Security verification for the physical implementation of a cryptography system is an important step to ensure the security level promised by theory. As has been shown many times, any physical device has characteristics and behavior that deviate from theoretical expectations. Frequently, those lead to new security loopholes.
This thesis presents three experimental studies of attacks on quantum key distribution (QKD) systems. The first is the detection efficiency mismatch on free-space systems, which takes advantage of alignment imperfections in Bob's detector to control detection efficiencies. The experiment was done on a polarization-encoding free-space receiver to find the detection efficiencies of each detector for different spatial modes of an incoming photon. Those results were put into an optimization program, which modeled an intercept-and-resend attack on a non-decoy Bennett-Brassard 1984 (BB84) protocol. The result shows that an adversary is able to gain information about the key without being detected by Alice and Bob. The second study is an experimental test of reliability of a spatial filter (a pinhole), which is proposed as a countermeasure for the previous attack. The result shows that, by sending a high-power laser beam focused on the pinhole, the pinhole can be widened without affecting other components in the receiver. Thus, the ability to perform a spatial mode detection efficiency-mismatch attack is recovered. The last experiment is a demonstration of Eve's ability to force a commercial system to distill a key from a raw key of a short length, where the asymptotic assumption of security claimed by the manufacturer might not hold. It was shown that this could be done by inducing transmission loss in the channel at an appropriate time
