0UA. For this proof, we use the cryptographic protocol verifier ProVerif and formally verify confidentiality and authentication properties of our quantum-resistant variants. <\/jats:p>","DOI":"10.3233\/jcs-210037","type":"journal-article","created":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T23:37:28Z","timestamp":1637710648000},"page":"623-653","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":15,"title":["Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial M2M communication"],"prefix":"10.1177","volume":"30","author":[{"given":"Sebastian","family":"Paul","sequence":"first","affiliation":[{"name":"Corporate Sector Research and Advance Engineering, Robert Bosch GmbH, Renningen, Germany"}]},{"given":"Patrik","family":"Scheible","sequence":"additional","affiliation":[{"name":"Consulting Cyber Security Solutions, ESCRYPT GmbH, Stuttgart, Germany"}]},{"given":"Friedrich","family":"Wiemer","sequence":"additional","affiliation":[{"name":"Cross-Domain Computing Solutions, Robert Bosch GmbH, Stuttgart, Germany"}]}],"member":"179","published-online":{"date-parts":[[2021,11,23]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1145\/3127586"},{"key":"ref002","unstructured":"E.\u00a0Alkim, R.\u00a0Avanzi, J.W.\u00a0Bos, L.\u00a0Ducas, A.\u00a0De La Piedra, T.\u00a0P\u00f6ppelmann, P.\u00a0Schwabe, D.\u00a0Stebila, M.R.\u00a0Albrecht, E.\u00a0Orsini, V.\u00a0Osheter, K.G.\u00a0Paterson, G.\u00a0Peer and N.P.\u00a0Smart, NewHope. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref003","unstructured":"E.\u00a0Alkim, J.W.\u00a0Bos, L.\u00a0Ducas, P.\u00a0Longa, I.\u00a0Mironov, M.\u00a0Naehrig, V.\u00a0Nikolaenko, C.\u00a0Peikert, A.\u00a0Raghunathan and D.\u00a0Stebila, FrodoKEM. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"J.\u00a0Alwen, B.\u00a0Blanchet, E.\u00a0Hauck, E.\u00a0Kiltz, B.\u00a0Lipp and D.\u00a0Riepel, Analysing the HPKE standard, Cryptology ePrint Archive, Report (2020). https:\/\/eprint.iacr.org\/2020\/1499.","DOI":"10.1007\/978-3-030-77870-5_4"},{"key":"ref005","unstructured":"M.\u00a0Arcus, Using the cycle counter registers on the Raspberry Pi 3, 2018, https:\/\/matthewarcus.wordpress.com\/2018\/01\/27\/using-the-cycle-counter-registers-on-the-raspberry-pi-3\/."},{"key":"ref006","unstructured":"Arm Limited, Arm architecture reference manual: Armv8, 2020, ID040120. https:\/\/static.docs.arm.com\/ddi0487\/fb\/DDI0487F_b_armv8_arm.pdf."},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1038\/s41586-019-1666-5"},{"key":"ref008","unstructured":"R.\u00a0Avanzi, J.W.\u00a0Bos, L.\u00a0Ducas, E.\u00a0Kiltz, T.\u00a0Lepoint, V.\u00a0Lyubashevsky, J.M.\u00a0Schank, P.\u00a0Schwabe, G.\u00a0Seiler and D.\u00a0Stehl\u00e9, CRYSTALS-Kyber. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref009","unstructured":"AWS Blog, Converting industrial protocols with AWS IoT Greengrass, 2019. https:\/\/aws.amazon.com\/de\/blogs\/iot\/converting-industrial-protocols-with-aws-iot-greengrass\/."},{"key":"ref010","unstructured":"H.\u00a0Baan, S.\u00a0Bhattacharya, S.\u00a0Fluhrer, O.\u00a0Garcia-Morchon, T.\u00a0Laarhoven, R.\u00a0Player, R.\u00a0Rietmann, M.J.O.\u00a0Saarinen, L.\u00a0Tolhuizen, J.L.\u00a0Torre-Arce and Z.\u00a0Zhang, Round5. KEM and PKE based on (ring) learning with rounding, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref011","unstructured":"M.\u00a0Barbosa, G.\u00a0Barthe, K.\u00a0Bhargavan, B.\u00a0Blanchet, C.\u00a0Cremers, K.\u00a0Liao and B.\u00a0Parno, SoK: Computer-aided cryptography, Cryptology ePrint Archive, Report (2019), 1\u201319. https:\/\/eprint.iacr.org\/2019\/1393."