Quantum Key Security for Critical Infrastructures
Dr.Meenakshisundaram Ph.D
Head Managed Services, Transformation & Consulting at Tata Communications Transformation Services (TCTS)
The Need for Key Distribution
Keeping data safe and secure is one of the greatest challenges posed by the rapid development of today’s information technology. More and more sensitive data is stored on remote computer servers, for example in the cloud, making secure access to this data a predominant concern. Securing the transmission and retrieval relies on encryption of information sent over public networks.
Encryption is an essential part of data security. It provides a fundamental layer of protection that shields confidential data from exposure to attacks. It is needed to protect information transferred across telecommunications networks, as well as residing in files and databases. The most secure and widely used methods to protect the confidentiality and integrity of data transmission are based on symmetric cryptography. Even better security is delivered with a mathematically unbreakable form of encryption called a one-time pad, whereby data is encrypted using a truly random key of the same length as the data is encrypted. In both cases, the main practical challenge is how to securely share the keys between the concerned parties.
AS-IS Key Distribution Methods
Current key distribution techniques are more pragmatic than that and can be performed at any distance. They almost universally use public-key ciphers, such as RSA, Diffie-Hellman, and ECC to agree upon and exchange symmetric keys. These secret keys can then be used for encryption, for example with AES or OTP encryption systems.
Cybersecurity Risks to Current Cryptographic Techniques!
The security of the public key ciphers that are used to distribute symmetric keys relies on the strength of mathematical problems and limiting assumptions on the capabilities of the attacker. Also, our cybersecurity infrastructure requires two different functions: authentication and confidentiality. Authentication allows distant users to trust their counterparts and validate the content of their exchanges. It is mostly implemented by public-key signature schemes. Confidentiality is required for any exchange of private information. It is often performed in a two-step process. First, the users have to exchange a common secret key.
This relies on another public-key protocol, the key exchange mechanism. The secret key is then used in a symmetric key encryption scheme. Both functions, therefore, depend on similar cryptographic techniques, known as asymmetric or public-key cryptography. Cybersecurity is much more than the underlying cryptography. All current hacks and security failures do not come from weak cryptography, but rather from faulty implementation, social engineering, and the likes. Today, we trust cryptography and fight to get the implementation right. Unfortunately, this is about to change. The point of cryptographic vulnerability today is public-key cryptography, based on algorithms such as RSA or Elliptic Curve, which are used both to authenticate data and to securely exchange data encryption keys.
The very processing power of the quantum computer running Shor’s algorithm, however, will be able to quickly and easily factor these incredibly long numbers and decipher them, leaving critical data exposed and at risk. This means that the currently used public-key cryptosystems are not appropriate to secure data that require long-term confidentiality. An adversary could indeed record encrypted data and wait until a quantum computer is available to decrypt it, by attacking the public keys. All these factors, especially the continued progress in quantum information processing, make it necessary to rethink how to securely distribute cryptographic keys.
What is Quantum Key Distribution?
Quantum Key Distribution (QKD) is used to distribute the secret digital keys important for protecting highly sensitive data critical to many industries. In particular, it protects data in the finance, defense, utilities, and health sectors as well as the critical infrastructure that underpins our smart cities and smart energy grid.
Quantum Key Distribution (QKD) addresses challenges by using quantum properties to exchange secret information -- such as a cryptographic key, which can then be used to encrypt messages that are being communicated over an insecure channel. The security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms, or quantum computers. It is secure against the most arbitrarily powerful eavesdroppers. QKD effectively addresses the challenges confronting classic key distribution approaches, by providing a provably secure cryptographic building block for remote parties to share cryptographic keys. For the highest security requirements, QKD even enables the continuous generation and sharing of truly random one-time pad keys.
By adopting QKD, organizations can protect their communication infrastructure from today’s vast array of cyber-threats, as well as those of tomorrow. Already, hackers are using techniques such as harvest and decrypt, where data is scraped and stored today with the aim of decrypting it once they have the capability to do so through advances with supercomputers, the realization of a quantum computer, or the discovery of new techniques for cryptanalysis. With QKD, any data which requires long-term protection is not only secure in today’s IT landscape but also future-proofed to remain protected in the impending quantum age.
How does QKD Work?
