StandICT.eu
User area
EU-OS Logo powered by StandICT.eu
  • EUOS
  • Discussion groups
  • Standards repository
  • Landscape and gap analysis

follow us

Security Certification of QKD

Breadcrumb

  • Discussion Groups
  • Quantum Computing
  • 297
  • Security Certification Of QKD
Up
0
Down
  • Posted By
    Profile picture for user thlaenger
    Thomas Länger
  • 8 months 2 weeks ago
  • 2 Replies

Security Certification of QKD .

The standard ISO/EN 15408 "Common Criteria" enables end users to express their specific security needs for a type of information technology systems in the form of a Protection Profile (PP). Producers can then have their products evaluated against such a PP, providing assurance to end users that these products can be securely and dependably used in the intended environment.

Quantum Communication, in the form of Quantum Key Distribution QKD, with its high security claims, is intended for areas with highest security requirements. Therefore, a rigorous security certification is necessary for end users to be reasonably assured that the installed systems will operate as securely as advertised. Currently (summer 2021), two pushes to standardise the ISO/EN 15408 "Common Criteria" security certification of QKD systems are underway, in the ETSI ISG-QKD and in the ISO SC27 WG3—both intending to publish standards soon.

The ISO group develops two standards: "ISO/IEC 23837-1 Information security—Security requirements, test and evaluation methods for quantum key distribution—Part 1: Requirements" (containing predefined security functional requirements for use in QKD PPs) and "ISO/IEC 23837-2 (…) Part 2: Test and evaluation methods". Both are currently in advanced committee draft (CD) stage and publication is planned for spring 2022.

The ETSI ISG-QKD works on a standard DGS/QKD-016 "Common Criteria Protection Profile for QKD", providing a standardised PP for a "prepare and measure" QKD system. The standard draft is edited by Deutsche Telekom Security GmbH, Evaluation Facility, with German BSI as sponsor, and is also in a quite advanced state, with publication probably still later this year.

Currently, these two approaches are not compatible, which can be explained through the fact that both activities were started independently, and only recently. For example, while the ISO puts its requirements into a new FTP_QKD family (of the FTP "Trusted Path" class), the ETSI extends the FCS "Cryptographic Support" class with a new "FCS_QKD" family. Probably both solutions are viable, but the ETSI and the ISO groups are connected through mutual liaisons, exchanging comments in both directions, in order to address these differences. It will be seen if compatibility will still be achievable for the first editions of the standards—or if it will remain for the future to, e.g., develop an ISO conformant PP for QKD. But a non ISO compliant ETSI Protection Profile for QKD would nevertheless be valuable, as this would be the first PP for QKD prepared by an actual evaluation laboratory, under the sponsorship of an actual evaluation authority—being the result of more than a decade of preparations and basic work in QKD standardisation in the ETSI group.

Add a comment
  • Answered By
    Profile picture for user inesrob
    Maria Ines Robles
  • 7 months 3 weeks ago
Up
0
Down

Thank you for this post. Maybe it would be nice to bring this topic into the IETF to the Quantum Internet Research Group (qirg) https://datatracker.ietf.org/group/qirg/about/. The working group is relatively new (charter approved 2020) with two documents: Architectural Principles for a Quantum Internet and Application Scenarios for the Quantum Internet. The latter mentions briefly QKD.   

  • Log in or register to post comments
  • Answered By
    Profile picture for user Nicolas.Le.Gallou@esa.int
    Nicolas Le Gallou
  • 5 months 4 weeks ago
Up
0
Down

Hi Thomas. Interesting post directly related to my project. We should exchange !

  • Log in or register to post comments

Please login to post comments

Latest Discussions

Posted in Smart Cities

Wireless Crowd Charging

  • 3 weeks 5 days ago
Posted in Blockchain

Update on the developments in several projects in Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 JWG4: Security, privacy and identity for Blockchain and DLT

  • 1 month 2 weeks ago
Posted in Quantum Computing

Towards European Standards for Quantum Technologies

  • 1 month 3 weeks ago

Recent comments

Commented in Considerations regarding locat…

Presentation of the concept

  • 4 months 2 weeks ago

Considerations regarding locat…

Commented in Open Ethics Transparency Proto…

Hi Andrea, thank you, this…

  • 5 months 1 week ago

Open Ethics Transparency Proto…

Commented in Open Ethics Transparency Proto…

Nikita,

quite interesting…

  • 5 months 2 weeks ago

Open Ethics Transparency Proto…

Commented in The EU Observatory For ICT Sta…

I am trying to do the same…

  • 5 months 2 weeks ago

The EU Observatory For ICT Sta…

Commented in Security Certification of QKD

Hi Thomas. Interesting post…

  • 5 months 4 weeks ago

Security Certification of QKD

Commented in First live meeting of CEN/CENE…

Thanks Thomas for the very…

  • 6 months 1 week ago

First live meeting of CEN/CENE…

Commented in REPORT ON STANDARDIZATION AND…

Very interesting document,…

  • 7 months 3 weeks ago

REPORT ON STANDARDIZATION AND…

Commented in Security Certification of QKD

Thank you for this post…

  • 7 months 3 weeks ago

Security Certification of QKD

Commented in semantic BIM bibliography

Thanks Vladimir, quite…

  • 10 months 2 weeks ago

semantic BIM bibliography

Commented in The EU Observatory For ICT Sta…

How to join the TWG AI ?

  • 1 year ago

The EU Observatory For ICT Sta…

Most recent tags

AI
Big Data
Blockchain

In collaboration with

Logo
Logo
Logo
  • About
    • StandICT.eu 2023
    • Partners
    • StandICT.eu 2018-2020
    • Newsletters
  • Open Calls
    • 7th Open Call
    • Closed Calls
      • 1st Open Call
      • 2nd Open Call
      • 3rd Open Call
      • 4th Open Call
      • 5th Open Call
      • 6th Open Call
    • FAQs
  • Results
    • Deliverables
    • Publications
    • Fellows Reports
    • Landscape Analysis Reports
    • Synergies
  • Success stories
    • Submit your story
  • EUOS
    • ICT Standards Academy
    • ICT Standards Observatory
  • Experts
    • EAG
    • EPE
  • News & Events
    • News
    • Events
Menu

eu-flag

The StandICT.eu 2023 project has received funding from the European Union’s Horizon 2020 - Research and Innovation programme - under grant agreement no. 951972. The content of this website does not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of such content.

© Copyright 2021 - StandICT.eu 2023

Footer menu

  • Contact
  • Privacy policy
  • Terms of use
  • About
    • StandICT.eu 2023
    • Partners
    • StandICT.eu 2018-2020
    • Newsletters
  • Open Calls
    • 7th Open Call
    • Closed Calls
      • 1st Open Call
      • 2nd Open Call
      • 3rd Open Call
      • 4th Open Call
      • 5th Open Call
      • 6th Open Call
    • FAQs
  • Results
    • Deliverables
    • Publications
    • Fellows Reports
    • Landscape Analysis Reports
    • Synergies
  • Success stories
    • Submit your story
  • EUOS
    • ICT Standards Academy
    • ICT Standards Observatory
  • Experts
    • EAG
    • EPE
  • News & Events
    • News
    • Events