Received August 18, 2021, accepted September 19, 2021, date of publication September 23, 2021, date of current

version October 5, 2021.

Digital Object Identifier 10.1109/ACCESS.2021.3115087

Quantum-Resistant Cryptography for the Internet

of Things Based on Location-Based Lattices
OHOOD SAUD ALTHOBAITI , (Graduate Student Member, IEEE),
AND MISCHA DOHLER , (Fellow, IEEE)
Department of Engineering, King’s College London, London WC2R 2LS, U.K.
Corresponding author: Ohood Saud Althobaiti ([email protected])
The work of Ohood Saud Althobaiti was supported by the Royal Embassy of Saudi Arabia Cultural Bureau, Taif University.

ABSTRACT An important enabler of the Internet of Things (IoT) is the Narrow-Band Internet of Things
(NB-IoT) technology, which is a 3GPP standards compliant connectivity solution. Quantum computing,
another emerging technological paradigm, promises novel compute opportunities but is also able to com-
promise cybersecurity ciphers. Therefore, improved methods to mitigate such security threats are needed.
In this research, we propose a location-aware cryptographic system that guarantees post-quantum IoT
security. The ultimate value of a location-driven cryptosystem is to use the geographic location as a player’s
identity and credential. Position-driven cryptography using lattices is efficient and lightweight, and it can
be used to protect sensitive and confidential data in many critical situations that rely heavily on exchanging
confidential data. At the best of our knowledge, this research starts the study of unconditional-quantum-
resistant-location-driven cryptography by using the Lattice problem for the IoT in a pre-and post-quantum
world. Unlike existing schemes, the proposed cryptosystem is the first secure and unrestricted position-based
protocol that guards against any number of collusion attackers and against quantum attacks. It has a
guaranteed authentication process, solves the problems of distributing public keys by removing a public
key infrastructure (PKI), offers secure NB-IoT without SIM cards, and resists location spoofing attacks.
Furthermore, it can be generalized to any network – not just NB-IoT.

INDEX TERMS Cryptosystem, quantum-resistant cryptography, Internet of Things, lattices, localization,

location, Narrow-Band Internet of Things.

I. INTRODUCTION that strong security requirements associated with the IoT are
The internet of things (IoT) is popularly referred to as the put in place.
large interconnection that exists between visible objects with The main IoT security goals are confidentiality, integrity,
the ability to communicate and perform computations. It also and authenticity. Confidentiality assures no information leaks
has the capacity to control, supervise and identify over the out of the transmission channels and hierarchy, integrity
internet. In light of this fact, it is estimated that approximately maintains the original form of data and information, and
75.44 billion devices, sensors, and actuators, among others, authenticity enhances proof of identity. For the information
will be connected to the internet by the end of 2025 [1]. to be certified as clear, the three major traits should not be
These devices will aim to collect data concerning the real tampered with to provide secure information. A challenge
world, which must be transferred to a predominant supply for encountered in the process of ensuring the security of the IoT
the purpose of data processing and storage. There are many is that IoT devices are mostly prone to be constrained on the
available IoT technologies, and one of the major technologies basis of limited resources and memories. Therefore, there are
is the Narrow-Band Internet of Things (NB-IoT). It was many encrypting systems and methodologies developed and
developed to enhance energy and range efficiencies. On the otherwise articulated that propose an alternative set of solu-
premise that devices such as medical or vehicles play an tions to IoT security threats. The most common techniques
essential role in our lives, it is therefore important to ensure used for such encoding and decoding purposes are the use of
cryptography and implementation of cryptosystems.
The associate editor coordinating the review of this manuscript and The IoT uses many protocols and most of these are con-
approving it for publication was Junaid Arshad . figured with cryptographic algorithms such as the advanced

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
VOLUME 9, 2021 133185
 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

encryption standard (AES) to cater to confidentiality and referees (verifiers) V1 , V2 , V3 and V4 at different geographical
integrity and elliptic curve cryptosystems (ECCs), which positions Pos1 , Pos2 , Pos3 and Pos4 , respectively; thus, this
incorporate other digital signature algorithms to facilitate claimed prover P is bounded by referees in the quadran-
integrity and authentication [2]. gle. The prover P convinces the honest referees using an
Undeniably, there are numerous problems associated with applicable interactive protocol that verifies the authenticity
the usage of symmetric algorithms. The major problem is of the prover P that his geographical location is at Posp [5],
the key exchange problem and a requirement for a new key [6]. For example, this scheme bears similarity to familiar
for each correspondence. The safety of the current asym- distance bounding schemes [7], [8]. According to the distance
metric (public key) cryptography depends on the degree of bounding scheme, a referee transmits a message to the player
difficulty of mathematical problems, which include discrete and estimates the average time used by the player to return
logarithm and integer factorization problems. It is therefore a reply with a certain message in its array of feedback. It is
popularly affirmed that these mathematical problems can assumed that the signal can be transmitted at light speed. As a
effectively be solved using quantum computers. Quantum result, this scheme gives the distance between the player and
computers encounter key exchange, encryption and digital the referee.
signature approaches used in modern society that are likely The task of secure localization has been under study
to be broken [3]. However, the estimated period for the first in wireless sensor networks (WSNs) [9]–[12], [13], [14].
reliable quantum computer remains uncertain; however, some From those studies, several proposals have been articu-
forecasts show that this scenario will probably occur in the lated. Although the protocols have been studied with much
next 5-10 years. In mathematics, there are also some prob- effort, researchers [5], [6] stated that protocols for secure
lems that have been stubborn for both traditional computing position-based verification that can offer security against
and advanced quantum computing and simultaneously do collaborating attacks without assuming hard hypotheses do
not inherit the flaws of quantum computer implementation. not exist. This is because the referees cannot differentiate
These problems have recently prompted research interest. if the requesters are honest or if they are working with
Based on research on asymmetric cryptography, lattice-based collaborating-location-spoofing adversaries that are not actu-
cryptography has been considered one of the postquantum ally at position Posp . In other words, there are demerits asso-
cryptography techniques, in lattice-based cryptography: an ciated with the implementation of secure positioning. This
integration of short keys and fast and high-level effective- conclusion excludes other cryptographic mechanisms based
ness [2]–[4]. Lattice-based cryptography is promising since on location [6].
it combines small keys and robust security measures that are Considering the impracticality of implementing position-
complex to trace and break. The security of such a system based cryptography in the standard (vanilla) model,
is often linked to the closest shortest vector or learning with Chandran et al. [5] introduce schemes for secure positioning
error (LWE) problems in lattices to enhance the difficulty of and key exchange based on location that assume constraints
breakage. The major examples of such cryptography include on the attacker’s memory size based on the ‘‘Bounded
the Nth Degree Truncated Polynomial Ring Units (NTRU) Retrieval Model (BRM)’’. Although these schemes give us
encryption system. an approach to determine the possibility of position-based
In general, the concept of location-based cryptography cryptography, they are impracticable where inputs must not
was initiated by Chandran et al., although some tasks have fit into the attacker’s memory size, and the referees may
appeared previously under several names [5]. The ultimate require broadcasting large packets; thus, this requires high
purpose of location-based cryptosystems is to utilize only bandwidth and frequency. Consequently, an open research
the geographic location of a player as its identity and cre- issue arises: how can unconditional position-driven cryptog-
dential. For instance, an individual might be interested in raphy be tractable for the Internet of Moving Things (IoMT)
composing and sending a message to a player (receiver) in a in the pre- and postquantum world?
different geographic location, guaranteeing that the receiver The main contributions of this paper are as follows:
can decrypt and read this message only if he/she is at posp [5]. • A new lightweight cryptographic in terms of 3D
It is important to note that such a setting can be applied in position and lattices as a suitable alternative key
several scenarios in the real world, especially for the security for fifth-generation and sixth-generation systems and
of wireless networks, which allow access to resources under a beyond is proposed by taking into account the perfor-
condition that the party is at a specific position [6]. To the best mance and energy consumption.
of our knowledge, this research initiates the study of uncon- • The main benefit of the proposed cryptosystem is
ditional quantum-resistant location-driven cryptography by solving public key distribution problems and the rid-
using lattice theory for the Internet of Moving Things (IoMT) ding of public key infrastructure (PKI) because of
in the pre- and postquantum world. the very expensive cost and complexity of building
The major function faced by location-based cryptosys- PKIs. We solve problems of public key distribution
tems is the implementation of a verification mechanism and management by using position-based cryptography,
(secure positioning). One element called prover P at a certain i.e., we do not need to use digital certificates, certificate
point Posp connects to another set of components called authorities, a private key generator or a key generation

133186 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

center in our proposed cryptosystem, unlike existing investigating suspected cloning is more costly because
protocols. it demands equipment, technical staff, etc.
• Although worldwide quantum computers are not built • The proposed cryptographic approach is not only for
sufficiently and qubit (quantum bit) counters are still NB-IoT but also a generic cryptosystem for any network.
limited, they will seriously compromise the security of • The proposed position-based cryptographic protocol
all current cryptographic algorithms. However, it may could produce more secure communications between
take many years to re-encrypt massive amounts of devices, in particular in critical (mobile/static) situ-
previously stored data for a second time via more ations established by using only a party’s physical
robust schemes, so it is important to apply this now. location as its credential. For instance, the world-
Consequently, it is important to improve postquantum wide coronavirus (COVID-19) pandemic profoundly
cryptography. Because cryptography is an essential frac- affected everyday activities. There is an increasing
tion of most systems, the necessity of its development need for automation and electronic services to fight
has risen dramatically. Furthermore, the implementa- outbreak epidemics, such as e-health applications,
tion of efficient cryptosystems requires a tremendously e-learning, work from home and geographical track-
long time. According to the rapid development of quan- ing of COVID-19. However, internet hackers have
tum computers, the world has little time before it exploited these difficult circumstances and have stolen
encounters this novel cybersecurity threat. As a result, tens of millions of dollars assigned by the German
we propose a protocol that is secure against quantum government to counter the spread of COVID-19 [15].
attacks. Moreover, an increase in cyberattacks in the next few
• We demonstrate that for attackers that are not months and years are expected to come as a result
restricted to any state or condition, secure localization of the COVID-19 outbreak [16]. Consequently, in
is practicable. post-COVID-19 society, IoT applications have a rising
• To the best of our knowledge, the proposed cryptosystem influence.
is the first secure position-driven cryptosystem without • Our simulation compares NB-IoT without/with pro-
any restrictions, and it is secure against any number of posed cryptography to prove that the proposed cryp-
collusion attackers in the pre- and postquantum IoMT tography improves IoT security without compromising
world, unlike existing schemes. Furthermore, it guar- its performance metrics (i.e., energy consumption, time
antees a mutual authentication process. This means consumption/delay, stability period and throughput).
that the proposed cryptosystem not only enhances the Consequently, the results indicate an optimized trade-off
level of confidentiality but also enhances the level of between security and performance. As a result, the effi-
authentication. ciency and reliability of the proposed cryptosystem are
• The proposed position-based cryptography resists proven.
location spoofing attacks, unlike global positioning • Combining position verification processes and lattice
systems (GPSs). theory with the internet of (moving) things (IoMT) leads
• The proposed cryptography offers secure NB-IoT with- to an efficient protocol to improve security for the IoT
out attached SIM cards to the NB-IoT during its manu- in the pre- and postquantum world.
facture for purposes of security. This leads to resisting
The rest of this research is arranged as follows: Section II
SIM swap fraud, SMS attacks or any attack in which
describes an overview of problem statement. In Section III,
NB-IoT is exposed to because of vulnerabilities in the
SIM card. In addition to SIM swap fraud, other attacks literature reviews related to this work are provided.
on SIM cards, such as SimJacker and side-channel We propose an unconditional-quantum-resistant-location-
attacks that exploit the leak of information, typically by driven cryptosystem by using the Lattice problem for the
IoMT in pre-and postquantum world in Section IV. Section V
the use of variation in electromagnetic waves or electric
discusses analytical-based evaluation and simulator-based
current, as well as other vulnerable SIM technologies,
results. Finally, Section VI demonstrates concluding remarks
such as the S@T (SIM Alliance Toolbox) browser and
WIB (Wireless Internet Browser), could be exploited. and future works.
These vulnerabilities in the SIM card cause serious harm
because the attacker can exploit them to control the II. PROBLEM STATEMENT
victim’s device remotely to achieve harmful behaviors, Security in IoT deployments is very important, as has been
such as stealing all of the victim’s information, obtain- shown by various IoT surveys [17]. Whenever criminals take
ing the victim’s location, tracking the victim, sending control of IoT devices, they can cause massive losses first by
messages, and making calls. Another drawback is losses stealing data for malicious gains and tampering with the data
resulting from fraud or cloning opportunities. The aver- stored and other remote assets. This is one of the worries of
age cost of a SIM card is $3, so the cost of replacing enterprises regarding the use of IoT devices and their reli-
it is $30 because of changes relative to databases, cus- ability and convenience in business. Although it is possible
tomer care, administration systems, etc. Furthermore, to ignore such devices as useless and does not make any

