Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Quantum Physics

Applying QKD to reach unconditional security in

advertisement 
Applying QKD to reach unconditional security in
communications∗
Solange Ghernaout-Helie
Mohamed Ali Sfaxi
{sgh@unil.ch, mohamedali.sfaxi@unil.ch}
Abstract
Quantum cryptography could be integrated in various existing concepts and
protocols to secure communications that require very high level of security. The
aim of this paper is to give an overview of the use of quantum cryptography within
a layer 2 protocol : PPP (Q3P). We also propose a solution that integrates quantum
key distribution into IPSEC (SeQKEIP). Scenarios are given to demonstrate the
operational feasibility of solutions based on quantum cryptography
Keywords. Quantum Key Distribution (QKD) within PPP, Q3P, unconditional
security transmission, IPSEC with QKD (SeQKEIP), feasibility study, application
domain.
1
Introduction
Cryptography is largely used to increase security level of ICT infrastructures. However
the enciphering mechanisms currently deployed are based on mathematical concepts
whose robustness is not proven. Nowadays, with the sight of new discoveries in cryptanalysis, technology empowerment, new generations of computers and architectures
(GRID computing...), trust, security dependability and resilience cannot be satisfied
any more by a classical cryptography approach. In this context, security cannot be
guaranteed. It is a crucial problem for an effective protection of sensible data, critical
communications and services.
Since few years ago, the progress of quantum physics allowed mastering photons which
can be used for informational ends (information coding, transport...). These technological progresses can also be applied to cryptography (quantum cryptography).
Quantum cryptography aims exploiting the laws of quantum physics in order to
carry out a cryptographic task. The uncertainty relations of Heisenberg can in particular be exploited to implement communication channels that cannot be passively ∗ This work has been done within the framework of the European research project : SECOQC www.secoqc.net
1
i.e. without disturbance of the transmission - eavesdropped. Its legitimate users can
detect eavesdropping, no matter what technology is available to the spy [2]. Heisenberg’s uncertainty can be use to create, distribute secrets and to compute new problems.
Quantum cryptography could be integrated in already existing algorithms and protocols to secure networks. For instance, IP Security protocol (IPSEC) [RFC2401] can
support the use of quantum cryptography [12]. Another kind of protocols could take
benefits of the quantum cryptography concepts to optimise and to enhance security in
link layer (OSI layer 2 protocols) such as the Point to Point Protocol (PPP) [RFC1661].
This article gives an overview of the way of using the quantum cryptography concepts in a widely used layer two protocol (the Point to Point Protocol) and a secure layer
3 protocol IPSEC. It analyses the advantages, benefits and contributions of the use of
quantum cryptography to enforce ICT security. Several scenarios of use of quantum
cryptography are exposed to illustrate the feasibility of secure communication in a new
digital world.
2
The importance of OSI layer 2 security
Securing layer 2 transactions is fundamental because this layer is common to all kinds
of nodes’ connections. The security processing is made transparently to the users and
to the other protocols. Securing this layer is more optimised than securing the above
OSI layer since neither additional encapsulation nor header is required.
The Point to Point Protocol [RFC1661] is a layer 2 protocol. It is widely used to connect two sets of nodes. This protocol was published in 1994 and natively the only
security is done by additional authentication protocols. The unique security of PPP
[RFC1661] is limited in the authentication phase. The two nodes use an authentication protocol such as Password Authentication Protocol (PAP) or Challenge Handshake
Authentication Protocol (CHAP). In 1996, Meyer published an additional security protocol for PPP called ECP (Encryption Control Protocol) [RFC1968]. This protocol
allows the use of the encryption in PPP frame. The ECP gives the possibility to select
the encryption algorithm and its parameters. This ensures the confidentiality and the
integrity of the PPP frame. The weakness of this use resides in the way of generating
and exchanging the encryption key. In fact, for all the encryption algorithms the secret
key is assumed to be already shared between the communicating parties. In addition,
this protocol uses the classical cryptography (algorithms such as DES or 3DES). Since,
traditional cryptography is not based on ”unconditional” evidence of security in term
of information theory, but on not proven mathematical conjectures. It rests thus on
what one calls the ”computational” assumptions, i.e. on the idea that certain problems
are difficult to solve and that one can control the lower limit of time necessary to the
resolution of these problems [1]. In this context, security cannot be guaranteed. Using quantum cryptography concepts, the sender and the receiver could exchange secret
keys. This exchange is proved to be unconditionally secure. Quantum key distribution
with the One Time Pad [27] brings an unconditional security aspect to the communication upon the layer 2.
