CN111970280B - Attack detection method of continuous variable quantum key distribution system - Google Patents
Attack detection method of continuous variable quantum key distribution system Download PDFInfo
- Publication number
- CN111970280B CN111970280B CN202010832930.9A CN202010832930A CN111970280B CN 111970280 B CN111970280 B CN 111970280B CN 202010832930 A CN202010832930 A CN 202010832930A CN 111970280 B CN111970280 B CN 111970280B
- Authority
- CN
- China
- Prior art keywords
- attack
- receiving
- data
- beam splitter
- receiving end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/07—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems
- H04B10/075—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal
- H04B10/079—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
- H04B10/0795—Performance monitoring; Measurement of transmission parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/07—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems
- H04B10/075—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal
- H04B10/079—Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
- H04B10/0795—Performance monitoring; Measurement of transmission parameters
- H04B10/07955—Monitoring or measuring power
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/50—Transmitters
- H04B10/516—Details of coding or modulation
- H04B10/548—Phase or frequency modulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/60—Receivers
- H04B10/61—Coherent receivers
- H04B10/614—Coherent receivers comprising one or more polarization beam splitters, e.g. polarization multiplexed [PolMux] X-PSK coherent receivers, polarization diversity heterodyne coherent receivers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/60—Receivers
- H04B10/66—Non-coherent receivers, e.g. using direct detection
- H04B10/69—Electrical arrangements in the receiver
- H04B10/691—Arrangements for optimizing the photodetector in the receiver
- H04B10/6911—Photodiode bias control, e.g. for compensating temperature variations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Biophysics (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Optical Communication System (AREA)
Abstract
The invention discloses an attack detection method of a continuous variable quantum key distribution system, which comprises the steps of constructing a continuous variable quantum key distribution experiment system; quantum communication is carried out under the state of non-attack and under the state of attack, communication parameters are obtained and processed to obtain a training data set; training an attack detection preliminary classifier by adopting a training data set to obtain an attack detection classifier; and detecting the communication process by adopting an attack detection classifier and realizing the attack detection of the continuous variable quantum key distribution system. The method comprises the steps of establishing a GAN network, obtaining an attack classifier from the GAN network, and detecting the distribution process of the continuous variable quantum key by adopting the attack classifier as an attack detection means; the method can accurately detect and identify the attack type suffered by the quantum key in the distribution process, and has high reliability, good real-time performance and less resource consumption.
Description
Technical Field
The invention belongs to the field of quantum communication, and particularly relates to an attack detection method of a continuous variable quantum key distribution system.
Background
With the development of economic technology and the improvement of living standard of people, data security has become more and more concerned content of people. Therefore, secure data transmission has become a focus of research.
Quantum key distribution is one of the most mature techniques in quantum communication. It can provide a security key of information theory between two communication parties. A continuous variable quantum key distribution system (CVQKD) is an important implementation mode in quantum key distribution, the protocol has absolute security in a Gaussian modulation coherent state, and general collective attack and continuous attack cannot affect the security of the system.
However, in an actual gaussian modulated continuous variable quantum key distribution system, due to the imperfection of the detection and transmission device, the vulnerability of these devices in the continuous variable quantum key distribution system becomes a main attack target of an attacker. And the security of the system is greatly damaged by coherent attack based on the vulnerabilities. Saturation attacks, wavelength attacks, calibration attacks, and Local Oscillator (LO) attacks are all the most common types of attacks in a system. These attacks are mainly directed to the related vulnerabilities of the system devices.
Against these attacks, many documents and scholars propose some methods of identification and defense against different attacks: the existence of the attack is estimated mainly by carrying out high-precision multiple calculations and iterations on the detected optical parameter disturbance and the estimated limit of the excessive noise. However, in the existing method, the two kinds of interference can be estimated only after the key transmission process is completed, and there are problems of long time consumption, large resource consumption, poor real-time performance, etc. in the application.
Disclosure of Invention
The invention aims to provide an attack detection method of a continuous variable quantum key distribution system, which has high reliability, good real-time performance and less resource consumption.
The attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator from the model to obtain an attack detection classifier;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
Step S1, where the system specifically includes a transmitting-end light source, a transmitting-end first amplitude modulator, a transmitting-end first beam splitter, a transmitting-end first polarizer, a transmitting-end second amplitude modulator, a transmitting-end first phase modulator, a transmitting-end attenuator, a transmitting-end second polarizer, a transmitting-end second beam splitter, a receiving-end polarization controller, a receiving-end first polarization beam splitter, a receiving-end first amplitude modulator, a receiving-end first beam splitter, a receiving-end first detector, a receiving-end second polarization beam splitter, a receiving-end phase modulator, a receiving-end second beam splitter, a receiving-end power meter, a receiving-end synchronous clock module, and a receiving-end data processing center; a light source at a sending end sends signal light, and the signal light is divided into two beams of light through a first beam splitter at the sending end after being subjected to amplitude modulation through a first amplitude modulator at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending end combines the two input optical signals and sends the combined optical signals to the receiving end; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; the second beam of light is polarized and split by a second polarization beam splitter at the receiving end, and a second beam of light first component and a second beam of light second component are obtained; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data.
The quantum communication under the attacked state in step S2 specifically includes quantum communication under saturation attack, quantum communication under wavelength attack, quantum communication under calibration attack, and quantum communication under local oscillator attack.
Step S3, performing data processing on the communication parameters obtained in step S2 to obtain a training data set, specifically, normalizing the data by using a minimum-maximum normalization method; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack.
The attack and defense model based on machine learning in step S4 specifically adopts the following model as a system architecture network:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack and defense model is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
where E is the desired distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z, c) is the output of a generator with a specific type c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories;alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c.
The attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the steps of establishing a GAN network, extracting an authentication model as an attack classifier, and detecting the distribution process of the continuous variable quantum key by adopting the attack classifier as an attack detection means; the method can accurately detect and identify the attack type suffered by the quantum key in the distribution process, and has high reliability, good real-time performance and less resource consumption.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
Fig. 2 is a functional block diagram of a continuous variable quantum key distribution experimental system of the method of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the attack detection method of the continuous variable quantum key distribution system provided by the invention comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system; as shown in fig. 2, the system specifically includes a transmitting end light source, a transmitting end first amplitude modulator, a transmitting end first beam splitter, a transmitting end first polarizer, a transmitting end second amplitude modulator, a transmitting end first phase modulator, a transmitting end attenuator, a transmitting end second polarizer, a transmitting end second beam splitter, a receiving end polarization controller, a receiving end first polarization beam splitter, a receiving end first amplitude modulator, a receiving end first beam splitter, a receiving end first detector, a receiving end second polarization beam splitter, a receiving end phase modulator, a receiving end second beam splitter, a receiving end power meter, a receiving end synchronous clock module, and a receiving end data processing center; a light source at a sending end sends out signal light, the signal light is subjected to amplitude modulation through a first amplitude modulator at the sending end and then is divided into two beams of light through a first beam splitter at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending terminal combines the two input optical signals and sends the combined optical signals to the receiving terminal; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; polarizing and splitting the beams by a second polarization beam splitter at the receiving end to obtain a first component of second beam light and a second component of the second beam light; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state; the method specifically comprises quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set; specifically, a minimum-maximum normalization method is adopted to normalize the data; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator to obtain an attack detection classifier; specifically, the following model is adopted as a framework network of the model:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the identification model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack detection preliminary classifier is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
wherein E is the expected distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z,c) is output by a generator of a particular class c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories; alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c.
According to the model constructed by the invention, the core structure adopts the recurrent neural network, and compared with the inner layer structures of DCGAN and GAN, the model is more suitable for processing sequence data, and can better adapt to the extraction and inspection of attack data through the inner layer structure design; furthermore, the improved generative countermeasure network provided by the present invention is primarily directed to multi-attribute sequences, with the input of the generator incorporating tag data representing the attack. The discriminator mainly collects the sequence characteristics for discrimination; in addition, the training process of generating the network is improved into two stages, the first stage enables the generated data of the generator to be coded into a K +1 class in the training, and the second stage codes are coded into a label corresponding class for training;
in particular implementations, the improved generative challenge network is essentially used to mimic the challenges of a continuous quantum key distribution system. Generally, in an attack and defense system for quantum key distribution, three parties: the sender (Alice), receiver (Bob) and attacker (Eve) compete in a dispute. Alice and Bob wish to communicate securely, while Eve wishes to implement an attack to eavesdrop on their communications. The training process is to simulate the process to obtain a recognition system capable of accurately recognizing the attack or security state of Eve.
