We present a post-quantum (PQ) upgrade of RESEKRA, a Trusted Platform Module (TPM)-centric remote attestation protocol for IoT devices, aligned with FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA). Our hybrid design combines lattice cryptography with RSA/ECC and requires verification under both classical and PQ models to prevent downgrade attacks. It runs on unmodified commodity TPMs and supports dynamic enrolment, sealed-key attestation, and verifier-controlled policy updates on resource-constrained platforms. Each successful attestation is anchored in Hyperledger Fabric, which forms a tamper-evident audit trail that mitigates single points of failure in audit availability through distributed endorsement and thwarts rollback attempts.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

On the Implementation of Post-quantum Remote Attestation Protocols for IoT

  • Daniel Sanz Sobrino,
  • Roger Farrerons Calbet,
  • David Arroyo,
  • Andrés Marín López

摘要

We present a post-quantum (PQ) upgrade of RESEKRA, a Trusted Platform Module (TPM)-centric remote attestation protocol for IoT devices, aligned with FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA). Our hybrid design combines lattice cryptography with RSA/ECC and requires verification under both classical and PQ models to prevent downgrade attacks. It runs on unmodified commodity TPMs and supports dynamic enrolment, sealed-key attestation, and verifier-controlled policy updates on resource-constrained platforms. Each successful attestation is anchored in Hyperledger Fabric, which forms a tamper-evident audit trail that mitigates single points of failure in audit availability through distributed endorsement and thwarts rollback attempts.