3.1 Device under study: Plug-and-play QKD

For our proof-of-concept we study the Clavis2 QKD platform, which is based on a plug-and-play scheme [23, 43]. Clavis2 was designed by ID Quantique for research and development applications, and is now discontinued [44]. Fig 2 shows the basic configuration of the involved devices. Two sides, Alice and Bob, establish a secret key using an optical fiber link. Bob sends to Alice a sequence of pulses grouped in pairs at classical power levels through the optical fiber channel. Alice measures the power of the classical pulses she receives [23], and sets a variable optical attenuator (VOA) to guarantee that the signals that get out have a proper mean photon number (typically less than one photon). Having quantum signals is what makes the whole system secure.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 2. Plug-and-play QKD device under attack.

Alice’s side includes a 90:10 optical coupler (C) that diverts part of the light for monitoring to a series of classical detectors, and the quantum part with a variable attenuator (VOA), delay line (DL), phase modulator (PM), and Faraday mirror (FM). Alice uses the PM to introduce a secret phase and makes sure that the total attenuation guarantees that the mean photon number per pulse going back to the fiber channel is less than the value prescribed by the protocol. The coupling path in our attack is shown in green (gray): a ventilation hole in Alice’s case gives light an access to the fiber spool of the DL. From there, the injected photons can get to the phase modulator and carry unwanted information to the outside fiber channel.

https://doi.org/10.1371/journal.pone.0236630.g002

Alice chooses a phase from and encodes it in the second half of the pulse pair using a phase modulator (PM), which is located after a delay line (DL) that helps to avoid problems with Rayleigh backscattering [43, 45]. Alice’s setup is completed with a Faraday mirror (FM) that compensates for polarization asymmetries in the channel. The pulses then go back through the DL, are attenuated again and cross a 10:90 fiber coupler (C) before leaving Alice.

When Bob receives the single-photon pulses, he chooses a random basis for his measurement. Depending on this choice, he can perfectly distinguish either between Alice’s states {0, π} or . If the random selections of Alice and Bob are matched, they know Bob’s measurement will show the random bit from Alice. An eavesdropper, Eve, monitoring the channel cannot learn these values without introducing errors and thus being detected.

Our attack targets the delay-line fiber spool, which in our device under study consists of 10.53 km of optical fiber. In plug-and-play QKD, the photons are sent in trains of pulses and the timing of the trains and the length of the DL are chosen so that forward and backward travelling light only meet inside the fiber spool [43, 45].

3.2 Theory of attack

Principle: The attack uses a ventilation hole on Alice’s side that allows an eavesdropper, Eve, to couple extra light into the delay-line fiber spool. In order to minimize bend losses, the fiber is wound around a spool with an internal diameter of around 16 cm. The side of the spool is open and the fiber in primary coating is exposed to the outside with the only protection of a thin plastic wrapping. The spool is placed close to a ventilation opening (see Fig 3). This location aligns well with standards that require electronic parts not be reachable from the outside [46], but it allows us to perform light injection attacks.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 3. Experimental setup for QKD system Clavis2.

(a) A collimated laser light beam (denoted by an arrow) from a fiber collimator passes the ventilation hole and couples to the delay line. We have removed a solid metal cover from the system to show its internals. (b) A picture taken in the dark shows how the light from the beam couples to the fiber spool (for this picture we used a visible green laser instead of 1536 nm).

https://doi.org/10.1371/journal.pone.0236630.g003

In our QKD fiber system, the light travels through monomode optical fiber, where different mechanisms introduce losses. We are mostly interested in reversible loss mechanisms which couple some of the photons from the guided modes of the fiber into radiated modes that leak to the outside. The two most important reversible loss mechanisms are Rayleigh scattering and bend losses. Rayleigh scattering is the dominant cause of loss in silica fibers at infrared wavelengths [47]. Additionally, bends in optical fiber can lead to losses [48–52]. This weak coupling to the outside is reversible and light coming from the outside can couple to the core and remain inside the fiber. This principle has been used before to design test tools for optical fiber networks that inject light through small bends without the need for a connector or a splice [53, 54].

