Communications

Transitioning Cellular networks towards Post Quantum Cryptography

By Ramesh Chandra Vuppala Samsung R&D Institute India-Bangalore
By Neha Sharma Samsung R&D Institute India-Bangalore
By Donghyun Je Samsung Research

Background

Telecommunication systems like 5G rely heavily on secure communication protocols based on asymmetric and symmetric cryptography to protect sensitive information, including user identities, voice, data, messages and network configurations. Asymmetric Cryptography is based on a public - private key mechanism, where public key encrypts the messages and private key decrypts them and is commonly used for authentication & digital signatures procedures. Asymmetric algorithms like RSA (Rivest–Shamir–Adleman) and ECC (Elliptical curve cryptography) are based on complex mathematical model, such as large prime number factorization and discrete logarithms methods that make them practically elusive to be broken by the classical computers and hence have withstood the test of time for more than three decades. However, Quantum computers with their exponential processing power, have an inherent potential to crack these algorithms as an example breaking a 2048-bit RSA key would take 1 billion years with a classical computer but a quantum computer could do it in nearly hundred seconds rendering such cryptographic algorithms helpless [1]. Symmetric key cryptographic algorithms like AES (Advanced Encryption Standard) use the same key for both encryption and decryption and is primarily used for Data encryption and can be considered safe from quantum attacks, if key size is at least 128 bits as the strength of these algorithms depends on key size [2].

Post Quantum Cryptography: Enabling a Quantum Safe Era for Next Generation System

An emerging class of cryptography known as Post Quantum Cryptography (PQC) is a suite of algorithms that provides encryption methods that can withstand the computational exploitation of Quantum adversaries while being able to execute efficiently on classical computing platforms. This is of paramount relevance for the next generation of cellular communications systems aka 6G since during the 6G era Quantum machines are not expected to be widespread and much of the processing shall still be carried out on classical computers thereby ushering in a ‘Quantum Safe’ era. The National Institute of Standards and Technology (NIST) is exploring various PQC algorithms that are based on complex mathematical concepts like lattice-based cryptography, where lattice grids - a repeating pattern of points in space are used to create complex, hard-to-break encryption schemes, as potential candidates that balance the complexity vs robustness trade-off. 3GPP and other related standards bodies are expected to consider the recommendations of NIST on the usage of PQC algorithms. In the blog, we have discussed and explored various methods for adopting PQC based algorithms in next generation system.

Adoption of Post quantum cryptography in B5G/6G Network

The various 5G devices and NW security procedures using symmetric & Asymmetric cryptography are illustrated in Figure 1.

Figure 1. Security Procedure in 5G systems

These procedures in 5G are summarized in Table 1 as below:

Table 1. Protocols and Procedures with cryptography usage in 5G

The adoption of PQC algorithms into existing 5G system is challenging and requires thorough evaluation of their performance, computational efficiency, and impact on protocols. We have further explored Primary authentication procedure in 5G, which is critical procedure for a device to access any services like audio, video or data on the NW and assessed its effect on system performance and security using different PQC adoption strategies.

Subscription Permanent Identifier (SUPI) Encryption in 5G

Primary authentication is a procedure that establishes secure communication between the UE and NW after successful authentication of the user-specific subscription identifier called SUPI assigned by NW to the device during SIM provisioning. To protect against cloning attacks, the SUPI is encrypted at the UE using asymmetric keys as shown in Figure 2 before sharing it with the NW. After successful decryption and authentication, the NW grants access to the services. However, the current asymmetric key cryptography used for establishing the shared key, which is used for SUPI encryption & decryption, is vulnerable to quantum machines, making it necessary to integrate post-quantum cryptography (PQC) algorithms for enhanced security.

Figure 2. Classical/ECC based Subscriber Identity Encryption at UE

We describe two methods for incorporation of PQC into the Primary Authentication Procedure as listed below.

Method 1: Direct replacement of classical algorithm with PQC algorithm

One approach to protect Subscription Permanent Identifier from quantum threat is to replace asymmetric key cryptography with PQC algorithms [4]. Figure 3 explain SUPI encryption using a PQC-based shared key generation mechanism. The UE generates a quantum safe shared key using PQC based key encapsulation method & PQC based NW public key, which will be used to encrypt the SUPI.

Figure 3. PQC based Subscriber Identity Encryption at UE

Method 2: Hybrid Cryptography Mechanism

Replacing classical cryptography with PQC algorithms at an early stage carries an inherent risk as a first time widespread deployment so it will be imperative to have it bolstered with additional/fall back security mechanisms. To minimize this risk, a hybrid approach is recommended, where classical and post-quantum algorithms coexist. This approach ensures interoperability and maintains backward compatibility with existing systems relying on classical encryption methods. In case vulnerabilities are found in either type of algorithm, the presence of both classical and post-quantum algorithms in a hybrid setup reduces the impact of potential breaches, providing additional resilience to the overall cryptographic architecture. This strategy safeguards current infrastructure and guarantees the long-term security of telecommunication networks. Multiple designs exist for implementing a hybrid cryptography mechanism, including generating a hybrid-shared key based on a combination of legacy asymmetric cryptography and PQC key encapsulation as shown in Figure 4, as well as utilizing hybrid encryption where encryption of SUPI can be done first with classical cryptography like AES and later re-encrypt using PQC algorithms based on Quantum safe public key of NW as shown in Figure 5.

Figure 4. Hybrid Shared Key generation based Subscriber Identity Encryption at UE



Figure 5. Hybrid encryption of Subscriber Identity at UE

Simulations & Results [3]

To assess the impact of the PQC adoption algorithm on primary authentication procedure, we have performed few initial simulation on x86 platform by considering the Kyber algorithm. The Module-Lattice (ML) - Key Encapsulation Mechanism (KEM) algorithm that has been standardized by NIST is based on Kyber algorithm [5]. Kyber is derived from structure of lattice-based cryptography, where lattice grids are used to create complex, hard-to-break encryption schemes. Our results show a significant speed-up of up to 6.7x with PQC-based shared key generation compared to the classical key generation for the 5G system. Moreover, our proposed hybrid solution offers enhanced security without any additional CPU processing overhead relative to the 5G system.

Challenges, Considerations & Conclusion:

The integration of new quantum-safe crypto algorithms into existing systems requires consideration of computational overhead and global acceptance of standardized quantum-safe protocols. This transition towards post-quantum cryptography is not just a response to an imminent threat, but an inevitable investment for future telecommunications. Collaboration among industry, government, and standardization bodies is vital to establish robust migration standards towards the quantum-safe era. Customizing hybrid approaches that combine classical and quantum-resistant algorithms for specific use cases and network requirements will facilitate a smooth transition to 6G.

Disclaimer:
The views and opinions expressed in this article are solely those of the authors. These do not necessarily represent those of Samsung Research and its affiliates.

Link to the paper



https://ieeexplore.ieee.org/document/10437815

References

[1] Understanding Encryption
https://www.microsoft.com/en-us/cybersecurity/blog-hub/understanding-encryption

[2] NIST Post-Quantum Cryptography | CSRC (nist.gov)
https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)

[3] Post-Quantum Secure Hybrid Methods for UE Primary Authentication in 6G with Forward Secrecy https://ieeexplore.ieee.org/document/10437815

[4] Vincent Quentin Ulitzsch, Shinjo Park, Soundes Marzougui, and Jean-Pierre Seifert. 2022. A Post-Quantum Secure Subscription Concealed Identifier for 6G. 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’22), New York, NY, USA, 157–168. https://doi.org/10.1145/3507657.3528540

[5] FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf

[6] ETSI White Paper: Quantum Safe Cryptography and Security. https://www.etsi.org/images/files/etsiwhitepapers/quantumsafewhitepaper.pdf