Transcription
QKD standardization in ISO/IEC JTC 1/SC 27- An introduction of ISO/IEC 23837Hongsong ShiChina information technology security evaluation centerITU workshop on quantum information technology for networksShanghai, China2019/6/7
Background ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection– The development of standards for the protection of information and 6.html2
Outline Background Motivation Structural analysis3
Background In 2007, the standardization of QKD device in ISO/IEC was launchedas a study period project first In April of this year, ISO/IEC JTC1/SC27 approved a new work item,numbered ISO/IEC 23837– Information technology —Security Techniques —Security requirements, test andevaluation methods for quantum key distribution Two parts are scheduledISO/IEC 23837-1: RequirementsJiajun MaAndrew Shields,Charles Ci Wen LimISO/IEC 23837-2: Test andevaluation methodsHongsong Shi, Martin Ward,Gaetan Pradel– It is now in WD1 phase, and expected to be published in 20224
Motivation ISO/IEC 23837 is built on the top of the Common Criteria, and will shape theframework of security evaluation of QKD moduleSecurity TargetsProtection Profiles (collaborative PPs) Security problem definition, Security functional requirements, security evaluation activitiesThe QKD standard (ISO/IEC 23837)ISO/IEC 15408 (Common Criteria)ISO/IEC 18045 (Evaluation methodology)– Serve as a basis for PP/ST construction– A high-level standard to provide a general framework for QKD evaluation– No evaluation assurance level will be specified, but the evaluation activities forfunctional testing and vulnerability assessment (under EAL5)will be specified PP/ST can specify the required EALs, and the standard can provide supporting activities5
Scope of the standard On QKD device– What requirements should be met for a QKD device to be secure?– How to validate the satisfiability of the requirements?6
General structure of the standardPrinciple of QKD andtypical architectureSecurity problems of QKDGuidelinesfor PP/STconstructionISO/IEC 23837-1Security functionalrequirements(Extend or refine SFRs in ISO/IEC 15408-2)Evaluation methodologyISO/IEC 23837-2A standard forQKD evaluationwithin CCTest methods(Supplement evaluation activities to ISO/IEC 18045)7
Principle of QKD and typical architectureThe theoreticalaspects of QKDQKDImplementation Principle of QKD The objective The channels Theoretical security model of QKD ε-security definition Security proof model Classification of QKD protocols Improve the generality of the standard CV, DV protocols Prepare-and-measure, MDI, entanglementbased protocols Architecture of QKD systems Typical architectures of different protocols8
Principle of QKD and typical architectureThe theoreticalaspects of QKDQKDImplementation External interfaces of QKD module The quantum channel classical auth channel(computationally unbounded attacks) System management interface keymanagement interface(computationally bounded attacks) Internal structure of QKD module The composition of QKD module Classical network components quantumoptical components General working flow of QKD system Pre-processing, raw-key communication, postprocessing, system calibration9
Security problems of QKDAssumptions onthe operationalenvironmentAsset protected byQKD deviceThreats to classicalnetworkcomponentsThreats toquantum opticalcomponents10
Security problems of QKDAssumptions onthe operationalenvironmentAsset protected byQKD deviceThreats to classicalnetworkcomponentsThreats toquantum opticalcomponents Quantum mechanics is complete in describingadversarial actions to QKD Computationally bounded unbounded attackers Developers and operators are trusted No backdoor Follow security policy to operate The platform that QKD functionality resides is secure OS hardware are trusted External sensitive data and credential are protected The device is physically protected in its operationalenvironment Classical side channel attacks will not beconsidered in the standard Assume environmental protection11
Security problems of QKDAssumptions onthe operationalenvironmentAsset protected byQKD device Final key and all intermediate key material should beprotected The TOE security functionality should be protectedfrom misusingThreats to classicalnetworkcomponentsThreats toquantum opticalcomponents12
Security problems of QKDAssumptions onthe operationalenvironmentAsset protected byQKD deviceThreats to classicalnetworkcomponentsThreats toquantum opticalcomponents Unauthorized access Circumvent the access control mechanism andaccess CSP or keys, of misuse TSF Cryptographic analysis Exploit the vulnerabilities in crypto algorithmsand their implementation Randomness defect Functions abuse Abuse functions which may not be used after TOEdelivery or life-cycle phase transition Failure exploitation Audit circumvention Malicious update13
Security problems of QKDAssumptions onthe operationalenvironmentAsset protected byQKD deviceThreats to classicalnetworkcomponentsThreats toquantum opticalcomponents Threats exploiting optical source flaws exploit the flaws of quantum-state-preparationrelated units (including signal source and encoder)of the transmitter to violate the security of QKD Threats exploiting optical detection flaws exploit the flaws of quantum-state-detectionrelated units (including decoder and detector) ofthe receiver to to violate the security of QKD Threats exploiting other flaws exploit the flaws in the pre-processing phase,post-processing or calibration phase to violatethe security of QKD14