In training, the generator (G) will be fixed when training the discriminator (D); however, when G needs to be trained, G and D are spliced together to form a network, but only the parameters of G are updated, and the parameters in D are not updated. In essence, the goal of the training is to minimize the loss function.
In order to update parameters in the model, a back propagation algorithm is used for quickly solving partial derivatives of the objective function to the weights in the network, and an adaptive moment estimation optimization algorithm is used for correspondingly adjusting the weights. For better coordination of the generator and the arbiter, the two networks are cross-trained. And reasonably balanced internal training times are arranged through experiments, and generally, a once-training discriminator and a twice-training generator are used. The effectiveness of this model was demonstrated on experimentally acquired data sets;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
During specific implementation, a parameter data training set for machine learning model training is obtained through building experiments, and detected parameter data comprise local oscillation power, shot noise and signal variance. By simulating the communication process of the attack and the normal communication in a laboratory and measuring the measurement parameters under the normal condition and under the attack condition in the transmission process, in order to simplify the process of simulating the attack, the attack is directly implemented from Alice and detected by Bob, which has little influence on the detection parameters compared with the attack directly implemented at Eve. The main measurement monitoring equipment for measuring parameters comprises a power meter, an amplitude modulator and a homodyne detector.
To obtain the parameters under attack: on one side of Alice, a 1550nm wavelength continuous wave laser generates a narrow linewidth light, which is converted to pulses by an amplitude modulator. The pulse is then split into a weak quantum signal path and a strong local oscillator path with a beam splitter.
In the signal path, critical information is encoded in the quadratic nature of the amplitude and phase of coherent light pulses in a central gaussian distribution. In addition, the signal pulse is delayed relative to the LO pulse by an intervening delay line, and the faraday mirror imparts a 90 ° rotation on the original polarization state of the signal pulse. The quantum and LO signals are sent to Bob over a fiber link using polarization (polarity) multiplexing and time multiplexing techniques. Meanwhile, a coarse wavelength division multiplexer is adopted to integrate the quantum signals of classical communication, including a 1310 nm-wavelength clock synchronization signal.
The LO and signal are demultiplexed when the signal receives Eve or Alice data at the Bob end. And (3) dividing the strong local oscillation pulse by using a Beam Splitter (BS), well coordinating 90% of local oscillation pulse light with the quantum signal, and calculating homodyne detection output (XB or PB). The remaining 10% of the local oscillator pulses are used for (ILO) power monitoring and synchronous clock generation, and the power meter is used to measure local oscillator strength. In the internal optical path of Bob, the intensity of the signal path can be controlled by attenuation of an amplitude modulator, in order to obtain shot noise at the current power, the signal path needs to be closed by using an amplitude modulator AM (setting AM as a maximum attenuation ratio), and the shot noise at the current stage is obtained by measurement of a zero-difference detector. To obtain data under attack: simulating Eve at Alice end to influence the system by adopting different attacks, including attenuation of local oscillator strength (local oscillator strength attack), control of wavelength (wavelength attack), offset of calibration of homodyne detection (calibration attack) and promotion of homodyne detection to enter a saturation state (saturation attack), and meanwhile setting a sending and receiving setting mode to be consistent with that of data which is not attacked and sent by Alice. And finally, acquiring corresponding monitoring parameters under different attack modes in the same mode.
The distance between the sampling points is set as follows: each group of data consists of 20 sampling periods, and each sampling period is obtained by collecting about n to 5 multiplied by 107Points are calculated. The sampled data can be calculated in real time and uploaded to a data center for processing. Wherein the data acquisition module is typically updated every 2 seconds
The invention measures 1000 groups of data under normal and non-attacked conditions in an experiment, and simultaneously measures 1000 groups of data under each attack condition as training data and test data.
