Post-Quantum Cryptography for Linux File System Integrity

Post-Quantum Cryptography for Linux File System Integrity

연구 분야: Cryptography

학회: International Conference on Applied Cryptography and Network Security

Advances in the development of powerful quantum computers threaten to compromise the security of classical asymmetric cryptography and its applications, one of which is the Appraise mechanism of the Linux Integrity Measurement Architecture (IMA). It extends the concept of secure boot up to Linux user space by verifying file authenticity using digital signatures. In this paper, we explore the integration of quantum-resistant signature algorithms in Linux IMA-Appraise. For our study, we considered the three signature algorithms selected for standardization in the PQC standardization process of the National Institute of Standards and Technology, ML-DSA, SLH-DSA, and Falcon, as well as the stateful HSS, standardized by the Internet Engineering Task Force. We assessed the compatibility of all algorithms with IMA-Appraise and found that mechanisms in the underlying file system to store extended file attributes can severely influence compatibility. For compatible algorithms and file systems, we evaluated the impact on disk usage and signature verification overhead. Our results show that in both domains - disk space and performance - lattice-based algorithms impose close to zero overhead or even enhance performance, while hash-based algorithms can introduce disproportionately high overhead when compared to RSA and elliptic curve signatures. Based on our findings, we provide recommendations for algorithms suitable for IMA-Appraise and for integration into the Linux kernel.