In our attack, light is injected into the fiber using the reverse from these processes. Measurements with an equivalent system with a spool of fiber removed from the case suggest that light injection comes from a combination of Rayleigh scattering and bending effects. Comparing the coupling of light at 1310 and 1550 nm, we see that more photons enter the fiber at the lower 1310 nm wavelength, where Rayleigh scattering is stronger for silica fibers. On the other hand, for both wavelengths, the number of injected photons varied with the input angle of a collimated laser beam with respect to the spool (increasing the coupling for almost tangential incidence). This suggests the geometry of the fiber also plays a role in the coupling and there is a component related to direct coupling at bends.

Attack setup: The injected light passes both inwards—towards the phase modulator—and outwards—towards the channel. The photons coupled towards the channel do not carry any useful information. We want to send the light towards the phase modulator so that it will carry the secret phase information from Alice.

The real situation is complex and includes the effect of the plastic wrapping, the fan, and multiple other details, but the heuristic of directing the light close to the tangent to the curved fiber gave the highest coupling to the spool. Not all the parts of the spool can be reached through the ventilation hole. If possible, the light should enter the spool close to the modulator output, which minimizes the total loss.

In our experiment, the divergence of the beam was not critical. A fiber laser was connected to a fiber collimator a few centimeters from the ventilation hole giving a loosely focused spot on the fiber spool (of a couple millimeters diameter), illuminating multiple fibers in it. The beam properties can only be controlled up to the trellis protecting the ventilation hole. In the path to the fiber, the beam is modified, particularly by the random rugosity of the plastic that surrounds the fiber spool. Even if the shape of the spot reaching the fiber changed, during the experiment the injected number of photons did not show any significant variation when the laser hit different parts of the spool. The angle of the beam seemed to be the most relevant parameter when there was a clear line of sight.

The injected photons arriving at the PM—when it is active—collect the phase information and get reflected by the Faraday mirror. They then pass through the lossy components in Alice and come out into the channel. Eve can then measure them to extract the secret encoded value. In this way, this attack is equivalent to a Trojan-horse attack [55, 56], but it cannot be detected by monitoring the input fiber. Alice’s side in Fig 2 shows a schematic representation of our attack.

We did not study the temporal characteristics of the coupling. For simplicity we used a continuous-wave (c.w.) laser. However, the attacker can adapt the time profile of her light to maximize the number of photons that reach the active PM. A realistic attack will be in between this ideal limit and our c.w. approach. The trade-off between timing precision and total power is discussed in sec. 3.4.

Attack efficiency: Eve can compromise the system if she is able to deduce Alice’s phase settings. If Eve uses pulses longer than the time bin the PM is active, each output photon is equivalent to the time bin qubits used in the QKD protocol. The part of the light reaching the inactive modulator serves as a phase reference. Experimentally, a simple alternative would be using a homodyne detection setup (see [57] for an example of the method in a Trojan-horse attack on QKD).

We will consider attacks where Eve uses all of the output light (injected and legitimate photons). If Eve injects photons at a slightly different wavelength than the photons from Bob, she could also tell apart the injected photons from the rest with a wavelength demultiplexer, if needed. Given the low coupling we found during the experiments, Eve’s best strategy seems to be using also the photons in the legitimate channel.

The success of Eve’s attacks depends on how many photons she can get at the system output. While we can experimentally measure injection efficiency into the DL, the photons suffer additional losses inside Bob before they reach the channel. We discuss the latter below.

We first consider normal QKD operation. Let’s assume μ_A (μ_B) is the mean photon number per pulse coming out of Alice (Bob), t is the channel transmission, μ_A = 2(μ_coup + μ_VOA + μ_spool + μ_PM) is the total round-trip loss inside Alice with α_coup = 10.8 dB, α_PM = 4.2 dB α_spool = 4.6 dB α_VOA being the losses measured in the coupler, phase modulator, fiber spool and VOA respectively. We assume the Faraday mirror introduces a negligible loss. For these values (1) The mean photon numbers μ_A and μ_B are related as (2) The mean photon number μ_B can be determined from experimental measurements. In Ref. [23], the energy of the pulse coming out of Bob was measured to be E_μ 73 fJ; which leads to μ_B = E_μλ/(hc) = 5.69 × 10⁵.