VOLUME 9, 2021 133187

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

sense to protect them, hackers have directed their tricks to indicate that there is a need to improve and enhance future
such devices because of this vulnerability and will greatly LTE and NB-IoT models for better security outcomes.
interfere with them. Such devices include smart pins and For cryptography to be implemented correctly, certain ele-
smoke alarms. It is important to keep such devices secure. ments will be contained in a set of credentials that tend
If hackers decide to empty all the bins in the city by convinc- to portray the identities of receivers/senders. Such informa-
ing authorities, trigger many smoke alarms or interfere with tion will correspond to unique attributes such as biometrics,
soil sensors to cause farmers to apply many fertilizers to their shared keys, digital certificates from the third party, etc.
farms, chaos will arise [17]. In most cases, identity is determined by geographical posi-
NB-IoT falls under the category of the 3GPP standard and tion. For instance, the role of a bank teller is known behind
obtains all its security features from the long-term evolution a bulletproof window not because of showing his credential
(LTE). The NB-IoT SIM card has a built-in key that is secretly but because of his location behind the bank’s bulletproof
encoded to this device during manufacturing and is used to window [23]. The geographical position of an element is
authenticate the device and network alternately. This will a valuable source of information when the matter of iden-
allow encryption of traffic in the device as well as in the core tity is concerned [23]. Therefore, the geographical location
networks because it generates session keys that are frequently of an object can be used as one of the credentials [23].
updated [17]. It is, however, very clear that LTE has been An open research issue that remains is how can unconditional
considered one of the latest technology standards in mobile position-driven cryptography be tractable for the IoMT in the
networks, with a subscriber rate of over 85% worldwide [18]. pre- and postquantum world?
The information that has been offered by the Global Mobile
Suppliers Association (GSA) has indicated that toward the III. LITERATURE REVIEW
end of 2017, there were approximately 2.36 billion LTE In location-based cryptography, the main focus is looking at
subscriptions, a very inflated number compared with the an environment where the only necessary requirement for a
1.48 billion subscriptions that were recorded in 2016 [19]. player (prover) is its physical position. In other words, with
Moreover, LTE is a worldwide standard that is applied the current advancement in technology, for any entity, it is
in fourth-generation cellular networks after being presented only required to know its exact location on the Earth’s surface
in 3GPP Release 8 as an imperative direction toward future to obtain the required credentials. However, position-based
wireless telecommunications. For proper LTE network oper- cryptography has various problems, although most of these
ation, the use of two standardized algorithms is always problems have not been unraveled. In the area of wireless
required to offer radio frequency. The algorithms are the network security, secure positioning is one of the challenges
EIA: EPS integrity algorithm and the EEA: EPS encryp- that has been widely studied [23], [24]. Some of the proto-
tions, all of which have been made and standardized for cols that were proposed include [25]–[30], which are prone
LTE networks. LTE has three sets of algorithms. These sets to location-spoofing attacks by collusion. Perazzo et al. [12]
are 128-EEA1 and 128-EIA1, whose operations are depen- proposed secure localization via enlargement miscontrol dis-
dent on the SNOW 3G cipher, 128-EEA2 and 128-EIA2, closure (SPEM) in wireless sensor networks. Their local-
whose operations are developed on the AES cipher, and ization scheme uses a multilateration and distance bounding
128-EEA3 and 128-EIA3, whose operations are built using protocol used in the IEEE 802.15.4a ultrawideband (UWB)
the ZUC cipher [18]. The introduction of LTE and NB-IoT standard. In [31], the researchers suggested three algorithms
seemed to be the solutions by implementing authentication for drone path planning: first, LocalizerBee produces paths
and encryption algorithms; however, the technologies are for positioning purposes; second, VerifierBee verifies a set
vulnerable to attacks. of locations of devices; and third, PreciseVerifierBee veri-
Bikos [20] reported that LTE is exposed to several chal- fies with accuracy, i.e., it is the expansion of VerifierBee.
lenges on the basis of reliability and security. The hetero- However, in [12], [31], they forced a preshared secret key to
geneous nature of LTE and operation with IP-based open mitigate the attack. This means that they have restricted the
networks acts as one of the major contributors to vulnerabil- security of their schemes to the secret keys; thus, the potential
ities to attacks. Additionally, there are some notable vulner- of compromising these shared secret keys is a highly realistic
abilities existing in the current LTE security framework that threat.
need adequate and emergent responses [21], [22]. First, flat Circumventing the issue of multiple cloning adversaries
IP-based 3GPP LTE networks raise risks of eavesdropping, may require the involved parties to assume a given setup
injection, modification and other vulnerabilities greater than phase characterized by unclonable tamper-proof verifications
those in the previous systems. Second, weaknesses arise from to every possible future prover [23], [24]. However, one of
the LTE system base stations, which are regarded as an All-IP the most stringent quantum principles is that cloning quan-
network that offers a direct path for malicious attackers to the tum information is impossible (i.e., there is no operation
base stations. This also indicates weak resistance to attackers in physical quantum law that accepts a single instance of
in the various base station configurations. Third, new chal- quantum information as input and yields two copies of this
lenges associated with handover authentication procedures input as outputs). For example, given a single qubit copy that
have emerged [21], [22]. All these security vulnerabilities is set to a combination of the two states of zero and one

133188 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

(superposition) |ψ ≥ C0 | 0 > +C1 |1 >, since qubit mea- Furthermore, Brody et al. [40] highlighted the negative
surement disturbs its state, it is impossible to ‘‘extract’’ a results for this strong additional restriction in [23]. Based on
complete classical definition of C0 and C1 [32]. Although the localization algorithm, a multiproxy multisignature proto-
it cannot be fully concluded, there are verifiers that are col was introduced in [41]. Dziembowski and Zdanowicz [42]
anonymous to hostile parties and players in [33], [34] that proposed location-based authentication and location-based
present secure localization in a wireless network with radio key exchange in a noisy channel paradigm with essential
or ultrasound where the verifiers cannot be easily detected by timing and geometric information. The participating enti-
adversaries or players. When various hostile entities collude, ties gain access to bit sources transmitted to them through
they might be able to subvert the verifiers. Reference [35] autonomous noisy channels. Unfortunately, in [41], [42],
focused on a situation where there is a key exchange between the implementing process is challenging in an attempt to
Bob and Alice and message authentication in an environment satisfy the complicated assumptions, where inputs must not
where the two completely understand the presence of the fit into the attacker’s memory or the restriction of the adver-
other party within the transmission scope. However, to com- sary’s position to be their protocols are secure. In contrast
pletely develop secure protocols, an assumption of the adver- to the literature, we do not enforce any hard conditions for
sarial parties not being close to both Bob and Alice should be adversarial parties’ memory size, location or number.
taken. As such, Bob and Alice should perfectly understand It is, however, important to note that assuming a bounded
that they are conversing with each other and not to the enemy retrieval may not be ideal in different settings, thus lead-
beforehand. This consequently improves the possibility of a ing to the development of the question of whether develop-
key exchange occurring based on the style of protocol that ing extensions may be a possible contributor in achieving
was developed by Diffie-Hellman [23], [24]. top-notch security [37]. A proposal to use quantum informa-
Chiang et al. [36] are credited scholars who study the tion instead of using classical information was then devel-
effects of colluding hostile parties in the area of secure oped to address some of the challenges identified above.
localization. In the classical model, one important proce- This proposal is underpinned by the fact that the classical
dure for secure localization has been postulated to combat attack always depends on the adversary’s ability to keep and
the challenge of colluding-location-spoofing attacks. From send information simultaneously with the other adversaries,
their investigation, they developed a protocol that can with- where the researchers believe that copying quantum informa-
stand attacks from two colluding hostile provers. When tion is impossible and complex [37]. This complexity and
the colluding-location-spoofing adversaries exceed two and impossibility make it difficult for attackers to penetrate the
advance to three or four, executing attacks becomes possible. system [37]. Quantum theory and cryptography have been
It is clearly shown that in addition to any protocol, it is possi- connected since 1968, and as the first use for a relation-
ble to develop a classical model assault through an equivalent ship between physical law-based quantum and cryptography,
number of adversaries, similar to the verifiers found in the quantum money was suggested [32].
protocol [23], [24]. Buhrman et al. [6] argue that ‘quantum tagging’ is a term
Despite the security of the proposed schemes having been that was proposed by Kent in 2002, where the first incidences
proven against specific attackers, it is very possible to break of using quantum schemes to verify the positions were taken
them using colluding-location-spoofing attacks. The use of into account. With the help of other researchers, a patent
multiple attackers that work in unison has the potential of that was presented to the Labs of HP in 2004 ended up
sending a string copy using the closest verifier to all the other being reimbursed in 2006 [43]. Scholars’ conclusions did
attackers. In this case, each attacker is considered to have not appear in research paper sources until 2010 [44], [45].
the potential to emulate the honest actions of a prover to In these papers [44], [45], they advanced various concepts on
its nearest verifier [37]. Additionally, studies have indicated how to disintegrate several schemes by utilizing teleportation-
that there is always a possibility for an attack to occur in based attacks. Moreover, these teleportation attacks could not
the classical world setting after dropping some of the extra break some of the variations they proposed (schemes IV-
assumptions [6], [23]. The researchers in [23] also found that VI in [45]) but without proving they were unconditionally
secure localization can be attained by assigning the memory secure. The attacks that Buhrman et al. discussed in [6]
size for attackers [37]. have confirmed that schemes IV-VI in [45] are also not
The results of [23], [38] are linked to impossibility due to secure. In the quantum random oracle model, Unruh [46]
imposing restrictions on collaborating attackers’ devices (i.e., presents a localization method and location-based authen-
the assumption that an attacker cannot accumulate every bit tication. Additionally, the author claims that the proposed
of information received); however, an attacker actually has protocols resist colluding attackers and do not need bounded
the potential to keep all the information received. In addition, memory/retrieval/entanglement restrictions, unlike previous
the verifiers, in this case, must broadcast large bursts of studies. According to [32], the need for effective methods that
data, which may be difficult [39]. As a result, quality-of- do not depend on random oracles remains a significant open
service (QoS) assurance decreases and a high bandwidth is issue.
required, which diminishes utility in the case of IoT or tactile Malaney [47] proposed that it is possible to perform uncon-
internet applications given the dependence on limited sensors. ditional position verification using quantum channels. This

