Post-Quantum Cryptography Based Secure Mutual Authentication Mechanism for TDM-PONs

Paper in proceeding, 2023

Passive Optical Networks (PONs) are widely used in fixed-access networks for delivering connectivity to domestic, commercial and industrial users. Authentication and encryption are required in PONs, because of their vulnerability to Optical Network Unit (ONU) impersonating or downstream data sniffing attacks. The research community has pointed out the vulnerabilities of the authentication mechanisms enforced in PON, and has proposed Shared Mutual Authentication (SMA) using Public-Key Cryptography (PKC) based on Diffie-Hellman. However, this last is vulnerable to attacks from quantum computers. This work proposes using Post-Quantum Cryptography (PQC) for SMA in Time-Division Multiplexing (TDM)-PONs. Kyber is selected for the proposed SMA mechanism. This algorithm is the finalist in the PQC standardization process of the National Institute of Standards and Technology (NIST). The feasibility of the proposed Kyber SMA mechanism is shown in a simulation, and it is compared against a baseline SMA from the 10-Gigabitcapable Passive Optical Network (XG-PON) and a state-of-the-art SMA based on Diffie-Hellman. The proposed Kyber SMA mechanism requires more random bytes, has a longer execution time than the baseline and its overhead is similar to the state-of-the-art mechanism with similar security features but based on classical cryptography. According to the presented evaluations, the proposed approach is feasible and offers an SMA resistant to threats from traditional and quantum computers.