1 / 12

A New Target for CC Evaluation A New Target for CC EvaluationA New Target for CC Evaluation A New Target for CC Evaluati

A New Target for CC Evaluation A New Target for CC EvaluationA New Target for CC Evaluation A New Target for CC Evaluation A New Target for CC EvaluationA New Target for CC EvaluationA New Target for CC Evaluation A New Target for CC Evaluation A New Target for CC Evaluation A New Target for CC Evaluation A New Target for CC EvaluationA New Target for CC Evaluation A

hacguest
Download Presentation

A New Target for CC Evaluation A New Target for CC EvaluationA New Target for CC Evaluation A New Target for CC Evaluati

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ETSI/IQC Quantum Safe Workshop, Nov. 8 2018, Beijing Quantum Key Distribution -A New Target for CC Evaluation Hongsong Shi Jiajum Ma China Information Technology Security Evaluation Center QuantumCTek Co., Ltd.

  2. Security evaluation of commercial QKD systems • Evaluation of practical security of QKD • Some decoy state BB84 based implementations have been implemented in some commercial system, while CV-QKD and MDI-QKD have continuously demonstrate their progress in practicality, which construct the new targets of evaluation. • Common Criteria (CC) evaluation • Provide a standard but scalable language to describe security requirements of IT product, and a generic methodology to do evaluation and testing • Recognized by international IT security evaluation community, thousands of IT products have been evaluated internationally • Renewal process of CC standard is mainly in the charge of ISO/IEC JTC1/SC27

  3. Related standardization efforts • ETSI ISG QKD • Plan of drafting Protection Profile(PP) document for QKD • ISO/IEC JTC1 SC27 • Study item “Security requirements, test and evaluation methods for quantum key distribution” • Mainly for CC-based security evaluation of QKD device • Currently in new work item proposal (NWIP) stage • Other working groups • ITU-T SG17, CSA-QSS, IEEE P1913,CCSA • Not two much overlap with the work in ISO/IEC JTC1/SC27 • Mainly focusing on the security of interfaces, or little publications can be find publicly

  4. General structure of QKD system Key and network management Key and network management Transmitter module Receiver module Classical crypto components Classical crypto components Quantum channel Optical components Optical components Classical authentication channel

  5. Internal composition of a generic QKD

  6. Threats to classical cryptographic components • Refer to ISO/IEC 19790, 17825 and ISO/IEC TS 30104 • Here we consider an adversary having unlimited computing power up to the assumptions put on the operational environment, which is the main difference from traditional cryptographic module • Attacks from the perspective of network security • Unauthorized access • States control vulnerability exploitation • Cryptographic analysis • Functionality abuse • Physical attacks at chip level (if the QKD is operated in an open environment, and the adversary can approach it) • Side channel attack (or non-invasive attack) • Fault inducing analysis • Physical probe and alteration

  7. Threats to optical components • QKD device features loopholes of optical components compared with traditional cryptosystems • Attacks to the Source module • Photon-number splitting attack • Trojan horse attack • Attacks to the Detector module • Double click attack • Bright illumination attack • Dead time attack • Wavelength attack • Time shift attack • Attacks to the device calibration process

  8. Security requirements • Security requirements will be expressed by selecting, refining or extending standardized components from CC part 2 • Security requirements of classical components • Mainly refer to the requirements in ISO/IEC 19790 and ISO/IEC TS 30104 • Security requirements to resist network attacks • Security requirements to resist physical attacks • Non-invasive security requirement • Fault inducing related security requirement • Physical probe and alteration related security requirement • Security requirements of optical components • Requirements on the source module • Requirements on the detector module

  9. Security evaluation methods • Explanation of security evaluation result • Not to prove that the TOE can achieve information-theoretic security • But to prove that the TOE satisfies the expected security requirements at the predefined security assurance level • Consistent with the common situation of cryptographic modules evaluation • Evaluation methods for classical components • Under the framework of CC, and will refer to the methods in ISO/IEC 18367, ISO/IEC 17825, ISO/IEC 20543, etc • But the adversary here might be assumed to be computationally unbounded (depend on what assumptions we will put on the operational environment) • Evaluation methods for optical components • The vulnerability assessment method will be refined • according to the characteristics of QKD technology • and the unlimited computational power of adversaries in this case

  10. Factors in attack potential calculation of optical modules Factors Description Total amount of time taken by an attacker to identify that a particular potential vulnerability may exist in the TOE, to develop an attack method and to sustain effort required to mount the attack against the TOE. The attacker here is assumed to be computationally unbounded in order to highlight the information-theoretic security property of the optical module in resisting corresponding attacks. In order to successfully implement an attack, an attacker needs some level of generic knowledge of the underlying principles, product type or attack methods. The identified levels are as follows: a) Laymen, b) Proficient, c) Experts d) Multiple Expert: (e.g., an expert in theoretical security analysis and an expert in experimental implementation of QKD must work together to implement the attack). The attacker must have some knowledge of the design and implementation details of the TOE to successfully implement an attack. Identified levels of this knowledge are as follows: a) Public information, b) Restricted information, c) Sensitive information, d) Critical information The length of the time window or the number of samples required to access the TOE for the attack. Note for optical modules, this factor is calculated by assuming the attackers are computationally unbounded. By the definition, identified levels are as follows: a)Unlimited, b)Easy, c)Moderate, d) Difficult, e)None. Equipment requirements for the attack process. Identified levels are as follows: a) Standard: (e.g., Fiber cutter, Fiber fusion splicer, low-end oscilloscope). b) Specialized: (e.g., High speed optical switch, high-end oscilloscope). c) Bespoke: d) Multi-Bespoke: Elapsed time Expertise Knowledge of TOE Window of opportunity Equipment

  11. More efforts are needed from... • Academia • Provide security analysis that take multiple loopholes into account • Design novel protocols inherently immune to multiple attacks (MDI- QKD, etc) • The security evaluation facility and certification authority • Under specific assurance level, investigate dedicated test and evaluation methods for QKD, especially the optical components • Compose dedicated (collaborative) Protection Profile for QKD, in order to guide the manufacture and users • Manufacturer • Put more security consideration into the system design • Have their products been evaluated before going to market

  12. Thank you!

More Related