2
3
Enhancing PPP security by Quantum Key Distribution (QKD)
3.1
The use of (QKD) to secure PPP (Q3P)
As we have seen previously, the key exchange is not considered in the common use of
the encryption algorithms. This fact leads to a misuse of cryptography in PPP. A possible key exchange method is Diffie-Hellman key agreement protocol [26]. This protocol
allows two users to exchange a secret key over an insecure medium without any prior
secrets. However, the Diffie-Hellman key agreement protocol can be compared to the
discrete logarithm problem for its security. This is not unconditional secure (i.e. secure
independently of the computation power or the time) and can be broken. The Quantum
Key Distribution is scientifically proven to be unconditional secure. That’s why we
propose to use the QKD to exchange the secret key between two nodes.
3.2
Key distribution using quantum concepts
Quantum cryptography is the only method allowing the distribution of a secret key between two distant parties, the emitter and the receiver with provable absolute security
[2, 11]. Both parties encode the key on elementary quantum systems, such as photons,
which they exchange over a quantum channel, such as an optical fiber. The security
of this method comes from the well-known fact that the measurement of an unknown
quantum state modifies the state itself: a spy eavesdropping on the quantum channel
cannot get information on the key without introducing errors in the key exchanged between the emitter and the receiver. In equivalent terms, quantum cryptography is secure
because of the no-cloning theorem of quantum mechanics: a spy cannot duplicate the
transmitted quantum system and forward a perfect copy to the receiver [28].
3.3
Q3P requirements
Some requirements must satisfied to integrate quantum cryptography within PPP.
a- An optical channel: the optical channel is the physical link between two adjacent
nodes. Nowadays, there are two means able to carry a quantum cryptography transmission: the optical fibber or the free space (the air) [15]. As the quantum cryptography
uses photons to encode the information no other channel could be used up to now.
However, as the quantum physics are experimenting the use of atoms and electrons as
a quantum particle [31, 30] maybe other kind of channel could be used in the future.
b- A Q3P modem: this modem has to polarize, send and detect photons; it has to
include a photon detector and a laser with a single photon emitter and photon polariser.
The source and the detector are widely commercialised and many techniques are employed1 . However, these devices are used to exchange the quantum key but could also
1 Idquantique
: www.idquantique.com
magiQ www.magiqtech.com
CNRS France : http://www2.cnrs.fr/presse/journal/1979.htm
3
used to send and receive simple data depending on how encoding the information. The
modem in this case is a simple optical fiber modem.
c- QKD protocol: in order to establish an unconditional secure key, a quantum key
distribution protocol is needed. This protocol must be implemented in the Q3P modem. The protocol will deliver a secure key after distilling the key and error correction
[11]. The key is stored in a flash buffer memory and used when enciphering the data.
The QKD protocols BB84 and B92 [2, 3] are nowadays the quantum cryptographic
protocols widely used. These protocols are securely proven and largely experimented
[14].
4
Advantages of Q3P solution
There many solutions dealing with the use of the quantum cryptography. Some of them
are implementing on the layer 3 of the OSI model (network layer) [12]. Many issues
rose when using the quantum key distribution in the network layer, such as the distance,
the trust points, etc. Applying quantum cryptography in the layer two of the OSI model
solves many issues and offers many advantages:
1. By using the link layer to carry on the quantum cryptography, the routing problem is avoided. In fact, as the network packets are encapsulated in a secure PPP
frame and then transmitted, the routing issue is resolved as in a standard network.
The encryption is transparent not only to the user but also to the whole network.
2. Implementing this solution do not need to built or invent any new quantum equipments. The only new device is the Q3P modem which is composed of standard
and already existing components such as the photon detector, the single photon
source, etc.
3. Finally, the unconditional security could be reached with a very low price. In
fact, many organisations and companies are already using optical fiber. So, organisations can use the existing infrastructure to exchange quantum key distribution. The Q3P modems are the most expensive equipments in these scenarios
(approximately 100KEuros per pair2 ) however, according to specialist; it will
become cheaper in the future.