An example of training for simulating an attack and defense system with a model is as follows:
from a particularly simple example of this scenario, Alice randomly sends a key to Bob, Alice's output is random, but whatever Alice sends it, the changes in the system parameters it introduces will necessarily satisfy a particular distribution. When Alice inputs the system parameters, the parameters generated by Alice must be obtained from the monitoring device output by Bob. Bob obtains the system parameters, and can obtain more obvious relations through data processing. On the other hand, if Eve participates in the communication process of Alice and Bob and implements various attacks, the relationship of the parameters will change, and the parameters acquired by Bob will obey another functional relationship. In fact, the model at Bob end can detect this relationship by learning the distribution. To facilitate such Bob's learning, Alice and Eve are required to continuously communicate with Bob to urge Bob to gain experience. Therefore, data meeting attack distribution as far as possible are continuously generated by simulating Alice and Eve through the generator, and the discrimination capability and the model generalization of the model are improved as far as possible by the discriminator under the supervision of actual data and generated data.
The generator (G) attempts to simulate the process of Eve or Alice interacting with Bob, i.e. to generate as much as possible a vector of measured parameters in accordance with the attack implemented by Eve or Alice's secure transmission key, mimicking Eve or Alice to produce more instances of transmission. The interaction process of Alice and Bob is to complete the secure key transmission, and the interaction process of Eve and Bob is to implement the non-secure key transmission.
The discriminator (D) attempts to emulate the transmission process of Bob identifying Eve or Alice, letting Bob try to identify whether the key distribution is from Alice or Eve. The source of the discrimination signal is learned through actual statistical data to realize the parameter identification capability at the Bob end, and the training of the two is to continuously finish the interaction process together. After training is completed, the discriminator models in the network will be extracted.
An example of using the trained model to detect attacks is as follows:
in a practical environment, a power meter, a homodyne detection device and an amplitude modulator are adopted to carry out real-time measurement on related parameters, statistical parameter data of a sampling time period can be obtained, after data processing, the parameters can be changed into a vector which can be identified by a model, and in the previous model training, the model learns how to judge what communication state the vectors represent. Therefore, once the vector is generated, the authentication model can effectively identify whether the current communication state is safe or not.
Claims (4)
1. An attack detection method of a continuous variable quantum key distribution system comprises the following steps:
s1, building a continuous variable quantum key distribution experiment system;
s2, performing quantum communication in an non-attacked state and quantum communication in an attacked state by adopting the continuous variable quantum key distribution experiment system established in the step S1, so as to obtain communication parameters in the non-attacked state and communication parameters in the attacked state;
s3, carrying out data processing on the communication parameters obtained in the step S2 to obtain a training data set;
s4, training a pre-established attack and defense model based on machine learning by adopting the training data set obtained in the step S3, and extracting a discriminator to obtain an attack detection classifier; specifically, the following model is adopted as an attack detection preliminary classifier:
adopting a generated countermeasure network GAN as a model;
selecting a cyclic neural network based on sequence characteristics as an inner network of the model: the inner network of the model comprises a recurrent neural network layer, a full connection layer, a normalization layer, a Dropout layer and a softmax activation function layer; the recurrent neural network layer is used for processing the time sequence; the normalization layer is used for data normalization processing; the Dropout layer is used to prevent overfitting; the softmax activation function layer is used for multi-classification;
the generator model is also formed by adopting a recurrent neural network, and a label C representing the number of the types of attacks is introduced into the input of the generator model, so that the relationship is formed between the generated data and the label;
the training process of the attack detection preliminary classifier is divided into two stages: in the first stage, the data of the generator is classified into a false class by a discriminator, so that the effective training of the generator is ensured, and the data of the generator is effectively fitted with the distribution of real attacks; in the second stage, after the GAN model is stabilized, the data of the generator is put into the corresponding true class according to the input label, so that data enhancement is performed, and the generalization of the system is improved;
the following equation is used as the loss function LG of the generator:
wherein E is the expected distribution; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; d (x) is the discriminator output; g (z, c) is the output of a generator with a specific type c; c is the number of attack categories;
the following equation is used as the loss function LD of the discriminator:
wherein E is the expected distribution; x to PdataThe distribution of training data and its satisfaction; dRNNIs an RNN model based discriminator output; c is the category of attack; x is training data; c is the number of attack categories; alpha is a stage parameter of training; z to PzRandom noise and its distribution; c to PcAs attack categories and their distribution; gRNN(z, c) is the output of the generator for each class c;
s5, during actual quantum communication, detecting the communication process by adopting the attack detection classifier obtained in the step S4, thereby realizing attack detection of the continuous variable quantum key distribution system.
