WO2012089711A1 - Method for a fine optical line monitoring in communication lines through qkd systems - Google Patents

Method for a fine optical line monitoring in communication lines through qkd systems Download PDF

Info

Publication number
WO2012089711A1
WO2012089711A1 PCT/EP2011/074053 EP2011074053W WO2012089711A1 WO 2012089711 A1 WO2012089711 A1 WO 2012089711A1 EP 2011074053 W EP2011074053 W EP 2011074053W WO 2012089711 A1 WO2012089711 A1 WO 2012089711A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
channel
quantum
qkd
optical
Prior art date
Application number
PCT/EP2011/074053
Other languages
French (fr)
Inventor
Vicente MARTÍN AYUSO
Daniel Lancho Lancho
Mercedes SOTO RODRÍGUEZ
Jesús MARTÍNEZ MATEO
Original Assignee
Telefonica, S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonica, S.A. filed Critical Telefonica, S.A.
Priority to BR112013016660A priority Critical patent/BR112013016660A2/en
Priority to EP11808216.3A priority patent/EP2659605A1/en
Priority to US13/997,709 priority patent/US20130347112A1/en
Publication of WO2012089711A1 publication Critical patent/WO2012089711A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0226Fixed carrier allocation, e.g. according to service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0227Operation, administration, maintenance or provisioning [OAMP] of WDM networks, e.g. media access, routing or wavelength allocation
    • H04J14/0254Optical medium access
    • H04J14/0256Optical medium access at the optical channel layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J14/00Optical multiplex systems
    • H04J14/02Wavelength-division multiplex systems
    • H04J14/0201Add-and-drop multiplexing
    • H04J14/0202Arrangements therefor
    • H04J14/021Reconfigurable arrangements, e.g. reconfigurable optical add/drop multiplexers [ROADM] or tunable optical add/drop multiplexers [TOADM]

Abstract

Two ends of a QKD system are connected through a private quantum channel using a protocol based on the principles of quantum physics and a conventional channel, both channels being introduced through the same medium using multiplexing techniques, wherein a possible intrusion in the communication is detected by checking the variability of the distribution of exchanged photons between both ends of said private quantum channel and in case of detecting an intrusion due to the risk identified on the communication channel the system launches an alarm. To avoid other attacks another conventional channel different from the quantum channel is further used in order to check the error rate in the exchanges.

Description

Method for a fine optical line monitoring in communication lines through QKD systems
Field of the art
The present invention generally relates to a method for the analysis and detection of spies in optical communications, and more particularly to a method comprising the use of QKD systems to check the variability of the distribution of exchanged photons in order to detect an intrusion.
Prior State of the Art
In a quantum key distribution system (QKD), two peers exchange a key using a protocol based on the principles of quantum physics [1 , 2, 3, 4]. In order to exchange the key, the two ends of a QKD system need two communication links: a quantum channel and a conventional and authenticated channel. A quantum channel can be considered a channel because it is used to transmit information coded in qubits that are eventually used to compose the final key shared by the two ends of the communication. The transmission medium commonly used for the quantum channel is the optical transmission medium (currently fibre optic) and the physical element used for coding the qubit is the photon [5].
The conventional andquantum channels can coexist in the same medium using two multiplexing techniques: Time Division Multiplexing (TDM) or Frequency Division Multiplexing (WDM). These modulation techniques also allow the use of other communication channels and, therefore, theintegration of QKD systems in conventional communication systems.
Only with the Frequency Division Multiplexing technique (WDM) the signal transmission is performed in different channels simultaneously, allowing the increase of the volume of information transmitted in the same medium per unit of time. This increase of the transmission capacity of the medium is particularly interesting, for instance, to expedite communications required by the protocols used on the basis reconciliation, error correction [6] and privacy amplification [7, 8]. There are existing alternatives for key distillation, such as LDPC codes, which can reduce network traffic between the extremes of a QKD system [9]. The two most commonly used standards for frequency multiplexing in the optical transmission medium are Coarse WDM and Dense WDM (CWDM and DWDM respectively). Commercial optical networks built using passive technology, i.e. Passive Optical Networks (PON), allow the use of quantum communication channels, because the signals transmitted on a PON network are not intercepted by the presence of intermediate components. These channels can coexist simultaneously with other channels of different technology using frequency division multiplexing.
A remarkable problem of this medium is that communications made through an optical transmission channel are easily accessible. The most elusive methods do not require physical intrusion of the medium, i.e. do not interrupt the transmission through the optical medium, which makes almost impossible the detection of attacks. This type of non-intrusive access also allows the use of these techniques in communication technologies based on PON as long as it does not interrupt the transmission through the medium, always keeping the passive nature of the network in each communication between nodes.
In order to perform an attack, a relatively simple way to avoid interrupting a line in an optical transmission medium is to use a curved coupler (coupler bend). The coupler is used to provoke a critical radius curve to the optical media, where there is a small spatial dispersion in the core of the optical transmission medium, thereby resulting in a fraction of light escaping it. Placing a detector where the light escapes can be useful to intercept the data exchanged, capturing a small portion of the transmitted signal. These couplings will necessarily lead to power losses in the optical signal transmitted which may be very small, what makes really complicated the detection of the attack. Curved couplers are not rare instruments which makes their availability relatively simple to an attacker.
Much of the efforts applied in the implementation of secure communication systems are focused on the possibility to access the means by which communication takes place in order to attack. The physical access control is really complicated in global communications networks, as well as in urban areas where optical transmission lines are located in centres of population, or trunk lines of communication where it is not possible to track a physical inspection of the whole line.
There are solutions for intrusion detection in optical networks. Some of these existing solutions use power meters, or reflectometers, to detect an intrusion (both strategies are also used to check an optical transmission channel after it has been completely deployed). It would be easy for an skilled spy not to be detected if this type of strategy is used.
Description of the Invention The integration of QKD systems in real communication environments allows their use to detect possible interventions of the transmission medium of communication.
Under ideal conditions, i.e. single photon sources, the ends of a single photon QKD system can be exchanged through the optical media. The emission and detection of the photon is produced in different ends of the QKD system, so any intermediate element will influence this exchange. The intervention of the optical transmission element can then be detected by the QKD system accurately considering the number of photons absorbed in the transmission.
QKD systems can be integrated with communication systems based on networks with optical transmission media when using PON technologies, and also simultaneously when using WDM to multiplex various communication channels. Therefore, the use of QKD systems for key exchange in a network can be used in addition to check whether the communication line is being spied in any of the communication channels.
