Douglas D. Hodson

Performance Evaluations of Quantum Key Distribution System Architectures

Quantum key distribution (QKD) exploits the laws of quantum physics to generate shared secret cryptographic keys and can detect eavesdroppers during the key generation process. However, previous QKD research has focused more on theory than practice.

The art and science of live, virtual, and constructive simulation for test and analysis

Live, virtual, and constructive (LVC) simulation technologies are well-established in the areas of technology demonstration, mission rehearsal, and exercises. A promising new role for LVC simulation technology is to facilitate weapon systems testing by producing defendable results. Requirements to test new defense systems within a system-of-systems context and within joint force scenarios have placed demands on physical test ranges that are not likely to be met. The LVC testing option promises the breadth and depth of defense systems, either as real or simulated assets, to potentially meet the new test demands. However, leveraging this technology to support testing will require a shift in the approaches used by the LVC community. In this paper, we discuss the challenges facing the LVC testing initiative, both from an experimental and from an architectural and implementation standpoint.

A Modeling Framework for Studying Quantum Key Distribution System Implementation Nonidealities

Quantum key distribution (QKD) is an innovative technology that exploits the laws of quantum mechanics to generate and distribute unconditionally secure shared key for use in cryptographic applications. However, QKD is a relatively nascent technology where real-world system implementations differ significantly from their ideal theoretical representations. In this paper, we introduce a modeling framework built upon the OMNeT++ discrete event simulation framework to study the impact of implementation nonidealities on QKD system performance and security. Specifically, we demonstrate the capability to study the device imperfections and practical engineering limitations through the modeling and simulation of a polarization-based, prepare and measure BB84 QKD reference architecture. The reference architecture allows users to model and study complex interactions between physical phenomenon and system-level behaviors representative of real-world design and implementation tradeoffs. Our results demonstrate the flexibility of the framework to simulate and evaluate current, future, and notional QKD protocols and components.

Characterizing, Measuring, and Validating the Temporal Consistency of Live-Virtual-Constructive Environments

A distinguishing characteristic of interactive live—virtual—constructive (LVC) environments is the relaxation of data consistency to improve the performance and scalability of the underlying distributed simulation. Relaxing data consistency improves the interactive performance of the environment because autonomous distributed simulation applications can continue executing and responding to local inputs without waiting for the most current shared data values. Scalability also improves since live and simulated entities from distant geographic locations can be interconnected through relatively high-latency networks. We introduce a temporal consistency model to formally define consistency for the dynamic shared state of a LVC environment for both continuous and discrete data objects. The level of inconsistency tolerated by a LVC is found to be a function of the accuracy and timeliness requirements for the distributed data objects. These requirements are mapped to specific time intervals for which data objects are considered valid. We also develop a real-time algorithm to compute the temporal consistency of individual data objects within the LVC.

Modeling decoy state Quantum Key Distribution systems

Quantum Key Distribution (QKD) is an innovative technology which exploits the laws of quantum physics to generate and distribute shared secret key for use in cryptographic devices. Quantum Key Distribution offers the advantage of ‘unconditionally secure’ key generation with the unique ability to detect eavesdropping on the key distribution channel and shows promise for high-security applications such as those found in banking, government, and military environments. However, Quantum Key Distribution is a nascent technology where realized systems suffer from implementation non-idealities, which may significantly impact system performance and security. In this article, we discuss the modeling of a decoy state enabled Quantum Key Distribution system built to study the impact of these practical limitations. Specifically, we present a thorough background on the decoy state protocol, detailed discussion of the modeled decoy state enabled Quantum Key Distribution system, and evidence for component and sub-system verification, as well as, multiple examples of system-level validation. Additionally, we bring attention to practical considerations associated with implementing the decoy state protocol security condition gained from these research activities.

Quantum key distribution: examination of the decoy state protocol

Quantum key distribution (QKD) is an innovative technology that exploits the laws of quantum mechanics to generate and distribute a shared cryptographic key for secure communications. The unique nature of QKD ensures that eavesdropping on quantum communications necessarily introduces detectable errors which is desirable for high-security environments. QKD systems have been demonstrated in both freespace and optical fiber configurations, gaining global interest from national laboratories, commercial entities, and the U.S. Department of Defense. However, QKD is a nascent technology where realized systems are constructed from non-ideal components, which can significantly impact system performance and security. In this article, we describe QKD technology as part of a secure communications solution and identify vulnerabilities associated with practical network architectures. In particular, we examine the performance of decoy state enabled QKD systems against a modeled photon number splitting attack and suggest an improvement to the decoy state protocol security condition that does not assume a priori knowledge of the QKD channel efficiency.

