bth.se
Operational message
There are currently operational disruptions. Troubleshooting is in progress.
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Understanding the role of Key Encapsulation Mechanisms in Cryptographic Migrations: Towards Cryptographic-Agility in IoT Systems Based on End-to-End Encryption Approach
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0003-0183-3613
2025 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The increasing data-security regulation and cyber-threats requires IT vendors to use new cryptographic tools or refactor live systems to encrypt existing data. One step in that direction is integrating an appropriate security protocol and cryptographic software library during the system design phase. However, it is not sufficient when it happens to migrate existing data to encrypted form in the live system on-the-fly, re-encrypt data to a different encryption standard, or have the data of the same origin but encrypted with different standards. This thesis explores the new emergent area of cryptographic agility, which focuses on various challenges while adopting cryptographic migrations in live systems. We proposed End-to-End Encryption (E2EE) design for telemetry data security in two different applications: maritime surveillance and drone-management. We aimed to understand the role of Key Encapsulation Mechanism (KEM) cryptographic primitive in the data-security domain. The notion of crypto-agility constitutes a context-sensitive, activity-based perspective on data security. In this thesis, we aim at both understanding and exploring practical possibilities of this notion. We employ a mixed-methods approach to achieve our aim: Experimentation, Literature Review and Survey. We have studied and applied quantum-safe KEM cryptographic primitives to simulate practical cryptographic migration in live IoT systems. We have shown the importance of KEM security properties and the performance of KEM primitives for telemetry data confidentiality. We proposed new crypto-agility values and trade offs as decision making support tool for consumers of cryptographic technologies. Furthermore, we have employed systematization of knowledge to structure how different types of contributions developed various KEM notions, its influence on the standardization process, and presence in cryptographic software libraries over the last 40 years. The proposed approaches have been shown to be capable of explaining the role of KEM in cryptographic migrations and underlying properties of crypto agility. This can facilitate domain experts in narrowing down the scope of analysis while achieving sufficiency for cryptographic migrations in live IoT systems based on end-to-end encryption protocols.
Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2025. , p. 160
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 2025:04
Keywords [en]
Cryptographic agility, end-to-end encryption, application-level encryption, key-encapsulation mechanism
National Category
Security, Privacy and Cryptography
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:bth-27713ISBN: 978-91-7295-498-4 (print)OAI: oai:DiVA.org:bth-27713DiVA, id: diva2:1951624
Presentation
2025-09-24, J1630, Campus Karlskrona, 10:00 (English)
Opponent
Supervisors
Projects
Connect2SmallPortsAvailable from: 2025-04-11 Created: 2025-04-11 Last updated: 2025-09-30Bibliographically approved
List of papers
1. Towards cryptographic agility manifesto in end-to-end encryption systems: a position paper from the perspective of crypto-consumers
Open this publication in new window or tab >>Towards cryptographic agility manifesto in end-to-end encryption systems: a position paper from the perspective of crypto-consumers
2024 (English)In: Proceedings - 2024 IEEE Conference on Dependable, Autonomic and Secure Computing, DASC 2024, IEEE Computer Society, 2024, p. 65-72Conference paper, Published paper (Refereed)
Abstract [en]

This position paper presents the preliminary results from a research study focusing on cryptographic agility for consumers of open-source cryptographic libraries. We provide a concise overview of frontiers and recent advancements in cryptographic agility research frontier, examining the utilized approaches and emphasizing the perception of application layer encryption in end-to-end encryption systems. The paper delves into the state of practice of cryptographic libraries and programming interfaces, outlining recognized challenges and knowledge gaps that warrant exploration through new scientific research. Furthermore, we outline the values of cryptographic agility in a manifesto and propose a survey structure to validate our assumptions. 
Place, publisher, year, edition, pages
IEEE Computer Society, 2024
Keywords
application-level encryption, Cryptographic agility, end-to-end encryption, key-encapsulation mechanism, Application level, CryptoGraphics, Encryption system, Key encapsulation mechanisms, Open-source, Position papers, Research studies
National Category
Security, Privacy and Cryptography
Identifiers
urn:nbn:se:bth-27461 (URN)10.1109/DASC64200.2024.00015 (DOI)001445502600009 ()2-s2.0-85216551882 (Scopus ID)9798331522728 (ISBN)
Conference
22nd IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2024, Boracay Island, Nov 5-8, 2024
Available from: 2025-02-17 Created: 2025-02-17 Last updated: 2025-09-30Bibliographically approved
2. Telemetry data sharing based on Attribute-Based Encryption (ABE) schemes for cloud-based Drone Management system.
Open this publication in new window or tab >>Telemetry data sharing based on Attribute-Based Encryption (ABE) schemes for cloud-based Drone Management system.
2024 (English)In: ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), 2024Conference paper, Published paper (Refereed)
Abstract [en]

The research presented in the paper evaluates practices of Attribute-Based Encryption, leading to a proposed end-to-end encryption strategy for a cloud-based drone management system. Though extensively used for efficiently gathering and sharing video surveilance data, these systems also collect telemetry information with sensitive data. This paper presents a study addressing the current state of knowledge, methodologies, and challenges associated with supporting cryptographic agility for End-to-End Encryption (E2EE) for telemetry data confidentiality. To enhance cryptographic agility performance, a new metric has been introduced for cryptographic library analysis that improves the methodology by considering Attribute-Based Encryption (ABE) with a conventional key-encapsulation mechanism in OpenSSL. A comprehensive series of experiments are undertaken to simulate cryptographic agility within the proposed system, showcasing the practical applicability of the proposed approach in measuring cryptographic agility performance. 
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2024
Keywords
attribute based encryption., audit log data, cryptographic agility, end-to-end encryption, key-encapsulation mechanism, telemetry, Cryptography, Information management, Sensitive data, Telemetering equipment, Attribute-based encryptions, Audit logs, CryptoGraphics, Key encapsulation mechanisms, Log data, Telemetry data, Drones
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-26823 (URN)10.1145/3664476.3670909 (DOI)001283894700158 ()2-s2.0-85200415750 (Scopus ID)9798400717185 (ISBN)
Conference
19th International Conference on Availability, Reliability and Security, ARES 2024, Vienna, July 30- Aug 2 2024
Available from: 2024-08-16 Created: 2024-08-16 Last updated: 2025-09-30Bibliographically approved
3. Crypto-agility performance analysis for AIS data sharing confidentiality based on attribute-based encryption
Open this publication in new window or tab >>Crypto-agility performance analysis for AIS data sharing confidentiality based on attribute-based encryption
2024 (English)In: CS & IT Conference Proceedings / [ed] D. C. Wyld & D. Nagamalai, AIRCC Publishing Corporation , 2024, Vol. 14, p. 193-212Conference paper, Published paper (Refereed)
Abstract [en]

The research presented in the paper evaluates practices of Attribute-Based Encryption as a key encapsulation mechanism and proposes end-to-end encryption architecture for a cloudbased ship tracking system confidentiality. Though extensively used for efficiently gathering and sharing maritime data, these systems draw information from Automated Identification Systems, ports, and vessels, which can lead to cyber-security vulnerabilities. This paper presents a study addressing the current state of knowledge, methodologies, and challenges associated with supporting cryptographic agility for End-to-End Encryption (E2EE) for AIS data. To study cryptographic agility performance, a new metric has been introduced for cryptographic library analysis that improves the methodology by comparing Attribute-Based Encryption (ABE) with state of the art CRYSTALS-Kyber key encapsulation mechanism (KEM) that belongs to Post-Quantum Cryptography (PQC). A comprehensive series of experiments are undertaken to simulate large-scale cryptographic migration within the proposed system, showcasing the practical applicability of the proposed approach in measuring cryptographic agility performance.
Place, publisher, year, edition, pages
AIRCC Publishing Corporation, 2024
Series
Computer Science & Information Technology (CS & IT), E-ISSN 2231-5403
Keywords
AIS ship tracking data, Key encapsulation mechanism, end-to-end encryption, cryptographic agility, CRYSTALS-Kyber, Post-Quantum Cryptography
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-26989 (URN)10.5121/csit.2024.141714 (DOI)
Conference
14th International Conference on Computer Science and Information Technology (CCSIT 2024), Copenhagen Sept 21-22, 2024
Available from: 2024-10-10 Created: 2024-10-10 Last updated: 2025-09-30Bibliographically approved
4. SoK: Evolution of KEM role in cryptographic migrations for IoT systems based on E2EE approach
Open this publication in new window or tab >>SoK: Evolution of KEM role in cryptographic migrations for IoT systems based on E2EE approach
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Key Encapsulation Mechanisms (KEM) is a special type of encryption method in Public Key Cryptography (PKC) that recently was popularized by standardization authorities. The emergence of a broader use of the term in industry practice was necessitated by the discovery of the malleability property of cipher text, which led to new approaches to asymmetric encryption. This process required the refactoring of all cryptographic software libraries that relate to the problems of cryptographic agility. Our SoK addresses the developments of public key encryption methods and the main challenges that drive to specialization of KEM. It survey literature, cryptographic software libraries and standardization efforts about the public key encryption, key-exchange and encapsulation. We structured the challenges for the users of cryptographic software, focusing on end-to-end encryption and real-world use cases, including IoT systems. We identified main milestones of KEM evolution and structured it into four development areas. We found that the evolution of KEM is defined by a variety of mathematical foundations which always reflects on various aspects of crypto system, which, in case of affected security properties, can be compensated by layered and hybrid approach. Our findings indicate that science, industry practitioners and standardization bodies, propagate such approaches into state of practice by additional abstraction layers in cryptographic software. However software still not in consensus and we observed increased redundancy for KEM toolset and associated layers. Moreover industry practitioners divide into those who only increase technological stack and those who propose both, new stack and new cryptographic methods. To structure the mentioned phenomena we introduced novel, three-facet, consumer-centered mapping of the data security domain.
Keywords
Cryptographic agility, end-to-end encryption, application-level encryption, key-encapsulation mechanism
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-27704 (URN)
Available from: 2025-04-04 Created: 2025-04-04 Last updated: 2025-12-29Bibliographically approved
5. The role of key encapsulation mechanism in end-to-end encryption agility - a case for telemetry data confidentiality
Open this publication in new window or tab >>The role of key encapsulation mechanism in end-to-end encryption agility - a case for telemetry data confidentiality
2025 (English)In: Procedia Computer Science / [ed] Maria Manuela Cruz Cunha & Nuno Mateus-Coelho, Elsevier, 2025, Vol. 263, p. 829-838Conference paper, Published paper (Refereed)
Abstract [en]

The study outlined in this paper assesses the implementation of Attribute-Based Encryption as a key encapsulation mechanism,culminating in a proposed end-to-end encryption solution for a cloud-based IoT management system and further simulation ofmigration to Kyber Post-Quantum Cryptography (PQC) key encapsulation mechanism. Though extensively used for efficientlygathering and sharing video surveillance data, these systems also collect telemetry information, which includes sensitive data. Thispaper presents a comprehensive study that examines the current understanding, methodologies, and challenges associated withsupporting the End-to-End Encryption (E2EE) approach to ensure the confidentiality of telemetry data.
Place, publisher, year, edition, pages
Elsevier, 2025
Series
Procedia Computer Science, ISSN 1877-0509
Keywords
attribute-based encryption, audit log data, cryptographic agility, end-to-end encryption, key-encapsulation mechanism, kyber, telemetry
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-27705 (URN)10.1016/j.procs.2025.07.100 (DOI)2-s2.0-105013961743 (Scopus ID)
Conference
2024 International Conference on Industry Sciences and Computer Science Innovation, iSCSi 2024, Porto, Oct 29-31, 2024
Available from: 2025-04-04 Created: 2025-04-04 Last updated: 2025-09-30Bibliographically approved

Open Access in DiVA

fulltext(1949 kB)447 downloads
File information
File name FULLTEXT02.pdfFile size 1949 kBChecksum SHA-512
95b26b8bdab2d621cc8b27abc0837570838cb2575892ec8bb1dc22de7353bb2dd65ba0ab779cfeeac6abdaa4bac6b836ebc459ba37f24c438b590c3153c1fdd4
Type fulltextMimetype application/pdf

Authority records

Silonosov, Alexandr

Search in DiVA

By author/editor
Silonosov, Alexandr
By organisation
Department of Computer Science
Security, Privacy and Cryptography

Search outside of DiVA

GoogleGoogle Scholar
Total: 447 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 379 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
BTH Library
|
Publish/Register
|
How to publish/register
|
Diva portal
|
SwePub
|
Uppsök