QKD works by transmitting millions of polarized light particles (photons) over a fiber optic cable from one entity to another. Each photon has a random quantum state, and collectively all the photons create a bitstream of ones and zeros. A QKD implementation typically includes the following
- A fiber or free-space quantum channel to send quantum states of light between the transmitter (A) and receiver (B). This channel does not need to be secured
- A public but authenticated communication link between the two parties to perform post-processing steps and distill a correct and secret key
- A key exchange protocol that exploits quantum properties to ensure security by detecting eavesdropping or errors, and by calculating the amount of information that has been intercepted or lost
- Both errors and potential information leakage are removed during subsequent error correction and privacy amplification post-processing steps, leaving Bob and Alice with a shared key known only to them.
When the photons arrive at the endpoint, the receiver uses beam splitters (horizontal/vertical and diagonal) to “read” the polarization of each photon. The receiver does not know which beam splitter to use for each photon and has to guess which one to use. After the receiver tells the sender which beam splitter was used for each of the photons in the sequence they were sent, the sender then compares that information with the sequence of polarizers used to send the photons. The photons that were read using the wrong beam splitter are discarded, and the resulting sequence of bits becomes a unique optical key that can be used to encrypt data. ARCHITECTURE
The security of QKD is based on a fundamental characteristic of quantum mechanics: The act of measuring a quantum system disturbs the system. Thus, an eavesdropper trying to intercept a quantum exchange will inevitably leave detectable traces. The legitimate exchanging parties can decide either to discard the corrupted information or reduce the information available to the eavesdropper to naught by distilling a shorter key.
What makes QKD unbreakable?
QKD uses the quantum properties of single photons to exchange “bits” between two locations over a fiber optic cable. The keys are derived from the exchanged quantum information. Any attempt to read a photon is detected because it causes a change in the quantum state, so that particular photon’s bit is rejected. The security of QKD stems from the ability to detect any intrusion on the QKD transmission. Because of the unique and fragile properties of photons, any third party (or eavesdropper) who tries to read or copy the photons in any way will change the photons’ state. The change will be detected by the endpoints, alerting them that the key has been tampered with and must be discarded. A new key is then transmitted. Moreover, since the keys generated are truly random, they are protected from future hacking attempts.
The Way Forward
Robust levels of security are required in many sectors. For example, in healthcare, the technology can be applied to ensure the secure transmission of genome data, with personal medical information naturally some of the most sensitive available. Within the public sector QKD is used to provide the government with secure communications, in the finance industry to protect the banking network infrastructure and in aerospace and pharmaceuticals to protect high-value long-life Intellectual Property. Equally, in the age of IoT and smart cities, the necessity for a robust, tamper-proof, and ultra-sensitive infrastructure is essential to ensure day-to-day life operates without disruption both now and in the future.
The technology has been steadily improving, expanding the distances and information rates achieved. COW7 (Coherent One Way) deployments can exceed 300 km. The Quantum-Safe Security Working Group was formed within the Cloud Security Alliance to help promote the adoption of technologies and expanding QKD Into Networks. QKD is one of the technologies recommended today to protect and future-proof data against developments in computer power, new attack strategies, weak random number generators, and the emergence of quantum computers.
References
C.H. Bennett and G. Brassard, Proceedings of IEEE International Conference on Computers Systems and Signal Processing, Bangalore India, December 1984, pp 175-179.
Artur Eckert , Physical Review Letters 67, p. 661 (1991) Ch. Silberhorn, T. C. Ralph, N. Lutkenhaus, and G. Leuchs, Phys. Rev. Lett. 89, 167901 (2002).
F. Grosshans et al., Nature (London) 421, 238 (2003).
H.-K. Lo and H. F. Chau Science 283, 2050 (1999).
R. Renner and J. I. Cirac, Phys. Rev. Lett. 102, 110504 (2009).
A. Leverrier and P. Grangier, Phys. Rev. Lett. 102, 180504 (2009).
Damien Stucki, Nicolas Brunner, Nicolas Gisin, Valerio Scarani, Hugo Zbinden. Appl. Phys. Lett. 87, 194108 (2005).
Korzh et al. Nature Photonics 9, 163–168 (2015).
General Manager, Technology Enterprise Solutions, Vodafone Idea Limited
4 年Interesting to read