5
Quantum cryptography within Secure Internet Protocol
Quantum cryptography could be integrated in already existing algorithms and protocols
to secure communication networks. IP Security protocol (IPSEC) can support the use
of quantum cryptography [RFC 2401]. This protocol is a collection of standards that
was designed specifically to create secure end-to-end secure connections. As IPsec
uses classical cryptography to secure communication, in this paragraph, we propose
2 Source
IdQuantique. www.idquantique.com
4
to use quantum cryptography to replace the classical cryptographic protocols used for
symmetric distribution.
Using QKD in IPSEC has already been proposed and implemented by Elliot of
BBN technologies [8]. It proposes the idea of using QKD in IPSEC as Key generator for AES. In 2003, BBN technologies describes the possibility of integrating QKD
within the standard IKE [9] and announces some concerns linked to the compatibility
of QKD with IKE.
We propose in [12] a QKD solution for IPSEC called SEQKEIP that is not based
on IKE but on ISAKMP. Using this method, we avoid the problem of compatibility
between IKE and QKD.
The idea was to stick to the traditional IPsec and the Internet Security Association and Key management Protocol (ISAKMP). In fact, ISAKMP does not impose any
condition to is the negotiation mechanisms or to the SAs parameters. To use quantum
cryptography with IPsec we have simply to define the two ISAKMP phases. We create a Secure Quantum Key Exchange Internet Protocol (SeQKEIP). The SeQKEIP like
IKE uses ISAKMP mechanisms and takes advantage of quantum cryptography in order
to build a practical protocol.
SeQKEIP runs nearly like the IKE. It includes 3 phases: the phase 1 for the negotiation of the ISAKMP SA, phase 2 for the negotiation of SA and we add a phase called
”phase 0” in which Alice and Bob will share the first secret key. There are only three
modes in SeQKEIP: Quantum Mode, Main Mode and Quick mode. Quantum mode
is the quantum cryptography key exchange in the phase 0. Main Mode is used during
the phase 1 and Quick Mode is an exchange in phase 2. Both the Main Mode and the
Quick Mode are nearly the same of those in IKE.
6
6.1
Scenario of Quantum cryptography use - Feasibility
study
Intra-city and Inter-city quantum cryptography application
As we have seen previously, quantum cryptography is the only secure way scientifically
proven. We assume for the following that a country, say France, adopt the use of
quantum cryptography for critical communication. The question is how to implement
this concept really. We give a solution (there are many) to satisfy security needs such
as confidentiality and integrity.
For the scenario of intra-city critical establishments in general (like ministries,
banks, etc.), we suggest the use of quantum network totally connected. In fact, the
distance between these establishments and their number in a city is not huge so any
node could be connected to the others directly (Figure 1). Using the actual technical
capabilities of the quantum technology and according to the example of the ministries,
we could connect each ministry to the others by means of optical fiber. Ministries could
use Q3P protocol to exchange data.
For inter-city scenario, it is a little bit different. The distance between two nodes
may exceed 100 km. So, we can not use quantum concepts directly. But, if we take
the example of police department, we can find an applicable solution. In fact, police
5
Figure 1: Example of institutions linked by optic fiber in Paris
departments exist in all the cities. And we can assume that the distance between two
adjacent police departments is less than 100 km. Consequently, we can create a quantum network not totally connected. Only adjacent police departments are connected
(Figure 2).
Figure 2: Quantum network for police departments
The connections are made using optical fiber and the protocol is BB84. If the police
department A (Figure 2) wants to communicate with the police department B, then he
have to send the message using Q3P protocol to the adjacent police department C. After
that C sends to D, D to E and E to B. In this case, all the Intermediate nodes are aware
about the message.
6
6.2
Satellites communication system
Communication via satellites provides links between two geographically distant sites.
Satellite transmissions can cover a wide area of the surface of the earth because of its
high altitude. Satellite links work in various frequency bands and use separate carrier
frequencies for the up-link and down-link. Satellites could be positioned in orbits with
different heights and shapes (circular or elliptical). There are three categories of orbital
radius: Low-Earth Orbit (LEO) - between 160 to 500 km, Medium-Earth Orbit (MEO)
-from 9600km to 19000km and Geostationary Orbit (GEO) 40000km.
