CN111970280B - Attack detection method of continuous variable quantum key distribution system - Google Patents

Attack detection method of continuous variable quantum key distribution system Download PDF

Info

Publication number
CN111970280B
CN111970280B CN202010832930.9A CN202010832930A CN111970280B CN 111970280 B CN111970280 B CN 111970280B CN 202010832930 A CN202010832930 A CN 202010832930A CN 111970280 B CN111970280 B CN 111970280B
Authority
CN
China
Prior art keywords
attack
receiving
data
beam splitter
receiving end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010832930.9A
Other languages
Chinese (zh)
Other versions
CN111970280A (en
Inventor
黄端
罗海森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN202010832930.9A priority Critical patent/CN111970280B/en
Publication of CN111970280A publication Critical patent/CN111970280A/en
Application granted granted Critical
Publication of CN111970280B publication Critical patent/CN111970280B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/07Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems
    • H04B10/075Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal
    • H04B10/079Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
    • H04B10/0795Performance monitoring; Measurement of transmission parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/07Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems
    • H04B10/075Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal
    • H04B10/079Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
    • H04B10/0795Performance monitoring; Measurement of transmission parameters
    • H04B10/07955Monitoring or measuring power
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/50Transmitters
    • H04B10/516Details of coding or modulation
    • H04B10/548Phase or frequency modulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/60Receivers
    • H04B10/61Coherent receivers
    • H04B10/614Coherent receivers comprising one or more polarization beam splitters, e.g. polarization multiplexed [PolMux] X-PSK coherent receivers, polarization diversity heterodyne coherent receivers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/60Receivers
    • H04B10/66Non-coherent receivers, e.g. using direct detection
    • H04B10/69Electrical arrangements in the receiver
    • H04B10/691Arrangements for optimizing the photodetector in the receiver
    • H04B10/6911Photodiode bias control, e.g. for compensating temperature variations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Biophysics (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Optical Communication System (AREA)

Abstract

The invention discloses an attack detection method of a continuous variable quantum key distribution system, which comprises the steps of constructing a continuous variable quantum key distribution experiment system; quantum communication is carried out under the state of non-attack and under the state of attack, communication parameters are obtained and processed to obtain a training data set; training an attack detection preliminary classifier by adopting a training data set to obtain an attack detection classifier; and detecting the communication process by adopting an attack detection classifier and realizing the attack detection of the continuous variable quantum key distribution system. The method comprises the steps of establishing a GAN network, obtaining an attack classifier from the GAN network, and detecting the distribution process of the continuous variable quantum key by adopting the attack classifier as an attack detection means; the method can accurately detect and identify the attack type suffered by the quantum key in the distribution process, and has high reliability, good real-time performance and less resource consumption.