VOLUME 9, 2021 133189

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

scheme has been stated to be secure despite there being no any constraint by using the lattice problem for the Internet of
deep provision of mathematical proof, efficient threat model Moving Things (IoMT) in the pre- and postquantum world
or effective hardware implementation. However, Malaney’s and simultaneously resisting quantum attacks and flaws. The
protocol, with the use of teleportation-based attacks, can be proposed cryptographic protocol in this research not only
broken [6]. By using quantum particle swarm optimization solves the abovementioned problems but also improves the
(QPSO), Wu et al. [48] presented a range-free localization security of wireless networks.
algorithm for nonhomogeneous wireless sensor networks that
is relatively accurate. In [49], analysis of the location-based IV. PROPOSED CRYPTOSYSTEM
quantum cryptography used in distributed measurement sys- Using only the geographical location of a player as a creden-
tems, implementation issues and technical difficulties in tial rather than an ID or biometrics is the aim of position-
quantum communications were discussed. Gao et al. [50] based cryptography. It is supposed that Alice (mobile node,
proposed quantum position verification with a hard constraint e.g., unmanned aerial vehicle collects data from anywhere)
in which the frequency of operations of attackers is bounded. needs to send a message to Bob (mobile node) called a prover
As a negative result, these schemes [48]–[50] may be bro- at a specified three-dimensional location (XP , YP , ZP ) with
ken by colluding teleportation-based attacks and side-channel the guarantee that this message is read only by the player
attacks (information leakage attacks). Quantum teleportation who is located at position (XP , YP , ZP ). This means claimed
attacks can be carried out by proper measurement of the qubit prover P, who claims that his position at Posp (XP , YP , ZP )
using shared entanglement resources [51]. connects to another set of components called referees (veri-
However, there is a high probability that eavesdroppers fiers) V1 , V2 , V3 and V4 at these different known geographical
exploit the flaws of quantum computing and quantum cryp- positions Pos1 (X1 , Y1 , Z1 ), Pos2 (X2 , Y2 , Z2 ), Pos3 (X3 , Y3 , Z3 )
tography, for example, teleportation-based attacks, man-in- and Pos4 (X4 , Y4 , Z4 ), respectively, so that this claimed prover
the-middle attacks, and denial of service attacks, to threaten is in the quadrangle bounded by referees. Definitely, there is
security for a system if not resolved. Moreover, these the potential for numerous adversaries. In fact, a verifier Vm
threats involve laser seeding, information leakage attacks can send a message to claimed prover P at a specific time and
(Trojan-horse attacks), source flaws, side-channel attacks, can additionally record each message that is received from
pulse-energy monitoring, laser damage, device calibration P together with the time it is received. It can be assumed
and timing attacks [52]. Quantum cryptography, an effec- that a message travels at speeds equal to the speed of light,
tive technology to accomplish secure communication, must referred to as C, as is the case in a global positioning
bridge the gap between theory and actual implemen- system (GPS) [23].
tation to avoid vulnerabilities [53]. Therefore, quantum Both Alice and Bob are limited resource devices in the
computers are in theory reliable, but in realistic process- IoMT system. By using any localization method, such as
ing of implementations, they still require research and range-based localization or nonrange-based localization tech-
refinement [52], [54]. This means that at present, there are niques [10], [58], [59], Alice can recognize his region, so it
major differences between real and theoretical quantum cryp- can also be supposed that the lattice public keys of veri-
tosystems. In [32], several quantum cryptography shortcom- fiers, which are in Alice’s region, are downloaded on Alice’s
ings and problems were discussed. For instance, quantum device, and these keys will be updated when Alice moves
bit commitment impossibility and secure two-entity com- from region to another, such as an updating process for
putation using the quantum connection are impossible and any application. Nonetheless, the positioning accuracy of
zero-knowledge against quantum-based attacks. Because of nonrange-based techniques is typically lower than that of
these serious shortcomings and limitations, the search for range-based techniques, so in this protocol, we focus on
classical cryptography approaches that resist quantum attacks range-based methods to achieve very accurate 3-D location
is a rapidly rising research area. Lattice-based cryptography information. However, the verifiers can be sinks, base sta-
holds much promise for secure and practical postquantum tions (BSs), gateways or even satellites. The prover’s position
cryptography [2]–[4], [55]. is given to the adversaries and the verifiers [23]. Conse-
Furthermore, it is concluded that the work of location-based quently, Alice sends to the nearest verifier a message con-
cryptography occupies several attempts in quantum comput- taining his lattice public key and a request Bob’s public
ing. However, studying a number of different attacks about key (intended prover’s public key) encrypted by lattice pub-
protocols [43], [45], [47], [51], [56], Buhrman et al. [6] cited lic
 key of this closest verifier, i.e., Alice → Nereast Vm :
in [23], [24] concluded that the safe positioning (location- PKA , Request Bob’s PK PK . The verifiers have secure
Vm
verification) task, as well as cryptography based on position, channels among themselves, allowing them to secretly
are unattainable in cases where the involved parties exchange communicate [23]. Figure (1) shows the proposed model
quantum data. Although studies such as [6], [23], [32], structure.
[37], [51], [56], [57] have mentioned that it is impossible However, the claimed prover (player) P needs to
to propose secure position-based cryptography in a typical convince the honest verifiers that he is located at the posi-
model or quantum model without constraints, we can propose tion (XP , YP , ZP ) by applying the following three verifica-
a secure and advanced position-driven cryptosystem without tion tests: TDoF (time difference of flight)-based test, RSS

133190 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

TABLE 1. Summary of Notations.

FIGURE 1. The structure of the proposed model.

(received signal strength)-based verification and AoA (angle

of arrival)-based verification process. Because of these signal
features, TDoF, RSS and AoA are widely used for localiza-
tion. Furthermore, the integration of these three localization
schemes leads to high location accuracy while maintaining
low energy and time consumption at a low cost of implemen-
tation for verifier devices. These measurements only rely on
the physical and hardware environment, which means that
malicious nodes cannot easily forge, tamper or manipulate
these measured values.
Many ways exist for positioning the user of a wireless from the claimed prover P. Let C be the speed of light in a
network. The most frequently used method is by using GPS, vacuum (299,792,458 meters/sec.). To determine the electro-
the accuracy of which can achieve every requirement of a magnetic wavelength Cf = C ÷ f , where f = 200 kHz,
location-dependent application. The central issue with GPS NB-IoT works on the frequency band of licensed 3GPP
is that, apart from the user terminal needing to be enabled for (200 kHz employed). The derivation is applied to obtain the
GPS, there is the heavy power demand of the unit, latency, distance between P and Vm , D = Cf × Tm − Cf × T .
and the potential limitations of coverage. Additionally, GPS Step 2: V1 picks up a random number denoted as key
can be less reliable in towns and cities in proximity to tall K1 . Additionally, V2 , V3 and V4 pick up random challenges
structures and in the inside of a tunnel. Another important R1 , R2 and R3 , respectively, and then transmit these mes-
disadvantage of GPS is vulnerability to location spoofing sages K1 , R1 , R2 and R3 over the secure channels among
attacks [60]–[63]. An additional method is to rely on wire- themselves.
Step 3: V1 , V2 , V3 , and V4 precompute Ki+1 = Ri Ki ,
L
less networks themselves through the use of cell ID infor-
mation, which is extensively utilized in the GSM (Global 1 ≤ i ≤ 3.
System for Mobile Communications), despite drawbacks of Step 4: At timestamp T , verifiers V1 , V2 , V3 , and V4 send
its accuracy. Additional accuracy can be achieved by using K1 , R1 , R2 and R3 , respectively, to claimed prover P at loca-
alternative network resources, such as TDoF (hyperbolic tion (XP , YP , ZP ) in the space.
localization) [64], RSS or AoA [58], [65], [66]; thus, we com- Step 5: The claimed L prover P L at location (XP ,L
YP , ZP )
bine these three resources to reduce location error, generate computes K2 = R1 K1 , K3 = R2 K2 , K4 = R3 K3 in
high-level security and increase the accuracy of positioning that order. As a result, the claimed prover P returns K4 and
efficiently. Table (1) shows the notation summary of the attaches his lattice public key PKp to all verifiers V1 , V2 , V3 ,
proposed protocol. and V4 .
Step 6: The verifier V1 receives this reply {K4 kPKp }PKv1
A. FIRST TEST: PROPOSED TIME DIFFERENCE OF from the claimed prover P within timestamp T1 , the verifier
FLIGHT-BASED ALGORITHM V2 receives this reply {K4 kPKp }PKv2 from the claimed prover
In this test, we develop Chandran’s protocol [23], which is P within timestamp T2 , the verifier V 3 receives this reply
performed by four verifiers and is detailed in Figure (2) as {K4 kPKp }PKv3 from the claimed prover P at timestamp T3 and
the following steps. the last verifier V4 receives this reply {K4 kPKp }PKv4 from the
Step 1: Let T1 , T2 , T3 and T4 be the timestamps of radio claimed prover P within timestamp T4 . Therefore, the ref-
waves taken to reach points V1 , V2 , V3 and V4 , respectively, eree Vm can guarantee that this message was transmitted

VOLUME 9, 2021 133191

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

the RSS results present the estimated location of the sensor

nodes with an estimated error of between 5% and 10%. The
widespread exponential path-loss form is a frequent strat-
egy and is the easiest to organize and use. The path-loss
exponent form is a log-power scale, which states that the
rate of RSS declines linearly with the value of the distance
between nodes. This is an approximate estimate; for example,
noise levels are high and are dependent on nonline-of-sight
(NLOS) and multipath conditions. Because most wireless
devices can measure received signal strength, RSS-based
localization algorithms have increased in popularity. How-
ever, integrating the information from all the verifiers reduces
the location error and effectively increases the positioning
accuracy.
In contrast to the other localization methods, RSS is repre-
sentative of the relationship between an obtained power and
communication. It is used to determine the distance between a
receiver and sender when most propagates of electromagnetic
waves in an LOS link. This method is used to handle the
mobility of devices in several protocols of mobility-aware
media access control (MAC).
When the direct path of transmission exists between two
devices and is put into environments where there is no
interference of signals, then the received power of signal
Pr forms a relationship to the distance, DRSS , between the
receiving and transmitting devices in the law of inverse
square [69].
1
Pr n (1)
(DRSS )2
However, equation (1) states the correlation between the
FIGURE 2. Proposed TDoF-based verification.
relative distance and RSS. In reality, there are multiple influ-
ences on the received signal strength value. For instance,
by the device that is located at distance DTDoFm = diffraction, refraction, reflection, and scattering of waves are
Cf × (Tm − T ) ÷ 2. a result of nearby objects and obstacles between receivers
Step 7: Each verifier V1 , V2 , V3 and V4 decrypts the and transmitters. It has been discovered through experimen-
received message via his lattice public key (PKVm ), then tation that walls can lower the signal strength by up to
checks that the received K4 equals the K4 that he precomputed 3 dBm (decibel-milliwatts) on average [69]. In other words,
and checks that the distances DTDoF1 , DTDoF2 , DTDoF3 and the received power of signal Pr declines more gradually
DTDoF4 are equal to the actual distance between him and because of shadow fading, nonuniform propagation and mul-
the intended position (XP , YP , ZP ). If this verification process tipath propagation. This causes a transfer of the relationship
succeeds, it means that the claimed prover P passes the first between DRSS and Pr to:
test (TDoF-based verification) and then moves to the sec-
ond test (RSS-based verification). Otherwise, the claimed Pr = Pt × (DRSS )−n (2)
position/prover is rejected. where n refers to exponential path loss and Pt is transmitted
signal power.
B. SECOND TEST: ADAPTIVE RSS-BASED MATHEMATICAL To express Pr and Pt in dBm, since dBm is a logarithmic
MODEL unit to measure power, it is taken as 10 times the logarithm
In wireless communications, RSS represents the average function for both sides in (2) as follows:
power that a node receives, where the power originates
10 log10 Pr = 10 log10 Pt − 10 n log10 DRSS (3)
from the source of the emitter. RSS measures the distance
between any two nodes from the received signal strength However, 10 log10 P is the expression of the converted
measurement between each node [66], [67]. The majority of power to dBm. At a distance of one meter, the received
wireless devices can measure received signal strength with- power is almost equal to the transmitted power; thus,
out requiring extra system modification, hardware or over- Pt (dBm) can be measured as the received signal power
head from communication. According to Daiya et al. [68], at a distance of one meter. Consequently, the correlation