Nowadays, satellites are use in the following fields: spacebourne Land Mobile,
Satellite Messaging for Commercial Jets, Traditional Telecommunications, Cellular,
Television Signals, Marine Communications and Global Positioning Services. Based
on the experiments done, the use of quantum cryptography over free-space is possible.
In fact, until now, two teams have succeeded in exchanging keys over free-space ranges
greater than 1km (R. Hughes of Los Alamos in 2000 and J. Rarity of QinetiQ in 2001)
and current tests show that ranges of 10 and 23 km could be easily reached. If we
suppose that a range of 1000 km could be reached soon, key exchange will be possible.
For this, the classical channel must be able to exchange digital data at high bit rates
to allow interactive alignment, time synchronization, key sifting and error correction
to be carried out in real time. We need also an optical channel between satellites and
the ground station. A telescope with a diameter up to 30-100cm on the ground station
could track the satellite and a small telescope on the satellite (10 or 30 cm); the cost of
the telescope depends on the size of the telescope [24].
6.3
Quantum cryptography for banks and financial establishments
Nowadays, Banks and financial institutions use either symmetric cryptography or asymmetric cryptography. Both techniques, as proved above, are not unconditionally secure.
So transactions could be corrupted and altered without the awareness of the bank. This
constitutes a serious danger because criminals and malicious organizations could profit
of the breach to steal and highjack. Securing critical financial transaction is mandatory
and will be more and more necessary to master economical crime.
6.3.1
Quantum Cryptography solution
The power of quantum cryptography lies primarily in the fact that the keys distributed on the quantum channel are invulnerable to eavesdropping and can be guaranteed
without assumptions on the computing power of an eavesdropper [22, 19]. Banks can
actually use quantum cryptography at least in two of the three types of transaction:
bank building to another bank building of the same bank company or/and cash dispenser to the bank. In fact, we assume that the distance connecting two bank buildings
in less than 100 km. So, the use of quantum cryptography based on optical fiber is
possible [16]. In this case, either a big amount of data could be exchange or a tiny
amount of data that could be transmitted frequently between bank buildings. Transmission from cash dispenser to banks (if the cash dispenser is not in the bank) can also
be done using quantum cryptography based on optical fiber. In fact, the danger is that
7
a malicious person could intercept the communications between the bank and the cash
dispenser and modify them like for instance credit some bank account or change the
identification of debited account. Transaction, using quantum cryptography, would be
at that moment unconditionally secure and no one can intercept them. Here we ensure
the integrity and the confidentiality of the transmitted data.
Figure 3: Swiss bank: application of quantum cryptography
6.3.2
Example of a bank scenario
In this paragraph, we present a scenario of quantum cryptography implementation in
Switzerland (small country size). The bank company is called Swiss Bank (SB). We
assume that each bank have a head quarter in every Canton. A main data base is located
in Zurich and every head quarter bank has to communicate all transaction to the data
base in Zurich. SB installs optic fiber between some head quarters in order to create
a ”private” quantum network (Figure 3). At least, each head quarter has a quantum
cryptography receiver/sender. In order to reduce the volume of exchanged data every 6
hours all head quarters send data about transaction to Zurich (6h30, 12h30, 18h30 and
0h30).
The steps are the following:
All head quarters gather all transactions realized in the Canton. Bank head quarter
located in the farthest Cantons from Zurich sends their adjacent canton. For instance,
Lugano’s SB head quarter sends data to Bellinzona, Poschiavo sends to Brigue... using
quantum cryptography. These ”nodes” has to wait until all adjacent cantons send have
finished sending data (or time-out) then decrypt data and send them to the following
BS head quarter according to a list. Finally, the nearest and direct linked to Zurich
head quarters (Winterthur, Zoug, St-Gall, Coire...) exchange keys and communicate in
a secure way using quantum cryptography.
Every head quarter (say H) has two different lists. Reception list: it is a list of all the
head quarters that send data to H. Send List: usually it contains only one head quarter
(the nearest to Zurich) but for availability purpose it contains 2 BS head quarters.
