Publications - Pervasive Computing Laboratory

Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco entropy home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT IPTV magos Pervasive computing privacy Protocols Qursa raudo2 Security Smart Card Trust management Ubisec VANETs 
Show all
2025
 Blanco-Romero, Javier;  Otero-Garcia, Pedro;  Sobral-Blanco, Daniel;  Almenares-Mendoza, Florina;  Fernandez-Vilas, Ana;  Diaz-Redondo, Rebeca
QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers Conference 
2025.
Abstract | Links | BibTeX | Tags: I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS
@conference{javierblanco005,

title = {QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers},

author = {Javier Blanco-Romero and Pedro Otero-Garcia and Daniel Sobral-Blanco and Florina Almenares-Mendoza and Ana Fernandez-Vilas and Rebeca Diaz-Redondo},

doi = { https://doi.org/10.48550/arXiv.2503.07196},

year  = {2025},

date = {2025-03-10},

urldate = {2025-03-10},

abstract = {Quantum Key Distribution (QKD) promises information-theoretic security, yet integrating QKD into existing protocols like TLS remains challenging due to its fundamentally different operational model. In this paper, we propose a hybrid QKD-KEM protocol with two distinct integration approaches: a client-initiated flow compatible with both ETSI 004 and 014 specifications, and a server-initiated flow similar to existing work but limited to stateless ETSI 014 APIs. Unlike previous implementations, our work specifically addresses the integration of stateful QKD key exchange protocols (ETSI 004) which is essential for production QKD networks but has remained largely unexplored. By adapting OpenSSL’s provider infrastructure to accommodate QKD’s pre-distributed key model, we maintain compatibility with current TLS implementations while offering dual layers of security. Performance evaluations demonstrate the feasibility of our hybrid scheme with acceptable overhead, showing that robust security against quantum threats is achievable while addressing the unique requirements of different QKD API specifications.},

keywords = {I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS},

pubstate = {published},

tppubtype = {conference}

}

Close
Quantum Key Distribution (QKD) promises information-theoretic security, yet integrating QKD into existing protocols like TLS remains challenging due to its fundamentally different operational model. In this paper, we propose a hybrid QKD-KEM protocol with two distinct integration approaches: a client-initiated flow compatible with both ETSI 004 and 014 specifications, and a server-initiated flow similar to existing work but limited to stateless ETSI 014 APIs. Unlike previous implementations, our work specifically addresses the integration of stateful QKD key exchange protocols (ETSI 004) which is essential for production QKD networks but has remained largely unexplored. By adapting OpenSSL’s provider infrastructure to accommodate QKD’s pre-distributed key model, we maintain compatibility with current TLS implementations while offering dual layers of security. Performance evaluations demonstrate the feasibility of our hybrid scheme with acceptable overhead, showing that robust security against quantum threats is achievable while addressing the unique requirements of different QKD API specifications.
Close
doi: https://doi.org/10.48550/arXiv.2503.07196
Close
2024
 Blanco-Romero, Javier;  Lorenzo, Vicente;  Almenares, Florina;  Díaz-Sánchez, Daniel;  García-Rubio, Carlos;  Campo, Celeste;  Marín, Andrés
Evaluating integration methods of a quantum random number generator in OpenSSL for TLS Journal Article 
In: vol. 255, 2024, ISBN: 1389-1286.
Abstract | Links | BibTeX | Tags: compromise, I-Shaper, Linux, OpenSSL, QRNGs, Quantum random number generators, Qursa, TLS
@article{javierblanco003,

title = {Evaluating integration methods of a quantum random number generator in OpenSSL for TLS},

author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares and Daniel Díaz-Sánchez and Carlos García-Rubio and Celeste Campo and Andrés Marín},

url = {https://www.sciencedirect.com/science/article/pii/S1389128624007096?via%3Dihub},

doi = {https://doi.org/10.1016/j.comnet.2024.110877},

isbn = {1389-1286},

year  = {2024},

date = {2024-10-25},

urldate = {2024-10-25},

volume = {255},

publisher = {Computer Networks},

abstract = {The rapid advancement of quantum computing poses a significant threat to conventional cryptography. Whilst post-quantum cryptography (PQC) stands as the prevailing trend for fortifying the security of cryptographic systems, the coexistence of quantum and classical computing paradigms presents an opportunity to leverage the strengths of both technologies, for instance, nowadays the use of Quantum Random Number Generators (QRNGs) – considered as True Random Number Generators (TRNGs) – opens up the possibility of discussing hybrid systems. In this paper, we evaluate both aspects, on the one hand, we use hybrid TLS (Transport Layer Security) protocol that leverages the widely used secure protocol on the Internet and integrates PQC algorithms, and, on the other hand, we evaluate two approaches to integrate a QRNG, i.e., Quantis PCIe-240M, in OpenSSL 3.0 to be used by TLS. Both approaches are compared through a Nginx Web server, that uses OpenSSL’s implementation of TLS 1.3 for secure web communication. Our findings highlight the importance of optimizing such integration method, because while direct integration can lead to performance penalties specific to the method and hardware used, alternative methods demonstrate the potential for efficient QRNG deployment in cryptographic systems.},

keywords = {compromise, I-Shaper, Linux, OpenSSL, QRNGs, Quantum random number generators, Qursa, TLS},

pubstate = {published},

tppubtype = {article}

}

Close
The rapid advancement of quantum computing poses a significant threat to conventional cryptography. Whilst post-quantum cryptography (PQC) stands as the prevailing trend for fortifying the security of cryptographic systems, the coexistence of quantum and classical computing paradigms presents an opportunity to leverage the strengths of both technologies, for instance, nowadays the use of Quantum Random Number Generators (QRNGs) – considered as True Random Number Generators (TRNGs) – opens up the possibility of discussing hybrid systems. In this paper, we evaluate both aspects, on the one hand, we use hybrid TLS (Transport Layer Security) protocol that leverages the widely used secure protocol on the Internet and integrates PQC algorithms, and, on the other hand, we evaluate two approaches to integrate a QRNG, i.e., Quantis PCIe-240M, in OpenSSL 3.0 to be used by TLS. Both approaches are compared through a Nginx Web server, that uses OpenSSL’s implementation of TLS 1.3 for secure web communication. Our findings highlight the importance of optimizing such integration method, because while direct integration can lead to performance penalties specific to the method and hardware used, alternative methods demonstrate the potential for efficient QRNG deployment in cryptographic systems.
Close
https://www.sciencedirect.com/science/article/pii/S1389128624007096?via%3Dihub
doi:https://doi.org/10.1016/j.comnet.2024.110877
Close