},{"key":"ref012","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-56Cr2-draft"},{"key":"ref013","unstructured":"D.\u00a0Basin, C.\u00a0Cremers, J.\u00a0Dreier, S.\u00a0Meier, R.\u00a0Sasse and B.\u00a0Schmidt, Tamarin-prover manual: Security protocol analysis in the symbolic model, 2021. https:\/\/tamarin-prover.github.io\/manual\/book\/001_introduction.html."},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243846"},{"key":"ref015","unstructured":"D.J.\u00a0Bernstein, C.\u00a0Chuengsatiansup, T.\u00a0Lange and C.\u00a0van Vredendaal, NTRU Prime. Round 2, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref016","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.26"},{"key":"ref017","unstructured":"N.\u00a0Bindel, S.\u00a0Akleylek, E.\u00a0Alkim, P.S.L.M.\u00a0Barreto, J.\u00a0Buchmann, E.\u00a0Eaton, G.\u00a0Gus, J.\u00a0Kr\u00e4mer, P.\u00a0Longa, H.\u00a0Polat, J.E.\u00a0Ricardini and G.\u00a0Zanon, qTESLA. Submission to NIST\u2019s post-quantum project (2nd round), NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.21105\/joss.01606"},{"key":"ref019","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-25510-7_12"},{"key":"ref020","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-59879-6_22"},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2001.930138"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28641-4_2"},{"key":"ref023","doi-asserted-by":"publisher","DOI":"10.1561\/3300000004"},{"key":"ref024","unstructured":"B.\u00a0Blanchet, CryptoVerif. A computationally-sound security protocol verifier, 2017. https:\/\/prosecco.gforge.inria.fr\/personal\/bblanche\/cryptoverif\/cryptoverif.pdf."},{"key":"ref025","unstructured":"B.\u00a0Blanchet, B.\u00a0Smyth, V.\u00a0Cheval and M.\u00a0Sylvestre, ProVerif 2.02pl1: Automatic cryptographic protocol verifier, User Manual and Tutorial, 2020. https:\/\/prosecco.gforge.inria.fr\/personal\/bblanche\/proverif\/manual.pdf."},{"key":"ref026","unstructured":"M.\u00a0Braithwaite, Experimenting with post-quantum cryptography, Google, 2016. https:\/\/security.googleblog.com\/2016\/07\/experimenting-with-post-quantum.html."},{"key":"ref027","unstructured":"BSI, OPC\u00a0UA security analysis, BSI, 2017. https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/Studies\/OPCUA\/OPCUA.html."},{"key":"ref028","unstructured":"BSI, Migration zu Post-Quanten-Kryptografie, Handlungsempfehlungen des BSI, 2020. https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Krypto\/Post-Quanten-Kryptografie[available only in German]."},{"key":"ref029","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384725"},{"key":"ref030","unstructured":"M.\u00a0Campagna and E.\u00a0Crockett, Hybrid post-quantum key encapsulation methods (PQ KEM) for transport layer security 1.2 (TLS). Internet-Draft (work in progress), 2019, Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-campagna-tls-bike-sike-hybrid-01."},{"key":"ref031","unstructured":"C.\u00a0Chen, O.\u00a0Danba, J.\u00a0Hoffstein, A.\u00a0H\u00fclsing, J.\u00a0Rijneveld, J.M.\u00a0Schank, P.\u00a0Schwabe, W.\u00a0Whyte and Z.\u00a0Zhang, NTRU. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref032","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36830-1_12"},{"key":"ref033","unstructured":"E.\u00a0Crockett, C.\u00a0Paquin and D.\u00a0Stebila, Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH, Cryptology ePrint Archive, Report2019\/858 (2019), 1\u201324. https:\/\/eprint.iacr.org\/2019\/858."},{"key":"ref034","unstructured":"J.P.\u00a0D\u2019Anvers, A.