bth.se
Operational message
There are currently operational disruptions. Troubleshooting is in progress.
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
SoK: Evolution of KEM role in cryptographic migrations for IoT systems based on E2EE approach
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0003-0183-3613
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0002-3118-5058
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0002-0518-6532
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Key Encapsulation Mechanisms (KEM) is a special type of encryption method in Public Key Cryptography (PKC) that recently was popularized by standardization authorities. The emergence of a broader use of the term in industry practice was necessitated by the discovery of the malleability property of cipher text, which led to new approaches to asymmetric encryption. This process required the refactoring of all cryptographic software libraries that relate to the problems of cryptographic agility. Our SoK addresses the developments of public key encryption methods and the main challenges that drive to specialization of KEM. It survey literature, cryptographic software libraries and standardization efforts about the public key encryption, key-exchange and encapsulation. We structured the challenges for the users of cryptographic software, focusing on end-to-end encryption and real-world use cases, including IoT systems. We identified main milestones of KEM evolution and structured it into four development areas. We found that the evolution of KEM is defined by a variety of mathematical foundations which always reflects on various aspects of crypto system, which, in case of affected security properties, can be compensated by layered and hybrid approach. Our findings indicate that science, industry practitioners and standardization bodies, propagate such approaches into state of practice by additional abstraction layers in cryptographic software. However software still not in consensus and we observed increased redundancy for KEM toolset and associated layers. Moreover industry practitioners divide into those who only increase technological stack and those who propose both, new stack and new cryptographic methods. To structure the mentioned phenomena we introduced novel, three-facet, consumer-centered mapping of the data security domain.
Keywords [en]
Cryptographic agility, end-to-end encryption, application-level encryption, key-encapsulation mechanism
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:bth-27704OAI: oai:DiVA.org:bth-27704DiVA, id: diva2:1950106
Available from: 2025-04-04 Created: 2025-04-04 Last updated: 2025-12-29Bibliographically approved
In thesis
1. Understanding the role of Key Encapsulation Mechanisms in Cryptographic Migrations: Towards Cryptographic-Agility in IoT Systems Based on End-to-End Encryption Approach
Open this publication in new window or tab >>Understanding the role of Key Encapsulation Mechanisms in Cryptographic Migrations: Towards Cryptographic-Agility in IoT Systems Based on End-to-End Encryption Approach
2025 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The increasing data-security regulation and cyber-threats requires IT vendors to use new cryptographic tools or refactor live systems to encrypt existing data. One step in that direction is integrating an appropriate security protocol and cryptographic software library during the system design phase. However, it is not sufficient when it happens to migrate existing data to encrypted form in the live system on-the-fly, re-encrypt data to a different encryption standard, or have the data of the same origin but encrypted with different standards. This thesis explores the new emergent area of cryptographic agility, which focuses on various challenges while adopting cryptographic migrations in live systems. We proposed End-to-End Encryption (E2EE) design for telemetry data security in two different applications: maritime surveillance and drone-management. We aimed to understand the role of Key Encapsulation Mechanism (KEM) cryptographic primitive in the data-security domain. The notion of crypto-agility constitutes a context-sensitive, activity-based perspective on data security. In this thesis, we aim at both understanding and exploring practical possibilities of this notion. We employ a mixed-methods approach to achieve our aim: Experimentation, Literature Review and Survey. We have studied and applied quantum-safe KEM cryptographic primitives to simulate practical cryptographic migration in live IoT systems. We have shown the importance of KEM security properties and the performance of KEM primitives for telemetry data confidentiality. We proposed new crypto-agility values and trade offs as decision making support tool for consumers of cryptographic technologies. Furthermore, we have employed systematization of knowledge to structure how different types of contributions developed various KEM notions, its influence on the standardization process, and presence in cryptographic software libraries over the last 40 years. The proposed approaches have been shown to be capable of explaining the role of KEM in cryptographic migrations and underlying properties of crypto agility. This can facilitate domain experts in narrowing down the scope of analysis while achieving sufficiency for cryptographic migrations in live IoT systems based on end-to-end encryption protocols.
Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2025. p. 160
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 2025:04
Keywords
Cryptographic agility, end-to-end encryption, application-level encryption, key-encapsulation mechanism
National Category
Security, Privacy and Cryptography
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-27713 (URN)978-91-7295-498-4 (ISBN)
Presentation
2025-09-24, J1630, Campus Karlskrona, 10:00 (English)
Opponent
Supervisors
Projects
Connect2SmallPorts
Available from: 2025-04-11 Created: 2025-04-11 Last updated: 2025-09-30Bibliographically approved

Open Access in DiVA

fulltext(514 kB)3 downloads
File information
File name FULLTEXT01.pdfFile size 514 kBChecksum SHA-512
e38ee7ace6025ac25b90139f7bdbb44565a10eceacfd8f8fc70ed6955edb22a9e7bb0d189649021fedebeef6039fb158c59d844fe9a41575c8af7326042fc26d
Type fulltextMimetype application/pdf

Authority records

Silonosov, AlexandrCasalicchio, EmilianoHenesey, Lawrence

Search in DiVA

By author/editor
Silonosov, AlexandrCasalicchio, EmilianoHenesey, Lawrence
By organisation
Department of Computer Science
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 3 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 182 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
BTH Library
|
Publish/Register
|
How to publish/register
|
Diva portal
|
SwePub
|
Uppsök