Abstract
In the quantum version of a Trojan-horse attack, photons are injected into the optical modules of a quantum key distribution system in an attempt to read information direct from the encoding devices. To stop the Trojan photons, the use of passive optical components has been suggested. However, to date, there is no quantitative bound that specifies such components in relation to the security of the system. Here, we turn the Trojan-horse attack into an information leakage problem. This allows us to quantify the system security and relate it to the specification of the optical elements. The analysis is supported by the experimental characterization, within the operation regime, of reflectivity and transmission of the optical components most relevant to security.
4 More- Received 15 March 2015
DOI:https://doi.org/10.1103/PhysRevX.5.031030
This article is available under the terms of the Creative Commons Attribution 3.0 License. Further distribution of this work must maintain attribution to the author(s) and the published article’s title, journal citation, and DOI.
Published by the American Physical Society
Synopsis
How to Tame a Trojan Horse
Published 9 September 2015
Researchers propose an approach to safeguard optical quantum key distribution systems against Trojan-horse attacks.
See more in Physics
Popular Summary
Since ancient times, the Trojan-horse attack has been known for penetrating a securely protected space. For modern-day cryptographic applications such as quantum key distribution, the existence of a protected area is a fundamental assumption, and securing this area against a Trojan-horse attack has been a long-standing problem. Even so, no quantitative analysis has been conducted thus far to combat the Trojan-horse attack on quantum systems, and an increasing number of experiments have demonstrated the severity of the attack.
In this work, we propose a quantitative method to counteract the Trojan-horse attack. Our work focuses on characterizing the components of an optical system to limit the information leakage arising from the Trojan photons. These photons are imprinted with secure information that is supposed to remain private but is instead delivered to the attacker. In some cases, the Trojan-horse attack can even proceed without alerting the system that it is under attack. By relating the security of the system to the specific characteristics of its optical components, the Trojan-horse attack can be effectively fended off. The protection architecture that we examine is entirely passive, and we provide security bounds that are easily applicable in practice. Our solution is feasible within existing experimental capabilities.
We believe that our security argument will become a standard tool in all quantum systems that need to secure a private space.