We assume that the system sets the value of the VOA in such a way that optimizes μ_A for the corresponding protocol: μ_A = t for BB84 [58] and for SARG protocol [59]. Using this in Eq (2) voa we get (3) The value of α_VOA can be calculated from Eq (1) as (4) Thus, to set the optimal value of μ_A, for the BB84 protocol the system sets the VOA to a constant value while for the SARG protocol the value for the attenuation depends on the channel loss, and varies in a range roughly between 1.7 and 7.2 dB for the distances of a typical QKD link using SARG (120 to 10 km respectively).

In order to quantify the performance of the attack we need to estimate the extra mean photon number per pulse μ_ext coming out of Alice due to the injection of light from Eve. Let’s assume that Eve sends external light that reaches the fiber spool and manages to couple a mean photon number μ_inj inside the fiber in a pulse towards the PM that passes the PM during its phase-modulation window. These photons go through the PM, reflect from the FM, then pass through the PM, the delay line, the VOA and the coupler to come out to the channel. The total loss experienced by these photons is (5) For BB84, this becomes α_T = 33 dB while for SARG, this becomes α_T = 31.5 + 2.5 log t dB. The extra mean photon number coming out of Alice is then (6)

3.3 Experiment

In order to determine the mean number of injected photons μ_inj, we used a c.w. laser at 1536 nm with a power of 17.2 mW. We sent a collimated laser beam through the ventilation hole into the delay-line fiber spool (Fig 3). A single-photon detector (ID Quantique ID201) with efficiency η_d = 0.1, detection gate width T = 20 ns, and gate repetition rate f_s = 100 kHz was used to measure the injected light. The selected gate width is close to the time the phase modulator is active (∼ 20 ns [20]), thus we can directly use our photon count without any time normalization. The gate rate was chosen in order to allow sufficient time between the gates to avoid afterpulsing. The photon count data was collected from measurement at the output of the optical fiber spool. The measured dark count rate was N_dc = 25.7 counts per second and the average count rate with the c.w. laser on was N = 58.95 counts per second for the best case (maximum coupling), with both averages given from an integration time of 20 s. We maximized the number of coupled photons with a two-step procedure. First we identified the best path for the light through the metal grid into the fiber spool, finding the spots on the surface of the spool for which the photon count was higher. By varying the height of the input point and the direction of the beam, we selected the best entry points for the attack. The second optimization stage was done by fine-tuning the angle of the beam.

Assuming a Poissonian photon number distribution, we can write (7) This gives the mean photon number per pulse (or per gate) μ_inj = 3.32(21) × 10⁻³. Using Eqs (4) to (6), the corresponding value of μ_ext are found to be (8)

3.4 Attack analysis

We will show the effects of the light injection attack by studying the maximum key rate between Alice and Bob. The maximum key rate of a QKD system (in bits per pulse) is the highest number of bits Alice and Bob can extract from the photon exchange and privacy amplification stages and still be confident that the eavesdropper has no relevant information about the resulting bits. Alice and Bob can create a secret key if their mutual information I(A: B) is greater than the mutual information between Alice and Eve I(A: E). The optimal key rate is R_opt = max_A′←A{I(A′: B) − I(A′: E)} where the optimization is in A′, the result of local processing at Alice’s side.

We will extrapolate our experimental results to different laser powers in a scenario where Alice does no post-processing on her measured bits [R = I(A: B) − I(E: B)]. Our reference is the mean μ_inj = 3.32 × 10⁻³ photons per gate for 17.2 mW, which corresponds to an external illumination energy of 0.34 nJ in each time bin. While the 17.2 mW laser cannot inject enough light to compromise the system, if Eve uses a stronger laser, the results are quite different. We show examples that correspond to realistically achievable laser energies in the range of 4 − 10 μJ for each 20 ns data pulse, assuming the number of photons scales linearly with the laser power. The photons Eve manages to sneak into the system at these power levels can significantly reduce the maximum key rate. Alice and Bob, believing the outgoing photon number is smaller, might create insecure keys.

Clavis2 uses two protocols: BB84 for short distances, for channel loss up to 3 dB, and SARG04 for longer links up to channel loss of around 20 dB. While a QKD system may be designed to work at a higher loss, in Clavis2 technical limitations due to issues such as synchronization restrict the maximum channel loss to 20 dB, according to ID Quantique (private communication, 2018). For high laser powers and long distance links, Alice and Bob underestimate how much information Eve can learn and use an insecure key rate.

For SARG04 we use an approximate key rate formula [59] that is valid against different incoherent attacks (including photon number splitting) in the limit where the interference visibility V = 1. The key rate is [Eq (90) in Ref. [59]] (9) Here is Eve’s information if she has access to a quantum memory (storage attack), with H(x) = −x log₂(x) − (1 − x) log₂ (1 − x) being the binary entropy function. The actual mean photon number coming out of Alice is μ′ = μ + μ_ext. Using Eq (8) we can write (10) The key rates under the attack are calculated by replacing μ with μ′ in Eq (9) for different injected photon values μ_inj, which are extrapolated from our experiment assuming a linear growth with laser power.

Fig 4 shows the expected key rate assuming an optimal mean photon number (red solid line), and compares it to the actual key rate limit taking into account the increase in the mean photon number at the output for different laser powers (dashed lines). For the simulation, we used an optical fiber attenuation of 0.2 dB/km. We see that the maximum distance for secure communication drops for higher powers. An abrupt cutoff appears as I(A: E) > I(A: B), making secret key extraction impossible. For those powers and distances, Eve can compromise the key generation process with the injected photons.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 4. Evolution of the secret key rate R for SARG04 with the link distance for an attenuation of 0.2 dB/km.

The red line shows the rate limit estimation Alice and Bob make with their available data. The dashed lines show the corrected rate limit when the mean photon number includes the injected photons from an attacker using lasers with different total energies in the 20 ns data pulses. The maximum distance for a secure key becomes smaller at higher laser power.

https://doi.org/10.1371/journal.pone.0236630.g004

We model the attacks on BB84 assuming combined photon-number-splitting and cloning attacks [58]. From the mutual information [Eqs (22) and (26) in Ref. [58]], we get a key rate (11) for a quantum bit error rate (QBER) (12) in a system using a detector with efficiency η and a dark count probability per gate p_d. with .

Fig 5 shows the key rate limit for a detector with efficiency η = 0.1, dark count probability p_d = 5 × 10⁻⁵, and visibility V = 0.99. The red (solid) line shows the key rate estimation for the optimal mean photon number μ = t, which is compared to the key rates when the mean photon number is μ′ = μ + μ_ext, with μ_ext given by Eq (8). Note that under attack, the secure key rate R slightly improves for most transmission distances. This is because μ = t we are using is a commonly accepted approximation. A true optimal photon number that maximizes R is slightly different and can be obtained by a numerical optimization. We have verified that the latter produces similar plots, except that the attack then always reduces R.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 5. Evolution of the secret key rate R for BB84 with the link distance for an attenuation of 0.2 dB/km.

The red line shows the rate limit estimation Alice and Bob make with their available data. The dashed lines show the corrected rate limit when the mean photon number includes the injected photons from an attacker using lasers with different total energies in the 20 ns data pulses. The maximum distance for a secure key becomes smaller at higher laser power. We assumed a detector efficiency η = 0.1 with dark count probability p_d = 5 × 10⁻⁵ and visibility V = 0.99.

https://doi.org/10.1371/journal.pone.0236630.g005

To summarise, in Clavis2 the SARG protocol may be compromised with lasers producing an energy of ∼4 μJ in 20 ns or less for links in the 60–100 km range. For BB84, the injected photons have a negligible effect on the key rate for the short-distance links where Clavis2 uses that protocol. However a system using BB84 for long-distance transmission might also be vulnerable to light injection attacks. It has been shown that even a small unexpected increase of the output mean photon number may break the security of decoy-state BB84 and measurement-device-independent QKD protocols [60], which are often used at longer distances. While the known combined photon-number-splitting and cloning attacks [58] require a quantum memory, the difference between the assumed and the actual key rates opens a loophole in the security of the system and must be fixed. Otherwise we cannot claim physical security where the only limitation on the attacker is what is allowed by the laws of quantum mechanics. A QKD system should be safe not only against present attacks, but also against future, more technologically advanced attackers (who may have a quantum memory).