Description

Attack detection method of continuous variable quantum key distribution system
Technical Field
The invention belongs to the field of quantum communication, and particularly relates to an attack detection method of a continuous variable quantum key distribution system.
Background
With the development of economic technology and the improvement of living standard of people, data security has become more and more concerned content of people. Therefore, secure data transmission has become a focus of research.
Quantum key distribution is one of the most mature techniques in quantum communication. It can provide a security key of information theory between two communication parties. A continuous variable quantum key distribution system (CVQKD) is an important implementation mode in quantum key distribution, the protocol has absolute security in a Gaussian modulation coherent state, and general collective attack and continuous attack cannot affect the security of the system.
However, in an actual gaussian modulated continuous variable quantum key distribution system, due to the imperfection of the detection and transmission device, the vulnerability of these devices in the continuous variable quantum key distribution system becomes a main attack target of an attacker. And the security of the system is greatly damaged by coherent attack based on the vulnerabilities. Saturation attacks, wavelength attacks, calibration attacks, and Local Oscillator (LO) attacks are all the most common types of attacks in a system. These attacks are mainly directed to the related vulnerabilities of the system devices.
Against these attacks, many documents and scholars propose some methods of identification and defense against different attacks: the existence of the attack is estimated mainly by carrying out high-precision multiple calculations and iterations on the detected optical parameter disturbance and the estimated limit of the excessive noise. However, in the existing method, the two kinds of interference can be estimated only after the key transmission process is completed, and there are problems of long time consumption, large resource consumption, poor real-time performance, etc. in the application.
Disclosure of Invention
The invention aims to provide an attack detection method of a continuous variable quantum key distribution system, which has high reliability, good real-time performance and less resource consumption.
The attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator from the model to obtain an attack detection classifier;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
Step S1, where the system specifically includes a transmitting-end light source, a transmitting-end first amplitude modulator, a transmitting-end first beam splitter, a transmitting-end first polarizer, a transmitting-end second amplitude modulator, a transmitting-end first phase modulator, a transmitting-end attenuator, a transmitting-end second polarizer, a transmitting-end second beam splitter, a receiving-end polarization controller, a receiving-end first polarization beam splitter, a receiving-end first amplitude modulator, a receiving-end first beam splitter, a receiving-end first detector, a receiving-end second polarization beam splitter, a receiving-end phase modulator, a receiving-end second beam splitter, a receiving-end power meter, a receiving-end synchronous clock module, and a receiving-end data processing center; a light source at a sending end sends signal light, and the signal light is divided into two beams of light through a first beam splitter at the sending end after being subjected to amplitude modulation through a first amplitude modulator at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending end combines the two input optical signals and sends the combined optical signals to the receiving end; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; the second beam of light is polarized and split by a second polarization beam splitter at the receiving end, and a second beam of light first component and a second beam of light second component are obtained; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data.
The quantum communication under the attacked state in step S2 specifically includes quantum communication under saturation attack, quantum communication under wavelength attack, quantum communication under calibration attack, and quantum communication under local oscillator attack.
Step S3, performing data processing on the communication parameters obtained in step S2 to obtain a training data set, specifically, normalizing the data by using a minimum-maximum normalization method; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack.
The attack and defense model based on machine learning in step S4 specifically adopts the following model as a system architecture network:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack and defense model is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
Figure GDA0003552913640000041
where E is the desired distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z, c) is the output of a generator with a specific type c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
Figure GDA0003552913640000042
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories;alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c.
The attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the steps of establishing a GAN network, extracting an authentication model as an attack classifier, and detecting the distribution process of the continuous variable quantum key by adopting the attack classifier as an attack detection means; the method can accurately detect and identify the attack type suffered by the quantum key in the distribution process, and has high reliability, good real-time performance and less resource consumption.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
Fig. 2 is a functional block diagram of a continuous variable quantum key distribution experimental system of the method of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system; as shown in fig. 2, the system specifically includes a transmitting end light source, a transmitting end first amplitude modulator, a transmitting end first beam splitter, a transmitting end first polarizer, a transmitting end second amplitude modulator, a transmitting end first phase modulator, a transmitting end attenuator, a transmitting end second polarizer, a transmitting end second beam splitter, a receiving end polarization controller, a receiving end first polarization beam splitter, a receiving end first amplitude modulator, a receiving end first beam splitter, a receiving end first detector, a receiving end second polarization beam splitter, a receiving end phase modulator, a receiving end second beam splitter, a receiving end power meter, a receiving end synchronous clock module, and a receiving end data processing center; a light source at a sending end sends out signal light, the signal light is subjected to amplitude modulation through a first amplitude modulator at the sending end and then is divided into two beams of light through a first beam splitter at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending terminal combines the two input optical signals and sends the combined optical signals to the receiving terminal; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; polarizing and splitting the beams by a second polarization beam splitter at the receiving end to obtain a first component of second beam light and a second component of the second beam light; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state; the method specifically comprises quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set; specifically, a minimum-maximum normalization method is adopted to normalize the data; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator to obtain an attack detection classifier; specifically, the following model is adopted as a framework network of the model:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the identification model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack detection preliminary classifier is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
Figure GDA0003552913640000071
wherein E is the expected distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z,c) is output by a generator of a particular class c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
Figure GDA0003552913640000072
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories; alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c.
