Post-quantum RFC 9242 and RFC 9370 hybrid keys make IKEv2 VPNs resistant to attacks
by quantum computers.
Where Can I Use This? | What Do I Need? |
Post-quantum IKEv2 VPNs based on RFC 9242 and RFC 9370 work by creating a
hybrid key using two or more key exchange mechanisms (KEMs) in the initial peering
exchange (the IKE_SA_INIT Exchange). Hybrid keys provide quantum resistance by
preventing a compromised KEM from allowing quantum attack using Harvest Now, Decrypt
Later (HNDL) to succeed. As long as all KEMs used to create the hybrid key are not
compromised, the data is still protected.
As the standards are still relatively new and each vendor can have
different interpretations of the standard for their implementation, keeping the
configurations identical on both sides helps to keep things simple and enable the
post-quantum VPN tunnel to come up successfully. To minimize the chances of
interoperability, make sure both sides of the VPN tunnel are configured with the
same PQCs and security strengths in each of the optional key negotiation rounds.
Also check the IKEv2 fragmentation settings on both sides to ensure they are
configured correctly.
Set up IKEv2 peering and an IPSec
tunnel before configuring your post-quantum components. Additionally,
ensure you have security policies that permit the IKEv2 and IPSec traffic
between the firewalls and enable logging.
To ensure data is protected for long durations, more than two KEMs should
be used, and you can further add defense-in-depth by enabling both pre-shared key
through RFC 8784 and hybrid key through RFC 9242 and RFC 9370.
To make your IKEv2 VPNs resistant to quantum attacks: