StandICT.eu
User area
EU-OS Logo powered by StandICT.eu
  • EUOS
  • Discussion groups
  • Standards repository
  • Landscape and gap analysis

follow us

Security Certification of QKD

Breadcrumb

  • Discussion Groups
  • Quantum Computing
  • 297
  • Security Certification Of QKD
Up
0
Down
  • Posted By Thomas Länger
  • 11 months 1 week ago
  • 2 Replies

Security Certification of QKD .

The standard ISO/EN 15408 "Common Criteria" enables end users to express their specific security needs for a type of information technology systems in the form of a Protection Profile (PP). Producers can then have their products evaluated against such a PP, providing assurance to end users that these products can be securely and dependably used in the intended environment.

Quantum Communication, in the form of Quantum Key Distribution QKD, with its high security claims, is intended for areas with highest security requirements. Therefore, a rigorous security certification is necessary for end users to be reasonably assured that the installed systems will operate as securely as advertised. Currently (summer 2021), two pushes to standardise the ISO/EN 15408 "Common Criteria" security certification of QKD systems are underway, in the ETSI ISG-QKD and in the ISO SC27 WG3—both intending to publish standards soon.

The ISO group develops two standards: "ISO/IEC 23837-1 Information security—Security requirements, test and evaluation methods for quantum key distribution—Part 1: Requirements" (containing predefined security functional requirements for use in QKD PPs) and "ISO/IEC 23837-2 (…) Part 2: Test and evaluation methods". Both are currently in advanced committee draft (CD) stage and publication is planned for spring 2022.

The ETSI ISG-QKD works on a standard DGS/QKD-016 "Common Criteria Protection Profile for QKD", providing a standardised PP for a "prepare and measure" QKD system. The standard draft is edited by Deutsche Telekom Security GmbH, Evaluation Facility, with German BSI as sponsor, and is also in a quite advanced state, with publication probably still later this year.

Currently, these two approaches are not compatible, which can be explained through the fact that both activities were started independently, and only recently. For example, while the ISO puts its requirements into a new FTP_QKD family (of the FTP "Trusted Path" class), the ETSI extends the FCS "Cryptographic Support" class with a new "FCS_QKD" family. Probably both solutions are viable, but the ETSI and the ISO groups are connected through mutual liaisons, exchanging comments in both directions, in order to address these differences. It will be seen if compatibility will still be achievable for the first editions of the standards—or if it will remain for the future to, e.g., develop an ISO conformant PP for QKD. But a non ISO compliant ETSI Protection Profile for QKD would nevertheless be valuable, as this would be the first PP for QKD prepared by an actual evaluation laboratory, under the sponsorship of an actual evaluation authority—being the result of more than a decade of preparations and basic work in QKD standardisation in the ETSI group.

Add a comment
  • Answered By Maria Ines Robles
  • 10 months 2 weeks ago
Up
0
Down

Thank you for this post. Maybe it would be nice to bring this topic into the IETF to the Quantum Internet Research Group (qirg) https://datatracker.ietf.org/group/qirg/about/. The working group is relatively new (charter approved 2020) with two documents: Architectural Principles for a Quantum Internet and Application Scenarios for the Quantum Internet. The latter mentions briefly QKD.   

  • Log in or register to post comments
  • Answered By Nicolas Le Gallou
  • 8 months 3 weeks ago
Up
0
Down

Hi Thomas. Interesting post directly related to my project. We should exchange !

  • Log in or register to post comments

Please login to post comments

Latest Discussions

Posted in

Proventil: Effect Cod Accepted

  • 1 day 22 hours ago
Posted in

Proventil: Overseas Cheap

  • 1 day 22 hours ago
Posted in 5G communications

Study on Narrow-Band Internet of Things (NB-IoT) / enhanced Machine Type Communication (eMTC) support for Non-Terrestrial Networks (NTN)

  • 2 days 5 hours ago

Recent comments

Commented in Overview of CE Standardization…

Additional resources:

AFNOR…

  • 4 weeks 2 days ago

Overview of CE Standardization…

Commented in Top 5 Circular Economy Journal…

Another relevant journal is …

  • 4 weeks 2 days ago

Top 5 Circular Economy Journal…

Commented in Knowledge Engineering Framewor…

Robotics for eHEALTH

  • 1 month ago

Knowledge Engineering Framewor…

Commented in Overview of CE Standardization…

I'd include here the long…

  • 1 month 1 week ago

Overview of CE Standardization…

Commented in IEEE Standard for Autonomous R…

The standard was published…

  • 2 months 2 weeks ago

IEEE Standard for Autonomous R…

Commented in Considerations regarding locat…

Presentation of the concept

  • 7 months 2 weeks ago

Considerations regarding locat…

Commented in Open Ethics Transparency Proto…

Hi Andrea, thank you, this…

  • 8 months ago

Open Ethics Transparency Proto…

Commented in Open Ethics Transparency Proto…

Nikita,

quite interesting…

  • 8 months 1 week ago

Open Ethics Transparency Proto…

Commented in The EU Observatory For ICT Sta…

I am trying to do the same…

  • 8 months 1 week ago

The EU Observatory For ICT Sta…

Commented in Security Certification of QKD

Hi Thomas. Interesting post…

  • 8 months 3 weeks ago

Security Certification of QKD

Most recent tags

AI
Big Data
Blockchain

In collaboration with

Logo
Logo
Logo
  • About
    • StandICT.eu 2023
    • Partners
    • StandICT.eu 2018-2020
    • Newsletters
  • Open Calls
    • Closed Calls
      • 1st Open Call
      • 2nd Open Call
      • 3rd Open Call
      • 4th Open Call
      • 5th Open Call
      • 6th Open Call
      • 7th Open Call
    • FAQs
  • Results
    • Deliverables
    • Publications
    • Fellows Reports
    • Landscape Analysis Reports
    • Synergies
  • Success stories
  • EUOS
    • ICT Standards Academy
    • ICT Standards Observatory
  • Experts
    • EAG
    • EPE
  • News & Events
    • News
    • Events
Menu

eu-flag

The StandICT.eu 2023 project has received funding from the European Union’s Horizon 2020 - Research and Innovation programme - under grant agreement no. 951972. The content of this website does not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of such content.

© Copyright 2021 - StandICT.eu 2023

Footer menu

  • Contact
  • Privacy policy
  • Terms of use
  • About
    • StandICT.eu 2023
    • Partners
    • StandICT.eu 2018-2020
    • Newsletters
  • Open Calls
    • Closed Calls
      • 1st Open Call
      • 2nd Open Call
      • 3rd Open Call
      • 4th Open Call
      • 5th Open Call
      • 6th Open Call
      • 7th Open Call
    • FAQs
  • Results
    • Deliverables
    • Publications
    • Fellows Reports
    • Landscape Analysis Reports
    • Synergies
  • Success stories
  • EUOS
    • ICT Standards Academy
    • ICT Standards Observatory
  • Experts
    • EAG
    • EPE
  • News & Events
    • News
    • Events