According to the model constructed by the invention, the core structure adopts the recurrent neural network, and compared with the inner layer structures of DCGAN and GAN, the model is more suitable for processing sequence data, and can better adapt to the extraction and inspection of attack data through the inner layer structure design; furthermore, the improved generative countermeasure network provided by the present invention is primarily directed to multi-attribute sequences, with the input of the generator incorporating tag data representing the attack. The discriminator mainly collects the sequence characteristics for discrimination; in addition, the training process of generating the network is improved into two stages, the first stage enables the generated data of the generator to be coded into a K +1 class in the training, and the second stage codes are coded into a label corresponding class for training;
in particular implementations, the improved generative challenge network is essentially used to mimic the challenges of a continuous quantum key distribution system. Generally, in an attack and defense system for quantum key distribution, three parties: the sender (Alice), receiver (Bob) and attacker (Eve) compete in a dispute. Alice and Bob wish to communicate securely, while Eve wishes to implement an attack to eavesdrop on their communications. The training process is to simulate the process to obtain a recognition system capable of accurately recognizing the attack or security state of Eve.
In training, the generator (G) will be fixed when training the discriminator (D); however, when G needs to be trained, G and D are spliced together to form a network, but only the parameters of G are updated, and the parameters in D are not updated. In essence, the goal of the training is to minimize the loss function.
In order to update parameters in the model, a back propagation algorithm is used for quickly solving partial derivatives of the objective function to the weights in the network, and an adaptive moment estimation optimization algorithm is used for correspondingly adjusting the weights. For better coordination of the generator and the arbiter, the two networks are cross-trained. And reasonably balanced internal training times are arranged through experiments, and generally, a once-training discriminator and a twice-training generator are used. The effectiveness of this model was demonstrated on experimentally acquired data sets;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
During specific implementation, a parameter data training set for machine learning model training is obtained through building experiments, and detected parameter data comprise local oscillation power, shot noise and signal variance. By simulating the communication process of the attack and the normal communication in a laboratory and measuring the measurement parameters under the normal condition and under the attack condition in the transmission process, in order to simplify the process of simulating the attack, the attack is directly implemented from Alice and detected by Bob, which has little influence on the detection parameters compared with the attack directly implemented at Eve. The main measurement monitoring equipment for measuring parameters comprises a power meter, an amplitude modulator and a homodyne detector.
To obtain the parameters under attack: on one side of Alice, a 1550nm wavelength continuous wave laser generates a narrow linewidth light, which is converted to pulses by an amplitude modulator. The pulse is then split into a weak quantum signal path and a strong local oscillator path with a beam splitter.
In the signal path, critical information is encoded in the quadratic nature of the amplitude and phase of coherent light pulses in a central gaussian distribution. In addition, the signal pulse is delayed relative to the LO pulse by an intervening delay line, and the faraday mirror imparts a 90 ° rotation on the original polarization state of the signal pulse. The quantum and LO signals are sent to Bob over a fiber link using polarization (polarity) multiplexing and time multiplexing techniques. Meanwhile, a coarse wavelength division multiplexer is adopted to integrate the quantum signals of classical communication, including a 1310 nm-wavelength clock synchronization signal.
The LO and signal are demultiplexed when the signal receives Eve or Alice data at the Bob end. And (3) dividing the strong local oscillation pulse by using a Beam Splitter (BS), well coordinating 90% of local oscillation pulse light with the quantum signal, and calculating homodyne detection output (XB or PB). The remaining 10% of the local oscillator pulses are used for (ILO) power monitoring and synchronous clock generation, and the power meter is used to measure local oscillator strength. In the internal optical path of Bob, the intensity of the signal path can be controlled by attenuation of an amplitude modulator, in order to obtain shot noise at the current power, the signal path needs to be closed by using an amplitude modulator AM (setting AM as a maximum attenuation ratio), and the shot noise at the current stage is obtained by measurement of a zero-difference detector. To obtain data under attack: simulating Eve at Alice end to influence the system by adopting different attacks, including attenuation of local oscillator strength (local oscillator strength attack), control of wavelength (wavelength attack), offset of calibration of homodyne detection (calibration attack) and promotion of homodyne detection to enter a saturation state (saturation attack), and meanwhile setting a sending and receiving setting mode to be consistent with that of data which is not attacked and sent by Alice. And finally, acquiring corresponding monitoring parameters under different attack modes in the same mode.
The distance between the sampling points is set as follows: each group of data consists of 20 sampling periods, and each sampling period is obtained by collecting about n to 5 multiplied by 107Points are calculated. The sampled data can be calculated in real time and uploaded to a data center for processing. Wherein the data acquisition module is typically updated every 2 seconds
The invention measures 1000 groups of data under normal and non-attacked conditions in an experiment, and simultaneously measures 1000 groups of data under each attack condition as training data and test data.
An example of training for simulating an attack and defense system with a model is as follows:
from a particularly simple example of this scenario, Alice randomly sends a key to Bob, Alice's output is random, but whatever Alice sends it, the changes in the system parameters it introduces will necessarily satisfy a particular distribution. When Alice inputs the system parameters, the parameters generated by Alice must be obtained from the monitoring device output by Bob. Bob obtains the system parameters, and can obtain more obvious relations through data processing. On the other hand, if Eve participates in the communication process of Alice and Bob and implements various attacks, the relationship of the parameters will change, and the parameters acquired by Bob will obey another functional relationship. In fact, the model at Bob end can detect this relationship by learning the distribution. To facilitate such Bob's learning, Alice and Eve are required to continuously communicate with Bob to urge Bob to gain experience. Therefore, data meeting attack distribution as far as possible are continuously generated by simulating Alice and Eve through the generator, and the discrimination capability and the model generalization of the model are improved as far as possible by the discriminator under the supervision of actual data and generated data.
The generator (G) attempts to simulate the process of Eve or Alice interacting with Bob, i.e. to generate as much as possible a vector of measured parameters in accordance with the attack implemented by Eve or Alice's secure transmission key, mimicking Eve or Alice to produce more instances of transmission. The interaction process of Alice and Bob is to complete the secure key transmission, and the interaction process of Eve and Bob is to implement the non-secure key transmission.
The discriminator (D) attempts to emulate the transmission process of Bob identifying Eve or Alice, letting Bob try to identify whether the key distribution is from Alice or Eve. The source of the discrimination signal is learned through actual statistical data to realize the parameter identification capability at the Bob end, and the training of the two is to continuously finish the interaction process together. After training is completed, the discriminator models in the network will be extracted.
An example of using the trained model to detect attacks is as follows:
in a practical environment, a power meter, a homodyne detection device and an amplitude modulator are adopted to carry out real-time measurement on related parameters, statistical parameter data of a sampling time period can be obtained, after data processing, the parameters can be changed into a vector which can be identified by a model, and in the previous model training, the model learns how to judge what communication state the vectors represent. Therefore, once the vector is generated, the authentication model can effectively identify whether the current communication state is safe or not.

Claims (4)

1. An attack detection method of a continuous variable quantum key distribution system comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator to obtain an attack detection classifier; specifically, the following model is adopted as an attack detection preliminary classifier:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack detection preliminary classifier is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
Figure FDA0003552913630000021
wherein E is the expected distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z, c) is the output of a generator with a specific type c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
Figure FDA0003552913630000022
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories; alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
2. The attack detection method for the continuous variable quantum key distribution system according to claim 1, wherein the continuous variable quantum key distribution experimental system of step S1 specifically comprises a transmitting-end light source, a transmitting-end first amplitude modulator, a transmitting-end first beam splitter, a transmitting-end first polarizer, a transmitting-end second amplitude modulator, a transmitting-end first phase modulator, a transmitting-end attenuator, a transmitting-end second polarizer, a transmitting-end second beam splitter, a receiving-end polarization controller, a receiving-end first polarization beam splitter, a receiving-end first amplitude modulator, a receiving-end first beam splitter, a receiving-end first detector, a receiving-end second polarization beam splitter, a receiving-end phase modulator, a receiving-end second beam splitter, a receiving-end power meter, a receiving-end synchronous clock module, and a receiving-end data processing center; a light source at a sending end sends out signal light, the signal light is subjected to amplitude modulation through a first amplitude modulator at the sending end and then is divided into two beams of light through a first beam splitter at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending end combines the two input optical signals and sends the combined optical signals to the receiving end; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; the second beam of light is polarized and split by a second polarization beam splitter at the receiving end, and a second beam of light first component and a second beam of light second component are obtained; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data.
3. The attack detection method for the continuous variable quantum key distribution system according to claim 1, wherein the quantum communication under the attacked state in step S2 specifically includes quantum communication under saturation attack, quantum communication under wavelength attack, quantum communication under calibration attack, and quantum communication under local oscillator attack.
4. The attack detection method for continuous variable quantum key distribution system according to claim 1, wherein the step S3 is to perform data processing on the communication parameters obtained in the step S2, so as to obtain a training data set, specifically to normalize the data by a min-max normalization method; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack.
CN202010832930.9A 2020-08-18 2020-08-18 Attack detection method of continuous variable quantum key distribution system Active CN111970280B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010832930.9A CN111970280B (en) 2020-08-18 2020-08-18 Attack detection method of continuous variable quantum key distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010832930.9A CN111970280B (en) 2020-08-18 2020-08-18 Attack detection method of continuous variable quantum key distribution system

