Matthias Geihs,Oleg Nikiforov,Denise Demirel,Alexander Sauer,Denis Butin,Felix Günther,Gernot Alber,Thomas Walther,Johannes Buchmann

DOI: https://doi.org/10.48550/arXiv.1711.09793

2017-11-28

Abstract:Sensitive digital data, such as health information or governmental archives, are often stored for decades or centuries. The processing of such data calls for long-term security. Secure channels on the Internet require robust key establishment methods. Currently used key distribution protocols are either vulnerable to future attacks based on Shor's algorithm, or vulnerable in principle due to their reliance on computational problems. Quantum-based key distribution protocols are information-theoretically secure and offer long-term security. However, significant obstacles to their real-world use remain. This paper, which results from a multidisciplinary project involving computer scientists and physicists, systematizes knowledge about obstacles to and strategies for the realization of long-term secure Internet communication from quantum-based key distribution. We discuss performance and security particulars, consider the specific challenges arising from multi-user network settings, and identify key challenges for actual deployment.

Cryptography and Security

Kaiwei Qiu,Jing Yan Haw,Hao Qin,Nelly H. Y. Ng,Michael Kasper,Alexander Ling

DOI: https://doi.org/10.20517/jsss.2024.02

2024-10-14

Abstract:In the evolving landscape of quantum technology, the increasing prominence of quantum computing poses a significant threat to the security of conventional public key infrastructure. Quantum key distribution (QKD), an established quantum technology at a high readiness level, emerges as a viable solution with commercial adoption potential. QKD facilitates the establishment of secure symmetric random bit strings between two geographically separated, trustworthy entities, safeguarding communications from potential eavesdropping. In particular, data centre interconnects can leverage the potential of QKD devices to ensure the secure transmission of critical and sensitive information in preserving the confidentiality, security, and integrity of their stored data. In this article, we present the successful implementation of a QKD field trial within a commercial data centre environment that utilises the existing fibre network infrastructure. The achieved average secret key rate of 2.392 kbps and an average quantum bit error rate of less than 2% demonstrate the commercial feasibility of QKD in real-world scenarios. As a use case study, we demonstrate the secure transfer of files between two data centres through the Quantum-Secured Virtual Private Network, utilising secret keys generated by the QKD devices.

Quantum Physics

Tianqi Zhou,Jian Shen,Xiong Li,Chen Wang,Jun Shen

DOI: https://doi.org/10.1155/2018/8214619

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Cyberspace has become the most popular carrier of information exchange in every corner of our life, which is beneficial for our life in almost all aspects. With the continuous development of science and technology, especially the quantum computer, cyberspace security has become the most critical problem for the Internet in near future. In this paper, we focus on analyzing characteristics of the quantum cryptography and exploring of the advantages of it in the future Internet. It is worth noting that we analyze the quantum key distribution (QKD) protocol in the noise-free channel. Moreover, in order to simulate real situations in the future Internet, we also search the QKD protocol in the noisy channel. The results reflect the unconditional security of quantum cryptography theoretically, which is suitable for the Internet as ever-increasing challenges are inevitable in the future.

computer science, information systems,telecommunications

Mathieu Bozzio,Claude Crépeau,Petros Wallden,Philip Walther

2024-11-14

Abstract:Due to its fundamental principles, quantum theory holds the promise to enhance the security of modern cryptography, from message encryption to anonymous communication, digital signatures, online banking, leader election, one-time passwords and delegated computation. While quantum key distribution (QKD) has already enabled secure key exchange over hundreds of kilometers, a myriad of other quantum-cryptographic primitives are being developed to secure future applications against quantum adversaries. This article surveys the theoretical and experimental developments in quantum cryptography beyond QKD over the past decades, along with advances in secure quantum computation. It provides an intuitive classification of the main quantum primitives and their security levels, summarizes their possibilities and limits, and discusses their implementation with current photonic technology.

Quantum Physics

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Marcel Kempf,Nikolas Gauder,Benedikt Jaeger,Johannes Zirngibl,Georg Carle

2024-05-15

Abstract:QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20% when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+ with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.

