Cybersecurity of Quantum Key Distribution Implementations

TL;DR

This paper introduces new analysis tools and concepts for quantum cybersecurity, specifically targeting practical vulnerabilities in Quantum Key Distribution implementations, and demonstrates their effectiveness in identifying known attacks.

Contribution

It develops novel methodologies and tools like Quantum Fuzzing and Reversed-Space Attacks, bridging classical and quantum cybersecurity analysis.

Findings

Bright Illumination attack could be detected with minimal device knowledge

New tools reveal vulnerabilities in existing QKD implementations

Enhanced security analysis for practical QKD systems

Abstract

Practical implementations of Quantum Key Distribution (QKD) often deviate from the theoretical protocols, exposing the implementations to various attacks even when the underlying (ideal) protocol is proven secure. We present new analysis tools and methodologies for quantum cybersecurity, adapting the concepts of vulnerabilities, attack surfaces, and exploits from classical cybersecurity to QKD implementation attacks. We also present three additional concepts, derived from the connection between classical and quantum cybersecurity: "Quantum Fuzzing", which is the first tool for black-box vulnerability research on QKD implementations; "Reversed-Space Attacks", which are a generic exploit method using the attack surface of imperfect receivers; and concrete quantum-mechanical definitions of "Quantum Side-Channel Attacks" and "Quantum State-Channel Attacks", meaningfully distinguishing them from each other and from other attacks. Using our tools, we analyze multiple existing QKD attacks and show that the "Bright Illumination" attack could have been found even with minimal knowledge of the device implementation. This work begins to bridge the gap between current analysis methods for experimental attacks on QKD implementations and the decades-long research in the field of classical cybersecurity, improving the practical security of QKD products and enhancing their usefulness in real-world systems.