\u00a0Karmakar, S.S.\u00a0Roy and F.\u00a0Vercauteren, SABER: Mod-LWR based KEM. Round 2 Submission, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref035","doi-asserted-by":"publisher","DOI":"10.1145\/3338467.3358948"},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"ref037","unstructured":"L.\u00a0Ducas, E.\u00a0Kiltz, T.\u00a0Lepoint, V.\u00a0Lyubashevsky, P.\u00a0Schwabe, G.\u00a0Seiler and D.\u00a0Stehl\u00e9, CRYSTALS-Dilithium. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref038","unstructured":"P.A.\u00a0Fouque, J.\u00a0Hoffstein, P.\u00a0Kirchner, V.\u00a0Lyubashevsky, T.\u00a0Pornin, T.\u00a0Prest, T.\u00a0Ricosset, G.\u00a0Seiler, W.\u00a0Whyte and Z.\u00a0Zhang, Falcon: Fast-Fourier lattice-based compact signatures over NTRU. Algorithm specifications and supporting documentation, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34578-5_4"},{"key":"ref040","unstructured":"M.\u00a0Hamburg, ThreeBears. Post-quantum cryptography proposal, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref041","unstructured":"A.\u00a0H\u00fclsing, K.C.\u00a0Ning, P.\u00a0Schwabe, F.\u00a0Weber and P.R.\u00a0Zimmermann, Post-quantum WireGuard, Cryptology ePrint Archive, Report2020\/379 (2020), 1\u201340. https:\/\/eprint.iacr.org\/2020\/379."},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813657"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"P.\u00a0Kampanakis, P.\u00a0Panburana, E.\u00a0Daw and D.\u00a0van Geest, The viability of post-quantum X.509 certificates, Cryptology ePrint Archive, Report2018\/063 (2018), 1\u201318. https:\/\/eprint.iacr.org\/2018\/063.","DOI":"10.1088\/1475-7516\/2018\/05\/063"},{"key":"ref044","unstructured":"M.J.\u00a0Kannwischer, J.\u00a0Rijneveld, P.\u00a0Schwabe and K.\u00a0Stoffelen, pqm4: Testing and benchmarking NIST PQC on ARM Cortex-M4, Cryptology ePrint Archive, Report844 (2019), 1\u201322. https:\/\/eprint.iacr.org\/2019\/844."},{"key":"ref045","unstructured":"N.\u00a0Kobeissi, Formal verification for real-world cryptographic protocols and implementations, PhD thesis, Ecole Normale Sup\u00e9rieure de Paris\u00a0\u2013 ENS Paris, 2018. https:\/\/hal.inria.fr\/tel-01950884v2."},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"N.\u00a0Kobeissi, Verifpal: User manual (first edition), 2020.","DOI":"10.1145\/3411495.3421365"},{"key":"ref047","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.38"},{"key":"ref048","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65277-7_8"},{"key":"ref049","unstructured":"K.\u00a0Kwiatkowski and L.\u00a0Valenta, The TLS post-quantum experiment, Cloudflare, 2019. https:\/\/blog.cloudflare.com\/the-tls-post-quantum-experiment\/."},{"key":"ref050","doi-asserted-by":"publisher","DOI":"10.1145\/3385958.3430482"},{"key":"ref051","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-61042-1_43"},{"key":"ref052","doi-asserted-by":"publisher","DOI":"10.17226\/24636"},{"key":"ref053","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"ref054","unstructured":"Microsoft Azure, What is Connected Factory IoT solution accelerator? 2019. https:\/\/docs.microsoft.com\/en-gb\/azure\/iot-accelerators\/iot-accelerators-connected-factory-features."},{"key":"ref055","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1997.601329"},{"key":"ref056","doi-asserted-by":"publisher","DOI":"10.1145\/359657.359659"},{"key":"ref057","unstructured":"OPC Foundation, OPC UA Specification. Part 1\u00a0\u2013 Overview and Concepts Release 1.04, 2017."},{"key":"ref058","unstructured":"OPC Foundation, OPC UA Specification. Part 4\u00a0\u2013 Services Release 1.04, 2017."