The invention allows extending QKD systems' use cases to add intrusion detection uses in conventional communication lines. QKD systems originally designed for key exchange can be used in the analysis of security of the medium avoiding the need to pay for other alternative technological solutions that facilitate the detection of attacks on the environment.
Brief Description of the Drawings
The previous and other advantages and features will be clarified with the following detailed embodiments, with reference to the attached drawings, which must be considered in an illustrative and non-limiting manner, in which:
Figure 1 shows a QKD system used to detect intrusions. There is a monomode fibre that connects the two ends of the two-node network, a modulator which incorporates two different frequencies within the same optical fibre using WDM, a transponder to operate the conventional communication channel, and two ends which one is a single photon emitter (Alice) and the other one the single photon detector (Bob).
Figure 2 shows the general case in an optical network. The two elements of the QKD system are placed one at each end of the optical path that wants to remain secure. The system monitores the line characterization so it raises an alarm in case of error.
Figure 3 shows the general case in a shared optical network. As there is more than one detector it is necessary to use TDM techniques. In the following sequence diagram it can be observed an example with one Alice and two Bobs Figure 4 shows a network of TDM-PON access that can be incorporated in the present invention.
Figure 5 shows a metropolitan network based on ROADM switches that can be incorporated in the present invention.
Detailed Description of Several Embodiments
The simplest case for the implementation of the proposed invention is that depicted at the first figure (Fig. 1 ). It represents only two nodes that form a peer to peer network. Each of the nodes is connected in one end to a QKD system, which we refer as Alice and Bob respectively. The communication between nodes is done through a single optical transmission line, two-channel multiplexed. The division of the two channels is done by WDM, so that both channels can be used simultaneously. One channel will be used by the QKD system as a quantum channel (in this case used for intrusion detection), while the other channel will be used for the establishment of the communication in a conventional manner.
In this example the QKD system is working as an intrusion detection system and not for key generation, using the quantum channel to check the variability of the distribution of exchanged photons. Any decreasing in the number of photons detected implies that the communication is being partially interrupted by a hypothetical attacker. In this situation, the QKD system can launch an alarm due to the risk identified on the communication channel.
Additionally, the QKD system must complete the distillation process of a key in order to check which the error rate in the exchanges is. With that error rate QKD system may check whether a hypothetical eavesdropper is using other strategies for attack, such as the injection of additional pulses through interception and forwarding strategy (in compensation to the signal intercepted). Keydistillation must be performed using a conventional channel different from the quantum channel, so that the scheme proposed to detect intruders requires a more complex scenario, with a minimum of three simultaneous communication channels: one for the quantum channel, one for the conventional channel needed by the QKD system, and a third (minimum) which security is to be ensured by the proposed system. The use of the intrusion detection mechanism proposed in complex communication networks can be done by the integration of QKD systems in these networks, especially using technologies based on passive optical networks (PON), as an extension of the analysis and intrusion detection just described for a two nodes network. This invention's main goal is to protect any optical network. As it was shown in the general case of an optical network (Fig. 2), the two elements of the QKD System, will be placed one at each end of the optical path that needs to remain secure. Just after the installation it should begin a process of line characterization, where the two ends of the system exchange pulses and distillate the resulting bit string in order to know what the characteristic error of the line is. Once the characterization process has ended, the system continues exchanging pulses and monitoring the error of the line. If this error is bigger than a security parameter, then it raises an alarm. In the case of a shared optical network (Fig. 3) the system can run with one emitter and several detectors, and it's required the use of TDM.
A person skilled in the art could introduce changes and modifications in the embodiments described without departing from the scope of the invention as it is defined in the attached claims.
ACRONYMS AND ABBREVIATIONS
APD AVALANCHE PHOTO-DIODE
CWDM COARSE WDM
DWDM DENSE WDM
FWM FOUR WAVE MIXING
GPON GIGABIT PON
LDPC LOW-DENSITY PARITY CHECK
OLT OPTICAL LINE TERMINAL
ONT OPTICAL NETWORK TERMINAL
PON PASSIVE OPTICAL NETWORK
QBER QUANTUM BIT ERROR RATE
QKD QUANTUM KEY DISTRIBUTION
ROADM RECONFIGURABLE OPTICAL ADD&DROP MULTIPLEXER
TDM TIME-DIVISION MULTIPLEXING
VOA VARIABLE OPTICAL ATTENUATOR
WDM WAVELENGTH-DIVISION MULTIPLEXING
REFERENCES
[1 ] C. H. Bennett, G. Brassard, "Quantum cryptography: public key distribution and coin tossing", Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, IEEE press., pp. 175-179, 1984.
[2] A. K. Ekert, "Quantum Cryptography Based on Bell's Theorem", Phys. Rev. Lett. 67, Is. 6, pp. 661 -663, 1991 . [3] C. H. Bennett, "Quantum Cryptography Using Any Two Nonorthogonal States", Phys. Rev. Lett. 68, No. 21 , pp. 3121 , 1992.
[4] V. Scarani, A. Acin, G. Ribordy, N. Gisin, "Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations", Phys. Rev. Lett. 92, 2002.
[5] N. Gisen et al., "Quantum Cryptography", Rev. Mod. Phys. 74, pp. 145, 2001 .