Using Modeling and Simulation to Study Photon Number Splitting Attacks

Quantum key distribution (QKD) is an innovative technology, which exploits the laws of quantum mechanics to generate and distribute unconditionally secure shared cryptographic keying material between two geographically separated parties. The unique nature of QKD that ensures eavesdropping on the key distribution channel necessarily introduces detectable errors and shows promise for high-security environments, such as banking, government, and military. However, QKD systems are vulnerable to advanced theoretical and experimental attacks. In this paper, the photon number splitting (PNS) attack is studied in a specialized QKD modeling and simulation framework. First, a detailed treatment of the PNS attack is provided with emphasis on practical considerations, such as performance limitations and realistic sources of error. Second, ideal and non-ideal variations of the PNS attack are studied to measure the eavesdroppers information gain on the QKD-generated secret key bits and examine the detectability of PNS attacks with respect to both quantum bit error rate and the decoy state protocol. Finally, this paper provides a repeatable methodology for efficiently studying advanced attacks, both realized and notional, against QKD systems and more generally quantum communication protocols.

Using the Discrete Event System Specification to model Quantum Key Distribution system components

In this paper, we present modeling a Quantum Key Distribution (QKD) system with its components using the Discrete Event System Specification (DEVS) formalism. The DEVS formalism assures the developed component models are composable and exhibit well-defined temporal behavior independent of the simulation environment. These attributes enable users to assemble a valid simulation using any collection of compatible components to represent complete QKD system architectures. To illustrate the approach, we introduce a prototypical “prepare and measure” QKD system, decompose one of its subsystems, and present the detailed modeling of the subsystem using the DEVS formalism. The developed models are provably composable and exhibit behavior suitable for the intended analytic purpose, thus improving the validity of the simulation. Finally, we examine issues identified during the verification of the conceptual DEVS model and discuss the impact of these findings on implementing a hybrid QKD simulation framework.

Data Quality Challenges in Distributed Live-Virtual-Constructive Test Environments

Live-Virtual-Constructive (LVC) simulations are complex systems comprising a combination of live (real people operating real equipment), virtual (real people operating simulated equipment or vice versa), and constructive (wholly simulated) entities. Nodes in the system support the simulation of one or more entities and are often geographically distributed to leverage unique assets (e.g., physical test range space or high-fidelity full motion simulators). Nodes are connected in a peer-to-peer fashion and communicate using protocols such as Distributed Interactive Simulation (DIS) [DIS Steering Committee 1998], the High Level Architecture (HLA) [Dahmann et al. 1997], or the Test and Training Enabling Network Architecture (TENA) [Powell and Noseworthy 2012]. Distributed LVC simulation promises a number of benefits for the test and evaluation (T&E) community, including reduced costs, access to simulations of limited availability assets, the ability to conduct large-scale multiservice test events, and recapitalization of existing simulation investments. Consequently, the Department of Defense (DoD) is increasingly turning to LVC simulation and virtual environments to support T&E events. LVC simulations have been used to test communications for unmanned aircraft systems [Parker et al. 2009], conduct cyber-security analysis [Van Leeuwen et al. 2010], and quantify radar measurement errors [Hodson et al. 2013]. Ensuring rigorous results for T&E events supported by LVC simulation requires addressing three fundamental data quality challenges: quantifying numerical errors due to weakly consistent nodes, assessing measurement accuracy with respect to tolerance requirements, and assessing measurement quality in the absence of absolute truth values.

Analysis of Implementations to Secure Git for Use as an Encrypted Distributed Version Control System

This paper analyzes two existing methods for securing Git repositories, Git-encrypt and Git-crypt, by comparing their performance relative to the default Git implementation. Securing a Git repository is necessary when the repository contains sensitive or restricted data. This allows the repository to be stored on any third-party cloud provider with assurance that even if the repository data is leaked, it will remain secure. The analysis of current Git encryption methods is done through a series of tests that examines the performance trade-offs made for added security. This performance is analyzed in terms of size, time, and functionality using three different Git repositories of varying size. The three experiments include initializing and populating a repository, compressing a repository through garbage collection, and modifying then committing files to the repository. The results show that Git maintains functionality with each of these two encryption implementations at the cost of time and repository size. The time increase is found to be a factor ranging from 14 to 38 times the original time. The size increase over multiple commits of edited files is found to increase linearly proportional to the working set of files.