},{"key":"ref059","unstructured":"OPC Foundation, OPC UA Specification. Part 6\u00a0\u2013 Mappings Release 1.04, 2017."},{"key":"ref060","unstructured":"OPC Foundation, OPC UA Roadmap, 2020. https:\/\/opcfoundation.org\/about\/opc-technologies\/opc-ua\/opcua-roadmap\/."},{"key":"ref061","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2015.7301562"},{"key":"ref062","unstructured":"C.\u00a0Paquin, D.\u00a0Stebila and G.\u00a0Tamvada, Benchmarking post-quantum cryptography in TLS, Cryptology ePrint Archive, Report2019\/1447 (2019), 1\u201321. https:\/\/eprint.iacr.org\/2019\/1447."},{"key":"ref063","doi-asserted-by":"publisher","DOI":"10.1515\/auto-2019-0019"},{"key":"ref064","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-59013-0_15"},{"key":"ref065","unstructured":"T.\u00a0Pornin, PQClean\u00a0\u2013 Falcon implementations (integer-only code, constant-time), 2019. https:\/\/github.com\/PQClean\/PQClean\/pull\/210#issuecomment-513827611."},{"key":"ref066","doi-asserted-by":"publisher","DOI":"10.1109\/ICIT.2019.8755050"},{"key":"ref067","unstructured":"M.\u00a0Puys, Cybersecurity of industrial systems: Applicative filtering and generation of attack scenarios, 2018, PhD thesis defense. https:\/\/maxime.puys.name\/publications\/pdf\/slidesPhdThesisMaximePuys.pdf."},{"key":"ref068","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45477-1_6"},{"key":"ref069","unstructured":"Sfera Labs, Strato Pi: Industrial Raspberry Pi, 2020. https:\/\/www.sferalabs.cc\/strato-pi\/."},{"key":"ref070","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795293172"},{"key":"ref071","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24203"},{"key":"ref072","unstructured":"D.\u00a0Stebila, S.\u00a0Fluhrer and S.\u00a0Gueron, Design issues for hybrid key exchange in TLS 1.3, 2019, Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-stebila-tls-hybrid-design-01."},{"key":"ref073","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-69453-5_2"},{"key":"ref074","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134027"},{"key":"ref075","doi-asserted-by":"crossref","unstructured":"Verizon, Data breach investigations report, DBIR, 2020. https:\/\/enterprise.verizon.com\/resources\/reports\/2020\/2020-data-breach-investigations-report.pdf.","DOI":"10.1016\/S1361-3723(20)30059-2"},{"key":"ref076","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48660-7_29"},{"key":"ref077","doi-asserted-by":"publisher","DOI":"10.1109\/MIE.2017.2649104"},{"key":"ref078","unstructured":"L.\u00a0Xianhui, L.\u00a0Yamin, J.\u00a0Dingding, X.\u00a0Haiyang, H.\u00a0Jingnan, Z.\u00a0Zhenfei, L.\u00a0Zhe, Y.\u00a0Hao, L.\u00a0Bao and W.\u00a0Kunpeng, LAC. Lattice-based cryptosystems, NIST Post-Quantum Cryptography Standardization: Round 2 (2019)."},{"key":"ref079","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud-EdgeCom49738.2020.00030"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-210037","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-210037","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-210037","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T07:42:09Z","timestamp":1741678929000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-210037"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,23]]},"references-count":79,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8,25]]}},"alternative-id":["10.3233\/JCS-210037"],"URL":"https:\/\/doi.org\/10.3233\/jcs-210037","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,23]]}}}