2. The attack detection method for the continuous variable quantum key distribution system according to claim 1, wherein the continuous variable quantum key distribution experimental system of step S1 specifically comprises a transmitting-end light source, a transmitting-end first amplitude modulator, a transmitting-end first beam splitter, a transmitting-end first polarizer, a transmitting-end second amplitude modulator, a transmitting-end first phase modulator, a transmitting-end attenuator, a transmitting-end second polarizer, a transmitting-end second beam splitter, a receiving-end polarization controller, a receiving-end first polarization beam splitter, a receiving-end first amplitude modulator, a receiving-end first beam splitter, a receiving-end first detector, a receiving-end second polarization beam splitter, a receiving-end phase modulator, a receiving-end second beam splitter, a receiving-end power meter, a receiving-end synchronous clock module, and a receiving-end data processing center; a light source at a sending end sends out signal light, the signal light is subjected to amplitude modulation through a first amplitude modulator at the sending end and then is divided into two beams of light through a first beam splitter at the sending end; the first beam of optical signals is polarized through a first polarizer at a sending end, then amplitude modulation is carried out through a second amplitude modulator at the sending end, phase modulation is carried out through a first phase modulator at the sending end, attenuation is carried out through an attenuator at the sending end, and then the first beam of optical signals is input to a first input end of a second beam splitter at the sending end; the second optical signal is polarized by a second polarizer at the sending end and then is input to a second input end of a second beam splitter at the sending end; the second beam splitter of the sending end combines the two input optical signals and sends the combined optical signals to the receiving end; after receiving the signal sent by the sending end, the receiving end performs polarization control through a first polarization controller of the receiving end and then divides the signal into two beams of light through a first beam splitter of the receiving end; the first beam of light is subjected to amplitude modulation through a first amplitude modulator at a receiving end and then is input to a first input end of a first beam splitter at the receiving end; the second beam of light is polarized and split by a second polarization beam splitter at the receiving end, and a second beam of light first component and a second beam of light second component are obtained; the second beam of light first component is input to a second input end of the receiving end first beam splitter after being phase modulated by a receiving end phase modulator; the output signal of the first beam splitter of the receiving end is simultaneously detected by a first detector of the receiving end and a second detector of the receiving end and then uploaded to a data processing center of the receiving end; the second beam of light second component is divided into two paths through a second beam splitter of the receiving end, one path is uploaded to a data processing center of the receiving end after power calculation is carried out through a power meter of the receiving end, and the other path is uploaded to the data processing center of the receiving end after synchronous clock detection of the receiving end; the receiving end data processing center is used for detecting data.
3. The attack detection method for the continuous variable quantum key distribution system according to claim 1, wherein the quantum communication under the attacked state in step S2 specifically includes quantum communication under saturation attack, quantum communication under wavelength attack, quantum communication under calibration attack, and quantum communication under local oscillator attack.
