Security for Quantum Networks111This project is funded by the Alberta Government.
Reliable and efficient functioning of a quantum network depends on identifying and mitigating security risks originating from within and outside the network. We aim to construct a comprehensive framework for developing and assessing secure quantum networks. We articulate issues for making quantum networks secure in general, summarise the state of the art and identify priority directions for further investigation. Our analysis builds on the secure communication protocols developed for classical layered network architectures such as the open-systems interconnection (OSI) model and the transmission control protocol/internet protocol (TCP/IP) model. Our work will lead to the development of a hardware-independent framework for securing general quantum networks that allows developers to identify mandatory security mechanisms and incorporate additional security requirements of the clients during design of the networks.
Aim:
Quantum networks enhance information and communications technology through applications such as secure quantum computing in the cloud [1], quantum sensing [2] and quantum-enhanced high-precision clock synchronization [3]. Reliable and efficient communication depends on identifying and mitigating security risks such as unauthorised access or data corruption in the network, yet has been insufficiently treated. Our aim is to construct a framework for developing and assessing secure quantum networks.
Claim:
Comprehensive quantum-network security requires a general quantum-network architecture and reliable quantum-network services. We address this gap by formulating security requirements for quantum networks subject to network architecture and threat models, inspired by the security practices for classical information and classical networks. We articulate issues for making quantum networks secure in general, summarise the state of the art and identify priority directions for further investigation.
Novelty:
Importance of security in quantum networks has been recognised in the literature [4]. Adversarial models and security mechanisms to combat the resulting threats have been considered for specific quantum networks such as QKD-based networks. Comprehensive network security requires establishing a framework that defines the network’s security objectives, which are a set of goals and constraints to ensure confidentiality, integrity and availability (CIA) triad for data and applications [5], and related security mechanisms, which are the set of practices aimed at guaranteeing the security objectives. We formulate the security objectives of quantum networks following the CIA triad model for information security and describe how to incorporate the related security mechanisms into network communication protocols, following the layered architecture for quantum networks introduced in [6, 7]. Our analysis builds on the secure communication protocols developed for classical layered architectures, such as the open-systems interconnection (OSI) model and the transmission control protocol/internet protocol (TCP/IP) model [8].
Motivation:
To guarantee reliable and efficient quantum-network communication, a realistic network-security framework capable of mitigating internal and external security risks is needed. We illustrate the importance of network security by considering five threat models pertaining to four quantum networks.
Clock synchronisation:
A network of optical atomic clocks with shared quantum entanglement could enhance metrology for applications such as global positioning systems (GPS), and this quantum-network proposal considers two threat models involving eavesdropping and sabotage [3]. Unless these security risks are resolved, authorized users could lose precise clock synchronization or adversaries could benefit.
Sensing:
A quantum-repeater network for interconnecting telescope nodes has been proposed for delivery of quantum-enhanced telescope arrays without consideration of threats [2]. Adversarial corruption of transmitted partial-Bell-basis measurement would debilitate this network and slow discoveries in radio astronomy.
Satellite-based quantum communication:
A quantum network for quantum-enhanced secure communication using a satellite as a trusted relay node has been demonstrated as a monumental step towards global communication security [9]. The trusted relay could be conceivably used for a man-in-the-middle attack [5]. Such security considerations and many more are vital to assure secure long-distance communication.
Delegated quantum computation:
Blind quantum computing aims to provide privacy and protect integrity of the client’s computation and data from a malicious server [1] but do not yet consider compromised communication channels and denial-of-service attacks.
Background:
We now discuss background for information security in classical and quantum networks. We first provide an overview of classical network security and quantum cryptography and then discuss current progress in quantum-network architecture.
Classical network security:
A telecommunication network facilitates authorised communication between nodes, and network security practices assure protection of data and applications from unauthorised malice. Network-security objectives can be based on the CIA triad with security mechanisms depending on the specific network architecture, and security is largely enforced by combining appropriate cryptographic protocols with network-communication protocols.
Quantum and post-quantum cryptography:
Quantum cryptography, including protocols such as key distribution, message authentication and secret sharing, protects information from quantum adversaries information-theoretically or, in the case of post-quantum cryptography, quantum-computationally [10].
Quantum-network architecture:
Quantum networks facilitate quantum-enhanced communication with applications surpassing those of classical networks such as QKD-based networks [4]. Recent proposals for quantum-network architectures that support end-to-end qubit transmission and entanglement generation are inspired by classical layered networks, such as the OSI model, that allows partitioning the network functions into a stack of abstraction layers [6, 7].
Approach:
We now outline our method to establish a comprehensive framework for quantum-network security by addressing the necessity for a general quantum-network architecture and reliable quantum-network services.
Augmenting:
Construct a model describing the functions and structure of a general quantum network by augmenting the capabilities of a classical telecommunication network to support internode qubit transmission and entanglement generation.
Layering:
Construct a layered architecture for the general quantum network based on a classical network reference model such as the OSI model by augmenting classical abstraction layers with reliable internode qubit transmission and entanglement generation capabilities.
Formulating security objectives:
Identify the security threats to the data communicated by each layer, contextualised by the CIA triad model, and formulate the network-security objectives.
Securing communication:
Construct secure communication protocols that carry out the network functions specific to each abstract layer. These secure communication protocols incorporate necessary quantum or post-quantum cryptographic protocols, depending on the type of data communicated, to achieve the network security objectives.
Conclusion:
We have articulated principles for a general quantum network as an augmentation of the capabilities of a classical layered telecommunication network. This notion of a general quantum network with layered architecture is connected to the concepts of quantum network architectures drawn from recent literature. Building on this idea of a general quantum network, which is independent of the network hardware, we discuss network-security objectives in the context of the CIA triad model and guidelines for establishing security mechanisms. Most critical in our work is that quantum-network security is vital for the network to operate reliably, safely and securely. Furthermore, as quantum networks are currently being developed, we need to bear in mind that quantum-network developers must identify mandatory security mechanisms and incorporate additional security requirements of the clients during design of the network, not after its establishment as an insecure system of systems.
Important message:
In 2003, the Internet Engineering Task Forces’s RFC3631 by the Network Working Group warns [11]:
Finally, security mechanisms are not magic pixie dust that can be sprinkled over completed protocols. It is rare that security can be bolted on later. Good designs – that is, secure, clean, and efficient designs – occur when the security mechanisms are crafted along with the protocol.
We regard this warning as being just as pertinent to designing a quantum internet.
References
- [1] Joseph F Fitzsimons “Private quantum computation: an introduction to blind quantum computing and related protocols” In npj Quantum Inf. 3.1 Nature Publishing Group, 2017, pp. 1–11
- [2] Daniel Gottesman, Thomas Jennewein and Sarah Croke “Longer-baseline telescopes using quantum repeaters” In Phys. Rev. Lett. 109 American Physical Society, 2012, pp. 070503
- [3] Peter Komar et al. “A quantum network of clocks” In Nat. Phys. 10.8 Nature Publishing Group, 2014, pp. 582–587
- [4] Rodney Van Meter “Quantum Networking”, Networks and Telecommunications Series London: ISTE, 2014
- [5] William Stallings “Network Security Essentials: Applications and Standards” Upper Saddle River, N.J.: Pearson, 2017
- [6] Axel Dahlberg et al. “A link layer protocol for quantum networks” In Proc. ACM Spec. Interest Group Data Commun. New York: Association for Computing Machinery, 2019, pp. 159–173
- [7] Alexander Pirker and Wolfgang Dür “A quantum network stack and protocols for reliable entanglement-based networks” In New J. Phys 21.3 IOP Publishing, 2019, pp. 033003
- [8] Andrew S Tannenbaum “Computer Networks” Upper Saddle River, N.J.: Pearson, 2003
- [9] Sheng-Kai Liao et al. “Satellite-Relayed Intercontinental Quantum Network” In Phys. Rev. Lett. 120 American Physical Society, 2018, pp. 030501 DOI: 10.1103/PhysRevLett.120.030501
- [10] Anne Broadbent and Christian Schaffner “Quantum cryptography beyond quantum key distribution” In Des. Codes Cryptogr. 78.1 Springer US, 2016, pp. 351–382
- [11] Steven M Bellovin, Jeffrey I Schiller and Charlie Kaufman “Security Mechanisms for the Internet” RFC Editor, Internet Requests for Comments, 2003