133192 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

TABLE 2. The path-loss exponent value (n).

between the value of distance DRSS and received signal

strength Pr (dBm) can be written as the following
log-formula given in equation (4):

Pr (DRSS ) {dBm} = P0 (D0 ) {dBm}

 
DRSS
− 10 n log10 + W + δ best
D0
 
Var 1
where W = , δ best = 2 ε + (4)
2γ M

where Pr (DRSS ) is the received wireless signal power in FIGURE 3. RSS-based distance measurements through only four verifiers
decibel-milliwatts (dBm) at the distance DRSS , P0 (D0 ) is the V1 , V2 , V3 , and V 4 located in the area and allowing them to validate the
claimed prover’s location together.
reference signal power in dBm from the sender at a reference
distance D0 . For most applications, D0 generally equals one
meter, DRSS denotes the real distance between the sender and Once each distance has been computed, then they are
receiver, n refers to the path-loss or signal decay exponent, inserted into a set of quadratic formulas, which is termed
which is defined as the rate at which the RSS declines with trilateration or multilateration. Trilateration enables the find-
distance, W is the weight of the power shadow, Var denotes ing of the position of claimed prover P on the XY plane,
the expected noise variance in the received signal and γ is while the multilateration method permits the finding of the
expressed as the ratio of the received to reference signal position of claimed prover P on the X , Y , and Z axes.
powers, i.e., Pr / P0 . δ best will increase the probability Multilateration has the implication of additional reference
that the scheme converges to better localization, ε denotes a nodes, which reduces the uncertainty of the position of the
random value in the range [0, 1] generated by Rand(), and mobile node based on the measured distance accuracy. The
M is the maximum number of verifiers [70], [71]. In fact, four verifiers’ locations are known along with the distance
both n and Var depend on the environment. However, n, Var between each verifier and the unknown prover P for 3-D mul-
and P0 can be retrieved for each verifier Vm by using an tilateration to function perfectly. The intersection between
uncomplicated supervised learning procedure, and we can use all four verifiers is the unknown prover’s location, as shown
intelligent techniques such as deep learning, a nonquantum in Figure (3). Before computing 3D multilateration quadratic
particle swarm optimization approach and a genetic algorithm equations, the average of the resulting distances from the
to increase the accuracy of RSS-based localization. Both are TDoF-based test and RSS-based test is required to reduce
the most promising techniques for optimization because they the error estimation using the following equations. The ver-
combine high accuracy and low computational time. Table (2) ifiers V1 , V2 , V3 and V4 compute the average of distances
illustrates the path-loss exponent value (n) based on the build- Davg1 , Davg2 , Davg3 and Davg4 respectively as the following
ing type and surroundings because it can be determined using equations ((9) –(12)) and then transmit these distance aver-
the premeasurements [72], [73]. ages and 3D position of themselves, i.e., these messages
RSS is assessed between the readers and the tag. Wireless {Davg1 , Davg2 , Davg3 , Davg4 , (X1 , Y1 , Z1 ), (X2 , Y2 , Z2 ),
signal strength is transformed to distance, giving four dis- (X3 , Y3 , Z3 ), (X4 , Y4 , Z4 )} over the secure channels among
tances required for 3D multilateration. In other words, the dis- themselves.
tance between unknown prover P and the verifiers can be
calculated by V1 , V2 , V3 and V4 using equations (5), (6), (7), Davg1 = DTDoF1 + DRSS1 (9)
2
and (8), respectively: Davg2 = DTDoF2 + DRSS2 (10)
2
P01 − Pr1 + W1 + δ1best Davg3 = DTDoF3 + DRSS3 (11)
DRSS1 = 10( 10n )
(5) 2
Davg4 = DTDoF4 + DRSS4 (12)
P02 − Pr2 + W2 + δ best
2 2
( )
DRSS2 = 10 10n (6)
By using the Euclidean distance between the position of
P − P + W + δ3best
( 03 r3 10n 3 ) each verifier and the claimed prover’s position, each verifier
DRSS3 = 10 (7)
P − P + W + δ4best can obtain equations (13), (14), (15) and (16) for 3D multi-
( 04 r4 10n 4 )
DRSS4 = 10 (8) lateration and then compute the 3D position of the claimed

VOLUME 9, 2021 133193

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

FIGURE 4. The structure of the AoA positioning system.

prover as follows: FIGURE 5. Illustration of angles in 3-D space.

(XPrss − X1 ) + (YPrss − Y1 ) + (ZPrss − Z1 ) =

2 2 2
D2avg1
(13)
which is the AoA-based verification. Otherwise, the claimed
(XPrss − X2 )2 + (YPrss − Y2 )2 + (ZPrss − Z2 )2 = D2avg2 position is rejected.
(14)
(XPrss − X3 ) + (YPrss − Y3 ) + (ZPrss − Z3 ) = Davg3
2 2 2 2 C. THIRD TEST: ADAPTIVE AoA-BASED MATHEMATICAL
MODEL
(15)
Many future systems of localization will utilize the AoA tech-
(XPrss − X4 )2 + (YPrss − Y4 )2 + (ZPrss − Z4 )2 = D2avg4
nique, as the coming fifth-generation networks may be pro-
(16) vided with arrays of an antenna that allow assessing the AoA
To simplify the above quadratic equation set, equation (13) of the received signal [74] from a mobile node. The concept
is subtracted into equations (14), (15) and (16). As a result, of AoA measurement is utilized in VOR/VORTAC systems
the following three linear equations will be produced. for navigation of aircraft. Figures (4), (5) and (6) illustrate
the structure of the AoA positioning system in the context of
2 (X2 − X1 ) XPrss + 2 (Y2 − Y1 ) YPrss + 2 (Z2 − Z1 ) ZPrss the elevation (vertical) angle θ and the azimuth (horizontal)
angle ϕ of received electromagnetic signals at the verifiers,
 
= D2avg1 − D2avg2
      where the azimuth angle ϕ is from 0 to 2π and the elevation
− X12 − X22 − Y12 − Y22 − Z12 − Z22 (17) angle θ is from 0 to 90.
2 (X3 − X1 ) XPrss + 2 (Y3 − Y1 ) YPrss + 2 (Z3 − Z1 ) ZPrss The verifiers V1 , V2 , V3 and V4 rely on the relationship
  between AoA and coordinates [25], [75]–[78] to estimate
= D2avg1 − D2avg3 the horizontal location first via formula (23) and then esti-
mate the vertical location via formula (24) to obtain the
     
− X12 − X32 − Y12 − Y32 − Z12 − Z32 (18)
three-dimensional location (XPaoa , YPaoa , ZPaoa ) of claimed
2 (X4 − X1 ) XPrss + 2 (Y4 − Y1 ) YPrss + 2 (Z4 − Z1 ) ZPrss prover P. In terms of noise elimination, we use a Gaussian
 
= D2avg1 − D2avg4 filter (GX ,Y and GZ ) with zero mean to reduce the noise in the
      received signals at the verifiers. Thus, this leads to enhanced
− X12 − X42 − Y12 − Y42 − Z12 − Z42 (19) AoA-based positioning as follows:
The XPrss , YPrss and ZPrss coordinates are obtained by
 
−1 YPaoa − Ym
ϕm = tan + FXm,Y ,
resolving the linear equations (17), (18) and (19) using XPaoa − Xm
Cramer’s rule of 3 × 3 matrices as equations (20) - (22), as where
shown at the bottom of the next page. FXm,Y = Gm X ,Y + %m ,
If this verification process succeeds, it means that the  
X2 + Y 2
measured position (XPrss , YPrss , ZPrss ) is equal to the intended 2 − m2 Var m
Gm
X ,Y = √ e ,
position (XP , YP , ZP ), and the third verification can proceed, πσ
133194 VOLUME 9, 2021
O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

+ FZm , where FZm = Gm Z + %m ,

2
2 Zm
Gm
Z = √ e− 2 Var and m = 1, 2, 3, 4 (24)
πσ
Moreover, to obtain a very high accuracy of AoA-based
localization, optimization techniques could be used. There-
fore, the verifiers V1 , V2 , V3 and V4 transmit these measure-
ments of the elevation angles θm and the azimuth angles
ϕm over the secure channels among themselves. The equa-
tion (23) can be expressed as equation (26).
 
sin ϕm − FXm,Y
 
cos ϕm − FXm,Y
Ypaoa − Ym
= (25)
Xpaoa − Xm
sinϕm cosFXm,Y − cosϕm sinFXm,Y
cosϕm cosFXm,Y + sinϕm sinFXm,Y
Ypaoa − Ym
= (26)
Xpaoa − Xm
XPaoa sinϕm cosFXm,Y − XPaoa cosϕm sinFXm,Y
FIGURE 6. The geometric AoA localization system. − Xm sinϕm cosFXm,Y + Xm cosϕm sinFXm,Y
= Ypaoa cosϕm cosFXm,Y + YPaoa sinϕm sinFXm,Y
ε − Ym cosϕm cosFXm,Y − Ym sinϕm sinFXm,Y (27)
%m = , m = 1, 2, 3, 4 and σ is standard deviation
2M Expressing (27) in matrix form we will have (28) and (29),
(23)
! as shown at the bottom of the next page:
ZPaoa − Zm As a result, equation (24) can be solved easily to obtain
θm = tan−1 p
(XPaoa − Xm )2 + (YPaoa − Ym )2 the third coordinate ZPaoa of the claimed prover’s location.

 
D2avg1 − D2avg2 − X12 − X22 − Y12 − Y22 − Z12 − Z22 2 (Y2 − Y1 ) 2 (Z2 − Z1 )




 
D2avg1 − D2avg3 − X12 − X32 − Y12 − Y32 − Z12 − Z32 2 (Y3 − Y1 ) 2 (Z3 − Z1 )




 
D2avg1 − D2avg4 − X12 − X42 − Y12 − Y42 − Z12 − Z42 2 (Y4 − Y1 ) 2 (Z4 − Z1 )




XPrss = (20)
2 (X2 − X1 ) 2 (Y2 − Y1 ) 2(Z2 − Z1 )
2 (X3 − X1 ) 2 (Y3 − Y1 ) 2(Z3 − Z1 )
2 (X4 − X1 ) 2 (Y4 − Y1 ) 2(Z4 − Z1 )
 
2 (X2 − X1 ) Davg1 − Davg2 − X1 − X2 − Y1 − Y22 − Z12 − Z22
2 2 2 2 2 2 (Z2 − Z1 )




 
2 (X3 − X1 ) D2avg1 − D2avg3 − X12 − X32 − Y12 − Y32 − Z12 − Z32 2 (Z3 − Z1 )




 
2 (X4 − X1 ) D2avg1 − D2avg4 − X12 − X42 − Y12 − Y42 − Z12 − Z42 2 (Z4 − Z1 )




YPrss = (21)
2 (X2 − X1 ) 2 (Y2 − Y1 ) 2(Z2 − Z1 )
2 (X3 − X1 ) 2 (Y3 − Y1 ) 2(Z3 − Z1 )
2 (X4 − X1 ) 2 (Y4 − Y1 ) 2(Z4 − Z1 )
 
2 (X2 − X1 ) 2 (Y2 − Y1 ) Davg1 − Davg2 − X1 − X22 − Y12 − Y22 − Z12 − Z22
2 2 2




 
2 (X3 − X1 ) 2 (Y3 − Y1 ) D2avg1 − D2avg3 − X12 − X32 − Y12 − Y32 − Z12 − Z32




 
2 (X4 − X1 ) 2 (Y4 − Y1 ) D2avg1 − D2avg4 − X12 − X42 − Y12 − Y42 − Z12 − Z42




ZPrss = (22)
2 (X2 − X1 ) 2 (Y2 − Y1 ) 2(Z2 − Z1 )
2 (X3 − X1 ) 2 (Y3 − Y1 ) 2(Z3 − Z1 )
2 (X4 − X1 ) 2 (Y4 − Y1 ) 2(Z4 − Z1 )

VOLUME 9, 2021 133195

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

On average, we can evaluate the suggested localization algo- break. The Henon shuffling map is a discrete-time dynamical
rithms as follows (30)–(32), as shown at the bottom of the system to shuffle the point position (Xτ , Yτ ) to a new position
next page: in the plane in a chaotic manner as follows:
If this verification process succeeds, it means that the (
claimed prover P is verified, and he proves that his position at Xτ +1 = 1 − aXτ2 + Yτ
(XP , YP , ZP ), then the closest verifier to the sender will send Yτ +1 = bXτ
the prover’s lattice public key encrypted by Alice’s lattice
public key to sender (Alice) i.e. Nereast Vm → Alice : The iteration number for the Henon shuffling map here is
PK p PK . After that, the verifiers will delete PKp and PKA 100. For chaotic behavior, parameter a is 1.4 and parameter b
A
from their devices because in case any verifier is attacked is 0.3, whereas other values for a and b make the Henon map
in the future, the attackers cannot obtain the PKp and PKA . intermittent, chaotic or converge to a periodical orbit [89].
Otherwise, the claimed position is rejected. A message (i.e., plain text) Msg ∈ L. An example of an
All entities use lattice theory (lattice-based cryptogra- equilateral triangular lattice (hexagonal lattice) L is shown
phy) to generate public/private keys and encrypt/decrypt in Figure (7).
messages [79]–[83]. Hence, we develop the NTRU and Keys generation:
Goldreich–Goldwasser–Halevi (GGH) algorithms as follows: Select prime β, α, ξ ∈ Zp good integrated polynomial
We define an equilateral triangular lattice (hexagonal lat- entropies over the p − adic number field.
tice) L over p − adic integers to form a subring of Qp such Select matrix S1 ∈ L good prime integrated polynomial
i×j
that L ⊂ Zp good prime integrated polynomial entropies entropies.
i×j
with dimensions i and j. The integral of the polynomial is Select matrices 3, 0 ∈ L ⊂ Zp good prime integrated
employed to encrypt the message, whereas the derivative of polynomial entropies over p − adic number system Qp .
the polynomial (differential polynomial) is applied to decrypt
S11 = Shuffle Shift ξ (S1 )


the message. We select prime modulus p and highest exponent
(truncation index) N [84] based on our simulation-based eval- S2 = 3 ⊕ 0
uation equal to 2 and 17.5, respectively. N can be increased to S22 = Shuffle Shift ξ (S2 )


obtain more security, but this value is nominated to achieve
a relative balance between security and performance, espe- Secret key (private key) SK : (S11 , S22 )
cially for limited resource devices such as in the case of the PK = S11 −1
(mod β) · S22
T

IoT/IoMT environment. N must not be equal to zero because Public key PKp : (PK , α)
zero yields infinite order. This evaluation is implemented on a
laptop with an Intel Core i7-1165G7 processor (12 MB cache, Encryption:
up to 4.7 GHz) and 16 GB LPDDR4x RAM (up to 4267 MHz)
by using MATLAB R2018b. Here, arithmetic operations are Enc0 = Msg(mod α) · PK
Enc = Shuffle Shift α (Enc0 )


performed in the p − adics [84]. However, the number of
p−adic integers associated with terminating p−adic integers
is a countable set, particularly a countably infinite set [85]. Decryption:
To obtain a high cryptographic quality and information  
leakage prevention with less complexity time, shifting [86] α (Enc)
M0 = Shuffle−1 Shift −1
and Henon shuffling maps [87]–[91] are applied. Therefore, −1
it is effective for the IoT/IoMT system and impossible to Msg = [M0 (mod α) · S11 (mod β)] · [(S22
T
S22 ) T
· S22 ]

sinϕ1 cosFX1 ,Y − cosϕ1 sinFX1 ,Y −cosϕ1 cosFX1 ,Y − sinϕ1 sinFX1 ,Y

 
sinϕ2 cosFX2 ,Y − cosϕ2 sinFX2 ,Y −cosϕ2 cosFX2 ,Y − sinϕ2 sinFX2 ,Y 
Ax = b where A =  
sinϕ3 cosFX3 ,Y − cosϕ3 sinFX3 ,Y −cosϕ3 cosFX3 ,Y − sinϕ3 sinFX3 ,Y 
sinϕ4 cosFX4 ,Y − cosϕ4 sinFX4 ,Y −cosϕ4 cosFX4 ,Y − sinϕ4 sinFX4 ,Y
x = [XPaoa YPaoa ]T , here T refers to the matrix transpose operation.
X1 sinϕ1 cosFX1 ,Y − X1 cosϕ1 sinFX1 ,Y − Y1 cosϕ1 cosFX1 ,Y − Y1 sinϕ1 sinFX1 ,Y
 
X2 sinϕ2 cosFX2 ,Y − X2 cosϕ2 sinFX2 ,Y − Y2 cosϕ2 cosFX2 ,Y − Y2 sinϕ2 sinFX2 ,Y 
b= X3 sinϕ3 cosF 3 − X3 cosϕ3 sinF 3 − Y3 cosϕ3 cosF 3 − Y3 sinϕ3 sinF 3 
 (28)
X ,Y X ,Y X ,Y X ,Y
X4 sinϕ4 cosFX4 ,Y − X4 cosϕ4 sinFX4 ,Y − Y4 cosϕ4 cosFX4 ,Y − Y4 sinϕ4 sinFX4 ,Y
 −1
Thus, x = AT A AT b (29)

133196 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

of the energy consumption and time cost is the responsi-

bility of the verifiers Vm , which are gateways, sinks, base
stations or even satellites; thus, the proposed 3D-location-
driven cryptosystem is effective, especially in the case of IoT
or tactile internet applications that contain restricted-resource
devices.
The functionality comparison between the proposed cryp-
tosystem and some related schemes is depicted in Table (3).
The proposed cryptosystem not only provides communi-
cations confidentially but also fulfills all criteria of secu-
rity without complex conditions or equipment. From these
descriptions and simulation outputs, in the next section, it is
concluded that our cryptosystem is more practical.

A. SECURITY ANALYSIS VIA THREAT MODEL

To analyze the proposed efficient location-driven cryptosys-
tem, threat modeling is applied. It is assumed in threat
modeling that two entities communicate over an untrusted
FIGURE 7. Equilateral triangular lattice [92].
communication channel.
Claim (1): The proposed cryptosystem resists any number
V. ANALYTICAL-BASED EVALUATION AND of colluding-location-spoofing attacks.
SIMULATION-BASED RESULTS Proof: Colluding positioning spoofing attacks is a case
This section depicts the robustness of the proposed cryp- where a number of colluding attackers surrounding the
tographic scheme in the context of cybersecurity and intended position (XP , YP , ZP ) spoof successfully to cheat Vm
the effectiveness of performance features, including the that their locations at the location of P via a data forgery
energy consumption of normal and advanced sensor devices, to obtain illegal advantages. In the proposed cryptographic
stability period of the NB-IoT device-to-device network protocol, the colluding spoofer adversaries must persuade the
(NB-IoT D2D), time consumption at the BS, elapsed time for four verifiers Vm that their locations are at actual 3D coordi-
the whole NB-IoT D2D network, and throughput. We demon- nates of the aimed location (XP , YP , ZP ) (i.e., receiver’s loca-
strate that the proposed cryptosystem resists key attacks that tion) to spoof/fraud the aimed position (XP , YP , ZP ). These
are highlighted in the state of the art and works efficiently colluding spoofer attackers cannot persuade the Vm because
without compromising the performance of the NB-IoT D2D they do not pass all three tests: TDoF-, RSS- and AoA-based
attocell. location verification algorithms. These measures are based
Notably, all three verification processes (TDoF, RSS and exclusively on the hardware and physical environment such
AoA) are applied by verifiers (Vm ) rather than IoT devices that these measured values cannot be readily manipulated
(p) in the proposed cryptosystem. As a result, a large part or forged by location spoofing attacks even by colluding.

q q q 
P80
2
2
2
i=1 Xcom(i) − XP(i) + Ycom(i) − YP(i) + Zcom(i) − ZP(i)
Error Avg =
80
= 0.1278,
XPrss + XPaoa YPrss + YPaoa
where Xcom = , Ycom = ,
2 2
ZPrss + ZPaoa
Zcom = and i is a simulation trial number. (30)
2
Error Avg
Error percentage = × 100% = 0.9210%, where
Actual Avg
q q q 
P80
2
2
2
i=1 XP(i) + YP(i) + ZP(i)
Actual Avg = (31)
   80
Error Avg
Location accuracy percentage = 1 − × 100%
Actual Avg
= 99.0790% (32)

VOLUME 9, 2021 133197

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

FIGURE 8. General architecture of the proposed cryptosystem.

TABLE 3. Functionality comparison between the proposed cryptosystem and some related schemes.