4. The attack detection method for continuous variable quantum key distribution system according to claim 1, wherein the step S3 is to perform data processing on the communication parameters obtained in the step S2, so as to obtain a training data set, specifically to normalize the data by a min-max normalization method; forming corresponding training data by the normalized data and the corresponding labels, thereby forming a training set; the label comprises normal quantum communication, quantum communication suffering from saturation attack, quantum communication suffering from wavelength attack, quantum communication suffering from calibration attack and quantum communication suffering from local oscillator attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010832930.9A CN111970280B (en) | 2020-08-18 | 2020-08-18 | Attack detection method of continuous variable quantum key distribution system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010832930.9A CN111970280B (en) | 2020-08-18 | 2020-08-18 | Attack detection method of continuous variable quantum key distribution system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111970280A CN111970280A (en) | 2020-11-20 |
CN111970280B true CN111970280B (en) | 2022-05-06 |
Family
ID=73388914
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010832930.9A Active CN111970280B (en) | 2020-08-18 | 2020-08-18 | Attack detection method of continuous variable quantum key distribution system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111970280B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112787815B (en) * | 2021-02-05 | 2021-11-30 | 中南大学 | Continuous variable quantum key communication method and system based on attack perception and defense |
CN112953973B (en) * | 2021-04-12 | 2022-05-06 | 中南大学 | Hybrid attack detection method for continuous variable quantum key distribution system |
CN113037778B (en) * | 2021-04-12 | 2022-04-08 | 中南大学 | Attack detection method for continuous variable quantum key distribution system |
CN113179264B (en) * | 2021-04-26 | 2022-04-12 | 哈尔滨工业大学 | Attack detection method for data transmission in networked control system |
CN113472536B (en) * | 2021-08-13 | 2022-04-15 | 中南大学 | Efficient continuous variable quantum key distribution system based on artificial neural network and implementation method thereof |
CN114143115B (en) * | 2022-01-14 | 2022-10-14 | 中南大学 | Multi-label attack detection method for continuous variable quantum key distribution system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868520A (en) * | 2012-08-28 | 2013-01-09 | 上海交通大学 | Continuous variable quantum key distribution system and phase compensation method thereof |
CN107070560A (en) * | 2017-04-21 | 2017-08-18 | 中南大学 | The polarization compensation of continuous variable quantum key dispatching system realizes devices and methods therefor |
WO2017148141A1 (en) * | 2016-02-29 | 2017-09-08 | 华为技术有限公司 | Quantum key distribution method, transmission device, and reception device |
CN107947930A (en) * | 2017-12-29 | 2018-04-20 | 中南大学 | The modulation compensated system of continuous variable quantum key distribution and its implementation |
CN108075885A (en) * | 2016-11-15 | 2018-05-25 | 上海朗研光电科技有限公司 | The high speed quantum key distribution system of phase-modulated polarized coding |
CN108696352A (en) * | 2018-05-25 | 2018-10-23 | 中南大学 | The unrelated quantum key distribution system of continuous variable measuring apparatus and its implementation |
CN108880781A (en) * | 2018-06-14 | 2018-11-23 | 成都信息工程大学 | It is a kind of to add cover protection encryption equipment without mask neural network attack method |
CN109194470A (en) * | 2018-09-07 | 2019-01-11 | 中南大学 | High-efficiency and continuous variable quantum key delivering method |
CN209930270U (en) * | 2019-05-31 | 2020-01-10 | 重庆鲲量科技有限公司 | Quantum communication system based on single photon communication technology |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2879381B1 (en) * | 2004-12-15 | 2008-12-26 | Thales Sa | QUANTUM QUANTUM DISTRIBUTION SYSTEM OF CONTINUOUSLY VARIABLE ENCRYPTION KEY |
RU2671620C1 (en) * | 2016-12-29 | 2018-11-02 | Общество с ограниченной ответственностью "Международный центр квантовой оптики и квантовых технологий" (ООО "МЦКТ") | High-speed autocompensation scheme of quantum key distribution |
JP7341874B2 (en) * | 2018-12-26 | 2023-09-11 | キヤノン株式会社 | Image processing device, image processing method, and program |
-
2020
- 2020-08-18 CN CN202010832930.9A patent/CN111970280B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868520A (en) * | 2012-08-28 | 2013-01-09 | 上海交通大学 | Continuous variable quantum key distribution system and phase compensation method thereof |
WO2017148141A1 (en) * | 2016-02-29 | 2017-09-08 | 华为技术有限公司 | Quantum key distribution method, transmission device, and reception device |
