Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Towards Post-Quantum-Ready Automated Certificate Lifecycle Management in Operational Technology

Authors:
Ayham Alhulaibi
Tobias Frauenschläger
Jürgen Mottok

Keywords: Post-Quantum Cryptography; Public Key Infrastructure; Automated Device Onboarding; BRSKI; Security Token; Operational Technology Security.

Abstract:
Operational Technology (OT) systems increasingly depend on robust and automated certificate lifecycle management to maintain secure operations across long device lifespans and constrained environments. As quantum-capable adversaries emerge, these systems must also support cryptographic agility and prepare for a seamless transition to Post-Quantum Cryptography (PQC). This work presents a crypto-agile, post-quantum-ready testbed architecture that extends existing standards, such as Enrollment over Secure Transport (EST) and Bootstrapping Remote Secure Key Infrastructure (BRSKI), to support hybrid certificates, hardware-based key storage, and protocol flexibility for device bootstrapping and certificate management. A work-in-progress prototype implementation demonstrates support for both traditional and PQC algorithms across device types. Planned evaluations target performance on constrained devices, PQC readiness, and compatibility with alternative protocols. The system lays a foundation for secure and standards-compliant certificate management in future-proof OT deployments.

Pages: 112 to 116

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025