Networking and Internet Architecture,Cryptography and Security

Ali Sellami

DOI: https://doi.org/10.1080/01468030.2024.2370007

2024-06-21

Fiber & Integrated Optics

Abstract:The quantum key distribution (QKD) method allows for the safe creation of encryption keys between trusted entities for secure communication. The suggested system is designed to enable secure communication between multiple parties (a single sender, Alice, and multiple receivers, Bobs) connected via a public channel susceptible to interception. It enables Alice to privately share encryption keys with each Bob over dedicated quantum channels, which can then be used to decrypt messages sent over the public network. The procedure involves Alice generating optical signals with randomly assigned properties such as intensity, phase, polarization, and frequencies. Alice randomly sends either signal states carrying information or decoy states with different frequencies to the receivers (Bobs) over the quantum channels. She also sends a synchronization signal for timing alignment with the quantum signals over the optical links. At the receiving end, the synchronization pulse timestamps the incoming quantum signals. Each Bob then randomly alters the frequencies of the received quantum signals and randomly measures their phase or polarization. The key is created from the frequency, phase, or polarization information of the quantum signals, resulting in longer keys. Key management agents manage the securely QKD-generated keys to encrypt information before sending it to the intended receivers. Essentially, this framework establishes authenticated, private communication by using QKD over dedicated ultra-secure quantum links to distribute decryption keys, ensuring that only intended users can access the content. The approach is designed to ensure end-to-end secure communication across the network.

optics

Christian Paquin,Douglas Stebila,Goutam Tamvada

DOI: https://doi.org/10.1007/978-3-030-44223-1_5

2020-01-01

Abstract:AbstractPost-quantum cryptographic primitives have a range of trade-offs compared to traditional public key algorithms, either having slower computation or larger public keys and ciphertexts/signatures, or both. While the performance of these algorithms in isolation is easy to measure and has been a focus of optimization techniques, performance in realistic network conditions has been less studied. Google and Cloudflare have reported results from running experiments with post-quantum key exchange algorithms in the Transport Layer Security (TLS) protocol with real users’ network traffic. Such experiments are highly realistic, but cannot be replicated without access to Internet-scale infrastructure, and do not allow for isolating the effect of individual network characteristics.In this work, we develop and make use of a framework for running such experiments in TLS cheaply by emulating network conditions using the networking features of the Linux kernel. Our testbed allows us to independently control variables such as link latency and packet loss rate, and then examine the performance impact of various post-quantum-primitives on TLS connection establishment, specifically hybrid elliptic curve/post-quantum key exchange and post-quantum digital signatures, based on implementations from the Open Quantum Safe project. Among our key results, we observe that packet loss rates above 3–5% start to have a significant impact on post-quantum algorithms that fragment across many packets, such as those based on unstructured lattices. The results from this emulation framework are also complemented by results on the latency of loading entire web pages over TLS in real network conditions, which show that network latency hides most of the impact from algorithms with slower computations (such as supersingular isogenies).

Richard J. Hughes,Jane E. Nordholt,Kevin P. McCabe,Raymond T. Newell,Charles G. Peterson,Rolando D. Somma

DOI: https://doi.org/10.48550/arXiv.1305.0305

2013-05-01

Quantum Physics

Abstract:Network-centric quantum communications (NQC) - a new, scalable instantiation of quantum cryptography providing key management with forward security for lightweight encryption, authentication and digital signatures in optical networks - is briefly described. Results from a multi-node experimental test-bed utilizing integrated photonics quantum communications components, known as QKarDs, include: quantum identification; verifiable quantum secret sharing; multi-party authenticated key establishment, including group keying; and single-fiber quantum-secured communications that can be applied as a security retrofit/upgrade to existing optical fiber installations. A demonstration that NQC meets the challenging simultaneous latency and security requirements of electric grid control communications, which cannot be met without compromises using conventional cryptography, is described.

Marcos Curty,Kiyoshi Tamaki,Feihu Xu,Akihiro Mizutani,Charles Ci Wen Lim,Bing Qi,Hoi-Kwong Lo

DOI: https://doi.org/10.1117/12.2199415

2015-01-01

Abstract:Quantum key distribution (QKD) needs to close the big gap between theory and practice to be a suitable technology for achieving information-theoretic secure communications. Indeed, recent studies on side-channel attacks have exposed the vulnerabilities of QKD implementations against an eavesdropper who may try to attack both the source and the measurement device. Here, we review two potential approaches that, combined, could bring this goal closer: measurement-device-independent QKD and the loss-tolerant QKD protocol. The former removes all possible side-channels from the measurement apparatus and guarantees a high performance over long distances. The latter appears as a robust solution against typical source flaws and it offers similar key rates as those of standard QKD systems. Most importantly, the feasibility of both solutions has already been demonstrated in several lab and field-test experiments.

