Personal Progress report: 15/08/17

After having met with my supervisor today, I have decided to make a progress report.

In terms of work, I have succeeded in extracting information from three different articles, which provide me with a foundation for my project. The NIST SP 800-53 article has provided me with a comprehensive framework for classical key management, whose parameters I will likely use to evaluate quantum keys. The BB84 article has been fantastic in informing me of the origins of QKD, and the security of QKD article has supplied me knowledge of the ‘current’ state of QKD development, with its strengths and weaknesses.

The next step for me, is to define any unfamiliar words or terms that I came across within the articles, and to collate the data in order to evaluate which direction/directions I want to focus upon next. My current ideas are as follows:

  • Determine the security strength of the classic, DI-QKD, and MDI-QKD protocols.
  • Potentially consider looking into a brief history of classical key distribution.
  • Potentially focus on researching the QKD system in Tokyo that was mentioned in the security of QKD article.
  • Extract definitive parameters (and how they are determined) from the NIST SP 800-53 article in order to apply them to QKD.
  • Consider the requirements for Eve to hack Bob’s system (for both classical and quantum) in regards to physical location, technological requirements, and a priori knowledge.

I will likely be refining and adding to this list over the course of this next week as I weigh the pros and cons for each idea, and determine whether each idea is a worthwhile investment.

In terms of personal growth and skills gained, I have found this research to be stimulating and exciting for me. I was originally nervous in approaching this topic as I was concerned that the information for QKD would be beyond my level of comprehension, however, I have found that most of it makes sense and is easy to understand. I have currently acquired the following skills:

  • Inputting symbols into WordPress through their HTML shortcuts
  • Activating subscript and superscript through the HTML viewer/editor
  • Creating files within Zotero for further organization of websites

I am considering on teaching myself LaTeX (or MikTeX for Windows) so that I can publish my final report through TeXworks rather than Word. This skill however, will be dependent upon how much time I am able to organize for myself for publication of the report and poster.

Secure Quantum Key Distribution

The following information has been extracted from the Secure Quantum Key Distribution Article, and provides more information into QKD.

Introduction to QKD
Quantum cryptography, specifically quantum key distribution is being considered as an important cryptographic method as quantum computers begin to be further developed. One difference between classical cryptography and quantum cryptography, is that the eavesdropper, Eve, is able to store a transcript of any classically encrypted transmission, but cannot do so for a quantum encrypted transmission. This is because classical encryption involves the process of using a mathematically difficult algorithm known as key, which encrypts the data within the transmission so that a passive eavesdropper, like Eve, is unable to decipher the message without the use of either the same key (symmetric keys) or the partner key (asymmetric keys). However, Eve is still able to intercept the data without either Bob or Alice being aware of her. For QKD, Alice sends Bob a sequence of polarized photon, that are either rectilinear or diagonal. As Bob receives the photons, he records the photon through a randomly chosen basis of either rectilinear or diagonal basis. Bob records his basis choice and the result of the respective photon, which he then verifies his data with Alice to determine matching results. The non-matching photon data is ignored and the matching data is compiled to generate a sifted key. Alice and Bob can check whether their data has been intercepted by Eve by checking their quantum bit error rate. If the error rate is below a certain threshold, then they can be confident that their data is secure. ‘The quantum data can have classical post-processing protocols such as error correction and privacy amplification to generate a secure key. This key can be used to make the communication unconditionally secure using a one-time pad protocol.’

One-time pad is a protocol in which the key is the same length as the message. The message is interpreted as a binary string, as is the key. The message is encrypted using a bitwise exclusive-OR between the two corresponding bits in the binary string.

Security model of QKD
The security of the QKD method is based upon the perfect key distribution, where Alice and Bob share a truly random secret key. A QKD system is considered to be ϵ-secure ‘if and only if the probability distribution of an outcome of any measurement performed on the QKD scheme and the resulting key deviates at most ϵ from the one of the perfect key distribution protocol and the perfect key.’ The value of ϵ is approximately 10-10, but this can be adjusted based upon agreements between Bob and Alice on their privacy level. To consider the security of the QKD protocol, the security of the generated key when it is employed in a cryptosystem needs to be taken into account. This is known as composable security. To calculate the composable security, each security protocol is considered to have a defined security parameter,ϵi, with the total security of the cryptographic scheme being defined as Σiϵi.

However, the implementation of QKD relies on imperfect devices. The BB84 protocol provides the theory of Alice and Bob transmitting data through single polarized photons. Yet efficient single-photon sources and measuring devices are still a matter of the future. (During this publication). One current method for implementing the BB84 protocol is through the use of phase-randomized weak coherent state pulses (WCPs) that have a typical average photon number of 0.1 or higher. These states are created using standard semiconductor lasers and and calibrated attenuators. The limitation with these systems is that some signals may contain more than one photon prepared in the same quantum state. This is a security weakness as Eve can perform a Photon-Number-Splitting (P-N-S) attack upon the multi-photon pulses and obtain the portion of key that was generated with that information without Alice and Bob being aware.

The BB84 protocol relies upon Alice and Bob using single-photon states to create the secure key. To generate a key from this data, Bob and Alice do not necessarily need to identify which detected pulses specifically came from the single-photon emissions, but rather can ‘estimate a lower bound for the total number of such events.’ This estimation technique contains the worst case scenario where Eve were to block as many single photon pulses as she could. This assumption can be used to provide a key generation rate that scales as η2, where η is the transmittance of the quantum channel. ‘This quantity has the form η = 10-(αd)/(10), where α is the loss coefficient of the channel measured in dB/km (α ≈ 0.2 dB/km for standard commercial fibres) and d is the the covered distance in km.’

