<p>Digital systems face two concurrent threats: the Harvest-Now-Decrypt-Later (HNDL) risk from quantum computers and the failure of perimeter security to prevent insider attacks and credential theft. Existing research, often limited to protocol-centric or domain-specific solutions, fails to provide a unified, enterprise-ready defense. We introduce QuantumSafeStore (QSS4), a novel architecture that unifies Post-Quantum Cryptography (PQC), Zero Trust principles, and blockchain auditability for secure file storage and delivery. QSS4 utilizes a modular pipeline integrating ML-KEM (Kyber) for quantum-secure key exchange, AES-256-GCM for authenticated encryption, Zstandard compression, and Polygon-based Merkle anchoring for cost-effective, tamper-evident logging. Novelty lies in its unified approach: explicit Zero Trust enforcement (NIST SP 800-207), verifiable accountability, and demonstrated crypto-agility through a deployable Flask prototype. Empirical evaluation validates QSS4’s resilience and efficiency, offering a practical blueprint for long-term data security against both classical and quantum adversaries.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enterprise-Ready Post-Quantum Zero Trust Storage: The QSS4 Architecture

  • K. S. Pranav Dutthan,
  • K. Kavikkannan,
  • S. Divyashree,
  • Naziya,
  • J. H. Ishanni,
  • Yuvaraj Natarajan

摘要

Digital systems face two concurrent threats: the Harvest-Now-Decrypt-Later (HNDL) risk from quantum computers and the failure of perimeter security to prevent insider attacks and credential theft. Existing research, often limited to protocol-centric or domain-specific solutions, fails to provide a unified, enterprise-ready defense. We introduce QuantumSafeStore (QSS4), a novel architecture that unifies Post-Quantum Cryptography (PQC), Zero Trust principles, and blockchain auditability for secure file storage and delivery. QSS4 utilizes a modular pipeline integrating ML-KEM (Kyber) for quantum-secure key exchange, AES-256-GCM for authenticated encryption, Zstandard compression, and Polygon-based Merkle anchoring for cost-effective, tamper-evident logging. Novelty lies in its unified approach: explicit Zero Trust enforcement (NIST SP 800-207), verifiable accountability, and demonstrated crypto-agility through a deployable Flask prototype. Empirical evaluation validates QSS4’s resilience and efficiency, offering a practical blueprint for long-term data security against both classical and quantum adversaries.