Future-proofing data security
Challenge
Current encryption methods would be easily defeated by algorithms running on a working quantum computer. In such a security environment, commercial sectors such as banking, communications and data storage will demand new encryption tools to ensure valued data can remain ‘quantum-safe’
In theory, Quantum Key Distribution (QKD) protocols could guarantee invulnerability to quantum-based decryption methods, even by a working quantum computer. Indeed, QKD devices that make use of quantum properties of light to provide quantumsafety are already marketed for high-end security applications. However, researchers have already found vulnerabilities to known hacking methods, including Trojan horse and sidechannel attacks. A Trojan horse is malicious software designed to mislead and, in this scenario, exploit security weaknesses of QKD optical components. A side-channel attack is designed to exploit information gained from how systems are implemented rather than weaknesses in algorithms.
Practical QKD devices could be compromised by unforeseen and undocumented behaviours, that may present exploitable ‘backdoors’. Countermeasures against these attacks have been developed, the effectiveness of which can only be ensured by rigorous characterisation of device components. However, no measurement services for testing these protection strategies were available to industry.
Solution
The EMPIR Project Optical metrology for quantum-enhanced secure telecommunication identified vulnerabilities of fibrebased QKD systems for telecom applications to Trojan horse and side-channel attacks, and also characterised the effectiveness of countermeasures to such attacks.
This research built on two earlier EMRP projects, namely Singlephoton sources for quantum technologies and Metrology for Industrial Quantum Communication Technologies.
Potential vulnerabilities of single-photon detectors were investigated, including in response to bright pulse attacks. This was performed by measuring light-level responses outside specified operating ranges of device components.
To detect resistance for Trojan horse attacks using continuously operated light, the behaviour of diodes used as a countermeasure in QKD emitters was characterised.
To accelerate the development and commercial success of QKD technologies, a calibration service for QKD devices was piloted at the Swiss Federal Institute of Metrology (METAS).
Impact
Project partner ID Quantique, a manufacturer of advanced quantum products and technologies, submitted its id220 single-photon detector for characterisation and validation of countermeasures to side-channel and Trojan horse attacks.
The pilot calibration service identified two potential security vulnerabilities. An isolator designed to prevent light intrusion, when combined with a bandpass filter, was found to allow signals above specified levels to pass through. Furthermore, a diode used to detect light intrusion was found ineffective at certain wavelengths. These findings guided ID Quantique to modify its intrusion detection system.
The precise and repeatable performance capabilities of METAS’s test equipment also prompted the company to improve its testbenches to better understand the implications of design modifications. The service also enabled ID Quantique to position itself with enhanced credibility in the security market.
As volumes of generated data, both transmitted and stored increases, demand for measures to protect and future-proof data security will also grow. Fortified with the assurance of secure implementations of QKD-based systems, manufacturers can offer communication devices with improved confidence in secure operation in adversarial environments.
- Category
- EMRP,
- Industry,