| Project ID |
BITS-SRIP/4C69E4/2026 |
| Project Title |
Quantum-Resilient VPN Security: Integrating Post-Quantum Cryptography into the IPsec Protocol |
| Project Description |
The rapid progress in quantum computing poses a fundamental threat to classical public-key cryptographic primitives currently used in securing network communications. Protocols such as IPsec, which form the backbone of Virtual Private Network (VPN) security, rely heavily on RSA, Diffie–Hellman (DH), and Elliptic Curve Cryptography (ECC) for key exchange and authentication—mechanisms that are vulnerable to polynomial-time attacks using sufficiently powerful quantum computers. This creates an urgent need to transition existing network security infrastructures toward quantum-resilient alternatives.
This project focuses on the systematic integration of Post-Quantum Cryptography (PQC) into the IPsec protocol stack to enable quantum-safe VPN tunnels. The research will investigate the feasibility, performance, and security implications of replacing or augmenting classical cryptographic mechanisms within IPsec—particularly Internet Key Exchange (IKEv2)—with NIST-standardized and candidate PQC algorithms. Emphasis will be placed on hybrid cryptographic designs that combine classical and post-quantum key exchange schemes to ensure backward compatibility and graceful transition in real-world deployments.
The study will involve architectural modifications to the IPsec/IKEv2 handshake, secure key establishment workflows, and authentication procedures to support lattice-based and hash-based cryptographic primitives. Performance trade-offs such as increased key sizes, computational overhead, latency, and bandwidth consumption will be quantitatively evaluated through simulation and experimental testbeds. Additionally, the work will assess resistance against quantum-enabled adversarial models, including “store-now, decrypt-later” attacks, while maintaining compliance with existing IPsec security associations and policy frameworks.
The expected outcomes of this research include:
1. A quantum-resilient IPsec VPN architecture incorporating post-quantum and hybrid cryptographic mechanisms.
2. A detailed security analysis demonstrating resistance to both classical and quantum cryptanalytic attacks.
3. Performance benchmarks comparing classical IPsec, hybrid IPsec, and fully post-quantum IPsec configurations.
4. Research publications and technical documentation contributing to standardization and future-proof network security practices. |
| Project Discipline |
Computer Science / Information Security / Cyber Security / Cryptography and Network Security |
| Faculty Name |
Ashutosh Bhatia |
| Department |
Department of Computer Science & Information Systems |