CN108075885A (en) * | 2016-11-15 | 2018-05-25 | 上海朗研光电科技有限公司 | The high speed quantum key distribution system of phase-modulated polarized coding |
CN107070560A (en) * | 2017-04-21 | 2017-08-18 | 中南大学 | The polarization compensation of continuous variable quantum key dispatching system realizes devices and methods therefor |
CN107947930A (en) * | 2017-12-29 | 2018-04-20 | 中南大学 | The modulation compensated system of continuous variable quantum key distribution and its implementation |
CN108696352A (en) * | 2018-05-25 | 2018-10-23 | 中南大学 | The unrelated quantum key distribution system of continuous variable measuring apparatus and its implementation |
CN108880781A (en) * | 2018-06-14 | 2018-11-23 | 成都信息工程大学 | It is a kind of to add cover protection encryption equipment without mask neural network attack method |
CN109194470A (en) * | 2018-09-07 | 2019-01-11 | 中南大学 | High-efficiency and continuous variable quantum key delivering method |
CN209930270U (en) * | 2019-05-31 | 2020-01-10 | 重庆鲲量科技有限公司 | Quantum communication system based on single photon communication technology |
Non-Patent Citations (7)
Title |
---|
High Efficiency Continuous-variable quantum key distribution based on QC-LDPC codes;郭迎;《Chinese Optics Letters》;20191125;全文 * |
On-Chip_Continuous-Variable_Quantum_Key_DistributionCV-QKD_and_Homodyne_Detection;Y.Shen;《2020 Optical Fiber Communications Conference and Exhibition(OFC)》;20200101;全文 * |
Quantum hacking of free-space continuous-variable quantum key distribution by using a machine-learning technique;HUANG WENTI;《PHYSICAL REVIEW A》;20190715 * |
基于GAN-LSTM的APT攻击检测;刘海波等;《计算机科学》;20190919(第01期);全文 * |
基于双偏振分束器的量子密钥分发系统;马海强等;《物理学报》;20051112(第11期);全文 * |
基于改进CGANs的入侵检测方法研究;彭中联等;《信息网络安全》;20200510(第05期);全文 * |
实地验证连续变量量子密钥分发网络及相关技术研究;黄端;《第十七届全国量子光学学术会议报告摘要集》;20160805;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111970280A (en) | 2020-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111970280B (en) | Attack detection method of continuous variable quantum key distribution system | |
CN111970279B (en) | Continuous variable quantum key distribution attack detection method and detection system thereof | |
CN103780378B (en) | Monitoring method for continuous-variable quantum key distribution system | |
CN106788706B (en) | Continuous variable quantum key distribution method capable of resisting actual attack | |
CN112953973B (en) | Hybrid attack detection method for continuous variable quantum key distribution system | |
CN104303449B (en) | It is a kind of by change at random their validity be used for detect control quantum cryptography device in single-photon detector attack device and method | |
CN112134683B (en) | Attack detection method of discrete variable quantum key distribution system | |
US20220182152A1 (en) | Active feedback control method for quantum communication system based on machine learning | |
CN105141376B (en) | A kind of method of real-time of CVQKD systems and its shot noise variance | |
CN104539582A (en) | Continuous variable quantum key distribution (CVQKD) security defense method | |
CN108737082A (en) | The reception device and method of reseptance of signal | |
CN206348777U (en) | The unrelated quantum random number generator of one introduces a collection | |
Luo et al. | Beyond universal attack detection for continuous-variable quantum key distribution via deep learning | |
CN113472536A (en) | Efficient continuous variable quantum key distribution system based on artificial neural network and implementation method thereof | |
CN108964902A (en) | The defence method and system of Denial of Service attack in continuous variable quantum key distribution | |
CN108446099A (en) | The quantum random number generator of the unrelated higher-dimension time encoding in source | |
CN206440826U (en) | Quantum radar based on Quantum Correlation | |
CN112929163B (en) | Measuring device-independent continuous variable quantum key distribution method and system | |
Huang et al. | Quantum hacking of free-space continuous-variable quantum key distribution by using a machine-learning technique | |
Al-Mohammed et al. | Detecting attackers during quantum key distribution in IoT networks using neural networks | |
CN110380850A (en) | The defence method of security breaches, system and medium in CVQKD real system | |
CN113452523B (en) | Abnormal communication detection method for continuous variable quantum key distribution process | |
CN114285574B (en) | Source-independent quantum random number generation method and system for resisting strong light blinding | |
CN112787815B (en) | Continuous variable quantum key communication method and system based on attack perception and defense | |
CN114268433A (en) | Nonlinear compensation method of high-speed continuous variable quantum key distribution system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |