Quantum Safe Authenticated Key Exchange

4 connection to the OEM Backend for ECUs, that already in the field. The symmetric algorithms used are supposed to be secure against quantum attacks and these keys can Quantum Safe Authenticated Key Exchange be used as anchors of trust, something that of course requires a centralized key man- Protocol for Automotive Application agement in place and the usage of hardware security anchors, such as HSMs or TPMs. Some ideas worth discussing are the following: Julius Hermelink1, Thomas P¨oppelmann2, Marc St¨ottinger3, Yi Wang4, and  Taking advantage of a centralized architecture allows OEMs to focus on the con- Yong Wan4 nected and less resource-constraint Gateway ECUs as a first step. Future domain- based automotive architectures should be already well-suited for this purpose. 1 Research Institute CODE  Handling the security use cases for older ECUs in the field in a specialized way: Universit¨atder Bundeswehr M¨unchen different certificates in parallel, only new ECUs handle the PQ Signatures. Older 2 Infineon Technologies, Germany ECUs could only get updates in controlled repair-shop environment, in case the clas- 3 Continental AG, Germany sical certificates are already broken. 4 Continental Automotive, Singapore  “Smooth transition”: using classic certificates to perform secure online flashing.  In the extreme case that asymmetric is broken, before a transition has been made: the trust anchor can be a (e.g. hardware aided) symmetric key. This al- Abstract. In this work, we propose an instantiation of a quantum-safe ready poses some requirements for automotive development, to incorporate hard- security protocol for authenticated key establishment (AKE) with for- ware security into the most critical ECUs, and focus on algorithm “agility” when ward secrecy. As core primitives, we use Newhope and XMSS and avoid designing those. signatures in the key exchange to achieve better performance. Exem- plary, the implemented protocol could be used to establish a secured and authentic communication channel between the electrical control unit (ECU) and a testing device for on-board diagnosis (OBD). To verify the 3 Conclusion feasibility, we implement an XMSS-based public key infrastructure (PKI) and the AKE protocol on the AURIX automotive embedded microcon- In conclusion, the technological transformation originating from the eve of quantum troller platform. We provide a breakdown of cycle cost and communica- tion overhead and demonstrate that a modern post-quantum AKE can computers poses a variety of challenges and risks for the automotive industry. In our be executed efficiently on our target platform. presentation, we want to address those and discuss some ideas regarding the steps needed towards overcoming them. 1 Introduction

The automotive sector has seen a huge increase of connectivity and automation References over the last decade, resulting in the necessity for strong cryptography to preserve privacy, confidentiality, and authenticity of safety-critical data. In addition, most [1] Lov K. Grover. A fast quantum mechanical algorithm for database search. In Proceedings applications and services implemented in each automotive electrical control unit of the Twenty-eighth Annual ACM Symposium on Theory of Computing, pages 212–219. 1996. (ECU) need to be secured over the entire life cycle. Diagnostic services of an ECU [2] Michele Mosca. Cybersecurity in an era with quantum computers: will we be ready? 2015. are one of the most important feature of every automotive ECU. Thus, these [3] National Institute of Standards and Technology. Post quantum cryptography, 2018. diagnostic service must be protected against unauthorized usage throughout the [4] Peter W. Shor. Algorithms for quantum computation. In Proceedings 35th Annual Sympo- entire life cycle of the ECU. During a remote diagnostic service for a software over sium on Foundations of Computer Science, pages 124–134. IEEE Computer Society Press, the air update, a session key is required to be exchanged between the ECU and 1994. the back end to authenticate and optionally encrypt the transferred data. Hence, [5] Peter W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms cryptographic schemes are implemented to prevent an abuse of the functions of on a quantum computer. 26:1484–1509, 1997. the diagnosis service to carry out attacks against the ECU.

A quantum computer breaking common cryptographic schemes in the future could compromise products deployed much earlier with severe implications for the safety of automotive products still in use. This issue is currently addressed by the cryptographic community and standardization bodies. The main driv- ing force is the NIST post-quantum cryptography standardization process [32],

69 J. Hermelink et al.

2 Hermelink et al.

which is currently in round 3 with 15 schemes remaining [33]. In parallel, NIST is working on an official standard [16] for the stateful hash-based signature schemes XMSS [20] and LMS [31]. The schemes are promising due to their well under- stood security level and high level of trust. While the schemes instigated by NIST are most likely a major foundation for future secured systems, it is not sufficient to only look at isolated schemes. Most use cases in the automotive domain, e.g., secured channel establishment for remote diagnosis services, require more advanced protocols (see [11]). In this context, it is not sufficient to simply establish a shared secret to communicate using symmetric encryption, especially when a remote connection is used for diagnostic services. Both parties may need forward secrecy and mutual authen- tication, which usually implies the need for long term certificates. It is thus important to investigate the integration of NIST PQC primitives into protocols and real-world systems and to provide feedback on the suitability of possible future algorithms. In general, classic authenticated key exchange (AKE) protocols use a Diffie- Hellman key exchange that is authenticated with a signature and symmetric mes- sage authentication code (MAC). Popular examples are SIGMA [30] or Trans- port Layer Security (TLS) [36]. However, with the need for a migration to post- quantum AKE several issues arise. First, the size of certain elements (e.g., public keys and signatures) is considerably larger than for RSA or ECC. This may lead to increased latency and memory requirements. Moreover, it currently seems that post-quantum digital signatures are more complicated to construct and to secure than public key encryption (PKE) or key encapsulation mechanisms (KEM). In addition, they are typically slower than PKE schemes of a comparable security level (see Section 3) and may even exhibit no deterministic runtime. Such non deterministic runtime may make it impossible to guarantee a response within a defined timeframe. On the other hand, stateful hash-based signatures look very promising due to the high confidence level. However, the usage of stateful hash- based signatures requires more careful management of the state of the private key compared to stateless signature schemes. As a consequence, the practical deployment of PQC in the automotive do- main appears challenging due to often limited computational power and re- quirements for defined response times. First works already implemented and optimized schemes like Newhope for automotive microcontrollers [18]. However, it is necessary to increase the understanding of the cost and performance of a full AKE. In addition, it is necessary to determine where specific low-level optimizations (e.g., assembly code, compiler directives) are most effective. A promising proposal for efficient AKE is a protocol proposed by Guilhem, Smart, and Warinschi [37] that explicitly avoids signing operations in the protocol. The protocol achieves authenticated key exchange between devices by using an IND- CPA secured key exchange protocol, an IND-CCA secured private key encryption protocol, a symmetric cipher, and a hash function for message authentication. Contribution. In this work, we investigate challenges and the performance of AKE protocols designed for instantiation with quantum-safe algorithms [37]

70 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 3 on the automotive microcontroller platform AURIXTM[22]. We provide an in- stantiation of the protocol with a selection of ciphers that aim for high security and simple implementation. We thus employ Newhope1024-CPA-KEM [2] for ephemeral key exchange, NewHope1024-CCA-KEM for encrypted-based authen- tication, AES256-GCM for data encryption and SHA3 as MAC. To protect the PKI we use XMSS-SHA2 10 256 [20] signatures. We chose a lattice-based KEM scheme for the session key exchange for having a relatively small key size, good performance, and fast key generation for ephemeral key exchange. We selected a stateful hash-based signature scheme for the verification of the long term certifi- cate because of the small public key and very good long term security properties. To get a better understanding of the lower boundary of the overhead and prac- ticability of AKE protocol, we implemented the entire scheme using open-source reference implementations of the cryptographic algorithms. As an initial step, we used reference implementations to identify possible bottlenecks and to get the big picture on the overall performance of the AKE protocol and the certificate validation. We provide information on message sizes and discuss standalone per- formance of the cryptographic primitives. We thus demonstrate the feasibility of post-quantum AKEs on currently commercially available automotive devices. Moreover, we discuss options for further performance optimization.

2 Preliminaries

In this section we provide background on cryptographic primitives and give nec- essary definitions and relevant details on the protocol of Guilhem, Smart, and Warinschi [37]. Moreover, we introduce our target device, the AURIX microcon- troller platform.

2.1 Cryptography Background Security Notions for KEMS NIST requested proposals for the standard- ization KEMs and PKEs [32] that follow the chosen-plaintext attack (CPA) model or the chosen-ciphertext attack (CCA) model (see [40] for further con- text). Schemes in the CPA model usually provide security against passive ad- versaries. Thus, the security claims only hold when key pairs are not reused or when ciphertexts send for decryption are appropriately protected from tamper- ing5. Schemes in the CCA model are more robust but also more complicated and sometimes slower than their CPA counterparts. A common approach to achieve CCA-security is the Fujisaki–Okamoto transform [19] that requires a re-encryption to check that a ciphertext was honestly generated.

Newhope Newhope [2] is a IND-CCA and IND-CPA-secured lattice-based key exchange mechanism (KEM), which was part of the NIST PQC standardization process till round 2 but did not advance into the third round [33]. It is constructed

5 This setting is often also referred to as ephemeral key exchange.

71 J. Hermelink et al.

4 Hermelink et al.

from an IND-CPA secured public key encryption scheme (PKE) and uses a variant [40] of the Fujisaki–Okamoto transform [19] to reconstruct and check ciphertexts. Newhope is based on the security of the ring-learning-with-errors (Ring-LWE), and the main arithmetic operations are performed in the residue ring R/qR of the ring R = Z[X]/(Xn + 1) with a modulus of q = 12289 and n = 512 or n = 1024. The NewHope1024 parameter set with n = 1024 is in NIST security strength category 5 and provides 233 bits of security against quantum adversaries. To support encryption of arbitrary length ciphertexts the Newhope IND-CCA secured KEM can be transformed into an IND-CCA secured PKE by applying a standard conversion (see [32, page 5]). In this conversion the plaintext message is encrypted with AES-GCM with a randomly generated IV. The AES-GCM symmetric key is the key output by the encapsulation routine of the CCA-KEM. The decryption routine of the CCA-PKE uses the symmetric key from the KEM’s decapsulation routine to decrypt the ciphertext.

XMSS The idea of hash-based signatures has been proposed by Lamport in the 1970s and significantly improved by Merkle (for further details we refer to [8]). The eXtended (XMSS) is a stateful hash-based forward-secured signature scheme combining a one time signature scheme with a hash tree, to overcome the limitation of being able to sign only one message per key. It was proposed in 2011 by Buchmann, Dahmen, and Huelsing [13] and is, after some updates and improvements, currently under consideration for stan- dardization [20,16]. Hash-based or Merkle signatures have potential for firmware updates or post-quantum secured high-security public key infrastructures and are recommended by the German BSI [23, Table 5.3] as quantum-safe alternative to ECC or RSA-based schemes. However, the need for the signer to keep and update a state to achieve the security properties poses some risks for general usage, e.g., when a backup is restored and thus state information is lost. As a consequence, NIST recommends stateful schemes only for limited use cases [16]. Another issue is performance, which depends on the supported number of sig- natures. For example, the XMSS-SHA2 10 256 parameter set supports signing of 210 = 1024 signatures with a signature size of 2,500 byte. Inside of XMSS the functions F (SHA2-256 with input of 768-bit) and H (SHA2-256 with input of 1024-bit) are used. The XMSS-SHA2 10 256 parameter set requires 1,238,016 calls to F and H for key generation, 5,725 calls for singing and 1,149 calls for ver- ification. In comparison, XMSS-SHA2 20 256, which supports 220 =1, 048, 576 signatures requires 1, 268 106/11,455/1,159 calls to F and H for gen/sign/ver. ·

2.2 Key Agreement Without Signatures by Guilhem, Smart, and Warinschi

In this sections, we recall the authenticated key exchange protocol of Guilhem, Smart, and Warinschi [37] carried out between the two parties U and V . It uses an unauthenticated and thus CPA-secured KEM denoted (KeyGenKEM, En- caps, Decaps) to generate an ephemeral key pair that is used to achieve forward

72 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 5 secrecy. Additionally, a CCA-secured PKE scheme (KeyGenPKE, Enc, Dec) is used mainly to authenticate the parties and to achieve message integrity. Both U and V hold their own fixed long-term key pairs, denoted (pkU,pke, skU,pke) and (pkV,pke, skV,pke), respectively. These keys need to be authenticated by other means (see Section 3.1). Additional components are the hash functions H1 and H2, as well as a message authentication algorithm (MAC). In addition to the CPA security, KeyGenKEM is assumed to output a non-predictable key.

Party U (identified by idU ) Party V (identified by idV )

Step 1: Key Generation U

(skU,kem, pkU,kem) KeyGenKEM ←

m1 = pku,kem

m1 m1 Encpk (idU m1) Step 2: Response V ← V,pke || −−→

(idU ,m1) Decsk (m1) ← V,pke

(m2,kV ) Encaps (m1) ← pkU

m2 Step 3: Response U m2 Encpk (m1 m2) ←−− ← U,pke ||

m m2 Decsk (m2) 1|| ← U,pke

If m1 = m abort  1

kU Decaps (m2) ← skU,kem

kU,1 H1(kU ) ←

m3 m3 Mack (idU idV ) Step 4: Final V ← U,1 || −−→

kU,final H2(kU idU idV ) kV,1 H1(kV ) ← || || ←

If Mack (idU idV ) =m3 abort V,1 || 

kV,final H2(kV idU idV ) ← || ||

Protocol 1: Authenticated key exchange

The detailed steps of the three-pass exchange are provided in Protocol 1, with a slightly simplified notation in comparison to [37]. To start the exchange, U first generates a new key pair (skU,kem, pkU,kem) with the CPA-secured KEM

73 J. Hermelink et al.

6 Hermelink et al.

KeyGenKEM. The resulting public key pku,kem and the id idU are then en- crypted using the public key pkV,pke of V into m1 and sent to V . Then V uses its long-term secret key skV,pke to decrypt m1 and retrieve the ephemeral public key pkU,kem and idU . V executes the encapsulate method of the CPA-secured KEM, using pkU,kem. This results in a shared secret kV and a message m2; the latter is encrypted together with pku,kem using the CCA-secured PKE and pku,pke, and sent to U. Then U checks if the pku,kem received from V matches the actual pku,kem. If this is the case, U retrieves the shared secret from m2. Both U and V now hash their shared secret kU and kV , respectively. U then uses kU,1 to create a MAC for idU idV called m3. This is sent to V and checked for correctness. Then the respective|| shared secret is used by both parties to create a final shared secret kV,final. If neither U nor V aborted the protocol the shared secret may now be used to communicate encrypted using a symmetric cipher. Note that the first two messages authenticate V to U as only V is in posses- sion of skU required to obtain m1. The second and the third message authen- ticate U to v. The intuition here is that U being able to provide m3 such that the comparison succeeds, implies that U knows kU , and therefore skU , with high probability. In order to protect the long-term secret keys in multiple protocol runs, the used PKE needs to be protected against CCA-attacks. For the KEM only CPA-security is required as a new key pair is generated in each run.

2.3 AURIX-2G Microcontroller Architecture

This family of the AURIX (Automotive Realtime Integrated NeXt Generation Architecture) processor supports up to six 32-bit TriCoreTM processor cores with up to 16 Mbytes of embedded flash memory and more than 6 Mbytes RAM. The AURIX family focuses on high performance and security/safety in the automo- tive domain. AURIX-2G is the second generation products supporting multi-core micro controllers, e.g. TC39x, TC38,x TC37x, and TC35x. It could reach up to 2,400 DMIPS of processing performance with highest safety assurance level (ASIL-D) [25] (Safety level is defined from lowest to highest as ASIL-A, ASIL-B, ASIL-C, ASIL-D). Hence, the AURIX family is usually used in safety and real- time critical applications like engine control, airbags, steering, and connectivity of a connected car6. The AURIX microcontroller also features a Hardware Se- curity Module (HSM) that can be used to execute security critical functionality in a core that is logically separated from the main system and equipped with hardware-based cryptographic accelerators with a 128-bit security concept. It is encompassing asymmetric cryptography mechanisms that fulfill the require- ments of the level ‘high’ for an HSM defined in the E-safety vehicle intrusion protected applications (EVITA) project [1]. It consists of a 32-bit CPU for own applications next to the basic HSM firmware. Attached to this CPU is a own access-protected memory and multiple hardware accelerators of cryptographic primitives. AES-128 hardware accelerator, PKC ECC256 hardware accelerator,

6 See https://www.infineon.com/cms/de/product/microcontroller/32-bit- tricore-microcontroller/

74 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 7

Hash SHA2-256 hardware accelerator, AIS31-compliant True Random Number Generator (TRNG) and timers. For further information on architectural details of AURIX that are relevant for the implementation of cryptographic algorithms we refer to [18].

3 Instantiation

In this section, we provide a possible instantiation of the protocol from [37] suit- able for OBD and other use cases from the automotive or embedded domain that require long term security and a margin against the improvement of future attacks. As a consequence, we aim for 256-bit symmetric keys and schemes that reach NIST security level 5 (security comparable to breaking AES-256 on a quan- tum computer). As Protocol 1 focuses only on the authenticated key exchange (AKE) an additional protocol given in Protocol 2 has to be executed beforehand to exchange and validate certificates. We chose the protocol from [37] for our study as it avoids the creation of digital signatures as part of the AKE.

3.1 Certificate Exchange

We exemplary use the XMSS parameter set XMSS-SHA2 10 256 [20] (see Sec- tion 2.1) to realize a basic PKI in which the root of the certificate authority directly signs public keys. We use XMSS in Protocol 2 as it is a suitable post- quantum secured signature scheme that is close to standardization [16,20] and in a class of schemes that are already recommended by, e.g., the BSI [23]. In addition, XMSS offers sufficiently fast verification speed, small public key sizes, and a high level of trust. The high-level of trust makes it explicitly suitable for long term secured certificates and use in a PKI. The constraints of hash-based signatures are also much easier to handle by a PKI that signs certificates in a controlled environment, than on embedded devices deployed in the field. And as Protocol 1 is explicitly designed to avoid we are also not con- strained by the desire to harmonize signature schemes, e.g., for saving program memory. Note that another option would be to use LMS [31] instead of XMSS for its better performance [28]. However, we decided to stick with XMSS for its more conservative security model. The CA is established by creating a XMSS key pair (pkca, skca) and certifi- cates consisting of a signature field and a NewHope1024-CCA-KEM long term public key (see Section 3.2 for details). Other fields for access control, for exam- ple an expiration date, may be added. Our certificates are of a fixed size, and the signature is created before deployment, using skca. The public key of the CA pkca is assumed to be known to each party and does not have to be kept secret. In the following, we denote the certificate of the party U as certU and the certificate of the party V as certV . A certificate can be checked for validity by verifying the signature using pkca and the XMSS verification algorithm. In Protocol 2, the verification of a certificate is achieved by calling the XMSS verification function using pkca on the signature field of the certificate and the

75 J. Hermelink et al.

8 Hermelink et al.

Party U Party V certificate certU Check certU using pkca −−−−−−−−−−→certificate certV Check certV using pkca ←−−−−−−−−−−

Protocol 2: Exchange and validation of certificates

concatenation of all other fields of the certificate. As the certificates are signed by the certificate authority before deployment, there is only a verification operation on public data required. Table 1 shows the certificate structure used in our implementation. The unique ID is set to 128 bytes to provide sufficient space to contain a Uniform Resource Locator (URL) or some random global unique identifier. The expiration field contains information when the certificate expires and if it is set to 0, then the certificate does not expire. The access rights field is used for the OBD use case study and contains information on access privileges of each entity (e.g., read or write access) to diagnosis information.

3.2 Authenticated Key Exchange For all public key operations in the AKE scheme we rely on the Newhope al- gorithm [2] (see Section 2.1). We have chosen NewHope1024 for its high se- curity level, good performance, its conservative design choices, and to be able to reuse the CPA construction as a subcomponent of the CCA scheme. The fast key generation of Newhope and other lattice-based schemes is an advantage over code-based schemes like Classic McEliece (see [33])7. We instantiate the CPA-KEM (KeyGenKEM, Encaps, Decaps) with the NewHope1024-CPA-KEM for ephemeral key exchange. To obtain the CCA PKE (KeyGenPKE, Enc, Dec) we use the standard conversion proposed by NIST [32] to turn NewHope1024- CCA-KEM into a PKE by using AES256-GCM for data encryption. Moreover, we rely on SHA3 to realize the MAC and H1 and H2 are realized by SHA3, 7 One workaround for these schemes is the caching of new ephemeral keys and regen- eration of key pairs in defined periods. However, on an embedded device this also creates further dependencies and the need for a complex caching and key manage- ment component.

Table 1. Certificate fields (exemplary for U)

Name Description Size in bytes pkU,pke NewHope1024-CCA-KEM public key 1824 idU A unique identifier identifying the participant U 128 access rights The access rights of the participant 64 expiration The expiration date of the certificate 4 signature XMSS-SHA2 10 256 signature over the four previous fields 2500

76 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 9 called with a prepended domain separator to avoid attacks as described in [7]. The two hash functions are realized by using SHA3, using the domain separators 0x1234FF00 and 0x432100FF, to avoid vulnerabilities as described in [7].

3.3 Related Work on Protocols and Discussion

In this section we give a short overview over previous work implementing post- quantum secured key exchange protocol. In 2014, Bos et al. implemented a TLS cipher suite using R-LWE as replace- ment for ECDH [12]. This work is mainly focused on the key exchange and not on the authentication. Paquin, Stebila, and Tamvada investigated the usage of post-quantum secured schemes in TLS under emulated network conditions [34]. A recent study by Sikeridis, Kampanakis, and Devetsikiotis discusses the inte- gration of post-quantum authenticated protocols into TLS and analyses the use of signature scheme in this context [39]. Additionally, the integration of post- quantum secured algorithms into PKIs and different approaches to hybrid modes regarding digital signature schemes have been investigated in [10]. However, with the migration to post-quantum cryptography several issues arise on embedded devices in the context of authentication. Currently digital signatures seem to be more complicated to construct and to secured than public key encryption or key encapsulation mechanisms. Besides drop-in replacements for RSA or ECC-based signatures, one might also consider so-called hash-based signatures like XMSS [13] or MS. The disadvantage of these alternatives is that the amount of signatures that can be generated from a public-private key pair is limited, that they are relatively costly to compute, and that they require careful state management. B¨urstinghaus-Steinbach, Krauß, Niederhagen, and Schneider integrate and evaluate the use of Kyber [5] and SPHINCS+ [9] on embedded systems. While Kyber seems to perform well, several challenges with the inte- gration of SPHINCS+ were identified regarding signature size and perfomance in this setting [14]. KEMTLS [38] provides an post-quantum secured signature-less alternative to TLS 1.3 by using an IND-CCA-secured KEM for server authentication using SIKE [6], Kyber [5], and NTRU-HRSS [21] as KEMs, and GeMSS [15], XMSS [13], and Falcon [26] as signature schemes. KEMTLS may significantly reduce the handshake size and cycle count, depending on the schemes used, compared to a post-quantum secured instantiation using signatures. The authors report a decrease of up to 16% in client side computational effort and a decrease of up to 90% in server side computational effort. This is supported by an assessment of standalone performance measurements. For example, the optimized implementation of Dilithium-II [17] in the pqm4 li- brary [29] requires on average 4.5 million cycles on a Cortex-M4F microcontroller to generate a signature of 2044 Byte. In addition, due to the non-deterministic behavior of the signature scheme the signing performance may vary greatly. In contrast, the CCA-secured KEM Kyber-512 [5] achieves a security level com- parable to Dilithium-II (both are NIST Security Level-1) but only generates

77 J. Hermelink et al.

10 Hermelink et al.

ciphertexts of 736 byte and requires 0.6 million cycles on the same target device with constant execution time. As a consequence, we chose the AKE protocol of [37] that explicitly does not use signatures for the authentication of messages but instead relies on CCA- secured PKEs.

4 Implementation and Evaluation

4.1 Implementation

We have implemented the certificate exchange and the instantiation of the AKE protocol as described in Section 3 on the AURIX TC39x series of 32-bit Infineon microcontrollers (see Section 2.3 for more details). To implement NewHope1024- CPA-KEM and NewHope1024-CCA-KEM we rely on the code from the PQClean library8, for XMSS we use the implementation9 accompanying [20].

4.2 Performance Measurements

In this section, we provide benchmarks of our implementations running on the AURIX microcontroller. As target device, we have chosen AURIX TC39x with the TriCore running at 300 MHz. We compiled our implementation with the TASKING VX-toolset compiler for TriCore v6.3r1 with a speed optimization of level 3. The code on the AURIX is executed from flash memory. We implemented the protocol routines of both parties of Section 2.2 on the AURIX platform to evaluate the computational costs. In practice, only one party runs on a resource constraint device. However, our interests is in the computa- tional costs of Section 2.2 on the automotive platform. Cycle counts of our implementation can be found in Table 2 for the certificate validation and main components of the protocol AKE protocol (see labels in Pro- tocol 1). In case both parties have to check certificates, both spend 19,881,266 cy- cles for the XMSS verification operation. However, in some use cases the time for certificate validation can be reduced, i.e., by caching of already validated certifi- cates. The cycle counts for the AKE protocol are well balanced with 11,747,082 cycles for U and 12,370,081 for V . Rounding to 20 million cycles for certificate validation and 12.3 million cycles for the AKE protocol and assuming 1 million cycles for internal overhead and communication, it appears possible to execute roughly 9 key exchanges per second (300 MHz/(33.3 million cycles) = 9 ops/s), assuming a computationally powerful counterpart or parallelization. The main cost for U and V is attributed to the Newhope-CCA-PKE encryp- tion and decryption, which accounts for roughly 4.5+4.3=8.8 million cycles out of the 11.8/12.3 million cycles for each party. The difference in cycles counts for U and V stems from different costs of key generation, encaps, and decaps

8 See https://github.com/PQClean/PQClean. 9 See https://github.com/XMSS/xmss-reference.

78 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 11 of the Newhope-CPA-KEM. The party U has to execute KeyGenKEM and De- caps accounting for 2.4+0.3=2.7 million cycles while V has to execute an Encaps operation that costs 3.6 million cycles. The cost of the symmetric func- tion (H1,H2m, Mac) is almost negligible in comparison to the PKE and KEM operations. Therefore, at first glance it seems logical to implement V on the more powerful platform than U. In the scenario or use case of diagnostic services this would translate to implement U on the ECU inside the vehicle and V on the back end. However, having the scenario of remote diagnostic in mind, it is beneficial to implement U inside the vehicle and V in a back end to reduce the computational overhead in the back end for handling multiple diagnostic sessions at once. The size of the exchanged data is provided in Table 3. The transfer of a certificate from U to V and vice-versa requires the exchange of overall 9040 bytes and the AKE protocol requires the exchange of 10308 bytes. This is a non-negligible cost, but also expected with the larger public key and ciphertext sizes of post-quantum algorithms. This exclude the certificate exchange and as optimization certificates may be cached. With 2176 bytes, a Newhope ciphertext is around 4.25 times bigger than the ciphertext of RSAES-PKCS-v1 5 [27] with 4096 bits long keys. The sizes pose a challenge when transferring overall 82 464 bit for m1, m2, and m3 via CAN. When using ISO-TP [24] as transfer protocol between U and V , the transfer of all messages takes about 0.165 seconds on a CAN bus with a throughput of 500 kbit/s (assuming full utilization, in practice the throughput may be lower). As 165 milliseconds are equivalent to 50 million clock cycles on the Aurix running with 300 MHz, it shows that the larger data structures in PQC may cost more performance than the computation. This also indicates that optimization of the data structures is more important than low- level optimization to reduce the cycle counts for cryptographic operations. Note also, that some performance may be gained in some use-cases by parallelization of communication and cryptographic operation.

Table 2. Cycle counts of our implementation running on a TriCore CPU

Algorithm Note Clock Cycles Check cert XMSS-SHA2 10 256 verification 19,881,266 AKE Step 1: Key Gen. U Ephemeral key 6,857,966 AKE Step 2: Response V Response by V 12,270,614 AKE Step 3: Response U Response V 4,889,116 AKE Step 4: Final V Commitment by U 99,467 KeyGenKEM NewHope1024-CPA key generation 2,384,302 Encaps NewHope1024-CPA-KEM encapsulation 3,358,852 Decaps NewHope1024-CPA KEM decapsulation 335,170 Enc NewHope1024-CCA PKE encryption 4,474,476 Dec NewHope1024-CCA PKE decryption 4,308,454

79 J. Hermelink et al.

12 Hermelink et al.

4.3 Acceleration and Optimization Opportunities

Most previous work targeting AURIX was mainly focused on parings [3] and ECC [35]. One notable difference is a paper by Fritzmann, Vith and Sepul- veda [18] in which an optimized implementation of Newhope is provided. By using various performance optimizations, the authors realize Newhope1024-CPA key generation in 1,126,265 cycles, encapsulation in 1,641,684 cycles and decap- sulation in 315,780 cycles. As a consequence, it seems possible to further reduce the runtime of our AKE protocol when the additional complexity induced by smart memory allocation or different compiler settings is acceptable. The performance of the XMSS-based certificate verification is dominated by the cost of SHA2-256 hashes. Usage of a hardware accelerator, e.g., in the HSM of the AURIX might allow further optimization there. In addition, it would be possible to change the PRNG in the Newhope-CPA scheme to AES. This would provide the ability to use hardware-based AES to replace the relatively slow SHA3 PRNG. However, staying compatible with the standard and changing the PRNG does not work for Newhope-CCA as the re-encryption required to achieve CCA-security also requires to fix the specification of the PRNG. To evaluate the protocol, we use the XMSS instance XMSS-SHA2 10 256 with a tree height of 10. This only allows a small number of signatures and thus certificates. However, switching to an XMSS instance with larger tree heights has a very limited impact on the verification performance. For example, XMSS- SHA2 20 256 supports 220 =1, 048, 576 signatures with similar verification per- formance (c.f. Section 2.1). Nevertheless, depending on the use case, a more complex PKI might be needed. Such a PKI could consist of several, hierarchi- cally organized certificate authorities, each holding a private key. Whereas the number of certificates is limited, there is no limit on the number of protocol executions.

Table 3. Size of messages and basic data structures

Message Size (in bytes) m1 4052 m2 6224 m3 32 certificate 4520 Newhope PKE public key 1824 Newhope PKE secret key 3680 Newhope KEM public key 1824 Newhope KEM secret key 1792 Newhope KEM cipher text 2176 Newhope KEM shared secret (kU ) 32 Final shared secret (kU,final) 32

80 Quantum Safe Authenticated Key Exchange

Quantum Safe Authenticated Key Exchange 13

5 Conclusion and Future Work

In this work, we have shown that commercial automotive ECUs can be used to execute quantum-safe diagnose protocols based on a state-of-the-art forward secrecy supporting protocol. We chose a hash-based signature scheme for our PKI and instantiated a re- cently published authenticated key exchange protocol with a lattice based KEM. The instantiated protocol demonstrates the feasibility of using post-quantum se- cured cryptography to establish a secured communication channel for diagnostic access. However, it also shows that the communication overhead (approx. 50 million cycles assuming CAN-TP) is larger than the computation overhead (ap- prox. 32 million cycles for each party). We also emphasize that our approach is not a one-fits all solution but a demonstrator for a suitable combination of post-quantum schemes. Hence, for different automotive use cases, different post- quantum secure algorithms might be needed and the goal of this work is also to spark a discussion on this issues (see also a survey of the QuantumRISC project [11]). We also emphasize our combination of lattice-based KEMs for ephemeral key exchange and key commitment with static XMSS-based signatures provides a fast but also appropriately secured approach with a deterministic runtime. Such property is very important in the embedded domain and when safety and realtime requirements have to be fulfilled. Our work is in line with results on TLS [38] where a similar protocol was used to avoid active signing. However, we note that our choice of XMSS limits the number of certificates that can be issued by the PKI. However, if more certificates are required, a different XMSS variant or a more complex PKI might be needed. Nevertheless, we chose XMSS as it is well understood, offers a high level of trust, and is currently under consideration for standardization (c.f. Section 2.1). Future work consists of the application of the protocol in different use cases, e.g., securing Internet of Things (IoT) devices or implementation on smart cards. Moreover, it may be possible to further optimize the runtime by changing the different primitives (see Section 4.3) and adapting them to the target platform. Especially Kyber, which has been selected for the third round of the NIST process, seems to be a reasonable choice with slightly better performance and a similar level of trust [33]. However, Kyber has the disadvantage that no CPA variant is explicitly specified. A particularly interesting instantiation might be the combination of lattice-based cryptography and code-based cryptography. A code-based scheme with a structured code and fast key generation, like BIKE [4] with a 3,083 byte public key (Level 3) would be suitable for the ephemeral key exchange.

Acknowledgment

This work has been supported by by the German Federal Ministry of Ed- ucation and Research (BMBF) under the project ”Aquorypt” (16KIS1017), ”PQC4MED” (16KIS1041), and “QuantumRISC” (16KIS1034).

81 J. Hermelink et al.

14 Hermelink et al.

References

1. Evita: E-safety vehicle intrusion protected applications, https://www.evita- project.org/ 2. Alkim, E., Avanzi, R., Bos, J., Ducas, L., de la Piedra, A., P¨oppelmann, T., Schwabe, P., Stebila, D.: Newhope – submission to the nist post-quantum project. (2019), https://newhopecrypto.org/data/NewHope 2019 07 10.pdf 3. Andreica, T., Groza, B., Murvay, P.: Applications of pairing-based cryptography on automotive-grade microcontrollers. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) Computer Safety, Reliability, and Security - SAFECOMP 2018 Workshops, V¨aster˚as, Sweden, September 18, 2018, Proceedings. LNCS, vol. 11094, pp. 331–343. Springer (2018), https://doi.org/10.1007/978-3-319-99229-7 28 4. Aragon, N., Barreto, P., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Ga- borit, P., Gueron, S., G¨uneysu, T., Melchor, C.A., Misoczki, R., Persichetti, E., Sendrier, N., Tillich, J.P., Zemor, G., Vasseur, V.: BIKE: Bit flipping key encap- sulation (2020), https://bikesuite.org/files/v4.0/BIKE Spec.2020.05.03.1.pdf 5. Avanzi, R., Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., Stehl´e, D.: Crystals-kyber (version 2.0) – submission to round 2 of the nist post-quantum project (2019), https://pq-crystals.org/ kyber/data/kyber-specification-round2.pdf 6. Azarderakhsh, R., Campagna, M., Costello, C., Feo, L.D., Hess, B., Jalali, A., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Pereira, G., Renes, J., Soukharev, V., Urbanik, D.: Supersingular isogeny key encapsulation (2020), https://sike.org/files/SIDH-spec.pdf 7. Bellare, M., Davis, H., G¨unther, F.: Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology - EUROCRYPT 2020, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II. LNCS, vol. 12106, pp. 3–32. Springer (2020), https: //doi.org/10.1007/978-3-030-45724-2 1 8. Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography. Springer Publishing Company, Incorporated, 1st edn. (2008) 9. Bernstein, D.J., H¨ulsing, A., K¨olbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS+ signature framework, https://sphincs.org/data/sphincs+ -paper.pdf 10. Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum- resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) Post-Quantum Cryptography, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Pro- ceedings. LNCS, vol. 10346, pp. 384–405. Springer (2017), https://doi.org/ 10.1007/978-3-319-59879-6 22 11. B¨ohner, M., Karatsiolis, E., Knoll, T., Kr¨amer, J., Lahr, N., Land, G., M¨uller, M., Noack, D., Reith, S., Sanwald, S., St¨ottinger, M.: Work package 1, deliver- ables 1.1 to 1.3: Use cases and requirements. Website (2020), available https: //quantumrisc.org/results/quantumrisc-wp1-report.pdf 12. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Sym- posium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. pp. 553–570. IEEE Computer Society (2015), https://doi.org/10.1109/SP.2015.40 13. Buchmann, J.A., Dahmen, E., H¨ulsing, A.: XMSS - A practical forward secure signature scheme based on minimal security assumptions. In: Yang, B. (ed.) Post- Quantum Cryptography, PQCrypto 2011, Taipei, Taiwan, November 29 - De-

82 Quantum Safe Authenticated Key Exchange

14 Hermelink et al. Quantum Safe Authenticated Key Exchange 15

References cember 2, 2011. Proceedings. LNCS, vol. 7071, pp. 117–129. Springer (2011), https://doi.org/10.1007/978-3-642-25405-5 8 1. Evita: E-safety vehicle intrusion protected applications, https://www.evita- 14. B¨urstinghaus-Steinbach, K., Krauß, C., Niederhagen, R., Schneider, M.: Post- project.org/ quantum TLS on embedded systems. IACR Cryptol. ePrint Arch. 2020, 308 2. Alkim, E., Avanzi, R., Bos, J., Ducas, L., de la Piedra, A., P¨oppelmann, T., (2020), https://eprint.iacr.org/2020/308 Schwabe, P., Stebila, D.: Newhope – submission to the nist post-quantum project. 15. Casanova, A., Faug`ere, J.C., Macario-Rat, G., Patarin, J., Perret, L., Ryckeghem, (2019), https://newhopecrypto.org/data/NewHope 2019 07 10.pdf J.: Gemss: A great multivariate short signature, https://www-polsys.lip6.fr/ 3. Andreica, T., Groza, B., Murvay, P.: Applications of pairing-based cryptography Links/NIST/GeMSS specification round2.pdf on automotive-grade microcontrollers. In: Gallina, B., Skavhaug, A., Schoitsch, E., 16. Cooper, D., Apon, D., Dang, Q., Davidson, M., Dworkin, M., Miller, C.: Bitsch, F. (eds.) Computer Safety, Reliability, and Security - SAFECOMP 2018 Recommendation for stateful hash-based signature schemes (2019), https:// Workshops, V¨aster˚as, Sweden, September 18, 2018, Proceedings. LNCS, vol. 11094, nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208-draft.pdf pp. 331–343. Springer (2018), https://doi.org/10.1007/978-3-319-99229-7 28 17. Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehl´e, 4. Aragon, N., Barreto, P., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Ga- D.: Crystals-dilithium: A lattice-based digital signature scheme. IACR Trans. borit, P., Gueron, S., G¨uneysu, T., Melchor, C.A., Misoczki, R., Persichetti, E., Cryptogr. Hardw. Embed. Syst. 2018(1), 238–268 (2018), https://doi.org/ Sendrier, N., Tillich, J.P., Zemor, G., Vasseur, V.: BIKE: Bit flipping key encap- 10.13154/tches.v2018.i1.238-268 18. Fritzmann, T., Vith, J., Sepulveda, J.: Post-quantum key exchange mech- sulation (2020), https://bikesuite.org/files/v4.0/BIKE Spec.2020.05.03.1.pdf anism for safety critical systems. In: 17th escar Europe : embedded se- 5. Avanzi, R., Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, curity in cars (Konferenzver¨offentlichung). Ruhr-Universit¨at Bochum, Univer- J.M., Schwabe, P., Seiler, G., Stehl´e, D.: Crystals-kyber (version 2.0) – submission sit¨atsbibliothek (Nov 2019), https://hss-opus.ub.ruhr-uni-bochum.de/opus4/ to round 2 of the nist post-quantum project (2019), https://pq-crystals.org/ frontdoor/deliver/index/docId/6653/file/Kapitel2.pdf kyber/data/kyber-specification-round2.pdf 19. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryp- 6. Azarderakhsh, R., Campagna, M., Costello, C., Feo, L.D., Hess, B., Jalali, tion schemes. In: Wiener, M.J. (ed.) Advances in Cryptology - CRYPTO ’99, Santa A., Koziel, B., LaMacchia, B., Longa, P., Naehrig, M., Pereira, G., Renes, J., Barbara, California, USA, August 15-19, 1999, Proceedings. LNCS, vol. 1666, pp. Soukharev, V., Urbanik, D.: Supersingular isogeny key encapsulation (2020), 537–554. Springer (1999), https://doi.org/10.1007/3-540-48405-1 34 https://sike.org/files/SIDH-spec.pdf 20. Huelsing, A., Butin, D., Gazdag, S.L., Rijneveld, J., Mohaisen, A.: 7. Bellare, M., Davis, H., G¨unther, F.: Separate your domains: NIST PQC KEMs, XMSS: eXtended Merkle Signature Scheme. RFC 8391 (May 2018). oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) https://doi.org/10.17487/RFC8391, https://rfc-editor.org/rfc/rfc8391.txt Advances in Cryptology - EUROCRYPT 2020, Zagreb, Croatia, May 10-14, 21. H¨ulsing, A., Rijneveld, J., Schanck, J.M., Schwabe, P.: NTRU-HRSS-KEM al- 2020, Proceedings, Part II. LNCS, vol. 12106, pp. 3–32. Springer (2020), https: gorithm specifications and supporting documentation (2017), https://ntru- //doi.org/10.1007/978-3-030-45724-2 1 hrss.org/data/ntrukem.pdf 8. Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography. 22. Infineon: AURIXTM32-bit microcontrollers for automotive and industrial applica- Springer Publishing Company, Incorporated, 1st edn. (2008) tions (2020), https://www.infineon.com/dgdl/Infineon-TriCore Family BR-BC- 9. Bernstein, D.J., H¨ulsing, A., K¨olbl, S., Niederhagen, R., Rijneveld, J., Schwabe, v01 00-EN.pdf?fileId=5546d4625d5945ed015dc81f47b436c7 P.: The SPHINCS+ signature framework, https://sphincs.org/data/sphincs+ 23. Federal Office for Information Security, G.: Cryptographic mecha- -paper.pdf nisms:recommendations and key lengths (2020), https://www.bsi.bund.de/ 10. Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum- SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI- resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) Post-Quantum TR-02102-1.pdf? blob=publicationFile&v=10 Cryptography, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Pro- 24. International Organization for Standardization: ISO 15765-2:2016, road vehicles ceedings. LNCS, vol. 10346, pp. 384–405. Springer (2017), https://doi.org/ — diagnostic communication over controller area network (DoCAN (2016), https: 10.1007/978-3-319-59879-6 22 //www.iso.org/standard/66574.html 11. B¨ohner, M., Karatsiolis, E., Knoll, T., Kr¨amer, J., Lahr, N., Land, G., M¨uller, 25. International Organization for Standardization: ISO 26262-1:2018, Road vehicles M., Noack, D., Reith, S., Sanwald, S., St¨ottinger, M.: Work package 1, deliver- — Functional safety (2018), https://www.iso.org/standard/68383.html ables 1.1 to 1.3: Use cases and requirements. Website (2020), available https: 26. Jeffrey, P.A.F., Kirchner, H.P., Lyubashevsky, V., Pornin, T., Prest, T., Ricosset, //quantumrisc.org/results/quantumrisc-wp1-report.pdf T., Seiler, G., Whyte, W., Zhang, Z.: Falcon: Fast-fourier lattice-based compact 12. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for signatures over NTRU, https://falcon-sign.info/falcon.pdf the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Sym- 27. Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: posium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. pp. RSA Cryptography Specifications Version 2.1. RFC 3447 (Feb 2003). 553–570. IEEE Computer Society (2015), https://doi.org/10.1109/SP.2015.40 https://doi.org/10.17487/RFC3447, https://rfc-editor.org/rfc/rfc3447.txt 13. Buchmann, J.A., Dahmen, E., H¨ulsing, A.: XMSS - A practical forward secure 28. Kampanakis, P., Fluhrer, S.R.: LMS vs XMSS: A comparison of the stateful signature scheme based on minimal security assumptions. In: Yang, B. (ed.) Post- hash-based signature proposed standards. IACR Cryptol. ePrint Arch. 2017, 349 Quantum Cryptography, PQCrypto 2011, Taipei, Taiwan, November 29 - De- (2017), http://eprint.iacr.org/2017/349

83 J. Hermelink et al.

16 Hermelink et al.

29. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: Post-quantum Buckle-up: Autonomous Vehicles Could Face crypto library for the ARM Cortex-M4, https://github.com/mupq/pqm4, accessed 25 May 2020 Privacy Bumps in the Road Ahead 30. Krawczyk, H.: SIGMA: the ’SIGn-and-MAc’ approach to authenticated Diffie- Hellman and its use in the IKE-protocols. In: Boneh, D. (ed.) Advances in Cryp- 1 2 1 3 tology - CRYPTO 2003, Santa Barbara, California, USA, August 17-21, 2003, Ioannis Krontiris , Thanassis Giannetsos , Peter Schoo , and Frank Kargl

Proceedings. LNCS, vol. 2729, pp. 400–425. Springer (2003), https://doi.org/ 1 10.1007/978-3-540-45146-4 24 European Research Center, Huawei Technologies, Munich, Germany ioannis.krontiris, peter.schoo @huawei.com 31. McGrew, D., Curcio, M., Fluhrer, S.: Leighton-Micali Hash-Based Signatures. RFC 2 Cyber Security,{ Department of Applied Mathematics} and Computer Science, 8554 (Apr 2019). https://doi.org/10.17487/RFC8554, https://rfc-editor.org/ Technical University of Denmark rfc/rfc8554.txt [email protected] 32. National Institute of Standards and Technology: Submission requirements 3 Institute of Distributed Systems, University of Ulm, Germany and evaluation criteria for the post-quantum cryptography standardization [email protected] process (2016), https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum- Cryptography/documents/call-for-proposals-final-dec-2016.pdf 33. National Institute of Standards and Technology: Status report on the second round of the nist post-quantum cryptography standardization process (2019), https: Abstract. Autonomous vehicles, as part of the emerging Intelligent Transportation Systems (ITS), are positioned to transform the future //nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf of mobility — a change enabled by new on-board sensors, as well as 34. Paquin, C., Stebila, D., Tamvada, G.: Benchmarking post-quantum cryptography the exchange of information between vehicles and between vehicles and in TLS. Cryptology ePrint (December 2019), https://www.microsoft.com/en-us/ transport infrastructure. This raises new and unique privacy considera- research/publication/benchmarking-post-quantum-cryptography-in-tls/ tions around what happens with the data. As the automotive industry 35. Popa, L., Groza, B., Murvay, P.: Performance evaluation of elliptic curve libraries becomes more data-driven, getting consumer privacy rights will become on automotive-grade microcontrollers. In: Proceedings of the 14th International increasingly important for establishing trust and customer acceptance Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, of this technology. In this paper we analyze what are the new privacy August 26-29, 2019. pp. 100:1–100:7. ACM (2019), https://doi.org/10.1145/ and data protection challenges that emerge in this domain and we put 3339252.3341480 forth directions of research initiatives for overcoming these challenges. 36. Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC We build the discussion around legal compliance, identity management, in-vehicle data recording, and anonymization of vehicle data. We then 8446 (Aug 2018). https://doi.org/10.17487/RFC8446, https://rfc-editor.org/ debate on the advantages brought forth by emerging technologies (rang- rfc/rfc8446.txt ing from the intersection of distributed edge and fog computing to new 37. de Saint Guilhem, C., Smart, N.P., Warinschi, B.: Generic forward-secure key 5G-enabled smart connectivity networks) and how such innovations can agreement without signatures. In: Nguyen, P.Q., Zhou, J. (eds.) Information Se- fulfill advanced privacy requirements in automotive industry. curity - 20th International Conference, ISC 2017, Ho Chi Minh City, Vietnam, November 22-24, 2017, Proceedings. LNCS, vol. 10599, pp. 114–133. Springer Keywords: Privacy Data Protection Autonomous Driving V2X · · · (2017), https://doi.org/10.1007/978-3-319-69659-1 7 Communication In-vehicle Data Recording Identity Management · · 38. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signa- tures. IACR Cryptol. ePrint Arch. 2020, 534 (2020), https://eprint.iacr.org/ 2020/534 1 Introduction 39. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: A performance study. IACR Cryptol. ePrint Arch. 2020, 71 (2020), In the last years, there has been a lot of interest in the development of vehicles https://eprint.iacr.org/2020/071 capable of driving autonomously. Autonomous vehicles (AVs) promise highly 40. Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and increased traffic safety and fuel efficiency, better use of the infrastructure, and OAEP transforms. In: Hirt, M., Smith, A.D. (eds.) Theory of Cryptography, the liberation of drivers to perform other tasks. For these reasons, autonomous TCC 2016-B, Beijing, China, October 31 - November 3, 2016, Proceedings, Part driving may create a paradigm shift in the way people and goods are transported. II. LNCS, vol. 9986, pp. 192–216 (2016), https://doi.org/10.1007/978-3-662- 53644-5 8 Connectivity and communication technology – V2V as well as V2X commu- nication – is considered a key success factor paving the way for the successful implementation of autonomous driving functions. V2X communication enables two key features in AVs: cooperative sensing, which increases the sensing range by means of the mutual exchange of sensed data, and cooperative maneuvering, which enables a group of AVs to drive according to a common decision-making

84