Eve however, may not be performing a PNS attack, so to improve the achievable secret key rate, their needs to be a more precise method for determining the number of single-photon pulses detected by Bob. The decoy-state method, which can ‘basically reach the performance of single-photon sources, where the key generation scales linearly with η’ can be used. Rather than sending equal intensity signals, Alice sends a signal with an intensity that has been randomly picked from a set of prescribed values. The states sent in the chosen intensity are known as signal states, and states that exist with different intensities are considered as decoy states.  ‘Once Bob has detected all the signals, Alice broadcasts the intensity used for each pulse. A crucial assumption here is that all other possible degrees of freedom of the signals (apart from the intensity) are equal for all of them.’ The result of this technique is that even if Eve has knowledge of the number of photons contained within a certain pulse, ‘her decision on whether or not to send that signal to Bob cannot depend on its intensity. That is, Eve’s decision is based upon what is known a priori.‘ Hence, the probability of ‘having a detection event given that Alice sent a single-photon pulse is the same for the signal and decoy pulses. This results in Alice and Bob being able to more precisely estimate the portion of detected events that occur from single-photons.

Experimental implementations
In recent years, QKD has been experimentally implemented. The signal can be transmitted through free space with approximately 800nm wavelength, through optical fibres with wavelengths of around 1310nm and 1550nm. The use of polarized photons, called polarization coding, is used mostly for free space transmission. Fibre optic based transmission uses different coding implementations, such as time-bin coding, phase coding, and frequency coding. These different techniques are used due to optical fibres being more likely to cause disturbances to the polarizion coding due to the fibre’s susceptibility to environmental effects and birefringence.

Entanglement-based QKD protocols allow Alice and Bob to transmit their information through further distances due to this protocol being more resilient to losses than WCP protocols. (It can stand up to about 70 dB). ‘For instance, they could employ a parametric down-conversion source to generate polarization entangled photons that are distributed between [Alice and Bob]’. This scheme however suffers from systems that are more involved than the ones for WCPs, and they have a lower low loss regime for their secret key. Aside from polarization coding, energy-time entangled pairs could be used.

For QKD for distances shorter than 100km, distributed-phase-reference QKD protocols could be used. This protocol involves Alice encoding the information coherently between adjacent pulses rather than in individual pulses. ‘This approach includes the differential phase shift (DPS) and the coherent-one-way (COW) protocols.’ DPS protocol involves Alice preparing a train of WCPs of equal intensity but with modulated phases. ‘Bob uses a one-bit delay Mach-Zehnder interferometer, followed by two single-photon detectors to measure the incoming pulses. The COW protocol involves all the pulses having a common phase but with varied intensities. These protocols are considered to belong to discrete-variable QKD schemes.

Another set of methods belong to the continuous-variable systems (CV-QKD), where the device ‘consists of homodyne or heterodyne measurements if the light-field quadratures. These protocols do not need single-photon detectors, but rather can be implemented through the use of standard telecom components.

QKD components and data-processing
‘For the optical layer of a QKD system, the following components are typically needed:’

  • Light Sources
    Attenuated laser pulses can be used for the signal source. The signal is modeled as a WCP. Application of global phase randomization results in the state becoming a classical mixture of Fock states with Poissonian distribution.
  • Single-photon detectors
    ‘Single photon detection is the ultimate limit of the detection of light.’ Traditional detectors include silicon detectors and InGaAs detectors. Si detectors are used for the 800nm wavelengths, and free-space transmission. InGaAs avalanche photo-diodes (APD) are used for telecom and fibre optic based transmission. InGaAS detectors have had previous issues such as low detection efficiency (15%) compared to the Si detectors (~50%), and a ‘long dead time after a detection event.’ This dead-time reduces the repetition rate to a few MHz. This issue however, has been resolved in recent years with the use of the following techniques: Self-differentiating APDs, sine-wave grating technique, a hybrid approach of SD-APDs and sine-wave grating techniques, superconducting nanowire single-photon detectors (SNSPDs). The detection efficiency for InGaAs has increased to 50%, with SNSPD detection efficiency of ~93%. The SNSPDs have a caveat, in that their operating temperature is around 0.1K (-273.14 ºC)
  • Standard linear optical components
    These optical components include polarizing beam-splitters, beam-splitters, amplitude modulators, and phase modulators.
  • Random number generators
    Random number are required in QKD for basis choice, bit-value choice, phase randomization, intensity choice in the decoy state method, and for data post-processing. Quantum mechanics offers randomness based upon physical principles rather than complex mathematical algorithms. ‘A simple way to build a quantum random number generator (QRNG) is to send a WCP through a 50:50 beam-splitter and put two single-photon detectors on the two outgoing arms. The actual bit value (0 or 1) generated depends on which detector detects a photon.’
  • Classical post-processing techniques
    This includes techniques such as error correction and privacy amplification, which are used to fix any errors in the transmission, and ‘remove any residual information that Eve might have on the raw key.’ A difficulty with classical post-processing is the computational complexity of the protocols that is required to process a very large amount of raw data in a short amount of time.
  • Authenticated Channel
    Alice and Bob need to have an authenticated classical channel through which Bob and Alice verify the results of the QKD transmissions. This channel requires a short authentication key that ‘may be provided in the initial shipment of the QKD system through a temper-resistant device.’ After the first successful QKD session, the authentication key can be renewed by the key generated from the QKD.

 

Industrial/application perspectives
As of 2015, when this article was published, QKD networks had been deployed in USA, Austria, Switzerland, Chine, and Japan. ‘The [Japanese-Tokyo] network consists of three main layers: a QKD layer, a key management layer, and an application layer.’ To the user in the application layer, the QKD layer and the key management layer can be considered as a black box, which supplies them keys. (Tokyo has a layer structure that is based upon a trusted node architecture. ) ‘Secure communication is possible between any nodes in the network by relaying on the secret key that is controlled by command of the key management server.’ This type of network can be employed for the provision of secure communications with smart phones. When a user needs a new key to protect communications, they could connect to the QKD network and store the obtained in their phone, for use when needed. ‘Other potential of QKD include, for example, offsite backup, enterprise private networks, critical infrastructure protection, backbone protection, and high security access networks.’

