Quantum-safe Remote Attestation

In recent years quantum computing has been rapidly developing and its impact on cybersecurity is a major concern. Problems once considered impossible to solve using traditional computational platforms have now become manageable for quantum computers. All encryption methods based on RSA and other classical algorithms are at serious risk: RSA and elliptic curve cryptography rely on mathematical problems such as integer factorization and discrete logarithms, and quantum algorithms like Shor's and Grover's can crack them in a really fast way. This work focuses on the impact of quantum computing on the field of remote attestation. Remote attestation is a process used by an external entity to verify the integrity and trustworthiness of a computational node. It ensures that a system has not been tampered with, and plays a key role in protecting sensitive information. However, remote attestation mechanisms rely on cryptographic primitives that are vulnerable to quantum attacks. Soon, adversaries equipped with quantum computers could forge cryptographic proofs, compromise key exchange mechanisms, and fake the very foundation of trust in remote attestation systems. This makes the transition to quantum-resistant cryptographic algorithms necessary to maintain the security of trusted computing environments. The proposed solution implements the integration of post-quantum cryptographic algorithms into the Keylime framework. Keylime is an open-source platform that provides a modular environment for remote attestation, using the Trusted Platform Module (TPM) for cryptographic tasks. To ensure that the system remains secure against quantum threats, this thesis proposes the SPHINCS+ signature scheme. This quantum-safe algorithm is among the most promising candidates in the post-quantum cryptography standardization process. The tests also study the challenges of the transition to post-quantum cryptography, such as the larger signature sizes of these algorithms and the computational load caused by these more complex operations. Despite these challenges, the work provides valuable insight into the use of quantum-safe techniques in a remote attestation environment.