Furthermore, the integration of these three adaptive local- of colluding spoofers. However, GPS is exposed to loca-
ization schemes leads to reliable locations in the presence tion spoofing attacks because it depends deeply on the time

133198 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

information [60]–[63], [94]–[96]. The colluding spoofing

location attacks are solved by using adaptive RSS and
AoA-based mathematical models.
Claim (2): The proposed cryptosystem solves the
problems for public key distribution and public key
infrastructure (PKI).
Proof: Unlike conventional public-key cryptography,
there is no real PKI in our cryptosystem, where Vm is respon-
sible for sending public keys between users (IoT devices)
after three location verification processes, and these Vm are
trusted. PKA and PKp are encrypted by PKVm such that
Alice → Nereast Vm : PKA , Request Bob’s PK PK and
Vm
P → Vm : {K4 kPKp }PKvm . In addition, the Vm will delete
PKp and PKA from their devices because in case any Vm
FIGURE 9. Comparison of elapsed times for insecure and secure NB-IoT
is attacked, the attackers cannot obtain PKp and PKA . This D2D networks.
means that the process of public key transmission is only
performed among the sender, verified receiver and Vm , all
of which are trusted. Each device generates its lattice pri- Proof: While adversaries eavesdrop on the communi-
vate and public keys. For all these reasons, no requirement cation channels between the Vm and sender, between the
is necessary to revoke or change these keys per period. Vm and receiver or between the sender and receiver, only
However, Vm may change their keys after a long period encrypted (i.e., unreadable form) data are available that can-
depending on the sensitivity of the application. This does not be reused. Furthermore, the proposed cryptosystem uses
not matter because Vm are sinks, base stations, gateways or timestamps T and Tm to prevent replay attacks. Therefore,
even satellites, i.e., superstrong equipment. Hence, there is there is no successful replay attack against the proposed
no obligation to distribute the public keys between users’ cryptosystem.
devices via a hierarchy of certificate authorities (path of
certification/trust chain), as in traditional PKI, which suffers B. SIMULATION RESULTS
from multiple issues, such as central authority, validation In this section, an averaged simulation-based evaluation con-
problems, and certificate revocation, as well as threats to PGP cerning the proposed cryptosystem is provided. We use our
certificates. In other words, in our proposed cryptosystem, open-source NB-IoT D2D simulation [93] to compare an
there is no need to use digital certificates signed (using a insecure NB-IoT D2D network (without any security con-
digital signature algorithm) by trusted authorities, certifi- sideration) and a secure NB-IoT D2D network (via the
cate authorities, a key generation center or a private key proposed cryptosystem). This implementation-based eval-
generator. uation involves not only the cost of cybersecurity opera-
Claim (3):The proposed cryptography offers resisting tions but also the cost of telecommunications. However, all
SIM swap fraud, SimJacker and side-channel attacks to the performance metrics affected by security operations are
which NB-IoT is vulnerable, as well as other vulnerable studied to achieve a comprehensive evaluation of the pro-
SIM technologies, such as the S@T browser and WIB, that posed cryptosystem. The number of sensor nodes in the
may be exploited. NB-IoT D2D attocell network is 300 and distributed ran-
Proof: Cybersecurity for IoT Technologies in the domly in a macrocell of an urban area. The simulator outputs
third-generation partnership project (3GPP), such as NB-IoT demonstrate the reliability and robustness of the proposed
and long-term evolution for machine-type communication cryptosystem.
(LTE-M), and some of the cybersecurity in the context of 5G The comparison of elapsed time for two cases in the
involve SIM/USIM cards for security purposes, for instance, urban macrocell, the first case, insecure NB-IoT D2D attocell
mutual authentication between a user device (SIM/USIM) (without any security consideration), and the second case,
and network and encryption features [55]. This leads to secure NB-IoT D2D attocell (via the proposed cryptosystem),
SIM swap fraud, SimJacker, SMS attacks and side-channel is depicted in Figure (9). This comparison is evaluated until
attacks because of vulnerabilities in the SIM cards. Addi- more than half of the sensor devices in the NB-IoT D2D
tionally, there are other vulnerable technologies in SIM that network are dead (800 rounds). In the insecure NB-IoT D2D
may be exploited, such as the S@T browser and WIB. network, only plain messages were sent regardless of the
However, the proposed cryptosystem uses the physical geo- existence of attackers (eavesdroppers) and without security
graphical location of the device as an identity rather than considerations in such a public network. All communica-
a SIM/USIM card; thus, it resists all these attacks, vulnera- tion costs for the insecure NB-IoT D2D network as well as
bilities and impersonation. computation and transmission costs of the proposed cryp-
Claim (4): The proposed cryptographic scheme resists tosystem were taken into consideration in the secure NB-IoT
replay attacks. D2D network. With the suggested cryptosystem, the operat-

VOLUME 9, 2021 133199

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

FIGURE 12. Comparison of advanced sensor’s energy profile (energy

FIGURE 10. The comparison of stability periods. consumption for device No. 30) in two situations.

FIGURE 13. Comparison of insecure and secure NB-IoT throughputs.

FIGURE 11. Comparison of normal sensor’s energy profile (energy
consumption for device No. 35) in two scenarios.

ing and transmitting costs are 88.819458 minutes, whereas

without any security consideration, they are 84.641032 min-
utes. This indicates that only 4.178426 minutes is increased in
the presence of the proposed cryptosystem. As a result, such
a small delay is negligible compared to achieving a secure
NB-IoT D2D network.
In view of the wireless communication principles, the sta-
bility period is one of the most performance metrics, espe-
cially for IoMT. Therefore, it is measured to present an
effective evaluation of our proposed cryptosystem. The sta-
bility period is defined as the duration of time between
the beginning of the network operation and the death of
one of the resource-constrained devices in the network [97].
FIGURE 14. Comparisons of delay time at BS No. 24 in two scenarios.
Figure (10) shows the comparison of stability periods for
insecure and secure NB-IoT D2D networks. The stability The comparison of the power dissipation profile for nor-
periods for the insecure NB-IoT D2D network and secure mal sensor and advanced sensor is explained in Figure (11)
NB-IoT D2D network are 638 rounds and 625 rounds, and Figure (12), respectively in insecure and secure NB-IoT
respectively. This means that stability periods are very D2D attocell networks. This demonstrates that the State of
convergent. Health (SOH) and State of Charge (SOC) of a sensor’s battery

133200 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

are managed proficiently. In other words, there is no signif- [7] G. Avoine, M. A. Bingöl, I. Boureanu, S. Čapkun, G. Hancke, S. Kardaş,
icant overhead cost in secure NB-IoT D2D attocell network C. H. Kim, C. Lauradoux, B. Martin, J. Munilla, and A. Peinado, ‘‘Security
of distance-bounding: A survey,’’ ACM Comput. Surveys, vol. 51, no. 5,
in exchange for resisting adversarial attacks in such public pp. 1–33, 2018.
networks. [8] I. Boureanu, A. Mitrokotsa, and S. Vaudenay, ‘‘Practical and provably
Figure (13) depicts the comparison of insecure and secure secure distance-bounding,’’ J. Comput. Secur., vol. 23, no. 2, pp. 229–257,
Jun. 2015.
NB-IoT network throughputs. Accordingly, the successful [9] L. Lazos and R. Poovendran, ‘‘SeRLoc: Secure range-independent local-
received packets rate considering the proposed cryptography ization for wireless sensor networks,’’ in Proc. ACM Workshop Wireless
is still effective. Figure (14) shows the comparisons of delay Secur. (WiSe), 2004, pp. 21–30.
[10] T. Park and K. G. Shin, ‘‘Attack-tolerant localization via iterative verifi-
time at BS No. 24 in insecure NB-IoT D2D network and cation of locations in sensor networks,’’ ACM Trans. Embedded Comput.
secure NB-IoT D2D network. However, there is no signifi- Syst., vol. 8, no. 1, pp. 1–24, Dec. 2008.
[11] Y. Zengm, J. Cao, J. Hong, S. Zhang, and L. Xie, ‘‘Secure localization and
cant delay time in the second situation. location verification in wireless sensor networks: A survey,’’ J. Supercom-
put., vol. 64, no. 3, pp. 685–701, 2013.
VI. CONCLUSION AND FUTURE WORK [12] P. Perazzo, L. Taponecco, A. A. D’amico, and G. Dini, ‘‘Secure positioning
In this paper, we proposed an unconditional quantum-resistant in wireless sensor networks through enlargement miscontrol detection,’’
ACM Trans. Sensor Netw., vol. 12, no. 4, pp. 1–32, Nov. 2016.
cryptography for the IoT/IoMT based on location-based [13] M. Fogue, F. J. Martinez, P. Garrido, M. Fiore, C.-F. Chiasserini, C. Casetti,
lattices in the pre- and postquantum world. We compare the J.-C. Cano, C. T. Calafate, and P. Manzoni, ‘‘Securing warning message
dissemination in VANETs using cooperative neighbor position verifica-
proposed cryptosystem and some related schemes. Threat
tion,’’ IEEE Trans. Veh. Technol., vol. 64, no. 6, pp. 2538–2550, Jun. 2014.
modeling is employed to prove the robustness of the proposed [14] M. Fiore, C. E. Casetti, C. Chiasserini, and P. Papadimitratos, ‘‘Discovery
cryptosystem. Additionally, our simulation results compare and verification of neighbor positions in mobile ad hoc networks,’’ IEEE
Trans. Mobile Comput., vol. 12, no. 2, pp. 289–303, Feb. 2011.
an insecure NB-IoT network (without any security consid- [15] (Accessed: Jul. 27, 2020). NRW Stops Corona Emergency Aid After
eration) and a secure NB-IoT network (via the proposed Suspected Fraud. [Online]. Available: https://www.handelsblatt.
cryptosystem). These results prove that the proposed cryp- com/politik/deutschland/corona-hilfen-nrw-stoppt-corona-soforthilfe-
nach-betrugsverdacht-in-tausenden-faellen/25731238.html
tography improves IoT security without compromising its [16] Why Covid-19 is a Gift for Cyber Criminals, Financial Times, London,
performance features, including the energy consumption of U.K., Jul. 15, 2020.
advanced and normal nodes, time consumption at the BS, [17] Narrowband-IoT: Pushing the Boundaries of IoT, Vodafone, Berkshire,
U.K., 2017. [Online]. Available: http://www.Vodafone.com/iot/nb-iot
stability period, throughput and elapsed time for the whole [18] A. G. Sulaiman and I. F. Al Shaikhli, ‘‘Comparative study on 4G/LTE
network in the presence of cybersecurity computational costs cryptographic algorithms based on different factors,’’ Int. J. Comput. Sci.
and transmission costs. This expresses an optimized trade-off Telecommun., vol. 5, no. 7, pp. 7–10, 2014.
[19] Global Mobile Suppliers Association. (Accessed: May 7, 2020). Lte Sub-
between security and performance. In the future, we will scriptions 2q-2017. GSA Chart Report. Accessed: 2017. [Online]. Avail-
implement the proposed cryptosystem in the real world able: https://gsacom.com/paper/lte-subscriptions-2q-2017/
using real embedded devices and wireless network hardware [20] A. N. Bikos and N. Sklavos, ‘‘LTE/SAE security issues on 4G wireless
networks,’’ IEEE Secur. Privacy, vol. 11, no. 2, pp. 55–62, Mar. 2012.
(5G infrastructure) to examine its actual productivity and [21] R. P. Jover, J. Lackey, and A. Raghavan, ‘‘Enhancing the security of LTE
performance. networks against jamming attacks,’’ EURASIP J. Inf. Secur., vol. 2014,
no. 1, pp. 1–14, Dec. 2014.
ACKNOWLEDGMENT [22] M. Labib, V. Marojevic, and J. H. Reed, ‘‘Analyzing and enhancing the
resilience of LTE/LTE—A systems to RF spoofing,’’ in Proc. IEEE Conf.
The first author would like to thank Taif University and the
Standards Commun. Netw. (CSCN), Oct. 2015, pp. 315–320.
Royal Embassy of Saudi Arabia Cultural Bureau for sponsor- [23] N. Chandran, V. Goyal, R. Moriarty, and R. Ostrovsky, ‘‘Position-based
ing her Ph.D. study.ACKNOWLEDGMENT The first author cryptography,’’ SIAM J. Comput., vol. 43, no. 4, pp. 1291–1341, Jan. 2014.
[24] N. Chandran, Theoretical Foundations of Position-Based Cryptography.
would like to thank Taif University and the Royal Embassy of Los Angeles, CA, USA: Univ. of California at Los Angeles, 2011.
Saudi Arabia Cultural Bureau for sponsoring her Ph.D. study. [25] A. Shahmansoori, G. E. Garcia, G. Destino, G. Seco-Granados, and
H. Wymeersch, ‘‘Position and orientation estimation through millimeter-
wave MIMO in 5G systems,’’ IEEE Trans. Wireless Commun., vol. 17,
REFERENCES
no. 3, pp. 1822–1835, Mar. 2017.
[1] Statista. (Accessed: Mar. 23, 2020). IoT: Number of Con- [26] R. D. Taranto, S. Muppirisetty, R. Raulefs, D. Slock, T. Svens-
nected Devices Worldwide 2015-2025. [Online]. Available: son, and H. Wymeersch, ‘‘Location-aware communications for 5G net-
https://www.statista.com/statistics/471264/iot-number-of-connected- works,’’ IEEE Signal Process. Mag., vol. 31, no. 6, pp. 102–112,
devices-worldwide/ Oct. 2014.
[2] C. Cheng, R. Lu, A. Petzoldt, and T. Takagi, ‘‘Securing the Internet [27] H. Wymeersch, G. Seco-Granados, G. Destino, D. Dardari, and
of Things in a quantum world,’’ IEEE Commun. Mag., vol. 55, no. 2, F. Tufvesson, ‘‘5G mmWave positioning for vehicular networks,’’ IEEE
pp. 116–120, Feb. 2017. Wireless Commun., vol. 24, no. 6, pp. 80–86, Dec. 2017.
[3] Z. Liu, K.-K. R. Choo, and J. Großschädl, ‘‘Securing edge devices in the
[28] M. M. R. Akand and R. Safavi-Naini, ‘‘POSTER: Privacy enhanced secure
post-quantum Internet of Things using lattice-based cryptography,’’ IEEE
location verification,’’ in Proc. ACM SIGSAC Conf. Comput. Commun.
Commun. Mag., vol. 56, no. 2, pp. 158–162, Feb. 2018.
[4] R. Xu, C. Cheng, Y. Qin, and T. Jiang, ‘‘Lighting the way to a Secur., Oct. 2016, pp. 1793–1795.
smart world: Lattice-based cryptography for Internet of Things,’’ 2018, [29] T. Leinmüller, E. Schoch, F. Kargl, and C. Maihöfer, ‘‘Decentralized
arXiv:1805.04880. [Online]. Available: http://arxiv.org/abs/1805.04880 position verification in geographic ad hoc routing,’’ Secur. Commun. Netw.,
[5] N. Chandran, V. Goyal, R. Moriarty, and R. Ostrovsky, ‘‘Position vol. 3, no. 4, pp. 289–302, Jul./Aug. 2010.
based cryptography,’’ in Proc. Annu. Int. Cryptol. Conf., Adv. Cryptol. [30] J.-H. Song, V. W. S. Wong, and V. C. M. Leung, ‘‘Secure location verifi-
(CRYPTO). Berlin, Germany: Springer, 2009, pp. 391–407. cation for vehicular ad-hoc networks,’’ in Proc. IEEE Global Telecommun.
[6] H. Buhrman, N. Chandran, S. Fehr, R. Gelles, V. Goyal, R. Ostrovsky, Conf. (IEEE GLOBECOM), Dec. 2008, pp. 1–5.
and C. Schaffner, ‘‘Position-based quantum cryptography: Impossibil- [31] P. Perazzo, F. B. Sorbelli, M. Conti, G. Dini, and C. M. Pinotti, ‘‘Drone path
ity and constructions,’’ SIAM J. Comput., vol. 43, no. 1, pp. 150–178, planning for secure positioning and secure position verification,’’ IEEE
2014. Trans. Mobile Comput., vol. 16, no. 9, pp. 2478–2493, Sep. 2016.

VOLUME 9, 2021 133201

 O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

[32] A. Broadbent and C. Schaffner, ‘‘Quantum cryptography beyond quantum [56] N. Chandran, S. Fehr, R. Gelles, V. Goyal, and R. Ostrovsky, ‘‘Position-
key distribution,’’ Des. Codes Cryptogr., vol. 78, no. 1, pp. 351–382, based quantum cryptography,’’ 2010, arXiv:1005.1750. [Online]. Avail-
2016. able: http://arxiv.org/abs/1005.1750
[33] S. Čapkun, K. B. Rasmussen, M. Čagalj, and M. Srivastava, ‘‘Secure [57] X. Zheng, R. Safavi-Naini, and H. Ahmadi, ‘‘Distance lower bounding,’’ in
location verification with hidden and mobile base stations,’’ IEEE Trans. Proc. Int. Conf. Inf. Commun. Secur. Cham, Switzerland: Springer, 2014,
Mobile Comput., vol. 7, no. 4, pp. 470–483, Apr. 2008. pp. 89–104.
[34] S. Čapkun, M. Čagalj, and M. Srivastava, ‘‘Secure localization with hid- [58] L. Gui, M. Yang, H. Yu, J. Li, F. Shu, and F. Xiao, ‘‘A Cramer–Rao
den and mobile base stations,’’ in Proc. 25TH IEEE Int. Conf. Comput. lower bound of CSI-based indoor localization,’’ IEEE Trans. Veh. Technol.,
Commun. (IEEE INFOCOM), Apr. 2006, pp. 1–10. vol. 67, no. 3, pp. 2814–2818, Mar. 2017.
[35] S. Capkun, M. Cagalj, R. Rengaswamy, I. Tsigkogiannis, J.-P. Hubaux, [59] X. Liu, J. Yin, S. Zhang, B. Ding, S. Guo, and K. Wang, ‘‘Range-based
and M. Srivastava, ‘‘Integrity codes: Message integrity protection and localization for sparse 3-D sensor networks,’’ IEEE Internet Things J.,
authentication over insecure channels,’’ IEEE Trans. Dependable Secure vol. 6, no. 1, pp. 753–764, Feb. 2018.
Comput., vol. 5, no. 4, pp. 208–223, Oct. 2008. [60] Y. Wang and J. P. Hespanha, ‘‘Distributed estimation of power system
[36] J. T. Chiang, J. J. Haas, and Y.-C. Hu, ‘‘Secure and precise location oscillation modes under attacks on GPS clocks,’’ IEEE Trans. Instrum.
verification using distance bounding and simultaneous multilateration,’’ in Meas., vol. 67, no. 7, pp. 1626–1637, Jul. 2018.
Proc. 2nd ACM Conf. Wireless Netw. Secur. (WiSec), 2009, pp. 181–192. [61] M. S. Almas, L. Vanfretti, R. S. Singh, and G. M. Jonsdottir, ‘‘Vulnerability
[37] F. Speelman, ‘‘Position-based quantum cryptography and the
of synchrophasor-based WAMPAC Applications’ to time synchroniza-
garden-hose game,’’ 2012, arXiv:1210.4353. [Online]. Available:
tion spoofing,’’ IEEE Trans. Smart Grid, vol. 9, no. 5, pp. 4601–4612,
http://arxiv.org/abs/1210.4353
Sep. 2017.
[38] R. Yang, Q. Xu, M. H. Au, Z. Yu, H. Wang, and L. Zhou, ‘‘Position based
[62] L. D. A. Faria, C. A. D. M. Silvestre, M. A. F. Correia, and
cryptography with location privacy: A step for fog computing,’’ Future
N. A. Roso, ‘‘Susceptibility of GPS-dependent complex systems to spoof-
Gener. Comput. Syst., vol. 78, pp. 799–806, Jan. 2018.
[39] H. Zhang, Z. Zhang, and Z. Cao, ‘‘Position-verification in multi-channel ing,’’ J. Aerosp. Technol. Manage., vol. 10, pp. 1–11, Jan. 2018.
models,’’ IACR Cryptol. ePrint Arch., vol. 2011, p. 714, 2011. [Online]. [63] J. Noh, Y. Kwon, Y. Son, H. Shin, D. Kim, J. Choi, and Y. Kim, ‘‘Tractor
Available: https://eprint.iacr.org/2011/714.pdf beam: Safe-hijacking of consumer drones with adaptive GPS spoofing,’’
[40] J. Brody, S. Dziembowski, S. Faust, and K. Pietrzak, ‘‘Position-based ACM Trans. Privacy Secur., vol. 22, no. 2, pp. 1–26, Apr. 2019.
cryptography and multiparty communication complexity,’’ in Proc. Theory [64] S. Li. (Accessed: Jun. 19, 2021). Tdoa Acoustic Localization.
Cryptogr. Conf. Cham, Switzerland: Springer, 2017, pp. 56–81. Accessed: 2011. [Online]. Available: https://github.com/StevenJL/
[41] Q. Xue, F. Li, H. Chen, H. Zhang, and Z. Cao, ‘‘Multi-proxy multi- tdoa_localization
signature binding positioning protocol,’’ Secur. Commun. Netw., vol. 9, [65] M. Bshara, U. Orguner, F. Gustafsson, and L. Van Biesen, ‘‘Fingerprint-
no. 16, pp. 3868–3879, Nov. 2016. ing localization in wireless networks based on received-signal-strength
[42] S. Dziembowski and M. Zdanowicz, ‘‘Position-based cryptography from measurements: A case study on WiMAX networks,’’ IEEE Trans. Veh.
noisy channels,’’ in Proc. Int. Conf. Cryptol. Afr. Cham, Switzerland: Technol., vol. 59, no. 1, pp. 283–294, Jan. 2009.
Springer, 2014, pp. 300–317. [66] G. Mao and B. Fidan, ‘‘Introduction to wireless sensor network local-
[43] A. Kent, W. Munro, T. Spiller, and R. Beausoleil, ‘‘Tagging systems, ization,’’ in Localization Algorithms and Strategies for Wireless Sensor
2006,’’ US Patent 2006 00 22 832, 2006. Networks: Monitoring and Surveillance Techniques for Target Tracking.
[44] A. Kent, W. J. Munro, and T. P. Spiller, ‘‘Quantum tagging: Hershey, PA, USA: IGI Global, 2009, pp. 1–32.
Authenticating location via quantum information and relativistic [67] R. Jarvis, A. Mason, K. Thornhill, and B. Zhang, ‘‘Indoor positioning
signalling constraints,’’ 2010, arXiv:1008.2147. [Online]. Available: system,’’ Dept. Electr. Comput., Tech. Rep. EE 4820, 2011.
http://arxiv.org/abs/1008.2147 [68] V. Daiya, J. Ebenezer, S. S. Murty, and B. Raj, ‘‘Experimental analysis
[45] A. Kent, W. J. Munro, and T. P. Spiller, ‘‘Quantum tagging: Authenticating of RSSI for distance and position estimation,’’ in Proc. Int. Conf. Recent
location via quantum information and relativistic signaling constraints,’’ Trends Inf. Technol. (ICRTIT), Jun. 2011, pp. 1093–1098.
Phys. Rev. A, Gen. Phys., vol. 84, no. 1, Jul. 2011, Art. no. 012326. [69] Q. Dong and W. Dargie, ‘‘Evaluation of the reliability of RSSI for indoor
[46] D. Unruh, ‘‘Quantum position verification in the random oracle model,’’ localization,’’ in Proc. Int. Conf. Wireless Commun. Underground Confined
in Proc. Annu. Cryptol. Conf. Berlin, Germany: Springer, 2014, pp. 1–18. Areas, Aug. 2012, pp. 1–6.
[47] R. A. Malaney, ‘‘Location-dependent communications using quantum [70] P. A. Kowalski and S. Łukasik, ‘‘Experimental study of selected parameters
entanglement,’’ Phys. Rev. A, Gen. Phys., vol. 81, no. 4, Apr. 2010, of the krill herd algorithm,’’ in Intelligent Systems. Cham, Switzerland:
Art. no. 042319. Springer, 2015, pp. 473–485.
[48] W. Wu, X. Wen, H. Xu, L. Yuan, and Q. Meng, ‘‘Accurate range-free local- [71] S. Cheng, H. Lu, X. Lei, and Y. Shi, ‘‘A quarter century of particle
ization based on quantum particle swarm optimization in heterogeneous swarm optimization,’’ Complex Intell. Syst., vol. 4, no. 3, pp. 227–239,
wireless sensor networks,’’ KSII Trans. Internet Inf. Syst., vol. 12, no. 3, Oct. 2018.
pp. 1083–1097, 2018. [72] A. Singh, A. Kumar, A. Kumar, and V. Dwivedi, ‘‘Radio frequency global
[49] P. Bilski and W. Winiecki, ‘‘Analysis of the position-based quantum cryp-
positioning system for real-time vehicle parking,’’ in Proc. Int. Conf. Signal
tography usage in the distributed measurement system,’’ Measurement,
Process. Commun. (ICSC), Dec. 2016, pp. 479–483.
vol. 46, no. 10, pp. 4353–4361, Dec. 2013.
[50] F. Gao, B. Liu, and Q. Wen, ‘‘Quantum position verification in bounded- [73] T. Rappaport, Wireless Communications: Principles and Practice, 2nd ed.
attack-frequency model,’’ Sci. China Phys., Mech. Astron., vol. 59, no. 11, London, U.K.: Pearson, 2010.
pp. 1–11, Nov. 2016. [74] H. Nurminen, L. Suomalainen, S. Ali-Loytty, and R. Piche, ‘‘3D angle-of-
[51] H.-K. Lau and H.-K. Lo, ‘‘Insecurity of position-based quantum- arrival positioning using von mises-Fisher distribution,’’ in Proc. 21st Int.
cryptography protocols against entanglement attacks,’’ Phys. Rev. A, Gen. Conf. Inf. Fusion (FUSION), Jul. 2018, pp. 2036–2041.
Phys., vol. 83, no. 1, Jan. 2011, Art. no. 012322. [75] D. W. Lim, S. Lim, S. Chun, and M. B. Heo, ‘‘Considerations for
[52] P. V. P. Pinheiro, P. Chaiwongkhot, S. Sajeed, R. T. Horn, J.-P. Bourgoin, design and implementation of a RF emitter localization system with array
T. Jennewein, N. Lütkenhaus, and V. Makarov, ‘‘Eavesdropping and coun- antennas,’’ J. Positioning, Navigat., Timing, vol. 5, no. 1, pp. 37–45,
termeasures for backflash side channel in quantum cryptography,’’ Opt. Mar. 2016.
Exp., vol. 26, no. 16, pp. 21020–21032, 2018. [76] Y. T. Chan, F. Chan, W. Read, B. R. Jackson, and B. H. Lee, ‘‘Hybrid
[53] M. Curty, K. Tamaki, F. Xu, A. Mizutani, C. C. W. Lim, B. Qi, and localization of an emitter by combining angle-of-arrival and received signal
H.-K. Lo, ‘‘Bridging the gap between theory and practice in quantum strength measurements,’’ in Proc. IEEE 27th Can. Conf. Electr. Comput.
cryptography,’’ in Electro-Optical and Infrared Systems: Technology and Eng. (CCECE), May 2014, pp. 1–5.
Applications XII; and Quantum Information Science and Technology, [77] K. Muthukrishnan and M. Hazas, ‘‘Position estimation from UWB pseu-
vol. 9648. Bellingham, WA, USA: SPIE, 2015, Art. no. 96480X. dorange and angle-of-arrival: A comparison of non-linear regression
[54] R. Asif and W. J. Buchanan, ‘‘Quantum-to-the-home: Achieving Gbits/s and Kalman filtering,’’ in Proc. Int. Symp. Context-Awareness. Berlin,
secure key rates via commercial off-the-shelf telecommunication equip- Germany: Springer, 2009, pp. 222–239.
ment,’’ Secur. Commun. Netw., vol. 2017, pp. 1–10, Jan. 2017. [78] H.-J. Du and J. P. Lee, ‘‘Simulation of multi-platform geolocation
[55] O. S. Althobaiti and M. Dohler, ‘‘Cybersecurity challenges associated with using a hybrid TDOA/AOA method,’’ Defence R&D Canada, Ottawa,
the Internet of Things in a post-quantum world,’’ IEEE Access, vol. 8, ON, Canada, Ottawa Tech. Memorandum DRDC Ottawa TM 2004-256,
pp. 157356–157381, 2020. Dec. 2004.

133202 VOLUME 9, 2021

O. S. Althobaiti, M. Dohler: Quantum-Resistant Cryptography for IoT Based on Location-Based Lattices

[79] C. Chen, J. Hoffstein, W. Whyte, and Z. Zhang. (2018). NIST [96] T. E. Humphreys, B. M. Ledvina, M. L. Psiaki, B. W. O’Hanlon, and
PQ Submission: NTRUEncrypt A lattice based encryption algorithm, P. M. Kintner, ‘‘Assessing the spoofing threat: Development of a portable
NIST Post-Quantum Cryptography Standardization: Round 1 Submis- GPS civilian spoofer,’’ in Proc. 21st Int. Tech. Meeting Satell. Division The
sions. [Online]. Available: https://csrc.nist.gov/Projects/post-quantum- Inst. Navigat. (ION GNSS), 2008, pp. 2314–2325.
cryptography/Round-1-Submissions [97] F. A. Aderohunmu, ‘‘Energy management techniques in wireless sensor
[80] F. Bergami, ‘‘Lattice-based cryptography,’’ Ph.D. dissertation, Universita networks: Protocol design and evaluation,’’ Ph.D. dissertation, Dept. Inf.
di Padova, Padua, Italy, Jul. 2016. Sci., Univ. Otago, Dunedin, New Zealand, 2010.
[81] Y. Yuan, C.-M. Cheng, S. Kiyomoto, Y. Miyake, and T. Takagi, ‘‘Portable
implementation of lattice-based cryptography using Javascript,’’ Int. J.
Netw. Comput., vol. 6, no. 2, pp. 309–327, 2016.
[82] K. Ahmad, M. Doja, N. I. Udzir, and M. P. Singh, Emerging security OHOOD SAUD ALTHOBAITI (Graduate Student Member, IEEE) received
Algorithms and Techniques. Boca Raton, FL, USA: CRC Press, 2019. the master’s degree (Hons.) in computer science from the College of
[83] J. Hoffstein, J. Pipher, and J. H. Silverman, ‘‘NTRU: A ring-based public Computer and Information Sciences, King Saud University, Saudi Arabia,
key cryptosystem,’’ in Proc. Int. Algorithmic Number Theory Symp. Berlin, in 2012. She is currently pursuing the Ph.D. degree with the Centre for
Germany: Springer, 1998, pp. 267–288. Telecommunications Research, Department of Engineering, King’s College
[84] Mtholyoke.edu. (Accessed: May 23, 2021). MATLAB Programs London, London, U.K. She is a Lecturer with the Computer Science Depart-
for P-ADICS. [Online]. Available: https://www.mtholyoke. ment, College of Computers and Information Technology, Taif University,
edu/courses/mpeterso/math251/padic/index.html Saudi Arabia. She has peer-reviewed published articles. Her research inter-
[85] T. Cleveland, Number Theory. U.K.: Scientific e-Resources, 2018.
ests include cybersecurity, quantum computing, computer networks, pattern
[86] M. H. Abood, ‘‘An efficient image cryptography using hash-LSB steganog-
recognition, and artificial intelligence (AI), with special focuses on security
raphy with RC4 and pixel shuffling encryption algorithms,’’ in Proc.
Annu. Conf. New Trends Inf. Commun. Technol. Appl. (NTICT), Mar. 2017, in the Internet of Things (IoT). She was awarded the Reward Scientific
pp. 86–90. Publishing in ISI journals, the First-Class Honor Award from Taif University,
[87] A. Dadheech, ‘‘Preventing information leakage from encoded data in in 2008, and the Scholarship for her Ph.D. degree.
lattice based cryptography,’’ in Proc. Int. Conf. Adv. Comput., Commun.
Informat. (ICACCI), Sep. 2018, pp. 1952–1955.
[88] H. Kefas. (Accessed: Jun. 2, 2021). Pixel Shuffling and Inverse Shuffling—
MATLAB Answers—MATLAB Central. Accessed: 2018. [Online]. MISCHA DOHLER (Fellow, IEEE) was the
Available: https://uk.mathworks.com/matlabcentral/answers/323409- Director of the Centre for Telecommunications
pixel-shuffling-and-inverse-shuffling#answer_319011 Research, King’s College London, from 2014 to
[89] S. Li and P. Shang, ‘‘Analysis of nonlinear time series using discrete 2018. He worked as a Senior Researcher at
generalized past entropy based on amplitude difference distribution of Orange/France Telecom, from 2005 to 2008. He is
horizontal visibility graph,’’ Chaos, Solitons Fractals, vol. 144, Mar. 2021, the Co-Founder of the Smart Cities pioneering
Art. no. 110687. company Worldsensing, where he was the CTO,
[90] S. S. Askar, A. A. Karawia, and F. S. Alammar, ‘‘Cryptographic algorithm from 2008 to 2014. He is currently a Full Profes-
based on pixel shuffling and dynamical chaotic economic map,’’ IET Image sor in wireless communications at King’s College
Process., vol. 12, no. 1, pp. 158–167, Jan. 2018. London, driving cross-disciplinary research and
[91] M. Dichtl, ‘‘Cryptographic shuffling of random and pseudorandom innovation in technology, sciences, and arts. He is a Serial Entrepreneur,
sequences,’’ in Proc. Dagstuhl Seminar. Wadern, Germany: Schloss a Composer, and a Pianist with five albums on Spotify/iTunes. He is fluent in
Dagstuhl-Leibniz-Zentrum für Informatik, 2007. six languages. He acts as a Policy Advisor on issues related to digital, skills,
[92] M. Madelaire. (Accessed: Aug. 7, 2020). How to Generate Points and education. He has had ample coverage by national and international
in Triangular Lattice Pattern. Accessed: 2019. [Online]. Available:
press and media. He is a frequent keynote, panel, and tutorial speaker.
https://uk.mathworks.com/matlabcentral/answers/474193-how-to-
generate-points-in-triangular-lattice-pattern#answer_385556
He has more than 300 highly cited publications and authored several books.
[93] O. S. Althobaiti and M. Dohler, ‘‘Narrowband-Internet of Things device- He holds a dozen patents, organized, and chaired numerous conferences.
to-device simulation: An open-sourced framework,’’ Sensors, vol. 21, He has pioneered several research fields, contributed to numerous wireless
no. 5, p. 1824, Mar. 2021. broadband, the IoT/M2M, and cyber security standards. He is a fellow the
[94] J. S. Warner and R. G. Johnston, ‘‘GPS spoofing countermeasures,’’ Home- Royal Academy of Engineering, the Royal Society of Arts (RSA), and
land Secur. J., vol. 25, no. 2, pp. 19–27, 2003. the Institution of Engineering and Technology (IET); and a Distinguished
[95] H. Wen, P. Y.-R. Huang, J. Dyer, A. Archinal, and J. Fagan, ‘‘Countermea- Member of Harvard Square Leaders Excellence. He has received numerous
sures for GPS signal spoofing,’’ in Proc. 18th Int. Tech. Meeting Satell. awards. He was the Editor-in-Chief of two journals.
Division Inst. Navigat. (ION GNSS), 2005, pp. 1285–1290.

VOLUME 9, 2021 133203