Quantum hacking
‘In principle, QKD only secures the communication channel, so Eve may try to attack the sources, i.e. the preparation stage of the quantum signal, and the measurement device.’ The sources can protected by preventative methods against Eve. For instance, ‘Alice can prepare her quantum signals (e.g. the polarization state of phase-randomized WCPs) in a fully protected environment outside the influence of an eavesdropper. The use of optical isolators is an example of this. The measurement device, Bob’s single-photon detector, is harder to protect due to Eve being allowed to send any signal, as it is more difficult to protect Bob’s device from any possible attack. ‘The most important hacking attack so far against the detectors of the system is the so-called detector blinding attack. Here, Eve shines bright light into the detectors to make them enter into the so-called linear mode operation, where they are no longer sensitive to single-photon pulses but only to strong light pulses. This provides Eve with complete control in which detector ‘clicks’ each time through the transmission of bright pulses. This method allows Eve to completely learn the secret key. Other aspects that are exploitable are: the sources detection efficiency mismatch, and the dead-time of detectors.

There are three main approaches in counter-measuring any hacking. The first approach is to use security patches. This provides security against any and all known attacks but implies vulnerability of the system against any hacking advances. This technique is akin to most classical cryptographic techniques.
The second approach is called device-independent QKD (DI-QKD) In this approach, Alice and Bob consider their devices as black boxes. In other words, ‘they do not need to fully characterize their different elements.’ ‘The security of DI-QKD relies on the violation of a Bell inequality, which certifies the presence of quantum correlations. This approach is impractical with current technology due to high decoupling and channel loss, limited detection efficiency of current single-photon detectors (this is considered as the detection efficiency loophole, which requires detection efficiency to be ~80% or more for a loophole free Bell test).
The third approach is MDI-QKD. This approach allows Alice and Bob to perform QKD with untrusted measurement devices, even ones developed by Eve. MDI-QKD security is based upon the idea of time reversal. ‘Alice and Bob  prepare quantum signals and send them to an untrusted relay, Charles/Eve, who is supposed to perform a Bell-state measurement on the signals received. The honesty of Charles can be verified by comparing a subset of the transmitted data.’ MDI-QKD can be achieved through current ‘optical components with low detection efficiency and high lossy channels.’ MDI-QKD has a key rate that is far greater than that of DI-QKD, and has been demonstrated  in laboratories and field tests (as of publication). ‘The key assumption of MDI-QKD is that Alice and Bob trust their sources.” One downside of MDI-QKD is that it has a ‘relatively low secret key rate when compared to the decoy state BB84 protocol.’ This is due to MDI-QKD requiring two-fold coincidence detector events. These are currently restrained due to the low detection efficiency of InGaAs single-photon detectors, however the downside is not an issue if SNSPDs (at ~0.1K) are utilized. ‘MDI-QKD could be used to build a QKD network with untrusted nodes, which would be desirable from a security standpoint.’

Conclusion
This article gives an idea of the advancement of QKD since the publication of BB84. This article contains techniques and terminology that I’m not familiar with, so my next step is to look up the terms that I am unfamiliar with. From this, I will build up a glossary to provide myself with greater comprehension of the prospects discussed within this article, and any further article that I examine.

Reference
Lo Hoi-Kwong et al. (21 May 2015). Secure Quantum Key Distribution. https://arxiv.org/pdf/1505.05303.pdf

Quantum Cryptography: Public Key Distribution and Coin Tossing (BB84)

The BB84 protocol is based upon the article, ‘Quantum Cryptography: Public Key Distribution and Coin Tossing’ by Charles Bennett and Gilles Brassard, which was published in 1984.

The following information has been extracted from parts I-III of the article.

Most digital communication channels can be either passively monitored or actively copied, whether or not the information is encrypted. If the information is encoded in non-orthogonal quantum states however, then the channel is in theory unable to be monitored or copied without the outside party having critical information on the formation of the transmission. If the outside party were to eavesdrop, this would cause the transmission to be altered in such a way that their presence would be discernible to the legitimate party that received the transmission.

Quantum coding then, can be used to enable secure distribution of key information between two parties that have no initial shared secret information. This however can only occur under the proviso that both parties have access to a quantum channel and an ordinary channel that may be susceptible to passive eavesdropping. This can be done with the use of polarized photons.

Polarized photons are created by polarizing a beam of light with polarizing equipment such as Polaroid filters or calcite crystals. Photons contain quantum mechanical properties, which results in the uncertainty principle constraining the measurements of a single photon to reveal a single bit in regards to its polarization state. Photons, however, will behave deterministically if the orientation of the photon is either parallel of perpendicular to the orientation of the filter. Parallel orientation results in complete transmission, and perpendicular orientation results in complete absorption. If the two axes of orientations are not perpendicular, then an incident photon of orientation α passing through a polarizer of orientation β will result in a transmitted photon of orientation β.  A photon can also not be cloned due to cloning being contradictory to the nature of quantum mechanics.

