Open this publication in new window or tab >>2025 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]
The increasing data-security regulation and cyber-threats requires IT vendors to use new cryptographic tools or refactor live systems to encrypt existing data. One step in that direction is integrating an appropriate security protocol and cryptographic software library during the system design phase. However, it is not sufficient when it happens to migrate existing data to encrypted form in the live system on-the-fly, re-encrypt data to a different encryption standard, or have the data of the same origin but encrypted with different standards. This thesis explores the new emergent area of cryptographic agility, which focuses on various challenges while adopting cryptographic migrations in live systems. We proposed End-to-End Encryption (E2EE) design for telemetry data security in two different applications: maritime surveillance and drone-management. We aimed to understand the role of Key Encapsulation Mechanism (KEM) cryptographic primitive in the data-security domain. The notion of crypto-agility constitutes a context-sensitive, activity-based perspective on data security. In this thesis, we aim at both understanding and exploring practical possibilities of this notion. We employ a mixed-methods approach to achieve our aim: Experimentation, Literature Review and Survey. We have studied and applied quantum-safe KEM cryptographic primitives to simulate practical cryptographic migration in live IoT systems. We have shown the importance of KEM security properties and the performance of KEM primitives for telemetry data confidentiality. We proposed new crypto-agility values and trade offs as decision making support tool for consumers of cryptographic technologies. Furthermore, we have employed systematization of knowledge to structure how different types of contributions developed various KEM notions, its influence on the standardization process, and presence in cryptographic software libraries over the last 40 years. The proposed approaches have been shown to be capable of explaining the role of KEM in cryptographic migrations and underlying properties of crypto agility. This can facilitate domain experts in narrowing down the scope of analysis while achieving sufficiency for cryptographic migrations in live IoT systems based on end-to-end encryption protocols.
Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2025. p. 160
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 2025:04
Keywords
Cryptographic agility, end-to-end encryption, application-level encryption, key-encapsulation mechanism
National Category
Security, Privacy and Cryptography
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-27713 (URN)978-91-7295-498-4 (ISBN)
Presentation
2025-09-24, J1630, Campus Karlskrona, 10:00 (English)
Opponent
Supervisors
Projects
Connect2SmallPorts
2025-04-112025-04-112025-09-30Bibliographically approved