Example of such lists (for Bellinzona):
The possible cost of such scenario is:
The optical fiber total length: about 2000 Km
8
Reception list
Lugano
St-Moriz
Ascona
Send list
Coire
Number of quantum cryptography station: (twice the number of links) about 80
The cost of optical fiber per meter = 6 CHF
The cost of 2 quantum cryptography station = 150,000 CHF
The total cost of the scenario is 12000000 + 6000000 = 18 Million CHF 12 Million
Euros.
So the price to ensure an unconditional secure transmission is about 12 Million Euros.
This cost is huge but if we estimate the prestige gain (in the image, the reputation and
in term of confidence) of the bank this expense is justifiable. This long term investment
will be beneficial to the bank.
7
Conclusion
Classical cryptography algorithms are based on mathematical functions. The robustness of a given cryptosystem is based essentially on the secrecy of its (private) key and
the difficulty with which the inverse of its one-way function(s) can be calculated. Unfortunately, there is no mathematical proof that will establish whether it is not possible
to find the inverse of a given one-way function. On the contrary, quantum cryptography
is a method for sharing secret keys, whose security can be formally demonstrated.
Quantum cryptography can be used mainly but are not limited in the following
area for critical infrastructures in: banking industry, military, government agencies and
aerospace telecommunications such as earth-satellite and satellite-satellite links. The
cost of such scenario depends on quantum cryptography equipments, the number of
points to be linked and the distance between them.
The use of quantum cryptography will enforce safety, dependability and security
of ICT infrastructures and critical infrastructures. It could be use for communication
purposes when governments agencies fight against cyber-terrorism and strong cybercrime. quantum network to distribute secrets can help to fight enemies in a context of
homeland security and defence.
8
Acknowledgement
This work has been done within the framework of the European research project:
SECOQC - www.secoqc.net. We would like to thank ENST-Networks Department
(www.enst.fr) and specially Michel Riguidel Head of Computer Science and Networks
Department for his help and useful information.
9
References
[1] Alléaume R (2004). “Réalisation expérimentale de sources de photons uniques,
caractérisation et application à la cryptographie quantique” (Secoqc partner)
[2] Bennet, C; Brassard, G (1984). IEEE International Conference on Computers, Systems, and Signal Processing. IEEE Press, LOS ALAMITOS
[3] Bennet, (1992). C Quantum Cryptography: Uncertainty in the Service of Privacy.
Science 257.
[4] Donald S.Bethune and William P.Risk (2002). ”AutoCompensating quantum cryptography”. New journal of physics 4 (2002)42.1-42.15 URL:
http://www.iop.org/EJ/article/1367-2630/4/1/342/nj2142.html
[5] Clark, C. W; Bienfang, J. C; Gross, A. J; Mink, A; Hershman, B. J; Nakassis, A;
Tang, X; Lu, R; Su, D. H; Williams, C. J; Hagley E. W; Wen, J (2000). ”Quantum
key distribution with 1.25 Gbps clock synchronization”, Optics Express.
[6] Crypto-Gram (March 2005). “SHA-1 Broken”.Schneier, B. March 15th 2005.
[7] Artur Ekert (1991). “Quantum Cryptography based on Bell’s Theorem”. Physical
Review Letters. URL:
http://prola.aps.org/abstract/PRL/v67/i6/p661 1
[8] Elliott, C (2002). ”Building the quantum network”. New Journal of Physics 4 (46.146.12)
[9] Elliott, C; Pearson, D; Troxel, G (2003). ”Quantum Cryptography in Practice”.
[10] Freebsd people. ”IPSEC outline”. URL: http://people.freebsd.org/˜julian/IPSEC 4 Dummies.html
Freesoft2004freesoft
(2004).
”IPSEC
Overview”.
URL:
http://www.freesoft.org/CIE/Topics/141.htm
[11] Gisin, N; Ribordy, G; Tittel, W; Zbinden, H. (2002). ”Quantum Cryptography”. Reviews of Modern Physics 74 (2002): http://arxiv.org/PS cache/quantph/pdf/0101/0101098.pdf
[12] Ghernaouti Hélie, S; Sfaxi, M.A; Ribordy, G; Gay, O (2005). “Using Quantum
Key Distribution within IPSEC to secure MAN communications”. MAN 2005 conference.