(This following paragraph contains mostly copied portions from the article as it involves their formalism in introducing quantum mechanics)
A photon is a sub-atomic particle that is subject to quantum effects. Quantum mechanics can be considered as the interpretation of photon’s state within a defined quantum system, which is a ‘vector, ψ, with the properties of being unit length in a linear space, Η, over field of complex numbers.’ This space is known as Hilbert space. For a Hilbert space, ‘each physical measurement, defined as M, upon the system corresponds to a resolution of its H space into orthogonal subspaces, one for each possible outcome of the measurement.’ For the system in a state, which is denoted by ψ, has a physical measurement, M, acted upon it, ‘its behavior is in general probabilistic: where outcome, k, occurs with a probability equal to: Probabilistic outcome of M_k and psiAfter the measurement, the system is left in a new state:Normalized unit vectorWhich is the normalized unit vector in the direction of the old state vector’s projection into the subspace M_k. This measurement has a deterministic outcome which leaves the state vector unmodified.’ The implies that the outcome of the physical measurement will always provide a unique outcome from the same set of input variables. In other words, this measurement can be considered as a 1-1 function.
‘The Hilbert space for a single polarized photon is two-dimensional, which implies that the state of the photon can be described as a linear combination of two unit vectors that represent horizontal and vertical polarization.’ These unit vectors are:
Horizontal and Vertical Unit Vectors‘A photon polarized at an angle, α, to the horizontal is described by the state vector (cosα, sinα).’ When the photon is subject to horizontal polarization, the photon has a probability of (cosα)^2 at becoming horizontal. This is similar for vertical polarization, where the photon has the probability of (sinα)^2 at becoming vertical. This implies that ‘the two orthogonal vectors r_V and r_H exemplify the resolution of a 2-dimensional Hilbert space into 2 orthogonal 1-dimensional subspaces.’
‘An alternative basis for the same Hilbert space can be considered with two diagonal basis vectors:
Diagonal Basis VectorsWhere d_1 represents a 45-degree photon, and d_2 represents a 135-degree photon.’

For non-quantum cryptography, a trapdoor function is used in a public key to initially encrypt a message between two parties in order to hinder any passive eavesdropping. For quantum cryptography, the public key is used to send a sequence of random bits between two parties, rather than a message. The two parties can communicate over a non-quantum channel and with high probability, determine whether the original transmission of random bits has been subject to eavesdropping. If the transmission has been subject to eavesdropping, the disrupted material can be disposed of, and the transmission attempt repeated until a sufficient number of random bits have been exchanged for them to use as a one-time pad. If the transmission has not been subject to eavesdropping, then the shared random bits can be used as a one-time pad to encrypt any further communications or other cryptographic purposes.

The transmission of the random bits through a quantum channel is as follows: Party A, or Alice, chooses a random bit string and a random sequence of polarization bases, that are either rectilinear or diagonal. Alice sends a train of photons to party B, or Bob, where each photon represents a single bit of the string in the basis chosen for that bit position. The photon is a binary zero if the polarization is horizontal or at 45-degrees, and is a binary one if the polarization is vertical or at 135 degrees. Once Bob has received the photons, he can either choose to measure the rectilinear or diagonal polarization of the photons. Bob’s measurements influence the result that he obtains from the polarized photons. As such, if he attempts to measure the rectilinear polarization of a diagonally polarized photon, or vice versa, the information is lost and he receives a non-deterministic result. This implies that Bob will only obtain meaningful results from half of the data. This percentage of meaningful results is an optimal proportion, as in reality, the use of imperfectly-efficient detectors would result in a reduction of photons received. Bob can communicate his results to Alice over a non-quantum encrypted channel that provides Bob and Alice with authentic and non-repudiable messages, but may be susceptible to passive eavesdropping.

Any eavesdropping on the quantum transmission can result in the diagonal and rectilinear photons becoming altered which will cause disagreements between Alice and Bob on bits that would have originally matched. ‘No measurement of a polarized photon during its transit, by an eavesdropper informed of the original basis, will yield more than 1/2 the expected bits of information about the key bit encoded on that photon.’ ‘Were the eavesdropper to measure and re-transmit all of the photons in the rectilinear basis, they would be able to learn the correct polarization of half of the photons and would induce disagreements in 1/4 of the photons that were re-measured in the original basis.’ The implications of this information is that Bob and Alice can publicly compare some of the bits that are likely to agree. If the bits do agree, then Alice and Bob can be confident that no eavesdropping has occurred. Although this method does reduce the secrecy of some of the bits, only a small portion of correctly received bits need to be used, which results in the remaining received bits staying secure.

The received bits can be used as a one-time pad for further secure communication between Bob and Alice over a public channel. The concern for the public channel to not be compromised by active eavesdropping is reduced if Wegman-Carter authentication tags are implemented through a previous agreement of a small secret key. The suggestion for the WC authentication method is due to the unlikely-hood of an eavesdropper, ignorant of the key, being able to reproduce a valid message-tag pair. The WC method also involves the gradual loss of bits which cannot be reused without compromising the security of the system. However, these bits can be replaced by new random bits that are transmitted through the quantum channel.

One of the important advantages of using quantum key distribution is that both Alice and Bob have a high probability of being able to discern whether their exchange is being eavesdropped, and hence, compromised.

 

 

References:
Bennett and Brassard, (December 1984) Quantum Cryptography: Quantum Key Distribution and Coin Tossing. https://www.research.ibm.com/people/b/bennetc/bennettc198469790513.pdf

NIST SP 800-57: Recommendation for Key Management

During my post of ‘Clarifying Enterprise Implications‘, I considered how QKD would influence current key maintenance. This NIST SP article will help me understand the concepts involved in key maintenance, and whether it is a suitable project focus.

**This blog has been updated as the publication that I was using was out of date. The updated information is sourced from NIST SP 800-57 Part 1, Revision 4. **

An important item to note before I extrapolate certain information from the article, is that NIST Recommendations are designed to provide a “minimum level of security for U.S. government systems” (section 1.4, part 1), which means that this information will not provide an accurate example for key maintenance in New Zealand enterprises. It will however, provide me with more knowledge of what practices are involved in key maintenance.

This blog only contains information from section 5 of the NIST SP 800-57, and I will write further blogs based upon other relevant information contained in the NIST publication.

From section 5: General Key Management Guidance

  • A key should be used for only one purpose
    • Using the same key for multiple uses may weaken security
    • Limiting a key to one purpose reduces the potential destruction that could occur if the key were to become compromised.
    • Some uses of keys interfere with each other. E.g. A key shouldn’t be used for key transport and as a digital signature.
    • (This does not include multi-service keys such as one that provides encryption and authentication of data during the same use.)
  • There should exist well-defined lifetimes for each key, dependent upon various factors such as amount of data encrypted by a single key, the key’s algorithm, the sensitivity of the data accessible by the key.
  • The risk involved with key exposure should be determined, and various factors should be taken into account in order to minimize the risk. NIST SP 800-57 contains the following factors:
    • Strength of cryptographic mechanisms
    • The environment in which the key is utilized
    • The security life of the data
    • The transaction number or volume of information flow that is using a single key
    • The process of key updates and key derivation
    • The methods involved in re-keying
    • The mechanisms/technology involved for creating, holding, updating keys
    • The security function which includes data encryption, key production, and key protection.
    • Number of nodes in a network that share a common key
    • Number of copies of a key and their distribution
    • Personnel turnover
    • Threat from adversaries and their perceived technical capabilities and financial resources
    • Threat to information from new and disruptive technologies (e.g. quantum computers)
  • The key’s operation should be well defined in regards to whether it is used for encryption exchangeable data or whether it is being used to encrypt stored data.
  • The cost involved with replacing or cancelling a key needs to be considered.
  • The differences of symmetric and asymmetric keys should be considered, as this will determine which key will be implemented.

 

The NIST SP 800-57 provides the following table describing their recommended cryptoperiods for a range of key types:

Cryptoperiods for key types _Part ICryptoperiods for key types _Part II

Most keys appear to have a lifetime of less than two years, with the longest lifetime being less than five years.

The article also provides the following procedures that may minimize the likelihood of a key from being compromised:

  • Limit time that symmetric or private key is in plaintext
  • Prevent human view of the plaintext of the private and symmetric keys
  • Restricting plaintext symmetric and private keys to physically protected containers
  • Use regular integrity checks to ensure that the key or its associated data hasn’t been compromised
  • Employ the use of key confirmation
  • Employ an accountability system that keeps track of access to plaintext form of symmetric and private keys
  • Ensure that there are regular cryptographic integrity checks on the key
  • Use trusted timestamps for signed data
  • Destroy the key as soon as it is no longer required

 

The article also entails cryptographic algorithms and key size selection. It provides the following table that provides algorithm security lifetimes and the corresponding symmetric key algorithms.
Comparable strengths of keys
-The security strength column denotes an estimated maximum strength, in units of bits. -The orange-filled cells are keys that are considered no longer approved for Federal government information, which does not apply to my project. The yellow cells are certain key strengths for the FFC and IFC algorithms that NIST does not include in its standards. This also does not apply to my project.
-The FFC (finite field cryptography) column provides a minimum size for keys, where L is the public key length, and N is the private key length.
-The fourth column provides a value based upon integer-factorization cryptography (IFC), where k is considered to be the key size.
-The final column provides a range of values of key size for elliptic curve cryptography (ECC).

The following tables are NIST’s acceptable time frames for the keys based upon their security strength.
Security strength time frames _Part ISecurity strength time frames _Part II

Note, these tables are based upon the latest publication, which was published in 2016.

Their nomenclature within the table has the following definitions:
Applying: Data is being encrypted
Processing: Data is being decrypted
Disallowed: The key length does not fulfill the NIST standards for suitability of application on the data
Legacy-Use: The length is suitable for processing encrypted data
Acceptable: The length is suitable for cryptographic application upon data as the key has no known insecurities.

This data, although based upon the NIST standards, does provide me with a general time frame for keys in regards to their security strength.

 

Conclusion
This section of the publication has provided me with three main focuses for key maintenance; the purpose of the key, its expected security lifetime, and minimization of risks that may lead to key compromise.

When I have completed more research upon quantum keys, I can compare this information as to how it applies to quantum keys and their distribution.

 

Reference:
Barker et al.(March 2007) Recommendation for Key Management-Part 1: General (Revised), NIST Special Publication 800-57. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

Barker et al. (January 2016) Recommendation for Key Management-Part 1: General (Revised), NIST Special Publication 800-57. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf 

 

Quantum Memory Scrambling

The following post is based from this article here.

In this article from Ars Technica, discusses a few topics that I have been recently thinking about. The first is to do with the security of the quantum information at its endpoint, and the second is to do with the scope of distance that in which QKD can be utilized.

Whilst QKD is known for its security against interception and copying due to its quantum physics properties, I have wondered about how security is ensured at its destination. Now, while this may seem redundant; why have security for place the key is supposed to reach? I automatically thought of this due to the strength of  QKD.

The author of the article, Chris Lee, mentions end point security in relation to long distance QKD. This is because, QKD currently has a range of approximately 70-100km, and hence, a long distance QKD would require intermediaries. While the two final endpoints may be secure, this isn’t necessarily the case for the intermediate hosts.

The article states that research has been conducted with the intent of resolving this weakness. To clarify, the main weakness here is that current quantum computers are ‘transparent’, to quote the article, in how they store their information. So, while the traversing data is secure, the data stored in the quantum computers at the endpoint can be easily accessed. ‘Easy’ being a relative word here. The solution to this, is to encrypt the quantum memory stored upon the computers.

This encryption is quite fascinating as it uses an intrinsic quantum principle known as Heisenberg’s Uncertainty principle (Link here for more information.) and frosted glass. The article describes this encryption method as follows. A control light has its intensity randomly defined throughout space by shining it through a piece of frosted glass. The quantum bit of qubit can also be defined as a pulse of light. However, in defining the qubit into a pulse of specific arrival time, the Energy, and hence, the wavelength of the pulse becomes uncertain, to the extent of being undefined. This can be shown mathematically as follows:

HU Principle w_r_t Wavelength

By employing the use of the control light dispersed through the frosted glass, the qubit pulse’s information can be stored within a cloud of spatial and light intensity dependent probability. The encrypted information then requires a light that matches both the light intensity and spatial pattern of the control light, for it to be decrypted. The article states that the accuracy of the decrypting light needs to be within 0.1% deviation of the encrypting control light to be effective.

The article continues on to further explain the issues involved in this sort of encryption, and the potential use of crystals.

 

I found this article to be very intriguing in that it looked into a flaw related to quantum mechanics and QKD, and suggested a potential solution. As the use of QKD increases, I consider that the need for preemptive determination of flaws is incredibly important.

Clarifying Enterprise Implications

During the write up of my initial project proposal, I mentioned that I want to look into the implications that QKD will have upon enterprises. This is a very broad statement, and hence, I plan to come up with some ideas of what I could focus on in my final proposal.

QKD implication ideas:

  • Focus on pricing of QKD implementation
    • Cost of initial components ~$50 000 [1]
    • Cost of maintenance
  • Consideration of quantum computing methods, and determine suitability as a commercial product [2]
    • Rare earth metals
    • Superconductors
  • Compare and contrast with current encryption methods [3]
    • RSA encryption
    • AES
  • QKD influence on current key maintenance techniques [4]
    • Technological focus
    • People focus
    • Business ‘best practice’ focus

 

In conclusion, I currently am considering that determining pricing for QKD implementation would be more difficult than what I have time for. I think that the QKD methods could still be useful in providing greater background into how it works, so I would like to do further research on this aspect.

My current plan is to take a further look into current encryption methods and their maintenance, and consider this as the focus of enterprise implications.

 

References
[1] Maxey, Kyle. (9 September 2013). Toshiba Makes Quantum Cryptography Breakthrough, Engineering.com.  http://www.engineering.com/DesignerEdge/DesignerEdgeArticles/ArticleID/6290/Toshiba-Makes-Quantum-Cryptography-Breakthrough.aspx (Accessed 21 July 2017)

[2] Savage, Neil. (5 July 2017). Quantum Computers Compete for “Supremacy”, Scientific American. https://www.scientificamerican.com/article/quantum-computers-compete-for-supremacy/ (Accessed 21 July 2017)

[3] Li, Kevin. (28 March 2014). Current Encryption Algorithms, Information Security: Stack Exchange. (Top Answer). https://security.stackexchange.com/questions/54385/current-encryption-algorithms (Accessed 21 July 2017)

[4] Barker et al.(March 2007) Recommendation for Key Management-Part 1: General (Revised), NIST Special Publication 800-57. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf (Accessed 21 July 2017)

 

 

Initial Project Proposal

To: Project Committee, Nelson Marlborough Institute of Technology
From: Katie Clark
Date: 12 June 2017
Re: Project Proposal for Grad-Dip, PRJ702

 

Proposed Project Title:
Introduction to quantum key distribution and its implications for enterprise

 

Proposed Supervisor
This currently hasn’t been organized, but potentially Clare Atkins due to her background in overseeing research projects in previous years. Her experience would be of assistance in coordinating time and developing a project that suits the hours required.

 

Project Goal / Research Question
The fundamental goal is to determine the viability of quantum key distributions in enterprise. This is done by evaluating the implications that quantum key distribution will likely have in enterprises based upon the current cryptographic key distribution technology and protocols, and its flaws within enterprise. This knowledge will provide a foundational model from which I will base inference for the implication of QKD in enterprise.

 

Background
The conception of this project proposal came from the mention of cryptography in a RES701 class. Although I haven’t had much experience with cryptography, I have been interested in cryptography since I heard about it during my last period of tertiary study. My last tertiary study was a Bachelor of Science in applied physics, so the concept of quantum cryptography seemed very intriguing to me. However, the area of quantum cryptography is still very new, and I am wanting to use this research project to gain a skill that is applicable, so I have decided to consider quantum key distribution (QKD) in relation to enterprise, based upon the current influence of cryptographic keys.

I have already used some encryption keys in my cloud services networking class, and I can understand how they would be important in data transfer. As such, I want to consider the enterprise implications that arise from possibility of QKD if it were to replace the current keys.

While the current encryption keys are very secure, the encrypted data can still be intercepted by a non-designated party, which can be problematic if that data is able to be decrypted. Currently, key decryption is very complex and for keys such as a 2048-key bit in secure SSL certificates, the time taken for decryption approximates 6 quadrillion years for a standard computer.[i] However, the use of quantum computers could potentially easily decrypt such a key.[ii]

Quantum keys however, abide by quantum mechanical principles and so are unable to be cloned, and cannot be intercepted and read without the quantum data changing due to the ‘observation’ occurring to it.[iii] These two qualities of QKD are foundational quantum mechanical principles. The inability to be intercepted and observed is due to the collapse of the wave function, a principle derived from the ‘uncertainty principle’, that was postulated by physicist, Werner Heisenberg.[iv] This principle implies that the act of observing the quantum particles, which when unobserved exists as a wave with probability of existing in all of space. However, when observed, the act of determining where the quantum particle exists, destroys the wave properties of the particle.[v],[vi] This implies, that were an outside party to observe a quantum key, the act of observation would change the key, thus making the observation known to the intended recipient of the key. The no-cloning theorem is also based upon Heisenberg’s uncertainty principle.[vii]

The quantum key distribution protocol, called BB84, will be the quantum key protocol that I mostly consider.[viii] However, I will look into other quantum key distribution protocols in order to gain a broad understanding of the methodology involved.