Claims

Claims
1 . - Method for a fine optical line monitoring in communication lines using QKD systems, wherein two ends of a QKD system are connected through two communication links: a private quantum channel and a conventional channel, said private quantum channel using a protocol based on the principles of quantum physics, both channels coexisting in the same medium using multiplexing techniques, characterized in that a possible intrusion in the communication is detected by checking the variability of the distribution of exchanged photons between both ends of said private quantum channel, so that if the number of photons detected is lower than the expected one the communication might have suffered an attack.
2. - Method, according to clam 1 , wherein in case of detecting an intrusion due to the risk identified on the communication channel an alarm is launched.
3. - Method according to claim 1 , wherein another conventional channel different from the quantum channel is further used in order to check the error rate in the exchanges, so that a minimum of three simultaneous communication channels is used.
4. - Method according to claim 3, wherein a first process of line characterization is performed in which the two ends exchange pulses in order to know the characteristic error for the optical path and after that, the system monitores the error of the line and if it is bigger than a security parameter it launches an alarm.
5. - Method according to claim 1 , wherein said multiplexing technique is a WDM.
6. - Method according to claim 5, wherein said multiplexing technique is CWDM or DWDM.
7. - Method according to claim 1 , wherein the communication line comprises one emitter and several detectors, and said multiplexing technique is a TDM.
8. - Method according to any of the previous claims wherein said communication line comprises a network of TDM-PON.
9. - Method according to any of the previous claims wherein said communication line comprises a metropolitan network based on ROADM switches.
PCT/EP2011/074053 2010-12-29 2011-12-26 Method for a fine optical line monitoring in communication lines through qkd systems WO2012089711A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
BR112013016660A BR112013016660A2 (en) 2010-12-29 2011-12-26 method for thin line monitoring on communication lines using qkd systems
EP11808216.3A EP2659605A1 (en) 2010-12-29 2011-12-26 Method for a fine optical line monitoring in communication lines through qkd systems
US13/997,709 US20130347112A1 (en) 2010-12-29 2011-12-26 Method for a fine optical line monitoring in communication lines through qkd systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ESP201032001 2010-12-29
ES201032001A ES2420054B1 (en) 2010-12-29 2010-12-29 METHOD FOR A FINE MONITORING OF OPTICAL LINES ON COMMUNICATION LINES THROUGH QKD SYSTEMS.

Publications (1)

Publication Number Publication Date
WO2012089711A1 true WO2012089711A1 (en) 2012-07-05

Family

ID=45478296

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/074053 WO2012089711A1 (en) 2010-12-29 2011-12-26 Method for a fine optical line monitoring in communication lines through qkd systems

Country Status (6)

Country Link
US (1) US20130347112A1 (en)
EP (1) EP2659605A1 (en)
AR (1) AR084634A1 (en)
BR (1) BR112013016660A2 (en)
ES (1) ES2420054B1 (en)
WO (1) WO2012089711A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3094038A1 (en) * 2015-05-12 2016-11-16 ID Quantique S.A. Apparatus and method for providing eavesdropping detection of an optical fiber communication
US11689360B2 (en) 2019-09-16 2023-06-27 Kt Corporation Quantum key distribution method, device, and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111305B (en) * 2017-12-29 2023-02-28 广东国腾量子科技有限公司 Multi-type quantum terminal compatible converged network access system and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006130300A2 (en) * 2005-05-27 2006-12-07 Magiq Technologies, Inc. Systems and methods of enhancing qkd security using a heralded photon source
US20070065155A1 (en) * 2005-09-19 2007-03-22 The Chinese University Of Hong Kong System and methods for quantum key distribution over WDM links

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5732139A (en) * 1996-08-26 1998-03-24 Lo; Hoi-Kwong Quantum cryptographic system with reduced data loss
US8582769B2 (en) * 2009-10-09 2013-11-12 Nec Laboratories America, Inc. Secure communication over passive optical network (PON) with quantum encryption
US8737618B2 (en) * 2010-02-17 2014-05-27 Telcordia Technologies, Inc. Secure key distribution for optical code division multiplexed based optical encryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006130300A2 (en) * 2005-05-27 2006-12-07 Magiq Technologies, Inc. Systems and methods of enhancing qkd security using a heralded photon source
US20070065155A1 (en) * 2005-09-19 2007-03-22 The Chinese University Of Hong Kong System and methods for quantum key distribution over WDM links