Publications (2)

Publication Number Publication Date
CN111970280A CN111970280A (en) 2020-11-20
CN111970280B true CN111970280B (en) 2022-05-06

Family

ID=73388914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010832930.9A Active CN111970280B (en) 2020-08-18 2020-08-18 Attack detection method of continuous variable quantum key distribution system

Country Status (1)

Country Link
CN (1) CN111970280B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112787815B (en) * 2021-02-05 2021-11-30 中南大学 Continuous variable quantum key communication method and system based on attack perception and defense
CN112953973B (en) * 2021-04-12 2022-05-06 中南大学 Hybrid attack detection method for continuous variable quantum key distribution system
CN113037778B (en) * 2021-04-12 2022-04-08 中南大学 Attack detection method for continuous variable quantum key distribution system
CN113179264B (en) * 2021-04-26 2022-04-12 哈尔滨工业大学 Attack detection method for data transmission in networked control system
CN113472536B (en) * 2021-08-13 2022-04-15 中南大学 Efficient continuous variable quantum key distribution system based on artificial neural network and implementation method thereof
CN114143115B (en) * 2022-01-14 2022-10-14 中南大学 Multi-label attack detection method for continuous variable quantum key distribution system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868520A (en) * 2012-08-28 2013-01-09 上海交通大学 Continuous variable quantum key distribution system and phase compensation method thereof
CN107070560A (en) * 2017-04-21 2017-08-18 中南大学 The polarization compensation of continuous variable quantum key dispatching system realizes devices and methods therefor
WO2017148141A1 (en) * 2016-02-29 2017-09-08 华为技术有限公司 Quantum key distribution method, transmission device, and reception device
CN107947930A (en) * 2017-12-29 2018-04-20 中南大学 The modulation compensated system of continuous variable quantum key distribution and its implementation
CN108075885A (en) * 2016-11-15 2018-05-25 上海朗研光电科技有限公司 The high speed quantum key distribution system of phase-modulated polarized coding
CN108696352A (en) * 2018-05-25 2018-10-23 中南大学 The unrelated quantum key distribution system of continuous variable measuring apparatus and its implementation
CN108880781A (en) * 2018-06-14 2018-11-23 成都信息工程大学 It is a kind of to add cover protection encryption equipment without mask neural network attack method
CN109194470A (en) * 2018-09-07 2019-01-11 中南大学 High-efficiency and continuous variable quantum key delivering method
CN209930270U (en) * 2019-05-31 2020-01-10 重庆鲲量科技有限公司 Quantum communication system based on single photon communication technology

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2879381B1 (en) * 2004-12-15 2008-12-26 Thales Sa QUANTUM QUANTUM DISTRIBUTION SYSTEM OF CONTINUOUSLY VARIABLE ENCRYPTION KEY
RU2671620C1 (en) * 2016-12-29 2018-11-02 Общество с ограниченной ответственностью "Международный центр квантовой оптики и квантовых технологий" (ООО "МЦКТ") High-speed autocompensation scheme of quantum key distribution
JP7341874B2 (en) * 2018-12-26 2023-09-11 キヤノン株式会社 Image processing device, image processing method, and program

