Gerald Baumgartner

Performance Evaluations of Quantum Key Distribution System Architectures

Quantum key distribution (QKD) exploits the laws of quantum physics to generate shared secret cryptographic keys and can detect eavesdroppers during the key generation process. However, previous QKD research has focused more on theory than practice.

Quantum key distribution: examination of the decoy state protocol

Quantum key distribution (QKD) is an innovative technology that exploits the laws of quantum mechanics to generate and distribute a shared cryptographic key for secure communications. The unique nature of QKD ensures that eavesdropping on quantum communications necessarily introduces detectable errors which is desirable for high-security environments. QKD systems have been demonstrated in both freespace and optical fiber configurations, gaining global interest from national laboratories, commercial entities, and the U.S. Department of Defense. However, QKD is a nascent technology where realized systems are constructed from non-ideal components, which can significantly impact system performance and security. In this article, we describe QKD technology as part of a secure communications solution and identify vulnerabilities associated with practical network architectures. In particular, we examine the performance of decoy state enabled QKD systems against a modeled photon number splitting attack and suggest an improvement to the decoy state protocol security condition that does not assume a priori knowledge of the QKD channel efficiency.

Using Modeling and Simulation to Study Photon Number Splitting Attacks

Quantum key distribution (QKD) is an innovative technology, which exploits the laws of quantum mechanics to generate and distribute unconditionally secure shared cryptographic keying material between two geographically separated parties. The unique nature of QKD that ensures eavesdropping on the key distribution channel necessarily introduces detectable errors and shows promise for high-security environments, such as banking, government, and military. However, QKD systems are vulnerable to advanced theoretical and experimental attacks. In this paper, the photon number splitting (PNS) attack is studied in a specialized QKD modeling and simulation framework. First, a detailed treatment of the PNS attack is provided with emphasis on practical considerations, such as performance limitations and realistic sources of error. Second, ideal and non-ideal variations of the PNS attack are studied to measure the eavesdroppers information gain on the QKD-generated secret key bits and examine the detectability of PNS attacks with respect to both quantum bit error rate and the decoy state protocol. Finally, this paper provides a repeatable methodology for efficiently studying advanced attacks, both realized and notional, against QKD systems and more generally quantum communication protocols.

An Analysis of Error Reconciliation Protocols used in Quantum Key Distribution Systems

Quantum Key Distribution (QKD) is a revolutionary security technology that exploits the laws of quantum mechanics to achieve information-theoretic secure key exchange. QKD enables two parties to “grow” a shared secret key without placing any limits on an adversary’s computational power. Error reconciliation protocols have been developed that preserve security while allowing a sender and receiver to reconcile the errors in their respective keys. The most famous of these is the Cascade protocol, which is effective but suffers from a high communication complexity and low throughput. The Winnow protocol reduces the communication complexity over Cascade, but has the disadvantage of introducing errors. Finally, Low Density Parity Check (LDPC) codes have been shown to reconcile errors at rates higher than those of Cascade and Winnow, but with greater computational complexity. In this paper we evaluate the effectiveness of LDPC codes by comparing the runtime, throughput and communication complexity empirically with the Cascade and Winnow algorithms. The effects of inaccurate error estimation, non-uniform error distribution and varying key length on all three protocols are evaluated for identical input key strings. Analyses are performed on the results in order to characterize the strengths and weaknesses of each protocol.

Implementing the decoy state protocol in a practically oriented Quantum Key Distribution system-level model

Quantum Key Distribution (QKD) is an emerging cybersecurity technology that exploits the laws of quantum mechanics to generate unconditionally secure symmetric cryptographic keying material. The unique nature of QKD shows promise for high-security environments such as those found in banking, government, and the military. However, QKD systems often have implementation non-idealities that can negatively impact their performance and security. This article describes the development of a system-level model designed to study implementation non-idealities in commercially available decoy state enabled QKD systems. Specifically, this paper provides a detailed discussion of the decoy state protocol, its implementation, and its usage to detect sophisticated attacks, such as the photon number splitting attack. In addition, this work suggests an efficient and repeatable systems engineering methodology for understanding and studying communications protocols, architectures, operational configurations, and implementation tradeoffs in complex cyber systems.

