This is a preview and has not been published. View submission

A PQC-Aware Secure Communication Architecture for NB-IoT: Control-Plane Post-Quantum Onboarding with Lightweight Data-Plane Protection

Authors

  • Thi-Bac Do Thai Nguyen University of Information and Communication Technology, Thai Nguyen, Vietnam
Volume: 16 | Issue: 3 | Pages: 34773-34781 | June 2026 | https://doi.org/10.48084/etasr.17220

Received: 28 December 2025 | Revised: 8 February 2026, 25 February 2026, and 28 February 2026 | Accepted: 4 March 2026 | Online: 1 May 2026


Corresponding author: Thi-Bac Do

Abstract

The advent of large-scale quantum computing poses a fundamental threat to widely deployed public-key cryptographic mechanisms, particularly in Internet of Things (IoT) systems with long operational lifetimes and limited upgrade capabilities. Narrowband Internet of Things (NB-IoT), as a representative Low-Power Wide-Area Network (LPWAN) technology, is especially vulnerable to this transition due to its strict constraints on packet size, bandwidth, and Radio-Frequency (RF) energy consumption. Although Post-Quantum Cryptography (PQC) has progressed rapidly through standardization efforts led by the National Institute of Standards and Technology (NIST), the direct and frequent application of PQC primitives in NB-IoT communication remains impractical. Large ciphertexts and digital signatures, although cryptographically sound, conflict with the fundamental design principles of LPWANs and may significantly degrade reliability, scalability, and device lifetime. This paper proposes a PQC-aware secure communication architecture for NB-IoT that reconciles long-term quantum resistance with the operational realities of constrained radio networks. Rather than treating PQC as a drop-in replacement for classical public-key cryptography, the proposed design adopts a two-plane security architecture that explicitly separates control-plane onboarding from data-plane communication. Post-quantum primitives are confined to infrequent onboarding operations, where higher overhead can be tolerated, while routine data transmission relies exclusively on lightweight symmetric authenticated encryption. Specifically, the architecture employs CRYSTALS-Kyber for post-quantum key encapsulation and CRYSTALS-Dilithium for device authentication during onboarding, selected for their standardization status and comparatively compact message sizes. After onboarding, all data traffic is protected using ChaCha20-Poly1305, combined with a key-derivation-based ratcheting mechanism that provides per-message forward secrecy without recurring PQC overhead. This design is explicitly aligned with NIST guidance on the intended use of post-quantum signatures and the constraints of LPWAN deployments. The proposed framework was implemented and evaluated on an ESP32-based NB-IoT platform with a commercial cellular module. Experimental results demonstrate that post-quantum onboarding can be completed within NB-IoT packet-size constraints with acceptable reliability, while routine data transmission incurs minimal computational, bandwidth, and energy overhead. The findings confirm that quantum-resistant security for NB-IoT is achievable only when PQC is applied selectively and system-aware, rather than uniformly across all communication phases.

Keywords:

Post-Quantum Cryptography (PQC), NB-IoT, LPWAN security, PQC-aware architecture, Kyber, Dilithium, ChaCha20-Poly1305, IoT onboarding, forward secrecy

Downloads

Download data is not yet available.

References

U. Banerjee, A. Pathak, and A. P. Chandrakasan, "An Energy-Efficient Configurable Lattice Cryptography Processor for the Quantum-Secure Internet of Things," in 2019 IEEE International Solid- State Circuits Conference - (ISSCC), Feb. 2019, pp. 46–48.

S. Darzi, M. M. Rahman, I. Karim, R. Behnia, A. A. Yavuz, and E. Bertino, "Future-Proofing Authentication Against Insecure Bootstrapping for 5G Networks: Feasibility, Resiliency, and Accountability." arXiv, 2025.

J. P. Mattsson, G. Selander, B. Smeets, and E. Thormarker, "Constrained radio networks, small ciphertexts, signatures, and non-interactive key exchange," in Fourth PQC Standardization Conference (2022), 2022, vol. 10.

L. Beckwith, D. T. Nguyen, and K. Gaj, "Hardware Accelerators for Digital Signature Algorithms Dilithium and FALCON," IEEE Design & Test, vol. 41, no. 5, pp. 27–35, Oct. 2024.

D. Kim, J. Choi, S. Yoon, and S. C. Seo, "Optimized implementation of HQC on Cortex-M4," ICT Express, vol. 11, no. 5, pp. 939–944, Oct. 2025.

E. D. Demir, B. Bilgin, and M. C. Onbasli, "Performance Analysis and Industry Deployment of Post-Quantum Cryptography Algorithms." arXiv, Mar. 31, 2025.

L. H. Mahdi and A. A. Abdullah, "Fortifying Future IoT Security: A Comprehensive Review on Lightweight Post-Quantum Cryptography," Engineering, Technology & Applied Science Research, vol. 15, no. 2, pp. 21812–21821, Apr. 2025.

S. R. Hussain, M. Echeverria, A. Singla, O. Chowdhury, and E. Bertino, "Insecure connection bootstrapping in cellular networks: the root of all evil," in Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, Feb. 2019.

"Stateless hash-based digital signature standard," National Institute of Standards and Technology, USA, NIST FIPS 205, Aug. 2024.

"Module-lattice-based digital signature standard," National Institute of Standards and Technology, USA, NIST FIPS 204, Aug. 2024.

A. Singla, R. Behnia, S. R. Hussain, A. Yavuz, and E. Bertino, "Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend Against Fake Base-Stations," in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Mar. 2021, pp. 501–515.

"Module-lattice-based key-encapsulation mechanism standard," National Institute of Standards and Technology, USA, NIST FIPS 203, Aug. 2024.

"Announcing the Commercial National Security Algorithm Suite 2.0," National Security Agency (NSA), USA, PP-22-1338, Sept. 2022.

"PQC Migration Roadmap," Post Quantum Cryptography Coalition. https://pqcc.org/post-quantum-cryptography-migration-roadmap/.

A. J. Ross, B. Reaves, Y. Nasser, G. Cukierman, and R. P. Jover, "Fixing Insecure Cellular System Information Broadcasts For Good," in Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, June 2024, pp. 693–708.

"Technical Report on Quantum Secure 5G / beyond 5G Core using Post-Quantum Cryptography," Telecommunication Engineering Centre, India, TEC 910028:2025, 2025.

Downloads

How to Cite

[1]
T.-B. Do, “A PQC-Aware Secure Communication Architecture for NB-IoT: Control-Plane Post-Quantum Onboarding with Lightweight Data-Plane Protection”, Eng. Technol. Appl. Sci. Res., vol. 16, no. 3, pp. 34773–34781, Jun. 2026.

Metrics

Abstract Views: 39
PDF Downloads: 34

Metrics Information

License

Copyright (c) 2026 Thi-Bac Do

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.

Crossref
Scopus
Google Scholar
Europe PMC