Internet Measurement of Quantum-Resistant IKEv2 in Constrained Networks

Within 1-2 decades, quantum computers are expected to obsolesce current public-key cryptography, driving authorities such as IETF and NIST to push for adopting quantum-resistant cryptography (QRC) in ecosystems like Internet Protocol Security (IPsec). However, IPsec struggles to adopt QRC, primarily due to the limited ability of Internet Key Exchange Protocol Version 2 (IKEv2), which establishes IPsec connections, to tolerate the large public keys and digital signatures of QRC. Many solutions (e.g., IETF RFCs) are proposed to integrate QRC into IKEv2, but remain largely untested in practice. In this paper, we measure the performance of these proposals over the Internet by designing and implementing a novel, scalable, and flexible testbed for quantum-resistant IPsec, and we expose the serious shortcomings of existing proposals for quantum-resistant IKEv2 when deployed in constrained (e.g., lossy, rate-limited) networks. Through experimental deployments ranging from cloud-based virtual networks to hardware-in-the-loop wireless links between software-defined radios, as well as deployment on the international FABRIC testbed for next-generation networks, we show that today's solutions for quantum-resistant IPsec are insufficient, necessitating development of better approaches.