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868520A (en) * 2012-08-28 2013-01-09 上海交通大学 Continuous variable quantum key distribution system and phase compensation method thereof
WO2017148141A1 (en) * 2016-02-29 2017-09-08 华为技术有限公司 Quantum key distribution method, transmission device, and reception device
CN108075885A (en) * 2016-11-15 2018-05-25 上海朗研光电科技有限公司 The high speed quantum key distribution system of phase-modulated polarized coding
CN107070560A (en) * 2017-04-21 2017-08-18 中南大学 The polarization compensation of continuous variable quantum key dispatching system realizes devices and methods therefor
CN107947930A (en) * 2017-12-29 2018-04-20 中南大学 The modulation compensated system of continuous variable quantum key distribution and its implementation
CN108696352A (en) * 2018-05-25 2018-10-23 中南大学 The unrelated quantum key distribution system of continuous variable measuring apparatus and its implementation
CN108880781A (en) * 2018-06-14 2018-11-23 成都信息工程大学 It is a kind of to add cover protection encryption equipment without mask neural network attack method
CN109194470A (en) * 2018-09-07 2019-01-11 中南大学 High-efficiency and continuous variable quantum key delivering method
CN209930270U (en) * 2019-05-31 2020-01-10 重庆鲲量科技有限公司 Quantum communication system based on single photon communication technology

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
High Efficiency Continuous-variable quantum key distribution based on QC-LDPC codes;郭迎;《Chinese Optics Letters》;20191125;全文 *
On-Chip_Continuous-Variable_Quantum_Key_DistributionCV-QKD_and_Homodyne_Detection;Y.Shen;《2020 Optical Fiber Communications Conference and Exhibition(OFC)》;20200101;全文 *
Quantum hacking of free-space continuous-variable quantum key distribution by using a machine-learning technique;HUANG WENTI;《PHYSICAL REVIEW A》;20190715 *
基于GAN-LSTM的APT攻击检测;刘海波等;《计算机科学》;20190919(第01期);全文 *
基于双偏振分束器的量子密钥分发系统;马海强等;《物理学报》;20051112(第11期);全文 *
基于改进CGANs的入侵检测方法研究;彭中联等;《信息网络安全》;20200510(第05期);全文 *
实地验证连续变量量子密钥分发网络及相关技术研究;黄端;《第十七届全国量子光学学术会议报告摘要集》;20160805;全文 *

Also Published As

Publication number Publication date
CN111970280A (en) 2020-11-20

Similar Documents

Publication Publication Date Title
CN111970280B (en) Attack detection method of continuous variable quantum key distribution system
CN111970279B (en) Continuous variable quantum key distribution attack detection method and detection system thereof
CN103780378B (en) Monitoring method for continuous-variable quantum key distribution system
CN106788706B (en) Continuous variable quantum key distribution method capable of resisting actual attack
CN112953973B (en) Hybrid attack detection method for continuous variable quantum key distribution system
CN104303449B (en) It is a kind of by change at random their validity be used for detect control quantum cryptography device in single-photon detector attack device and method
CN112134683B (en) Attack detection method of discrete variable quantum key distribution system
US20220182152A1 (en) Active feedback control method for quantum communication system based on machine learning
CN105141376B (en) A kind of method of real-time of CVQKD systems and its shot noise variance
CN104539582A (en) Continuous variable quantum key distribution (CVQKD) security defense method
CN108737082A (en) The reception device and method of reseptance of signal
CN206348777U (en) The unrelated quantum random number generator of one introduces a collection
Luo et al. Beyond universal attack detection for continuous-variable quantum key distribution via deep learning
CN113472536A (en) Efficient continuous variable quantum key distribution system based on artificial neural network and implementation method thereof
CN108964902A (en) The defence method and system of Denial of Service attack in continuous variable quantum key distribution
CN108446099A (en) The quantum random number generator of the unrelated higher-dimension time encoding in source
CN206440826U (en) Quantum radar based on Quantum Correlation
CN112929163B (en) Measuring device-independent continuous variable quantum key distribution method and system
Huang et al. Quantum hacking of free-space continuous-variable quantum key distribution by using a machine-learning technique
Al-Mohammed et al. Detecting attackers during quantum key distribution in IoT networks using neural networks
CN110380850A (en) The defence method of security breaches, system and medium in CVQKD real system
CN113452523B (en) Abnormal communication detection method for continuous variable quantum key distribution process
CN114285574B (en) Source-independent quantum random number generation method and system for resisting strong light blinding
CN112787815B (en) Continuous variable quantum key communication method and system based on attack perception and defense
CN114268433A (en) Nonlinear compensation method of high-speed continuous variable quantum key distribution system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant