增强交通信息物理系统安全性：向后量子密码学的转型 (Enhancing Transportation Cyber-Physical Systems Security: A Shift to Post-Quantum Cryptography)

from arxiv, This version has been submitted to ACM Transactions on Cyber-Physical Systems (Special Issue on Security and Privacy in Safety-Critical Cyber-Physical Systems) and is currently under peer review. Please note that the abstract in this version has been revised from the ACM-submitted version to comply with arXiv's 1920-character limit

The rise of quantum computing threatens traditional cryptographic algorithms that secure Transportation Cyber-Physical Systems (TCPS). Shor's algorithm poses a significant threat to RSA and ECC, while Grover's algorithm reduces the security of symmetric encryption schemes, such as AES. The objective of this paper is to underscore the urgency of transitioning to post-quantum cryptography (PQC) to mitigate these risks in TCPS by analyzing the vulnerabilities of traditional cryptographic schemes and the applicability of standardized PQC schemes in TCPS. We analyzed vulnerabilities in traditional cryptography against quantum attacks and reviewed the applicability of NIST-standardized PQC schemes, including CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+, in TCPS. We conducted a case study to analyze the vulnerabilities of a TCPS application from the Architecture Reference for Cooperative and Intelligent Transportation (ARC-IT) service package, i.e., Electronic Toll Collection, leveraging the Microsoft Threat Modeling tool. This case study highlights the cryptographic vulnerabilities of a TCPS application and presents how PQC can effectively counter these threats. Additionally, we evaluated CRYSTALS-Kyber's performance across wired and wireless TCPS data communication scenarios. While CRYSTALS-Kyber proves effective in securing TCPS applications over high-bandwidth, low-latency Ethernet networks, our analysis highlights challenges in meeting the stringent latency requirements of safety-critical wireless applications within TCPS. Future research should focus on developing lightweight PQC solutions and hybrid schemes that integrate traditional and PQC algorithms, to enhance compatibility, scalability, and real-time performance, ensuring robust protection against emerging quantum threats in TCPS.

翻译：量子计算的兴起威胁着保障交通信息物理系统（TCPS）安全的传统密码算法。Shor算法对RSA和ECC构成重大威胁，而Grover算法则降低了AES等对称加密方案的安全性。本文旨在通过分析传统密码方案的脆弱性以及标准化后量子密码（PQC）方案在TCPS中的适用性，强调向PQC转型以缓解TCPS中此类风险的紧迫性。我们分析了传统密码学面对量子攻击的脆弱性，并综述了NIST标准化PQC方案（包括CRYSTALS-Kyber、CRYSTALS-Dilithium和SPHINCS+）在TCPS中的适用性。我们通过案例研究，利用微软威胁建模工具分析了来自合作式智能交通架构参考（ARC-IT）服务包（即电子收费系统）的TCPS应用的脆弱性。该案例研究揭示了TCPS应用的密码学脆弱性，并展示了PQC如何有效应对这些威胁。此外，我们评估了CRYSTALS-Kyber在有线与无线TCPS数据通信场景中的性能。虽然CRYSTALS-Kyber被证明能有效保护高带宽、低延迟以太网环境中的TCPS应用，但我们的分析指出其在满足TCPS内安全关键型无线应用严格延迟要求方面仍面临挑战。未来研究应聚焦于开发轻量级PQC解决方案以及融合传统密码与PQC算法的混合方案，以提升兼容性、可扩展性和实时性能，从而确保TCPS在面对新兴量子威胁时获得强健防护。