• caglararli@hotmail.com
  • 05386281520

Is a Three-Layer Post-Quantum Safe VPN Hidden Within Regular IPsec Effective Against Eavesdroppers?

Çağlar Arlı      -    41 Views

Is a Three-Layer Post-Quantum Safe VPN Hidden Within Regular IPsec Effective Against Eavesdroppers?

I'm working on designing a VPN that is post-quantum safe while avoiding detection that it uses post-quantum cryptography. The goal is to make the use of post-quantum cryptography indistinguishable to an eavesdropper, who might otherwise store the traffic for future decryption attempts using quantum algorithms once they become available. An attacker might be especially interested in post-quantum encrypted traffic because, when someone puts in the effort to use post-quantum cryptography at all (currently), the data transmitted can be assumed to be extremely sensitive.

Here’s the approach I'm considering:

Layer 1: Use regular IPsec encryption for the initial layer, as is common in current VPN implementations.

Layer 2: Within the IPsec tunnel, encrypt the data using a post-quantum encryption algorithm.

Layer 3: Re-encrypt the post-quantum encrypted data with another layer of regular IPsec. The idea is that the outer IPsec layer makes the traffic look like standard encrypted traffic. If an eavesdropper intercepts this, they would only see regular IPsec-encrypted data, not realizing that within it, there's a layer of post-quantum encryption.

Here are the reasons for this approach:

Obfuscation: By wrapping post-quantum encrypted content within regular IPsec, the use of post-quantum cryptography is not immediately obvious to an observer. This avoids flagging the traffic as containing high-value data worth storing and attacking with quantum algorithms in the future.

Security Layers: Multiple layers of encryption (IPsec-post-quantum encryption-IPsec) provide defense in depth, making it harder for attackers to decrypt the data even if they manage to break one layer.

My Questions:

Does this approach effectively hide the use of post-quantum cryptography from potential eavesdroppers?

Are there any known vulnerabilities or potential weaknesses in this multi-layer encryption strategy?

Is there a better way to achieve the goal of post-quantum safety while avoiding detection by adversaries?

Any insights or feedback on the feasibility and security of this design would be greatly appreciated.