Geoff Twardokus,William Joslin,Benjamin Carini,Hanif Rahbari,William Layton

2024-11-25

Abstract:Within 1-2 decades, quantum computers are expected to obsolesce current public-key cryptography, driving authorities such as IETF and NIST to push for adopting quantum-resistant cryptography (QRC) in ecosystems like Internet Protocol Security (IPsec). However, IPsec struggles to adopt QRC, primarily due to the limited ability of Internet Key Exchange Protocol Version 2 (IKEv2), which establishes IPsec connections, to tolerate the large public keys and digital signatures of QRC. Many solutions (e.g., IETF RFCs) are proposed to integrate QRC into IKEv2, but remain largely untested in practice. In this paper, we measure the performance of these proposals over the Internet by designing and implementing a novel, scalable, and flexible testbed for quantum-resistant IPsec, and we expose the serious shortcomings of existing proposals for quantum-resistant IKEv2 when deployed in constrained (e.g., lossy, rate-limited) networks. Through experimental deployments ranging from cloud-based virtual networks to hardware-in-the-loop wireless links between software-defined radios, as well as deployment on the international FABRIC testbed for next-generation networks, we show that today's solutions for quantum-resistant IPsec are insufficient, necessitating development of better approaches.

Networking and Internet Architecture

Peng Yan,Nengkun Yu

DOI: https://doi.org/10.48550/arXiv.2006.00653

2020-06-01

Abstract:Quantum key distribution, initialized in 1984, is a commercialized secure communication method which enables two parties to produce shared random secret key by the nature of quantum mechanics. We propose QQUIC (Quantum assisted Quick UDP Internet Connections) transport protocol, which modifies the famous QUIC transport protocol by employing the quantum key distribution instead of the original classical algorithms in the key exchanging stage. Thanks to the provable security of quantum key distribution, the security of QQUIC key does not depend on computational assumptions. Maybe surprisingly, QQUIC can reduce the network latency in some circumstance even comparing with QUIC. To achieve this, the attached quantum connections are used as the dedicated lines for key generation.

Cryptography and Security,Networking and Internet Architecture,Quantum Physics

Shuang Wang,Zheng Fu Han,Wei Chen,ZhenQiang Yin,Deyong He,Guang-Can Guo

DOI: https://doi.org/10.1109/PHOSST.2013.6614520

2013-01-01

Abstract:Secure communication and information protection become more and more important in the modern society. Quantum key distribution (QKD) enables two remote legitimate users to share unconditionally secure keys. Different from the former ones, the security of these keys is based on the principles of quantum physics and could be proved. Combined with one-time pad encryption, QKD can provide us an effective way for secure communication and information protection. Since Bennett and Brassard proposed the famous BB84 protocol, QKD or quantum cryptography has become one of the most dynamic research fields. After about twenty years of development, experimental QKD has achieved significant improvements, such as the transmission distance increased from 32 cm to 260 km, the speed increased from 200 Hz to 10 GHz.

Luis Velasco,Morteza Ahmadian,Laura Ortiz,Juan P. Brito,Antonio Pastor,Jose M. Rivas,Sima Barzegar,Jaume Comellas,Vicente Martin,Marc Ruiz

DOI: https://doi.org/10.3390/s24206631

IF: 3.9

2024-10-16

Sensors

Abstract:Optical communications providing huge capacity and low latency remain vulnerable to a range of attacks. In consequence, encryption at the optical layer is needed to ensure secure data transmission. In our previous work, we proposed LightPath SECurity (LPSec), a secure cryptographic solution for optical transmission that leverages stream ciphers and Diffie–Hellman (DH) key exchange for high-speed optical encryption. Still, LPSec faces limitations related to key generation and key distribution. To address these limitations, in this paper, we rely on Quantum Random Number Generators (QRNG) and Quantum Key Distribution (QKD) networks. Specifically, we focus on three meaningful scenarios: In Scenario A, the two optical transponders (Tp) involved in the optical transmission are within the security perimeter of the QKD network. In Scenario B, only one Tp is within the QKD network, so keys are retrieved from a QRNG and distributed using LPSec. Finally, Scenario C extends Scenario B by employing Post-Quantum Cryptography (PQC) by implementing a Key Encapsulation Mechanism (KEM) to secure key exchanges. The scenarios are analyzed based on their security, efficiency, and applicability, demonstrating the potential of quantum-enhanced LPSec to provide secure, low-latency encryption for current optical communications. The experimental assessment, conducted on the Madrid Quantum Infrastructure, validates the feasibility of the proposed solutions.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Marian Hanashiro Rempola,Andrew Smith,Yan Li,Liang Du

