andrew shields (toshiba research europe ltd) - etsi · andrew shields (toshiba research europe ltd)...
TRANSCRIPT
Andrew Shields (Toshiba Research Europe Ltd)
Industry Specification Group in Quantum Key Distribution
ETSI’S ROLE IN THE DEPLOYMENT OF QUANTUM KEY DISTRIBUTION
optical fibre
Quantum Communications-each bit encoded on a single photon
Quantum Key Distribution
Detect unauthorised tapping of optical fibre networks
Distribute verifiably-secret digital keys
Secrecy can be tested directly!!-quantum theory dictates that eavesdropping unavoidably alters encoding of single photons
Quantum Key Distribution – Use Cases
Link Encryptiondata centre back-up centre
Healthcare NetworksNational Security
Quantum Key Distribution
Mobile devices
Critical InfrastructureFinancial Sector
National Security
Large-scale Quantum Computer would have devastating effect on e-commerce, e-government, critical infrastructure security, individual privacy etc
Shor’s algorithm will break security of current Public Key Crypto (based on integer factorisation problem)
Long Term Perspective
– “Quantum-Safe” Cryptography
New crypto systems take long time to deploy, so need to plan now.
integer factorisation problem)
Quantum Crypto based on Laws of Naturenot threatened by quantum computer
… or any conventional computer
Courtesy of D-Wave Systems Inc.
Research on new PK methods with resilience to Shor’s algorithm
Address different applicationsBOTH are important
Two Solutions for Quantum-Safe Crypto
Nearer Term: Physical Layer Quantum Encryption
Commercial 10G DWDM transmission multiple 10 Gb/s data channelswire speed data encryption using AES
Using installed fibre in BT network
26 km, 10dB loss
Choi et al, Optics Exp 22, 23121 (2014)
40 Gb/s data
40 Gb/s data
4x10G DWDM encrypted (1529.55, 1530.33, 1531.12, 1531.9 nm)
QKD (1548.52 nm)
field fibre
Data bandwidths over 1 Tb/s possible in the future
Recent Advances in QKD Technology
Remarkable technological advances in recent years
Secure key rates
• Increased from kb/s to multiple Mb/s
• Single link range increased to > 300 km
1Mb/s
2Mb/s
Increase of secure bit rate
Security
• Rigorous security proofs developed
• Failure probability now quantified
• Implementation security is better understood
Quantum Networks
• Integration in core, metro, access, mobile now demonstrated
• No longer necessary to use expensive dedicated dark fibre
2008 2010 2012 2014
0b/s
1Mb/s
UK Quantum Technologies Programme (2014-9)
£270M investment (Dec 2013) in Quantum Technologies
Tokyo QKD Network 2011-6
Metro QKD network (Toshiba, Mitsubishi, NEC, NTT, & others)
led by NICT
Global QKD Network Installations
Calgary Waterloo
SECOQC
Pilot deployments are taking place
- it is meaningful to define requirements and standards now
Batelle 2013-6
650 km link from Ohio to Washington
Beijing-Shanghai
2000 km link ($100M) from Beijing to Shanghai, ~50 node networks in Jinan and Hefei
Durban
Madrid Geneva
SECOQC ConsortiumBoston
CQC2T
Paris
Interoperability of systems from different manufacturers
Integration into ordinary telecom networks
Stimulate application development on common interfaces
Industrial Standards
Industrial Standards are essential for …
Stimulate application development on common interfaces
Stimulate a component supply chain for Quantum Technologies
Security assurance
• Ensure that QKD is implemented securely
ETSI Industry Specification Group in QKD
ISG-QKD established in 2008
Published Group Standardisation Documents on QKD Use
Cases, Application Interfaces, Security Proofs, QKD Module
specification, Ontology, Components and Internal Interfaces
Membership comprises large industry, telecom operators, Membership comprises large industry, telecom operators,
SMEs, NMIs, government labs, universities
New members are welcome
Current Work Items of ETSI ISG
Deployment parameters• User requirements for implementing QKD
• Combining classical and quantum channels on a common optical fibre
Quantum component specification• Parameters and test procedures for quantum components• Parameters and test procedures for quantum components
• Impact on system security
• see talk by Chris Chunnilall
Implementation security• Ensure that implementations are secure and robust against attack
Implementation Security
Objective: Investigate and close security loopholes of real QKD systems
Motivation Approach
Deviations between ideal and real system
could be exploited by Eve through either
active or passive attacks
Study and quantify known attacks
Introduce appropriate countermeasures
Modify the QKD protocol if necessary
encoded single
optical fibre
encoded single
photons
Exploits difference
between theory
and practical
implementation
Eve
Security by Measurement
Secure key rate after privacy amplification (ideal system) …
Info leakage Finite key For given ε = prob of key failureTypically ε = 10-10
Modified secure key rate (real system) …
etc
Info leakage due to error correction
Finite key size effect
Info leakage due to imperfection 1
Info leakage due to imperfection 2
Typically ε = 10-10
(< 1 “bad” key per 30000 years)
Trojan Horse Attack
Eve injects bright light (µin) and measures back-reflection (µout) to
determine Alice’s or Bob’s phase modulator settings
DFB laser
Pulsed 1GHzα β 0
Alice
Eve
Bob1
Recent experimental studies (reported at QCrypt, Paris, Sept 14)
CV QKD : Khan et al, Erlangen, Paris Telecom Tech & SecureNet
“two-way” QKD : Sajeed et al, IQC & IdQuantique
“one-way” QKD : considered here
Trojan Horse Attack
Eve injects bright light (µin) and measures back-reflection (µout) to
determine Alice’s or Bob’s phase modulator settings
DFB laser
Pulsed 1GHzα β 0
Alice
Eve
Bob1
Upper bound µin using fibre laser damage threshold* I < 107 J/cm2.
Require µout<10-4 (can be mitigated by <1% privacy amplification)
optical isolation > 150 dB
Consider extreme case…
(*) R M Wood, Laser-induced damage of optical materials, Taylor & Francis (2003).
150dB Isolation provided by spectral filtering and optical isolator(s)
Filter Isolator
Shutting out the Trojan Horse
Reflectivity Attenuation Isolation Total
Alice 40dB 2x25dB 60dB 150dB
Bob 40dB 0 110dB 150dB
Extinction > 80dBm (limited by
dynamic range of measurement)
Trojan horse attacks blocked both at Alice & Bob using passive components
Insertion loss < 1dB
Isolation > 60dB at quantum λ
Summary
Several large QKD network deployments underway worldwide
Standards are essential … for future interoperability
To assure customers that technology implemented securelyTo assure customers that technology implemented securely
And to stimulate markets for components, systems and
applications
Contact: [email protected]
Thank you!