As cyberattacks grow in number and sophistication, it is essential that data is protected. But in today’s evolving threat landscape, this is not as simple as applying traditional security to communications systems. Indeed, many current systems use protocols based on mathematical problems, such as integer factorization, which could be easily cracked by quantum computers of the future.
This is a major concern that could have a devastating impact because it encourages cybercriminals to harvest data traffic with the hope of decrypting the information when the technology becomes available to do so. This becomes an even more serious threat at a time when data confidentiality must be maintained for several years as mandated by data protection regulation – especially as it is now feasible to store large volumes of information.
The issue is leading to the development of a number of information security techniques that take advantage of quantum cryptography, such as quantum key distribution (QKD). QKD, an alternative approach to cryptographic key establishment, relies on sending and detecting quantum (light) signals, as well as conventional data about measurements and settings, to distil a secure key. In relies on the fact that it is possible to detect interference with quantum communications.
A major benefit of QKD is that it is secure against all future algorithmic and computational advances. This is because the security of its protocols does not rely on any assumptions about the resources available to the adversary, which are impossible to test.
However, protection is only as strong as implementation in real systems. So, what are the real-world challenges facing quantum cryptography?
Certainly, security vulnerabilities can be an issue for any cryptosystem if the implementation is not done properly. One example is a timing attack – a side channel assault that sees an adversary benefit from analyzing how long it takes to execute cryptographic algorithms.
The security of quantum cryptography depends on the legitimate users’ local equipment. It therefore becomes important to be able to estimate how much information equipment leaks to a potential adversary.
If this can be kept below a certain value, security can be restored using a technique called “privacy amplification”: the compression of a partially secret bit sequence into a highly secure key, depending upon the estimated information leakage.
By adequately characterizing a real system, it is possible to restore the security promise of the theoretical protocol against technology available at the time the secret key is being created. A specific feature of quantum cryptography is that this security statement does not change as technology advances.
Privacy amplification is not the only resource available to enforce the implementation security of quantum cryptography. Modifications to hardware and protocols can dramatically reduce information leakage and the potential for side channel and active attacks.
In the future, quantum correlations could be used to test the hardware of a real system. Although these can be quite demanding to implement, they are immune to many implementation issues.
Many large organizations are realizing implementation issues in quantum cryptography are a major issue that must be taken seriously. Indeed, national metrology institutes, government organizations, universities and private companies are already involved in supporting the area’s effective development.
One important aspect of QKD implementation security is the standardization process. As part of this, it is essential to define best practices to operate QKD systems to minimize the risk of inadvertently opening a door to attackers.
In addition, it is important to define and standardize already recognized countermeasures found to be effective in guaranteeing the security of a QKD setup.
The existence of a set of standards will reduce the risk of new systems being produced without effective protection measures to address known implementation issues. It would also help to ensure designs follow best practice to avoid them becoming vulnerable to newly identified implementation issues. These standards could also be used by certification authorities to assess the security level of QKD products.
It is with this ethos in mind that, as part of its work in this area, ETSI has established an Industry Specification Group (ISG) for QKD. The group brings together important actors from science, industry and commerce to address standardization issues in quantum cryptography and associated quantum technologies.
National metrology institutes – impartial bodies capable of supporting the process of characterizing QKD components and assessing the security level of a QKD system by performing high-precision measurements – are already playing a key role in this process. It is hoped their contribution to standards will improve available solutions and promote the commercial availability of optical components for QKD specifically designed to ensure security.
At the same time, national certification and information security agencies are likely to play an important role: They will be tasked with overseeing security certification based on appropriate processes, such as “common criteria”.
This should provide an assessment of the adequacy of the QKD proof provided, model assumptions and implementation of quantum products from a security perspective. In tandem, the ETSI ISG QKD will provide expert knowledge to help develop a suitable certification process.
That is why standards – such as those being created and led by ETSI – are crucial in protecting the communications systems of the future.
Andrew Shields, Chair of ETSI Industry Specification Group in Quantum Key Distribution (ISG QKD)