My previous knowledge in quantum mechanics, which was studied as part of the applied physics degree will assist in my understanding of quantum key distribution. The purpose of researching enterprise implications is to determine the importance of the role that current cryptographic keys have in data security, and consider the feasibility of the application of quantum key distribution.

 

Proposed Project Design and Activities
This project will mostly be composed of secondary research, so I will utilize resources such as Google Scholar and ProQuest in an effort to ensure that the information that I collect has been verified, has minimal bias, and so that I have a wide variety of resources that are up-to-date in terms of the current cryptographic keys being utilized and quantum key distribution protocols.

As I will be collecting information on a topic of which I am not yet well informed, I will need to ensure that I implement background analysis on any concept that I do not understand to ensure that my report does not contain a bias of omission due to my lack of understanding.

My current research plan is as follows:[1]

  1. Break up research question into key words, ideas, and assumptions.
    1. Determine what bias is upon these ideas, and consider how this could minimized if possible.
  2. Start research on foundational knowledge required such as current cryptographic key distribution, and enterprise use.
    1. Determine whether this assumption is of enterprise use of current key distribution is validated.
    2. Determine whether there is evidence regarding the use of current key distribution in enterprise.
    3. Consider whether primary research, potentially in the form of a survey, is required and possible given the time constraints for this project.[2]
    4. Consider what bias could inferred from any primary research and determine how to minimize it.
  3. Start research on foundational knowledge of quantum key distribution and protocols.
    1. Ensure that information is being properly comprehended, and background information on QKD is being taken into consideration in order to maximise comprehension.
  4. Analyze enterprise model of current key distribution.
  5. Discuss whether QKD would fit into the current model, or whether there would need to be a change.
  6. Discuss the pros and cons of utilizing QKD compared to current key distribution.
  7. Resolve how comparative findings may influence enterprise.
  8. Identify any method of improving the research.
  9. Consider further research options.
  10. Write up the final report.

 

Anticipated Project Outcomes
My anticipated outcomes are as follows:

  • A report that clarifies quantum key distribution, and provides an inferred answer as to the influence that QKD could have upon enterprise.
  • Potentially, survey results confirming or denying the extent of key utilisation within a certain enterprise field.
  • Greater knowledge of current cryptographic keys and QKDs, which can be referenced within my CV.

 

Required Project Resources

  • Personal Skills
    • Knowledge of current cryptographic keys -I will need to learn this.
      This can be learned through research of scholarly or tertiary level specific publications.
    • Knowledge of quantum key distribution -I will need to learn this.
      This can be learned through research of scholarly or tertiary level specific publications.
    • Knowledge of key distribution in enterprises -I will need to learn this.
      This can be learned through research of scholarly or tertiary level specific publications. Or I could gain some understanding by creating a survey.
    • Knowledge of basic quantum physics -I have a foundational knowledge of quantum physics from my previous degree.
    • Knowledge of effective research methods -The NMIT course of RES701 should equip me with the necessary knowledge.
    • If I were to complete a survey, then I would need to develop the skills to ensure that the questions are comprehensible and not ambiguous, and that there is minimal bias within the survey.

 

  • Project Resources
    • Report writing software -This could be done through Microsoft Word, LaTeX, or Google Docs.
    • Access to ProQuest -This is covered through my enrollment status at NMIT.

If I were to complete a survey, I would need the following:

  • Online survey system for ease of creation and deployment.
  • List of enterprises and confirmation of survey participation.
  • The ethics committee for confirmation that my survey was ethically appropriate.

 

Potential Limitations and Issues
The biggest limitation for this project is time. This is due to this being a PRJ702 research project, and so only having an allotted 300 hours of expected work instead of 450 hours. This limitation may cause slight adjustments to the project question if the workload is becoming larger than originally anticipated.

The next limitation is due to the technique of secondary research. Whilst this project would be too large to attempt from a primary research attempt, and there is already information pertaining to the project; the limitation derives from the potential inaccuracy of secondary research. One limitation of secondary research is that the information available may not be specific enough to the question proposed for this project.[ix]

Potential issues arise if my secondary research does not provide enough information in regards to key distribution in enterprise. If this instance occurs, I will need to implement a survey and gain the information first-hand. A survey may have the following potential issues:

  • Whether I use New Zealand-based companies, or global companies.
    The issue here is that, if I were to source my information from online, I would compare a variety of global enterprises, and determine whether this information needs to be restricted to one area. However, If I am required to do a survey, then the enterprises would mostly be New Zealand-based due to the time limitation of this project, the influence of NMIT’s name is unlikely to have any impact beyond the country, and I do not have the resources to commit to a large global-scale survey. If I am limited to New Zealand based companies, then due to the size of New Zealand’s financial commercial infrastructure, my number of enterprise level companies is reduced.  A look into New Zealand enterprise numbers for February 2016, show that although this may not be an issue, specifying the service of enterprise will be required due to the different proportions of service.[x]
  • The time limit with regards to the sample size of the survey.
    From a statistical perspective, the higher the sample size, the more confidence that I can have in the results of the sample. However, due to time constraints, if I were to make the survey sample size too large, then I run the risk of not allowing myself enough time for analysis of the survey results, which would take longer with an increased sample size. Another factor to take into consideration, is that not every enterprise business will respond, or respond within the time limit.
  • Ethics
    As I would be dealing with businesses, who may consider my questions to be encroaching on sensitive information, I would need to ensure that I pass the survey through the NMIT ethics committee. I would need to stipulate confidentiality through anonymity, the optionality of participation of the survey, and that the participating businesses are clear as to the purpose for why the information is being collected.
  • The time limit with regards to Beta testing
    In order to ensure that the survey provides me with the information that I am seeking, and is not misconstrued between myself, and the intended recipients, I should do a beta test. The limitation with this is the time constraint, which may prevent me from being able to complete a full beta-test run through.

 

Ethical Considerations
If I find the information on enterprises from secondary research, then my biggest ethical concerns are giving credit to the authors or companies of the articles, which can be done through correct referencing.

If I need to take a survey, then there are more ethical considerations involved. For this, I will need to have the survey judged to be suitable by the NMIT ethics committee. The ethical principles, as described in NMIT’s Survey Template[xi], that I will need to take into consideration are as follows:

  • Informed consent
    As the information being asked of the enterprises is in regards to a security practice, I will need to ensure that they are clear of exactly what information I’m after, and are willing to provide that information.
  • Confidentiality and privacy
    The information being asked could be considered sensitive information, and so I would need to uphold the 1993 Privacy Act, which allows the enterprise refusal to my request, and also requires that I do not share any information from the enterprise that could be considered personal, unless the enterprise clearly states permission of the sharing of such detail, in which case I would be legally bound to any stipulated proviso.[xii]
  • Minimization of harm
    I need to ensure that the survey questions do not cause conflict within the enterprise, which may occur if I were to require the information from someone in a position that does not hold the authority to provide it. I also need to ensure that what I’m asking does not have any negative repercussions upon the subject enterprises due to the potential sensitivity of the data.
  • Publication Results
    I need to ensure that I keep all participating enterprises anonymous during the report, and provide them with a comprehensible set of results, if required.

The purpose of the survey will be to determine the proportion of enterprises that use cryptographic keys for the secure exchange of information, and the prevalence of this form of security within their organization. Whilst I will do my best to ensure that the questions are not in any way harmful to the organizations involved, I still need to ensure that they are willing to cooperate and provide the information.

 

Anticipated Timeline

prj anticpated timetable

The timeline milestones are:

  • Week starting 21 August: Milestone 1: All secondary research complete. (This is if survey not required. If survey required, the Milestone one shifts to 11 September.)
  • Week starting 25 September: Milestone 2: All research analysis complete. (If survey is required, then Milestone two shifts one week forward to 2 October.)
  • Week starting 6 November: Milestone 3: Final report is complete.

From the timeline shown above, if I did need to create a survey, then on the assumption that the survey could be sent and returned in 4 weeks, I would be reducing the amount of time that I have to analyze the information, review my research, and draw a conclusion. If my anticipated weekly hours were correct, then I would be using nearly 10% more time for this project than required. While the hours still seem feasible, this increased amount may still have a detrimental effect on my other courses, which is something that I need to take into consideration.

This timeline doesn’t take into account the mid-semester break, and assumes that I will be working on the project regardless, which will be my goal.

 

Statement of Ownership
The work done within this project will be solely my own, with references to any external source material or assistance.

 

References

[1] This research plan is loosely based upon the ‘Proposed Research steps’ of Belma Gaukrodger’s ‘Project Proposal for PRJ701 to be conducted in 2013’ from the RES701 NMIT moodle project proposal templates.

[2] If survey is required, then ethical concerns, survey development, survey result analysis, and determining factors for response, will all need to be applied.

[i] (n.d.) The Maths behind Estimations to Break a 2048-bit Certificate, digicert. https://www.digicert.com/TimeTravel/math.htm (Accessed: 12 June 2017)

[ii] Nordrum Amy. (3 March 2016) Quantum Computer Comes Closer to Cracking RSA Encryption.  http://spectrum.ieee.org/tech-talk/computing/hardware/encryptionbusting-quantum-computer-practices-factoring-in-scalable-fiveatom-experiment (Accessed: 10 June 2017)

[iii] Scharitzer, Gerald. (24.10.2003). Basic Quantum Cryptography. https://pdfs.semanticscholar.org/57e3/1e7216db8e4063bd0d4c99360cc97ba7a7fe.pdf (Accessed: 12 June 2017)

[iv] Feynman Richard. (n.d.) Quantum Behaviour. Based upon the books, The Feynman Lectures on Physics, Volume III. Sourced from http://www.feynmanlectures.caltech.edu/III_01.html (Accessed: 12 June 2017)

[v] Nave R. (n.d.) The uncertainty principle, Hyperphysics. http://hyperphysics.phy-astr.gsu.edu/hbase/uncer.html (Accessed: 10 June 2017)

[vi] Feynman Richard. (n.d.) Quantum Behaviour. Based upon the books, The Feynman Lectures on Physics, Volume III. Sourced from http://www.feynmanlectures.caltech.edu/III_01.html (Accessed: 12 June 2017)

[vii] Scharitzer, Gerald. (24.10.2003). Basic Quantum Cryptography. https://pdfs.semanticscholar.org/57e3/1e7216db8e4063bd0d4c99360cc97ba7a7fe.pdf (Accessed: 12 June 2017)

[viii] Preskill John, Shor Peter. (12 May 200) Simple Proof of Security of the BB84 Quantum Key Distribution Protocol. https://arxiv.org/abs/quant-ph/0003004 (Accessed: 12 June 2017)

[ix] Do Thuy Linh, (n.d.) Secondary Research. http://designresearchtechniques.com/casestudies/secondary-research/ (Accessed: 12 June 2017)

[x] MacPherson Liz. (19 December 2016) New Zealand Business Demography Statistics: At February 2016, Stats NZ. http://www.stats.govt.nz/browse_for_stats/businesses/business_characteristics/BusinessDemographyStatistics_HOTPFeb16.aspx (Accessed: 12 June 2017)

[xi] (n.d.) Research Survey Template Text, NMIT. Sourced from course RES701: Research Methods on NMIT’s moodle page. (Accessed: 12 June 2017)

[xii] (17 May 1993 -Reprinted 27 April 2017) Privacy Act 1993, New Zealand Legislation, Parliamentary Counsel Office. http://www.legislation.govt.nz/act/public/1993/0028/latest/DLM296643.html (Accessed: 12 June 2017)