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AJUNG KIM: "Application of a secure communication protocol to multiple access systems", TENCON 2004. 2004 IEEE REGION 10 CONFERENCE CHIANG MAI, THAILAND NOV. 21-24, 2004, PISCATAWAY, NJ, USA,IEEE, vol. B, 21 November 2004 (2004-11-21), pages 9 - 12, XP010797854, ISBN: 978-0-7803-8560-3, DOI: 10.1109/TENCON.2004.1414518 *
RUNSER R J ET AL: "Demonstration of 1.3 /spl mu/m quantum key distribution (QKD) compatibility with 1.5 /spl mu/m metropolitan wavelength division multiplexed (WDM) systems", 2005 OPTICAL FIBER COMMUNICATIONS CONFERENCE TECHNICAL DIGEST (IEEE CAT. NO. 05CH37672) IEEE PISCATAWAY, NJ, USA,, vol. 3, 6 March 2005 (2005-03-06), pages 206 - 208, XP010831698, ISBN: 978-1-55752-783-7 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3094038A1 (en) * 2015-05-12 2016-11-16 ID Quantique S.A. Apparatus and method for providing eavesdropping detection of an optical fiber communication
US10014934B2 (en) 2015-05-12 2018-07-03 Id Quantique Sa Apparatus and method for providing eavesdropping detection of an optical fiber communication
US11689360B2 (en) 2019-09-16 2023-06-27 Kt Corporation Quantum key distribution method, device, and system

Also Published As

Publication number Publication date
EP2659605A1 (en) 2013-11-06
AR084634A1 (en) 2013-05-29
US20130347112A1 (en) 2013-12-26
BR112013016660A2 (en) 2018-05-22
ES2420054A1 (en) 2013-08-21
ES2420054B1 (en) 2014-03-20

Similar Documents

Publication Publication Date Title
US11424838B2 (en) Quantum communication network
JP7161153B2 (en) QTTH system based on multi-core fiber mode division multiplexing and its transmission method
Da Silva et al. Proof-of-principle demonstration of measurement-device-independent quantum key distribution using polarization qubits
JP5784612B2 (en) Method and apparatus for use in quantum key distribution
EP1927209B1 (en) System and method for quantum key distribution over wdm links
US7613396B2 (en) Multiplexing communication system and crosstalk elimination method
US7113598B2 (en) Methods and systems for high-data-rate quantum cryptography
US8582769B2 (en) Secure communication over passive optical network (PON) with quantum encryption
CN108809638A (en) Device and method for inveigling state tri-state quantum key distribution
US20120328290A1 (en) Quantum communication network
WO2018114219A1 (en) Apparatus and method for enhancing secret key rate exchange over quantum channel in quantum key distributionsystems
CA2607317A1 (en) Multi-channel transmission of quantum information
WO2016172375A1 (en) Methods for quantum key distribution and related devices
Nweke et al. Experimental characterization of the separation between wavelength-multiplexed quantum and classical communication channels
US20060023885A1 (en) Two-way QKD system with backscattering suppression
US20130347112A1 (en) Method for a fine optical line monitoring in communication lines through qkd systems
Aleksic et al. Distribution of quantum keys in optically transparent networks: Perspectives, limitations and challenges
Runser et al. Demonstration of 1.3 µm quantum key distribution (QKD) compatibility with 1.5 µm metropolitan wavelength division multiplexed (WDM) systems
Ma et al. High speed quantum key distribution over optical fiber network system
Chapuran et al. Compatibility of quantum key distribution with optical networking
Martelli et al. Integration of QKD in WDM networks
da Silva et al. Proof-of-principle demonstration of measurement device independent QKD using polarization qubits
Giannoulis et al. Practical decoy-state sender implemented over analog RoF transmitters for secure 5G and beyond x-haul connections
Tang Optically switched quantum key distribution network
WANG et al. A Quantum Key Re-Transmission Mechanism for QKD-Based Optical Networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11808216

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2011808216

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 13997709

Country of ref document: US

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112013016660

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112013016660

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20130627