25 research outputs found
Security Evaluation of Practical Quantum Communication Systems
Modern information and communication technology (ICT), including internet, smart phones, cloud computing, global positioning system, e-commerce, e-Health, global communications and internet of things (IoT), all rely fundamentally - for identification, authentication, confidentiality and confidence - on cryptography. However, there is a high chance that most modern cryptography protocols will be annihilated upon the arrival of quantum computers. This necessitates taking steps for making the current ICT systems secure against quantum computers. The task is a huge and time-consuming task and there is a serious probability that quantum computers will arrive before it is complete. Hence, it is of utmost importance to understand the risk and start planning for the solution now.
At this moment, there are two potential paths that lead to solution. One is the path of post-quantum cryptography: inventing classical cryptographic algorithms that are secure against quantum attacks. Although they are hoped to provide security against quantum attacks for most situations in practice, there is no mathematical proof to guarantee unconditional security (`unconditional security' is a technical term that means security is not dependent on a computational hardness assumption). This has driven many to choose the second path: quantum cryptography (QC).
Quantum cryptography - utilizing the power of quantum mechanics - can guarantee unconditional security in theory. However, in practice, device behavior varies from the modeled behavior, leading to side-channels that can be exploited by an adversary to compromise security. Thus, practical QC systems need to be security evaluated - i.e., scrutinized and tested for possible vulnerabilities - before they are sold to customers or deployed in large scale. Unfortunately, this task has become more and more demanding as QC systems are being built in various style, variants and forms at different parts of the globe. Hence, standardization and certification of security evaluation methods are necessary. Also, a number of compatibility, connectivity and interoperability issues among the QC systems require standardization and certification which makes it an issue of highest priority.
In this thesis, several areas of practical quantum communication systems were scrutinized and tested for the purpose of standardization and certification. At the source side, the calibration mechanism of the outgoing mean photon number - a critical parameter for security - was investigated. As a prototype, the pulse-energy-monitoring system (PEMS) implemented in a commercial quantum key distribution (QKD) machine was chosen and the design validity was tested. It was found that the security of PEMS was based on flawed design logic and conservative assumptions on Eve's ability. Our results pointed out the limitations of closed security standards developed inside a company and highlighted the need for developing - for security - open standards and testing methodologies in collaboration between research and industry.
As my second project, I evaluated the security of the free space QKD receiver prototype designed for long-distance satellite communication. The existence of spatial-mode-efficiency-mismatch side-channel was experimentally verified and the attack feasibility was tested. The work identified a methodology for checking the spatial-mode-detector-efficiency mismatch in these types of receivers and showed a simple, implementable countermeasure to block this side-channel.
Next, the feasibility of laser damage as a potential tool for eavesdropping was investigated. After testing on two different quantum communication systems, it was confirmed that laser damage has a high chance of compromising the security of a QC system. This work showed that a characterized and side-channel free system does not always mean secure; as side-channels can be created on demand. The result pointed out that the standardization and certification process must consider laser-damage related security critical issues and ensure that it is prevented.
Finally, the security proof assumptions of the detector-device-independent QKD (ddiQKD) protocol - that restricted the ability of an eavesdropper - was scrutinized. By introducing several eavesdropping schemes, we showed that ddiQKD security cannot be based on post selected entanglement. Our results pointed out that testing the validity of assumptions are equally important as testing hardware for the standardization and certification process.
Several other projects were undertaken including security evaluation of a QKD system against long wavelength Trojan-horse attack, certifying a countermeasure against a particular attack, analyzing the effects of finite-key-size and imperfect state preparation in a commercial QKD system, and experimental demonstration of quantum fingerprinting. All of these works are parts of an iterative process for standardization and certification that a new technology - in this case, quantum cryptography- must go through before being able to supersede the old technology - classical cryptography. I expect that after few more iterations like the ones outlined in this thesis, security of practical QC will advance to a state to be called unconditional and the technology will truly be able to win the trust to be deployed on large scale
Invisible Trojan-horse attack
We demonstrate the experimental feasibility of a Trojan-horse attack that
remains nearly invisible to the single-photon detectors employed in practical
quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We
perform a detailed numerical comparison of the attack performance against
Scarani-Acin-Ribordy-Gisin (SARG04) QKD protocol at 1924nm versus that at
1536nm. The attack strategy was proposed earlier but found to be unsuccessful
at the latter wavelength, as reported in N.~Jain et al., New J. Phys. 16,
123030 (2014). However at 1924nm, we show experimentally that the noise
response of the detectors to bright pulses is greatly reduced, and show by
modeling that the same attack will succeed. The invisible nature of the attack
poses a threat to the security of practical QKD if proper countermeasures are
not adopted.Comment: 8 pages, 3 figures, due to problem in the compilation of
bibliography, we are uploading a corrected versio
Bright-light detector control emulates the local bounds of Bell-type inequalities
It is well-known that no local model - in theory - can simulate the outcome
statistics of a Bell-type experiment as long as the detection efficiency is
higher than a threshold value. For the Clauser-Horne-Shimony-Holt (CHSH) Bell
inequality this theoretical threshold value is . On the other hand, Phys.\ Rev.\ Lett.\ 107,
170404 (2011) outlined an explicit practical model that can fake the CHSH
inequality for a detection efficiency of up to . In this work, we close
this gap. More specifically, we propose a method to emulate a Bell inequality
at the threshold detection efficiency using existing optical detector control
techniques. For a Clauser-Horne-Shimony-Holt inequality, it emulates the CHSH
violation predicted by quantum mechanics up to . For the
Garg-Mermin inequality - re-calibrated by incorporating non-detection events -
our method emulates its exact local bound at any efficiency above the
threshold. This confirms that attacks on secure quantum communication protocols
based on Bell violation is a real threat if the detection efficiency loophole
is not closed.Comment: 7 pages, 3 figure
Insecurity of detector-device-independent quantum key distribution
Detector-device-independent quantum key distribution (ddiQKD) held the
promise of being robust to detector side-channels, a major security loophole in
QKD implementations. In contrast to what has been claimed, however, we
demonstrate that the security of ddiQKD is not based on post-selected
entanglement, and we introduce various eavesdropping strategies that show that
ddiQKD is in fact insecure against detector side-channel attacks as well as
against other attacks that exploit device's imperfections of the receiver. Our
attacks are valid even when the QKD apparatuses are built by the legitimate
users of the system themselves, and thus free of malicious modifications, which
is a key assumption in ddiQKD.Comment: 7 pages, 5 figures, 1 tabl
Testing random-detector-efficiency countermeasure in a commercial system reveals a breakable unrealistic assumption
In the last decade, efforts have been made to reconcile theoretical security
with realistic imperfect implementations of quantum key distribution (QKD).
Implementable countermeasures are proposed to patch the discovered loopholes.
However, certain countermeasures are not as robust as would be expected. In
this paper, we present a concrete example of ID Quantique's
random-detector-efficiency countermeasure against detector blinding attacks. As
a third-party tester, we have found that the first industrial implementation of
this countermeasure is effective against the original blinding attack, but not
immune to a modified blinding attack. Then, we implement and test a later full
version of this countermeasure containing a security proof [C. C. W. Lim et
al., IEEE Journal of Selected Topics in Quantum Electronics, 21, 6601305
(2015)]. We find that it is still vulnerable against the modified blinding
attack, because an assumption about hardware characteristics on which the proof
relies fails in practice.Comment: 12 pages, 12 figure
Attacking quantum key distribution by light injection via ventilation openings
Quantum cryptography promises security based on the laws of physics with
proofs of security against attackers of unlimited computational power. However,
deviations from the original assumptions allow quantum hackers to compromise
the system. We present a side channel attack that takes advantage of
ventilation holes in optical devices to inject additional photons that can leak
information about the secret key. We experimentally demonstrate light injection
on an ID~Quantique Clavis2 quantum key distribution platform and show that this
may help an attacker to learn information about the secret key. We then apply
the same technique to a prototype quantum random number generator and show that
its output is biased by injected light. This shows that light injection is a
potential security risk that should be addressed during the design of quantum
information processing devices
Publisher Correction: Invisible Trojan-horse attack
A correction to this article has been published and is linked from the HTML version of this paper. The error has been fixed in the paper
Experimental quantum key distribution with source flaws
Decoy-state quantum key distribution (QKD) is a standard technique in current
quantum cryptographic implementations. Unfortunately, existing experiments have
two important drawbacks: the state preparation is assumed to be perfect without
errors and the employed security proofs do not fully consider the finite-key
effects for general attacks. These two drawbacks mean that existing experiments
are not guaranteed to be secure in practice. Here, we perform an experiment
that for the first time shows secure QKD with imperfect state preparations over
long distances and achieves rigorous finite-key security bounds for decoy-state
QKD against coherent attacks in the universally composable framework. We
quantify the source flaws experimentally and demonstrate a QKD implementation
that is tolerant to channel loss despite the source flaws. Our implementation
considers more real-world problems than most previous experiments and our
theory can be applied to general QKD systems. These features constitute a step
towards secure QKD with imperfect devices.Comment: 12 pages, 4 figures, updated experiment and theor