DOI: https://doi.org/10.1109/itec60657.2024.10598919

2024-01-01

Abstract:Software-Defined Networking (SDN) is an emerging networking paradigm that decouples the control and data plane in order to enable programmable and flexible networks, optimizing its applications and advancing computer systems. It does so through its architecture, a key part of which is a centralized network management through open interfaces that revolutionizes the way in which networks are designed and makes them more agile and versatile to the evolving needs of modern and future applications services. This also means, however, that there is now a centralized point of attack that is a major vulnerability, threatening the security of the entire network. With such an advanced network paradigm, it requires a security system that will mitigate these risks and warrant long-term security. In attempts to allow secure communications within the network, this research proposes the implementation of Quantum Key Distribution (QKD), leveraging quantum mechanics to secure the network against any computational advancements in the future. QKD is a recent cryptographic system that includes a traditional-computational channel and a physical-quantum channel to generate and distribute keys between parties. It uses the principles of quantum mechanics including entanglement and superposition to ensure that the physical layer cannot be compromised computationally. QKD provides confidentiality and privacy of information and communication. Moreover, it is resistant to technological advancements. The implications of QKD significantly enhance SDN security through its protection against attacks, efficient key distribution, reliable network orchestration, and data integrity, creating an architecture that establishes stable communication channels that are resistant to cyber threats.

Marmik Pandya

DOI: https://doi.org/10.48550/arXiv.1512.02196

2015-12-08

Abstract:Confidentiality, Integrity, and Availability are basic goals of security architecture. To ensure CIA, many authentication scheme has been introduced in several years. Currently deployment of Public Key Infrastructure (PKI) is a most significant solution. PKI involving exchange key using certificates via a public channel to a authenticate users in the cloud infrastructure. It is exposed to widespread security threats such as eavesdropping, the man in the middle attack, masquerade et al. Quantum cryptography is of the most prominent fields in the modern world of information security. Quantum cryptography is considered to be a future replica of classical cryptography along with a vital stance to break existing classical cryptography. This paper aims to look into basic security architecture in place currently and further it tries to introduce a new proposed security architecture for cloud computing environment, which makes use of the knowledge of Quantum Mechanics and current advances in research in Quantum Computing, to provide a more secure architecture.

Cryptography and Security

J. F. Dynes,A. Wonfor,W. W. -S. Tam,A. W. Sharpe,R. Takahashi,M. Lucamarini,A. Plews,Z. L. Yuan,A. R. Dixon,J. Cho,Y. Tanizawa,J. -P. Elbers,H. Greißer,I. H. White,R. V. Penty,A. J. Shields

DOI: https://doi.org/10.1038/s41534-019-0221-4

IF: 10.758

2019-11-21

npj Quantum Information

Abstract:Abstract Future-proofing current fibre networks with quantum key distribution (QKD) is an attractive approach to combat the ever growing breaches of data theft. To succeed, this approach must offer broadband transport of quantum keys, efficient quantum key delivery and seamless user interaction, all within the existing fibre network. However, quantum networks to date either require dark fibres and/or offer bit rates inadequate for serving a large number of users. Here we report a city wide high-speed metropolitan QKD network—the Cambridge quantum network—operating on fibres already populated with high-bandwidth data traffic. We implement a robust key delivery layer to demonstrate essential network operation, as well as enabling encryption of 100 Gigabit per second (Gbps) simultaneous data traffic with rapidly refreshed quantum keys. Network resilience against link disruption is supported by high-QKD link rates and network link redundancy. We reveal that such a metropolitan network can support tens of thousands of users with key rates in excess of 1 kilobit per second (kbps) per user. Our result hence demonstrates a clear path for implementing quantum security in metropolitan fibre networks.

physics, condensed matter, applied, atomic, molecular & chemical,quantum science & technology

Paul Staat,Meik Dörpinghaus,Azadeh Sheikholeslami,Christof Paar,Gerhard Fettweis,Dennis Goeckel

2024-12-18

Abstract:Today's information society relies on cryptography to achieve security goals such as confidentiality, integrity, authentication, and non-repudiation for digital communications. Here, public-key cryptosystems play a pivotal role to share encryption keys and create digital signatures. However, quantum computers threaten the security of traditional public-key cryptosystems as they can tame computational problems underlying the schemes, i.e., discrete logarithm and integer factorization. The prospective arrival of capable-enough quantum computers already threatens today's secret communication in terms of their long-term secrecy when stored to be later decrypted. Therefore, researchers strive to develop and deploy alternative schemes. In this work, evaluate a key exchange protocol based on combining public-key schemes with physical-layer security, anticipating the prospect of quantum attacks. If powerful quantum attackers cannot immediately obtain private keys, legitimate parties have a window of short-term secrecy to perform a physical-layer jamming key exchange (JKE) to establish a long-term shared secret. Thereby, the protocol constraints the computation time available to the attacker to break the employed public-key cryptography. In this paper, we outline the protocol, discuss its security, and point out challenges to be resolved.

Cryptography and Security

Purva Sharma,Anuj Agrawal,Vimal Bhatia,Shashi Prakash,Amit Kumar Mishra

DOI: https://doi.org/10.1109/ojcoms.2021.3106659

2021-01-01

IEEE Open Journal of the Communications Society

Abstract:Increasing incidents of cyber attacks and evolution of quantum computing poses challenges to secure existing information and communication technologies infrastructure. In recent years, quantum key distribution (QKD) is being extensively researched, and is widely accepted as a promising technology to realize secure networks. Optical fiber networks carry a huge amount of information, and are widely deployed around the world in the backbone terrestrial, submarine, metro, and access networks. Thus, instead of using separate dark fibers for quantum communication, integration of QKD with the existing classical optical networks has been proposed as a cost-efficient solution, however, this integration introduces new research challenges. In this paper, we do a comprehensive survey of the state-of-the-art QKD secured optical networks, which is going to shape communication networks in the coming decades. We elucidate the methods and protocols used in QKD secured optical networks, and describe the process of key establishment. Various methods proposed in the literature to address the networking challenges in QKD secured optical networks, specifically, routing, wavelength and time-slot allocation (RWTA), resiliency, trusted repeater node (TRN) placement, QKD for multicast service, and quantum key recycling are described and compared in detail. This survey begins with the introduction to QKD and its advantages over conventional encryption methods. Thereafter, an overview of QKD is given including quantum bits, basic QKD system, QKD schemes and protocol families along with the detailed description of QKD process based on the Bennett and Brassard-84 (BB84) protocol as it is the most widely used QKD protocol in the literature. QKD system are also prone to some specific types of attacks, hence, we describe the types of quantum hacking attacks on the QKD system along with the methods used to prevent them. Subsequently, the process of point-to-point mechanism of QKD over an optical fiber link is described in detail using the BB84 protocol. Different architectures of QKD secured optical networks are described next. Finally, major findings from this comprehensive survey are summarized with highlighting open issues and challenges in QKD secured optical networks.

Sanzida Hoque,Abdullah Aydeger,Engin Zeydan

2024-08-21

Abstract:The rapid development of quantum computing poses a significant threat to the security of current cryptographic systems, including those used in User Equipment (UE) for mobile communications. Conventional cryptographic algorithms such as Rivest-Shamir-Adleman (RSA) and Elliptic curve cryptography (ECC) are vulnerable to quantum computing attacks, which could jeopardize the confidentiality, integrity, and availability of sensitive data transmitted by UEs. This demo paper proposes the integration of Post-Quantum Cryptography (PQC) in TLS for UE Communication to mitigate the risks of quantum attacks. We present our setup and explain each of the components used. We also provide the entire workflow of the demo for other researchers to replicate the same setup. By addressing the implementation of PQC within a 5G network to secure UE-to-UE communication, this research aims to pave the way for developing quantum-resistant mobile devices and securing the future of wireless communications.

Cryptography and Security,Networking and Internet Architecture