IEEE ACCESS, vol.10, pp.69135-69146, 2022 (SCI-Expanded)
In resource-constrained devices such as Subscriber Identity Module (SIM), the possibility of using authentication and key exchange methods, which include the mutual verification of two parties to ensure the security of communication, provides a significant advantage. As the cost efficient computations may not be efficiently performed on resource-constrained devices, security is the main problem for SIMs. With the advancing technology and the use of quantum computers, it is predicted that this may lead to threats. It is a well-known fact that security on traditional public key cryptosystems will become vulnerable by using quantum computers due to Shor's algorithm. In this paper, two different resistant to quantum attacks structures are proposed to ensure secure communication between SIM and service providers. In the proposed methods, Advanced Encryption Standard (AES-256) is used for communication with resource-constrained devices, and N-th degree Truncated polynomial Ring Units (NTRU) encryption system is used for communication with servers. Two methods are proposed, one with the private key and one without the private key in the production phase. This protocol provides authentication, data privacy and integrity for post-quantum SIM cards. The proposed method is inspired by the FLAT (Federated Lightweight Authentication) protocol. However, the main difference from the FLAT protocol is that it has more nodes and is resistant to quantum attacks.