For a c.w. laser, 4 μJ in 20 ns translates into 200 W, which, while achievable, requires specialized lasers and could have negative side effects. At such high powers the laser could damage the plastic cover of the fiber spool, affect other components with the reflected light, or even injure people coming close the attacked equipment. However, pulsed lasers can provide the necessary energy per pulse under realistic scenarios.

In order to choose the best parameters for the pulsed laser, we need to study the communication protocol implemented in Clavis2. We take as a reference the data structure for our unit [23], where the data pulses are sent grouped in packets called “frames” with a period of 1 ms and each frame contains 1000 data pulses of 20 ns length with 200 ns period. Most of the time there is no transmission, but if we want to inject photons into each data pulse, we need a pulsed laser with a repetition rate of 5 MHz. Each laser pulse must be no longer than 20 ns and have an energy in the microjoule range. If the attacker injects her pulses into the system perfectly, she only needs to send an average power in the range of a few watt. For 4 μJ per pulse and a total of 10⁶ pulses per second, the average power for the attack is only 4 W.

At 1550 nm the eye is less sensitive to damage and, while these power levels are not safe, they are not extreme. Similarly, previous laser damage experiments have shown that a few watt can damage detectors when applied directly but not most of the parts in a QKD setup [26, 61]. Extrapolating these c.w. results to the possible damage to the exposed fiber or the covering plastic, it seems that light injection attacks at a few watt may be successful and remain undetected.

We can find many commercial lasers close to the needs of the attack: the 1550 nm lasers used in ranging applications such as self-driving cars are in the right range of pulse energies, repetition rates and pulse lengths [62].

Pulsed lasers present additional complications. Coupling to the fiber does not happen at a single strand of fiber in the spool. Light coupling is distributed at different points. While Eve could shape her pulses to maximize the energy that gets into the time bin where the PM is active, a realistic attack with a pulsed laser will not manage to inject the full pulse energy into the 20 ns bin of modulation.

There are two limit situations. In the worst case, Eve is limited to c.w. lasers, like in our experiment. In the best case there is a single point of insertion and pulsed lasers in the range of a few watt are sufficient. The single point of insertion might still be a reasonable assumption. We have attacked the fiber spool because it offers the largest target visible from the outside, but we have observed that light directed to fiber connectors or unprotected pigtails also couples inside the fiber. If there is a line of sight to these single points of insertion, attacks become viable in the lower power range.

In a realistic attack, Eve will likely be in between these two extremes. Even with distributed coupling in the spool, she can probably reduce the time her laser is active to about the frame length and thus reduce her average power to a few tens of watts.

If Eve is far from the QKD device, beam divergence owing to atmospheric turbulence and diffraction could also pose a problem. However the pulsed lasers we have suggested for the attack [62] come from ranging applications and they are already prepared to cover large distances. Most of them work close to the diffraction limit (with a beam quality factor M² between 1.1 and 1.4). In any case, an attacker should try to work as close to the device as possible.

Taking all these details into consideration, we can compare the light injection attack to the existing Trojan-horse attacks [55, 56]. In the latter, Eve co-opts the public optical channel between Alice and Bob to send light probes so that she can learn the configuration of the different optical components on each side, particularly the state of the phase modulator.

There are two important differences. First, the legitimate channel is an essential part of the communication between Alice and Bob and must always be present. However, it is an expected point of entry and there are multiple countermeasures like detectors to monitor the input and filters to attenuate unwanted wavelengths [23, 26]. A light injection attack uses unsuspected paths into the fiber for which there are no planned countermeasures. Once the photons are inside the fiber, they go together with the legitimate signal undetected. The main purpose of this paper is to raise awareness of this vector of attack so that these paths are blocked during the design of the system.

Second, for the light injection path we have found in our device, light coupling is quite inefficient. Trojan-horse light at 1550 nm can be attenuated between 60 to 110 dB, with different values at other wavelengths depending on the deployed countermeasures [57, 63, 64]. In our experiment, 17.2 mW resulted in an average of 3.32 × 10⁻³ photons per 20 ns bin (2.13 × 10⁻¹¹ mW at 1550 nm, giving a total attenuation of 119 dB before all the losses in Alice, including the variable attenuation stage). In principle, the Trojan-horse attacks seem easier to launch, as they require less power, but they are easier to detect because the input point is known.