Post-Quantum Virtual Private Network (VPN)

Following my article on Post-Quantum Session Key Management, I was asked the question if the same design principle can also be applied to securing Virtual Private Networks (VPNs).

Virtual Private Networks (VPNs)

A google search shows that this is already being worked on in "RFC 8784 - Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security". In short, the standard  stipulates that all communicating parties have a list of pre-shared keys which can be used to derive session authentication keys and session encryption keys which are used to ensure the confidentiality, integrity and authenticity (CIA) of the data and communication.

But what if you want the achieve quantum-safe IPSEC VPN communication today? Well, just following the following steps:

• Use Pre-shared keys (not certificates). Pre-shared keys that are randomly generated are not vulnerable to quantum attacks. In order to prevent a brute-force search, these pre-shared keys should be at least 32 bytes (256 bits) in length, and preferably the maximum 64 bytes (512 bits).
• Choose AES (not 3DES) for encryption. To achieve quantum security level 1, you need to use the minimum AES-128 encryption, while to achieve the highest quantum security level 5, AES-256 encryption is needed. The AES mode should be GCM/CTR as other modes have possible side-channel attacks.
• Choose HMAC-SHA2 (not SHA1 or MD5) for message authentication. The corresponding message authentication should be HMAC-SHA256 for security level 1 and HMAC-SHA512 for security level 5.
• Change the Pre-shared keys regularly. Depending on the usage, the pre-shared keys should be changed to prevent a systemic security breakdown if the keys are leaked for any reason. Each subsequent set of pre-shared keys should also be independently generated to ensure forward secrecy. 
  

Taking simple steps to make your VPN quantum-safe is already possible without additional equipment costs. Do note that this setup requires an additional process of disseminating pre-shared keys securely which may have to be achieved via physical (non-digital) means.