Defending quantum-based data with quantum-level security: a UK trial looks to the future

British Telecom and Toshiba have launched a trial of what they say is the world’s first commercial quantum secured metro network (QSMN) that aims to securely encrypt valuable data and information over standard fibre optic links using quantum key distribution (QKD). The companies will operate the network for an initial period of up to three years.

During this part of the trial, BT and Toshiba are augmenting the existing public key-based, cryptography-based solution for distributing keys with a quantum-based one, which is then future-proof against quantum computers, said Andrew Lord, senior manager of optical research at BT.

Courtesy of British Telecom

QKD does not transmit data – it allows the sharing of encryption keys using quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. Quantum computers – which are so far only in development – could quickly crack current public-key cryptography, leaving today’s networks incredibly vulnerable to attacks.

EY, one of the Big Four global accounting firms, is the network’s first customer to connect quantum secure data transmission between two of its London offices, one at Canary Wharf in London’s Docklands and the other near London Bridge.

BT and Toshiba first pitched their commitment to creating a trial network in October 2021. But in a statement at that time, the companies said: “The brand-new network will connect sites in London’s Docklands, the City and the M4 corridor, and will provide data services secured using QKD and post-quantum cryptography (PQC).”

Although PQC is not yet being used, it will be implemented as part of the trial in the next year or so, Lord said.

QKD and PQC for the Future

Alexander Ling, director, quantum engineering program at the National University of Singapore, explained how QKD and PQC would work together.

One of the major concerns that has developed in recent years is that bad actors are using  store-now-decrypt-later techniques to collect data in transit and then working at leisure to decrypt the data stream, he said.

This concern has only grown with the advances in quantum computing technology, where it is well understood that a sufficiently powerful quantum computer can enable rapid decryption of the most commonly used encryption techniques.

To defend against this vulnerability, the quantum communications community is proposing that data connections be equipped with quantum-safe technologies, such as QKD and PQC, Ling said. These two approaches are complementary – QKD works on the physical layer, while PQC is  software-based, he said.

Using a blend of these techniques will allow the data connections to be stronger than existing protection methods and enable networks that are “quantum-safe” – that is, safe from quantum computer attacks, Ling said.

One of the issues, though, is understanding how to build this hybrid quantum-safe network that uses both QKD and PQC, according to Ling. QKD is mostly useful only for fixed nodes, while PQC can be used for mobile devices. The drawback is that PQC cannot provide the long-term guarantees of QKD.

“So, an open question is how to build this hybrid network,” he said. “Therefore, commercial pilots, such as the one in the UK, are important steps forward.”

QKD Limitations

Imperfect implementations of QKD could compromise security, Ling said.

“This can be a problem,” he said. “But it is important to understand the nature of the problem. It is not a software-type problem, which allows the usual software hacking cases that we usually hear about. Instead, the attacker requires the ability to access physical infrastructure, to physically probe the QKD appliances. This barrier to entry dramatically reduces the attack surface on the technology.”

Lord agreed that QKD had to be implemented in a secure way.

Quantum technology has been “provably secure,” Lord said. And while the information is theoretically secure in principle, it has to be implemented securely at every step of the way.

“We need to make sure that the implementation (that in our case Toshiba has designed, in conjunction with ourselves in terms of the integration of that with the wider network), that all of those bits are secure as well because a secure network is only as good as its weakest parts,” Lord said. “A lot of the behind-the-scenes work that we’re doing with Toshiba and internally with the BT security teams is making sure that all those end bits are just as secure as the bit in the middle.”

Research and development into QKD continues to be an active area and will only grow in tandem with increasing adoption by the commercial sector, according to Ling.

However, one of the main limitations to widespread adoption of QKD is distance – QKD has some limits on its transmission due to the physics involved, said Mark Carney, a security researcher focused on quantum studies. Some systems have a maximum distance of 14 kilometres for their key exchanges, while some Chinese teams have demonstrated more than 800 kilometers.

“To overcome this, you can use repeaters, but there is a big issue around how to trust these intermediary devices,” he said. “How do you maintain that these have not been compromised? That’s a major additional problem.”

Man-in-the-middle attacks

But the use of those repeaters could lead to man-in-the-middle (MITM) attacks, according to Mark Horvath, senior research director at Gartner Inc.

