Security-Enhanced WireGuard Protocol Design Using Quantum Key Distribution | IEEE Conference Publication | IEEE Xplore

Security-Enhanced WireGuard Protocol Design Using Quantum Key Distribution


Abstract:

WireGuard is a pioneering and lightweight Virtual Private Network (VPN) protocol that has been merged into the Linux kernel. It leverages the Noise secure framework to pr...Show More

Abstract:

WireGuard is a pioneering and lightweight Virtual Private Network (VPN) protocol that has been merged into the Linux kernel. It leverages the Noise secure framework to provide advanced security functionalities, such as identity hiding and perfect forward security. Although WireGuard has an optional pre-shared key mode to ensure key security, the advanced security features are guaranteed by asymmetric cryptography algorithms, which cannot be held in the face of superior quantum computers. To achieve quantum-resistant security, WireGuard should avoid using vulnerable asymmetric cryptography algorithms that are currently deeply integrated into the WireGuard protocol. In this paper, we present a solution to enhance the security of WireGuard by integrating Quantum Key Distribution (QKD). We first change the security mode to tunnel-orient Pre-Shared Keys (PSK) as the authentication anchor. We also design QKD-assisted ephemeral keys and corresponding Key Encapsulation Mechanism (KEM) to achieve WireGuard's advanced security properties without using asymmetric cryptography. We also integrate QKD keys during the key derivation to provide further security. Finally, we implement the entire protocol named WireGuard-QKD in Golang and evaluate its performance and security.
Date of Conference: 19-22 February 2024
Date Added to IEEE Xplore: 21 June 2024
ISBN Information:

ISSN Information:

Conference Location: Big Island, HI, USA

Contact IEEE to Subscribe

References

References is not available for this document.