[13] Grosshans,Van Assche,
Wenger,Brouri,Cerf,Grangier (2003). ”Quantum key distribution using gaussian-modulated coherent states” Letter
to
nature.
URL:
http://www.mpq.mpg.de/Theorygroup/CIRAC/people/grosshans/papers/Nat421 238.pdf
[14] Guenther, C (2003) ”The Relevance of Quantum Cryptography in
Modern Cryptographic Systems”. GSEC Partical Requirements (v1.4b).
http://www.giac.org/practical/GSEC/Christoph Guenther GSEC.pdf
10
[15] R.Hughes,J.Nordholt,D.Derkacs,C.Peterson, (2002). ”Practical free-space quantum key distribution over 10km in daylight and at night”. New journal of physics 4
(2002)43.1-43.14.URL: http://www.iop.org/EJ/abstract/1367-2630/4/1/343/
[16] IdQuantique
(2004)
”A
Quantum
Leap
http://www.idquantique.com/files/introduction.pdf
for
Cryptography”.
[17] Labouret, G (2000). ”IPSEC: présentation technique”. Hervé Schauer Consultants
(HSC). URL : www.hsc.fr
[18] Le journal Le monde (march 2005). “Menace sur la signature lcronique”. march
the 5th 2005.
[19] Lo, H.K; Chau, H.F. (1999). ”Unconditional security of quantum key distribution over arbitrarily long distances”. Science 283: http://arxiv.org/PS cache/quantph/9803/9803006.pdf
[20] Magic Technologies (2004). ”Quantum Information Solutions for real world”.
http://www.magiqtech.com/products/index.php
[21] Mason A, (2002). ”IPSec Overview Part Five: Security Associations”. Cisco
Press. URL: http://www.ciscopress.com/articles/printerfriendly.asp?p=25443
[22] Mayers, D (1998). “Unconditionnal Security in Quantum Cryptography”. J. Assoc. Comput. Math. 48, 351
[23] Paterson, K.G; Piper, f; Schack, R (2004). ”Why Quantum Cryptography?”.
http://eprint.iacr.org/2004/156.pdf
[24] Riguidel, M; Dang-Minh, D; Le-Quoc, C; Nguyen-Toan, L; Nguyen-Thanh, M
(2004). ”Quantum crypt- Work Package I”. ENST/EEC/QC.04.06.WP1B. (Secoqc
partner)
[25] Rivest, R.L; Shamir, A; Adleman, L.M (1978). ”A Method of Obtaining Digital
Signature and Public-Key Cryptosystems”. Communication of the ACM 21 no. 2
1978.
[26] Schneier, B (1996). ”Applied Cryptography” Second Edition. New York: John
Wiley & Sons, 1996
[27] Shannon,
C.E
(1949).
”Communication
theory
of
secrecy
systems”.
Bell
System
Technical
Journal
28-4.
URL:
http://www.cs.ucla.edu/jkong/research/security/shannon.html
[28] Wootters, W.K; Zurek, W.H (1982). ”A single quantum cannot be cloned”. Nature, 299, 802
[29] Zemor, G (2001) ”Cours de cryptographie”, Editeur: Cassini
[30] Knight, P (2005). “Manipulating cold atoms for quantum information processing”. QUPON conference Vienna 2005.
11
[31] Tonomura, A (2005). “Quantum phenomena observed using electrons”. QUPON
conference Vienna 2005.
12
Related documents
CHEMISTRY 110
CHEMISTRY 110
Quantum Mechanics: What`s It Good For?
Quantum Mechanics: What`s It Good For?
Measuring dynamical correlations in quantum magnets with neutron
Measuring dynamical correlations in quantum magnets with neutron
Processing quantum information with relativistic motion of atoms
Processing quantum information with relativistic motion of atoms
Quantum Mechanical Model of Atoms Worksheet II
Quantum Mechanical Model of Atoms Worksheet II
Tales of the Quantum
Tales of the Quantum
Proposed System - IEEE Final Year Projects
Proposed System - IEEE Final Year Projects
Laboratory of Quantum Theory of intensive fields
Laboratory of Quantum Theory of intensive fields
Download
advertisement