Practical implementations of Quantum Key Distribution (QKD) often deviate from the theoretical protocols, exposing the implementations to various attacks even when the underlying (ideal) protocol is proven secure. We present new analysis tools and methodologies for quantum cybersecurity, adapting the concepts of vulnerabilities, attack surfaces, and exploits from classical cybersecurity to QKD implementation attacks. We also present three additional concepts, derived from the connection between classical and quantum cybersecurity: "Quantum Fuzzing", which is the first tool for black-box vulnerability research on QKD implementations; "Reversed-Space Attacks", which are a generic exploit method using the attack surface of imperfect receivers; and concrete quantum-mechanical definitions of "Quantum Side-Channel Attacks" and "Quantum State-Channel Attacks", meaningfully distinguishing them from each other and from other attacks. Using our tools, we analyze multiple existing QKD attacks and show that the "Bright Illumination" attack could have been found even with minimal knowledge of the device implementation. This work begins to bridge the gap between current analysis methods for experimental attacks on QKD implementations and the decades-long research in the field of classical cybersecurity, improving the practical security of QKD products and enhancing their usefulness in real-world systems.
翻译:量子密钥分发(QKD)的实际实现常常偏离理论协议,这使得即使底层(理想)协议被证明是安全的,其实现仍可能遭受各种攻击。我们提出了量子网络安全的新分析工具与方法论,将经典网络安全中的漏洞、攻击面和利用等概念应用于QKD实现攻击。我们还提出了三个源自经典与量子网络安全联系的新概念:"量子模糊测试"——首个针对QKD实现进行黑盒漏洞研究的工具;"逆向空间攻击"——一种利用不完美接收器攻击面的通用利用方法;以及"量子侧信道攻击"与"量子状态信道攻击"的具体量子力学定义,从而明确区分它们彼此以及与其他攻击类型。利用我们的工具,我们分析了多个现有的QKD攻击,并表明即使对设备实现知之甚少,也可能发现"强光照射"攻击。这项工作开始弥合当前针对QKD实现实验攻击的分析方法与经典网络安全领域数十年研究之间的差距,从而提升QKD产品的实际安全性,并增强其在现实世界系统中的实用性。