Security functional requirementsExtended securityfunctionalcomponentsSecurity functionalrequirements ofQKD Principle for component extension If some security objectives of QKD cannot betranslated or is difficult to be translated to the predefined functional components in CC part FTP QKD.1 QKD protocol FTP QKD.2 Post-processing of QKD FTP QKD.3 Calibration of QKD15
Security functional requirementsExtended securityfunctionalcomponentsSecurity functionalrequirements ofQKDFTP QKD.1 QKD protocolFTP QKD.2 Post-processing of QKDFTP QKD.3 Calibration of QKD16
Security functional requirementsExtended securityfunctionalcomponentsSecurity functionalrequirements ofQKD The approach Commonly required security functionalrequirements (SFRs) will be identified and specifiedbased on the extended and pre-definedcomponents Security functional requirements for classical networkcomponents Security functional requirements on quantum-statepreparation components Security functional requirements on quantum-statedetection components Security functional requirements on post-processingprocedure Security functional requirements on calibrationprocedure17
Security functional requirementsExtended securityfunctionalcomponentsSecurity functionalrequirements ofQKDExceptions If existing components are sufficient to be used,components extension won’t be considered For generality of the standard, only extensivelyrequired SFRs will be given, those requirementsfrom specific protocols will not be considered inprinciple18
Security evaluation and test methodsOverview es Overview of evaluation methods Scope of the evaluation method Dependencies of the evaluation method Competence requirements on evaluator General requirements on the input from thedeveloper词放在此处是否合适19
Security evaluation and test methodsOverview es Supplementary activities to ISO/IEC 18045 onfunctional testing (ATE) (under ISO/IEC 15408-4) Supplementary activities to the evaluation ofclassical network components Objective of evaluation activityRequired inputsRequired tool types and setupRationaleTest procedurePass/fail criteria Supplementary activities to the evaluation ofquantum-state-preparation components Supplementary activities to the evaluation ofquantum-state-detection components Supplementary activities to the evaluation ofcalibration procedure Supplementary activities to ISO/IEC 18045 onVulnerability assessment (AVA)20
Security evaluation and test methodsTest itemOverview esPhoton-numberdistributionState encodingaccuracyState preparationconsistencyIndistinguishabilityof prepared statesIsolation of thequantum-statepreparationDescriptionTest if the quantum source emits single photon.Characterize the photon-number distribution of thesource.Test if the degree of freedom of the optical pulses(e.g., polarization) used for encoding are properlymodulated as required in the protocol. Characterizethe difference between the practical and idealmodulation.Test if the degrees of freedom other than the encodingone of the optical pulses (e.g., spectral, temporal,spatial degree of freedom) are consistently prepared inthe same states. Characterize their difference betweendifferent pulses.Test if the features of the non-encoding degrees offreedom are indistinguishable. Characterize thedistinguishability between different quantum states onthe non-encoding degrees of freedom.Test if optical laser is prevented from being Characterize the isolation of the injected laser whosepower is limited by the maximum transmitted power
Security evaluation and test methods Supplementary activities to ISO/IEC 18045 on Vulnerabilityassessment (AVA) Components claimed to achieve computational securityobjective Components with information theoretic securityassurance The whole system can be validated to meet therequirements of the intended security assurance level Refinement of the factors for the calculation of attackpotential Identification of vulnerabilitiesOverview es Exploitation of vulnerabilities corresponds to the effort required to create the attack, andto demonstrate that it can be successfully appliedcorresponds to achieving the attack on another instance ofthe TOE in its intended operational environment using theanalysis and techniques defined in the identification phaseFactors refinement Elapsed time, expertise, knowledge of the TOE, window ofopportunity, equipment22
Security evaluation and test methodsOverview es23
Security evaluation and test methodsOverview es24
Security evaluation and test methodsOverview esConsiderations The standard will not specify the expectedevaluation assurance levels (EALs) for QKD, butrather to supplement all the required assuranceactivities for QKD evaluation, such that EAL basedevaluation (under EAL 5) can be performed25
CollaborationThe editorial team consists of expertsfrom different countries With all-around experience in QKD/classicalcrypto research and security evaluation The editing work will be done throughcooperation with world-wide experts Cooperation will be required to resolved thecollected comments before and during eachworking group meeting of ISO/IEC JTC1/SC27Collaboration with ITU-T SG17 isunder way ISO/IEC 23837 can be regarded as acomplementary work to the QKD networkstandardizations in ITU-T SG17 Liaison has been built between the two sides Editing material will be circulated through theliaison channel Experts from ITU-T SG17 are solicited to reviewthe documents and make contributionsISO/IEC 23837ITU-T’s workQKD deviceQKD network26
Thank you27
requirements of QKD The approach Commonly required security functional requirements (SFRs) will be identified and specified based on the extended and pre-defined components Security functional requirements for classical network components Security functional requirements on quantum-state-preparation components
