eISSN: 2978-3712 editor@irjernet.com
All Journals
Submit your article

Frontiers in Emerging Computer Science and Information Technology

Open Access Peer Review International
Open Access

Quantum-Safe VPNs for Financial Institution Backbones

DOI
pdf
Ashutosh Chandra Jha 1
4 Network Security Engineer, New York, USA

Abstract

This study assesses quantum-safe virtual private networks to backbones of financial institutions that experience harvest-now-decrypt-later risk. It integrates hybrid key exchange with X25519 and Kyber, as well as KEM-authenticated TLS. A testbed is used to simulate metro, regional, and long-haul paths (10, 50, and 100 ms round-trip, 1 percent loss), measuring time to first valid packet, goodput, fragmentation, and CPU utilization, as researchers vary the MTU, NAT-T, and offload. The threat model includes passive recording, active downgrade, man-in-the-middle attack interference, and insider misuse: experimental MOS-PK 47, 48. Greater post-quantum artifacts and HelloRetry/IKE cookies challenges increase control-plane cost, driving cold-start latency to hundreds of milliseconds on very long-haul links. Throughput on the data plane remains several percent apart from classical. Jumbo frames minimise the CPU load of software gateways, and ASIC offloading can be used to prevent capacity loss. The primary failure inducers are path-MTU black-holing as enlarged handshakes cross mixed-MPLS and Internet paths. Silent drops are eliminated with MSS closer to 1360 bytes, deterministic DF policy, active PMTUD, and IKE fragmentation stabilizes rekeys. The study provides a deployment playbook that jitters and batches rekeys, pins cipher suites, and monitors golden signals, and advances a blueprint that is auditable. The ability to migrate PKI with hybrid or cross-chained hierarchies, OCSP stapling, uniform telemetry, and cohort-based promotion provides the needed crypto agility without breaking service levels. The feasibility is proven, and regular validation and reassessment drills address residual risk.

How to Cite

Ashutosh Chandra Jha. (2024). Quantum-Safe VPNs for Financial Institution Backbones. Frontiers in Emerging Computer Science and Information Technology, 1(2), 50–74. Retrieved from https://irjernet.com/index.php/fecsit/article/view/178
⬇ Endnote/Zotero/Mendeley (RIS) ⬇ BibTeX

