Quantum crypto for consumer GPON
It can be done, say Irish researchers
Get ready to add another gadget to your Jetsons want-it-one-day list: personal quantum encryption.
Although vulnerable to man-in-the-middle attacks by kitted-up boffins with access to the fibre, quantum key distribution (QKD) is still secure enough to give nightmares to spooks already scrambling to catch up with ordinary encryption. However, today’s commercial QKD systems are unsuitable for deployment in a fibre-to-the-premises network.
Now, researchers from the Tyndall National Institute at University College, Cork have proposed a way in which existing GPON systems could carry QKD traffic without needing new fibres or new equipment.
The study’s co-author Paul Townsend explained to physorg.com: “Optical fiber network infrastructure is enormously expensive to deploy, so it must last for a long time – perhaps 25 years or more – and be able to support a wide range of current and future, yet to be defined, systems and services. So it is extremely unlikely that an operator would ever deploy a network, or even dedicate fibers within an existing network, purely for quantum communications”.
In QKD, entangled photons are used to share a key between the two ends of a communication. If the implementation of the QKD system is secure, then any third party trying to intercept the photons carrying the key will be detectable at the receiver, since it will destroy the entanglement.
The key exchange mechanism also needs a quiet channel. A “classical” (read: ordinary) fibre communication would cause “Raman scattering” that changes the photons’ energy and, as the Tyndall researchers state in their paper, induces instantaneous crosstalk between the quantum and classical channels.
The Tyndall paper, co-authored by Townsend, Iris Choi and Robert Young, is published in the New Journal of Physics and available here. It proposes a combination of time multiplexing and wavelength multiplexing to give the quanta the quiet they need for a key exchange.
Existing schemes, the researchers say, demand expensive filters in addition to wavelength multiplexing to provide a low-noise channel for the single photons used in key exchange schemes. Ideally, the paper notes, QKD schemes for GPON networks should only need changes to protocols rather than to system hardware, since this is much easier to achieve.
The standard GPON network uses a very simple WDM scheme to separate downstream and upstream communications: the head end transmits on the 1550nm wavelength, while the user sends data upstream on the 1330nm wavelength.
Both the forward and backward channels also cause Raman scattering which, because the energy (and therefore wavelength) of the scattered photons is changed, could cause noise in whatever wavelength the quantum system is trying to use. To get around this, the upstream channel transmits at 1290nm; with the addition of a low-cost coarse WDM filter to get rid of scattering from the downstream channel, the researchers were able to easily find periods in which there were no upstream transmissions, so the channel is quiet enough for key exchange.
Downstream is more difficult, because the channel from the exchange to the end users operates more-or-less continuously in broadcast mode. The researchers relied on finding brief “zero crossing” moments in the downstream channel to identify those moments in which key exchange could be attempted.
They claim to have achieved a key distribution rate of 1.3 kilobits per second – inadequate for most applications, but suitable for key exchange, since keys only need to be passed when initiating a session.
The research also demonstrates that QKD could be enabled only for users that need or want it, since it doesn’t involve re-architecture of the entire network. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust