DigiCert IoT Security For The Quantum Era - Embedded World NA - Nov. 6, 2025

Описание: Securing IoT in the Quantum Era — Live PQC Demo (MQTTS + TLS 1.3)
Recorded at Embedded World North America, Anaheim Convention Center — Nov 6, 2025.
Speaker: Atul Gupta, Sr. Director of Solutions Architecture, DigiCert (Device Trust team)

What this session covers
Post-quantum risk for connected devices (harvest-now-decrypt-later), the NIST-approved algorithms (ML-KEM, ML-DSA, SLH-DSA), and a live demo of MQTTS over TLS 1.3 using ML-DSA for server authentication and ML-KEM for key establishment—built with Mosquitto linked to OpenSSL 3.5.x and the TrustEdge agent as the MQTT client.

Key takeaways

Act now: Long device lifecycles make HNDL a real exposure.

TLS 1.3 is the path: 1.2 is feature-frozen; plan upgrades.

Performance is fine—size is hard: Expect bigger certs, signatures, chains, and trust stores (memory during handshake is the pinch point).

Pragmatic recipe: ML-DSA (auth) + ML-KEM (KEM) + AES-256 (data).

Pure PQC issuance: Hybrids/composites were a bridge; move to pure PQC certs.

Ecosystem readiness matters: Brokers, clouds, LBs, HSMs, and secure elements must all support the new stacks.

Who should watch
Device designers, embedded/firmware engineers, product security leaders, PKI/platform owners, and anyone modernizing IoT fleets for PQC.

Demo stack (at a glance)

MQTT broker: Mosquitto (built against OpenSSL 3.5.x with PQC)

Client: TrustEdge agent (publisher/subscriber)

Handshake: TLS 1.3 + ML-DSA (server cert) + ML-KEM (key encapsulation)

Bonus: TLS key-log shown in Wireshark for educational trace analysis (demo-only; don’t enable in production).

Cloud and platform support evolves quickly—verify TLS 1.3/PQC capabilities for your endpoints before rollout.

Related DigiCert capabilities
DigiCert issues pure PQC certificates (ML-DSA, SLH-DSA), with PQC integrated across the DigiCert ONE platform (incl. Device Trust Manager, DTM Gateway, TrustCore SDK modules).

Chapters (add timestamps)
00:00 Why PQC for IoT (HNDL)
— Demo overview (MQTTS + TLS 1.3)
— Sizing realities & brownfield upgrades
— PKI/issuance updates & ecosystem readiness
— Q&A

#IoT #PQC #PostQuantum #TLS13 #MQTT #Cybersecurity #DigiCert #DeviceTrust #Embedded #PKI

00:00 DigiCert IoT Security For The Quantum Era - Embedded World NA - Nov. 6, 2025