“In regular optical networks, to get it to go any distance you have to boost the signal, you have to add energy into the line and that helps you cover a lot of distance,” he said. But that doesn’t work for quantum key distribution.

Courtesy of Gartner Inc.

“You only go so far, maybe 60 kilometres, on a good day maybe a 100 kilometres, and the signal fades,” Horvath said. “You can’t boost it because boosting it is the same thing as touching it, and if you touch it, it breaks while it’s in that channel.”

The answer for companies is to enhance the distance of the transmissions with repeaters.

“To do this over a 1,000 kilometres, for every 100 kilometres, you basically have to read the data and then upload it to the next segment and you move it down the network that way,” Horvath said. “But anytime you do that, that spot right there where you download and upload is susceptible to a man-in-the middle-attack, just like everything else in the universe.”

However, researchers are working on this, especially through projects such as the European Quantum Internet project, Carney said. The project aims to build an EU-wide quantum network where ideas can be developed for improving range, managing interference (both natural and malicious), as well as needing to address ideas of quantum trust.

In a white paper published in March 2020, the National Cyber Security Centre said it didn’t endorse the use of QKD, saying in part that it was susceptible to MITM attacks because QKD did not have adequate authentication protocols in place.

Lord, however, said that BT and Toshiba’s network is protected from MITM attacks through quantum-safe classical cryptography authentication.

“The way we are authenticating our endpoints, our boxes, we’re still using classical techniques,” he said. “You can use post-quantum algorithms to improve the authentication, and that’s what we’re doing. We’re not using quantum to authenticate. That’s not something that exists yet, although that’s coming later. All we’re claiming is that once we have an authenticated network, that we’re then using quantum key distribution to generate large numbers of secure keys.”

In the trial phase, the companies are expecting to learn what customers will do with the technology, not whether the technology works.

“We already know that [the technology] works. This is not a physics trial. We’ve done that before,” Lord said. “The point of this is to go much further. It’s one thing to say, ‘Yeah, we’ve got quantum-secured links,’ but how does that turn into something that can be productized, sold, and consumed by customers?”

First Commercial Customer: EY

EY, which is working with BT and Toshiba, said quantum computing is a fundamentally different way of computing with many transformational applications, including the potential to disrupt the current standard means of securing data and communications.

Even if it takes longer than anticipated for the technology to reach maturity, the risk to the security of data and communications from “harvest-now decrypt-later” attacks means that organisations can’t afford to wait and see what might happen – they really need to act now, according to email responses from the EY team provided by spokesman Adam Holden.

“This is one of the principal reasons we are working with BT and Toshiba on the quantum-secure metro network, which uses quantum key distribution to protect data in transit,” EY said.

The security of clients data is a strategic priority for EY and the business case for participation in the QSMN was strengthened by the significant support and partnership provided by BT.

It also helps that the trial is using a standalone network and leverages mainly existing infrastructure, with the QKD units housed in standard server rooms and information sent using primarily existing commercial network infrastructure.

“We believe that now is the time to be engaging with and understanding quantum technologies,” the EY team said.

Transformational opportunities

Outside of security, for example, EY said that quantum presents an opportunity for enterprises to reimagine their business models and the technology has shown potential to transform the approach to solving some of the world’s most complex challenges, such as:

• Developing new battery materials.
• Finding new treatments for disease.
• Planning and optimising energy grids and delivery routes.
• Across broad fields such as artificial intelligence, digital twins, and communications security.

“We are looking at a broad set of quantum use cases, including security, and starting experiments to test the opportunities and challenges posed by quantum technology,” according to EY.

While no employee or client data will run through the network at this stage, EY said that the sorts of data it may transmit using the quantum network in the future could include:

• Confidential mergers and acquisition calls and data.
• Provisioning virtual data rooms.
• Transactions data.
• Intellectual property.

EY said that it is aware of the potential limitations of both QKD and other approaches to protecting data.

“For EY, the network runs on a fully physically and logically separate link using only test data,” EY said.

Even with test data, this is encryptable at a binary level using existing cryptographic schemes, such as the Advance Encryption Standard, EY noted. But it also gives EY and its clients the opportunity to explore future post-quantum cryptography solutions and take advantage of upcoming guidance from bodies such as the National Institute of Standards and Technology in the U.S.

“Cybersecurity threats continue to evolve at pace and this trial is just one of a number of investments we have planned over the coming months and years to help our clients secure their data and their future in the quantum age,” EY said.