References

πŸ“„ Bock, L. (2022). Learn Wireshark: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark. Packt Publishing Ltd.
πŸ“„ Cao, Y., Zhao, Y., Wang, Q., Zhang, J., Ng, S. X., & Hanzo, L. (2022). The evolution of quantum key distribution networks: On the road to the qinternet. IEEE Communications Surveys & Tutorials, 24(2), 839-894.
πŸ“„ Chavan, A. (2021). Eventual consistency vs. strong consistency: Making the right choice in microservices. International Journal of Software and Applications, 14(3), 45-56. https://ijsra.net/content/eventual-consistency-vs-strong-consistency-making-right-choice-microservices
πŸ“„ Chavan, A. (2023). Managing scalability and cost in microservices architecture: Balancing infinite scalability with financial constraints. Journal of Artificial Intelligence & Cloud Computing, 2, E264. http://doi.org/10.47363/JAICC/2023(2)E264
πŸ“„ Ebrahim, Y. K. (2020). Security analysis of website certificate validation.
πŸ“„ Friedberger, S. (2019). Security of Cryptographic Implementations.
πŸ“„ Gai, S. (2020). Building a future-proof cloud infrastructure: A unified architecture for network, security, and storage services. Addison-Wesley Professional.
πŸ“„ Gavazzi, A., Williams, R., Kirda, E., Lu, L., King, A., Davis, A., & Leek, T. (2023). A study of {Multi-Factor} and {Risk-Based} authentication availability. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 2043-2060).
πŸ“„ Hadan, H., Serrano, N., & Camp, L. J. (2021). A holistic analysis of web-based public key infrastructure failures: comparing experts' perceptions and real-world incidents. Journal of Cybersecurity, 7(1), tyab025.
πŸ“„ Joshi, R. (2022). In-Network Techniques for Highly Reliable Datacenter Networks (Doctoral dissertation, National University of Singapore (Singapore)).
πŸ“„ Joshua, T. (2023). A Secure Model for Student Results Verification Using Salted Hash Functions.
πŸ“„ Karwa, K. (2023). AI-powered career coaching: Evaluating feedback tools for design students. Indian Journal of Economics & Business. https://www.ashwinanokha.com/ijeb-v22-4-2023.php
πŸ“„ Khazraee, M. (2020). Reducing the development cost of customized hardware acceleration for cloud infrastructure. University of California, San Diego.
πŸ“„ Kjell, E., & Frisenfelt, S. (2021). Characterization of cipher suite selection, downgrading, and other weaknesses observed in the wild.
πŸ“„ Konneru, N. M. K. (2021). Integrating security into CI/CD pipelines: A DevSecOps approach with SAST, DAST, and SCA tools. International Journal of Science and Research Archive. Retrieved from https://ijsra.net/content/role-notification-scheduling-improving-patient
πŸ“„ Kumar, A. (2019). The convergence of predictive analytics in driving business intelligence and enhancing DevOps efficiency. International Journal of Computational Engineering and Management, 6(6), 118-142. Retrieved from https://ijcem.in/wp-content/uploads/THE-CONVERGENCE-OF-PREDICTIVE-ANALYTICS-IN-DRIVING-BUSINESS-INTELLIGENCE-AND-ENHANCING-DEVOPS-EFFICIENCY.pdf
πŸ“„ Kumar, V. (2023). Digital hotspots. In The Economic Value of Digital Disruption: A Holistic Assessment for CXOs (pp. 689-795). Singapore: Springer Nature Singapore.
πŸ“„ Liechti, L., Gouveia, P., Neves, J., Kropf, P., Matos, M., & Schiavoni, V. (2019, October). THUNDERSTORM: a tool to evaluate dynamic network topologies on distributed systems. In 2019 38th Symposium on Reliable Distributed Systems (SRDS) (pp. 241-24109). IEEE.
πŸ“„ Nawrocki, M., Blendin, J., Dietzel, C., Schmidt, T. C., & WΓ€hlisch, M. (2019, October). Down the black hole: dismantling operational practices of BGP blackholing at IXPs. In Proceedings of the Internet Measurement conference (pp. 435-448).
πŸ“„ Nyati, S. (2018). Revolutionizing LTL carrier operations: A comprehensive analysis of an algorithm-driven pickup and delivery dispatching solution. International Journal of Science and Research (IJSR), 7(2), 1659-1666. Retrieved from https://www.ijsr.net/getabstract.php?paperid=SR24203183637
πŸ“„ Nyati, S. (2018). Transforming telematics in fleet management: Innovations in asset tracking, efficiency, and communication. International Journal of Science and Research (IJSR), 7(10), 1804-1810. Retrieved from https://www.ijsr.net/getabstract.php?paperid=SR24203184230
πŸ“„ Pachilakis, M., Chariton, A. A., Papadopoulos, P., Ilia, P., Degkleri, E., & Markatos, E. P. (2020). Design and implementation of a compressed certificate status protocol. ACM Transactions on Internet Technology (TOIT), 20(4), 1-25.
πŸ“„ Palmer, M. R. (2022). Towards enabling cross-layer information sharing to improve today's content delivery systems.
πŸ“„ Pouttu, A. (2020). 6G white paper on validation and trials for verticals towards 2030’s.
πŸ“„ Putters, J., Hashemi, J. B., & Yavuz, A. (2023). Demystifying public cloud auditing for IT auditors. Advanced Digital Auditing, 185.
πŸ“„ Raju, R. K. (2017). Dynamic memory inference network for natural language inference. International Journal of Science and Research (IJSR), 6(2). https://www.ijsr.net/archive/v6i2/SR24926091431.pdf
πŸ“„ Rao, S. P. (2023). Analyzing Communications and Software Systems Security.
πŸ“„ Sabanci, K. (2023). Exploring post-quantum cryptographic schemes for TLS in 5G NB-IOT: Feasibility and recommendations (Master's thesis, Marquette University).
πŸ“„ Sardana, J. (2022). Scalable systems for healthcare communication: A design perspective. International Journal of Science and Research Archive. https://doi.org/10.30574/ijsra.2022.7.2.0253
πŸ“„ Sardana, J. (2022). The role of notification scheduling in improving patient outcomes. International Journal of Science and Research Archive. Retrieved from https://ijsra.net/content/role-notification-scheduling-improving-patient
πŸ“„ SchΓ€ge, S., Schwenk, J., & Lauer, S. (2020, April). Privacy-preserving authenticated key exchange and the case of IKEv2. In IACR International Conference on Public-Key Cryptography (pp. 567-596). Cham: Springer International Publishing.
πŸ“„ Schwabe, P., Stebila, D., & Wiggers, T. (2020, October). Post-quantum TLS without handshake signatures. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (pp. 1461-1480).
πŸ“„ Shantharama, P., Thyagaturu, A. S., & Reisslein, M. (2020). Hardware-accelerated platforms and infrastructures for network functions: A survey of enabling technologies and research studies. IEEE Access, 8, 132021-132085.
πŸ“„ Sharma, N. (2023). Legacy apps to cloud: A risk-based approach. Cyber Security: A Peer-Reviewed Journal, 7(1), 16-23.
πŸ“„ Singh, V. (2021). Generative AI in medical diagnostics: Utilizing generative models to create synthetic medical data for training diagnostic algorithms. International Journal of Computer Engineering and Medical Technologies. https://ijcem.in/wp-content/uploads/GENERATIVE-AI-IN-MEDICAL-DIAGNOSTICS-UTILIZING-GENERATIVE-MODELS-TO-CREATE-SYNTHETIC-MEDICAL-DATA-FOR-TRAINING-DIAGNOSTIC-ALGORITHMS.pdf
πŸ“„ Wu, P. (2019). Analysis of the WireGuard protocol. Master's Thesis, Analysis of the WireGuard protocol, Eindhoven University of Technology.
πŸ“„ Wu, Y., Chai, B., Li, Y., Liu, B., Li, J., Yang, Y., & Jiang, W. (2023, May). An empirical study on change-induced incidents of online service systems. In 2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) (pp. 234-245). IEEE.
πŸ“„ Yang, B., Xue, W., Zhang, T., Liu, S., Ma, X., Wang, X., & Liu, W. (2023). End-to-end I/O monitoring on leading supercomputers. ACM Transactions on Storage, 19(1), 1-35.