Bridging IoT Security and Post-Quantum Cryptography: Requirements, Limitations, and Solutions (E12b)
The rapid proliferation of Internet of Things (IoT) devices and their long operational lifecycles expose critical infrastructures to emerging quantum-enabled threats. Classical public-key cryptographic schemes such as RSA and ECC, which currently underpin device authentication, secure boot, and firmware integrity, are expected to become vulnerable to quantum algorithms, particularly Shor’s algorithm. Consequently, integrating post-quantum cryptography (PQC) into IoT ecosystems has become an urgent research and engineering priority. This talk examines the applicability, challenges, and design considerations of PQC in resource-constrained IoT environments. It evaluates NIST-standardized lattice-based schemes, including CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium and Falcon for digital signatures, and assesses their suitability for secure device onboarding, over-the-air (OTA) updates, and secure communication protocols such as TLS, MQTT, and CoAP. The analysis highlights major constraints related to processing power, memory capacity, energy consumption, and bandwidth limitations, which complicate the deployment of PQC algorithms with larger key and signature sizes. To address these challenges, the paper explores hybrid cryptographic models, crypto-agility, hardware acceleration, and lightweight PQC implementations tailored for embedded systems. The findings indicate that, despite performance and integration challenges, PQC adoption in IoT is both feasible and essential to ensure long-term confidentiality, integrity, and resilience against harvest-now-decrypt-later attacks in the post-quantum era.