The Benefits of Joining a Multidisciplinary Research Team

Exciting research challenges often present themselves as complex problems-they are inherently difficult to understand and require multiple domains of expertise to solve. As a result, teamwork is becoming the everyday norm in most professional settings and is often required when studying topical problems (e.g., autonomous vehicles, cyberphysical, renewable energy, among others). For students, learning to operate within, and eventually lead, a team is a necessary and valuable skill that will benefit them throughout their professional lives.

A module-based simulation framework to facilitate the modeling of Quantum Key Distribution system post-processing functionalities:

Quantum Key Distribution (QKD) systems are a novel technology that exploits the laws of quantum mechanics to generate and distribute unconditionally secure cryptographic keys between two geographically separated parties. They are suitable for use in applications where high levels of secrecy are required, such as banking, government, and military environments. In this paper, we describe the development of a module-based QKD simulation framework that facilitates the modeling of QKD post-processing functionalities. We highlight design choices made to improve upon an initial design, which included the segmentation of functionalities associated with various phases of QKD post-processing into discrete modules implementing abstract interfaces. In addition, communication between modules was improved by implementing observers to share data, and a specific strategy for dealing with post-processing synchronization and configuration activities was designed. Collectively, these improvements resulted in a significantly enhanced analysis capability to model and study the security and performance characteristics associated with specific QKD system designs.

A model to estimate performance of space-based quantum communication protocols including quantum key distribution systems

This work presents a model to estimate the performance of space-based, optical-based, quantum communication protocols. This model consists of components to account for optical channel propagation effects based on orbit selection and atmospheric conditions. The model presented is general purpose and can be leveraged to evaluate the performance of a variety of quantum communication protocols, of which, Quantum Key Distribution (QKD) systems served as our motivating use case of particular interest. To verify correctness, the model is used to produce estimates for QKD system scenarios and compared to published results. The performance of QKD systems is of interest as distance limitations for terrestrial-based systems have hindered their practical use, and satellite-based designs that can generate a shared key between two distant geographic locations have been proposed. For this application domain, a review of space-based designs that illuminate the need for a free space downlink channel model is presented followed by its development to estimate the performance of quantum exchanges between a satellite and ground site.

Modeling quantum optics for quantum key distribution system simulation

This article presents the background, development, and implementation of a simulation framework used to model the quantum exchange aspects of Quantum Key Distribution (QKD) systems. The presentation of our simulation framework is novel from several perspectives, one of which is the lack of published information in this area. QKD is an innovative technology which exploits the laws of quantum mechanics to generate and distribute unconditionally secure cryptographic keys. While QKD offers the promise of unconditionally secure key distribution, real world systems are built from non-ideal components which necessitates the need to understand the impact these non-idealities have on system performance and security. To study these non-idealities we present the development of a quantum communications modeling and simulation capability. This required a suitable mathematical representation of quantum optical pulses and optical component transforms. Furthermore, we discuss how these models are implemented within our Discrete Event Simulation-based framework and show how it is used to study a variety of QKD implementations.

System Security Engineering for Information Systems

This chapter discusses the problematic intersection of risk management, mission assurance, security, and information systems through the illustrative example of the United States (US) Department of Defense (DoD). A concise history of systems security engineering (SSE) is provided with emphasis on recent revitalization efforts. Next, a review of established and emerging SSE methods, processes, and tools (MPT) frequently used to assess and manage critical shortfalls in the development and fielding of complex information-centric systems is provided. From this review, a common theme emerges—the need for a holistic multidisciplinary approach that addresses people, processes, and technologies to manage system complexity, while providing cost-effective security solutions through the use of established systems engineering techniques. Multiple cases and scenarios that promote the discovery and shared understanding of security solutions for complex systems by those trained in the art and science of systems engineering, information security, and risk management are demonstrated.