Countermeasures

Countermeasures represent security concepts and classes of technologies that can be used to prevent a technique from being successfully executed or limiting its impact.

Countermeasures: 57
QID Title Description Type
CM-0001 Privacy amplification

Privacy Amplification is a countermeasure employed in Quantum Key Distribution (QKD) systems to transform a potentially partially compromised key into a highly secure one, using hash functions to remove any patterns exploitable by eavesdroppers.

Quantum
CM-0002 True Single Photon Source

The deployment of the true single-photon source that emits one photon at a time will eliminate vulnerabilities associated with multiphoton emissions, e.g. in weak coherent sources.

Quantum
CM-0003 Decoy States Employment

The Decoy state method enhances security against eavesdropping by interspersing the signal pulses with decoy pulses of varying intensities, thereby confusing potential interceptors.
 

Quantum
CM-0006 Employing Another Quantum Protocol

Employing another quantum protocol is a strategy, where switching to alternative QKD protocols can mitigate specific vulnerabilities and enhance security against certain types of quantum attacks.

Quantum
CM-0007 Proper Implementation of Quantum Communication Protocol and QBER Estimation

Proper implementation of quantum communication protocol and Quantum Bit Error Rate (QBER) estimation is crucial for ensuring the resilience of quantum communication systems against intercept-and-resend attacks, serving as the foundation for securing all forms of quantum communication.
 

Quantum
CM-0008 Employment of Optical Isolation

An optical isolator allows light to pass in one direction while attenuating light in the reverse direction. It's usually placed on the transmitter's (Alice's) side to protect from back reflections. Using it on the receiver's side (Bob's side) is less common, as it would cause significant signal loss.

 

Quantum
CM-0011 Watchdog Detector

A watchdog detector monitors incoming light in quantum communication systems, serving as a multifunctional tool for security and signal integrity.

Quantum
CM-0012 Continuous Device Functionality Monitoring

Continuous functionality monitoring is a critical countermeasure in quantum communication systems, aimed at preserving the integrity and effectiveness of security components like optical isolators, monitors, and watchdog detectors.

Quantum
CM-0013 Employment of Optical Filters

Optical filters in quantum communication systems selectively permit only desired wavelengths or arriving-direction signals to pass.

Quantum
CM-0014 Full Device Imperfections Incorporation in Scientific Security Proof

Incorporating all device imperfections into the scientific security proof of quantum communication systems ensures robustness by accounting for all potential vulnerabilities after implementing countermeasures.

Quantum
CM-0015 Active Phase Randomisation

Active phase randomisation involves continuously varying the phase of emitted quantum signals to enhance security, with optimal implementation including monitoring of the randomisation process.
 

Quantum
CM-0016 State Preparation Monitoring

State preparation monitoring ensures that key parameters of quantum signals—such as time, wavelength, and polarization—adhere to expected standards in a QKD system.
 

Quantum
CM-0017 Detector Monitoring

Detector monitoring employs various testing and monitoring functions to ensure correct operation and detect potential malicious activities within quantum detection systems.
 

Quantum
CM-0021 Random Detection Efficiency Changing of APD

Randomly altering the detection efficiency of APDs and analyzing expected efficiencies and QBERs can detect and counteract attacks on quantum detectors.

Quantum
CM-0024 Signal Upconversion

Signal upconversion in QKD receivers, involving a nonlinear process to change signal wavelengths, offers a robust defence against various quantum hacking techniques.

Quantum
CM-0026 Time Gating

Time gating is used in quantum communication to limit detector or modulator exposure to brief, specific intervals, reducing vulnerability to external threats.
 

Quantum
CM-0027 Arrival Time Monitoring

Arrival time monitoring in QKD systems is crucial for detecting timing manipulations in protocols like plug-and-play and MDI-QKD.
 

Quantum
CM-0030 Quantum Device Optimal Design and TEMPEST

The optimal design of quantum communication devices, including QKD nodes, optical ground stations, and communication satellites, is crucial to minimize vulnerabilities to adversarial actions. 
 

Quantum
CM-0034 Passive Quantum Communication Transmitters

Passive transmitters using a linear optics network and post-selection offer intrinsic immunity against specific attacks like Trojan Horse Attacks (THA).
 

Quantum
CM-0036 External Magnetic Field Monitoring

Monitoring for abnormal external magnetic fields to detect and mitigate potential security threats.

Quantum
CM-0037 Passive Phase Randomisation

Implementing passive phase randomisation in QKD, e.g., by operating lasers in gain-switched mode.

Quantum
CM-0038 Phase Modulator Triggering

Triggering phase modulators with incoming bright light pulses to enhance QKD system security.

Quantum
CM-0039 Bit-Mapped Gating

Bit-mapped gating is a countermeasure in QKD systems that randomizes detection mappings to prevent detector-control attacks.

Quantum
CM-0040 Temperature Monitoring

Temperature monitoring detects undesired variations in critical components like lasers and detectors.

Classical
CM-0041 Quantum Source Monitoring

Quantum source monitoring controls crucial parameters like the pulse repetition period of the laser to prevent synchronization issues.

Quantum
CM-0043 Detector with Random Jitter

Introducing random jitter in detector synchronization to safeguard against specific quantum attacks.

Quantum
CM-0046 Active Polarisation State Scrambling

Active polarization state scrambling enhances QKD receiver security by dynamically altering the polarization states.

Quantum
CM-0047 Gain Modulation of the Photocurrent

Gain modulation of the photocurrent in APDs thwarts thermal attacks by adjusting response to continuous-wave power levels.

Quantum
CM-0048 Dead Time Enforcement and Gating Window Discrimination

Enforcing dead time and discriminating gating windows to secure detection timing in QKD systems.

Quantum
CM-0053 Active Reset Mechanism

Implementing an active reset mechanism to prevent permanent latching of detectors in quantum communication systems.

Quantum
CM-0055 Single-Mode Fiber Coupling

This countermeasure involves coupling all quantum states into a single-mode optical fibre before their release into the free-space channel.

Quantum
CM-0056 Single Laser Diode Utilization

Single Laser Diode Utilization aims to completely eliminate information leakage related to laser characteristics (including spatial, spectral, and temporal aspects), employing a single laser diode for state generation in quantum key distribution systems.

Quantum
CM-0057 Wavelength Randomization

A controlled random variation in the wavelength of the laser diodes used by the transmitter (Alice).

Quantum
CM-0061 Detector's Dead Time Management

Many techniques exploit a Single-Photon Detector's (SPD's) dead time. Therefore it is appropriate to manage this detector's period, e.g. by simultaneous hold-off or by self-disabling.

Quantum
CM-0062 Management of Published Information In Classical Channel Communication

This countermeasure focuses on the meticulous handling of timing data and other potentially revealing information that is shared over public channels during the QKD process.

Quantum
CM-0063 Employment of External Intensity Modulator

External intensity modulators in QKD systems ensure no timing mismatch between signal and decoy states.

Quantum
CM-0064 Triple Intensity Modulation for Side Channel Elimination

Triple Intensity Modulation technique in TF-QKD systems addresses frequency side channels by modulating signal and reference pulses.

Quantum
CM-0066 Use of Verifiable Secret Sharing and Privacy Amplification Techniques

Employing verifiable secret sharing and privacy amplification techniques to bolster security in QKD systems.

Quantum
CM-0070 Power Analysis Masquerading and Obscuring

This countermeasure incorporates several tactics to obscure the power consumption patterns that could otherwise be exploited to infer sensitive key information. These methods focus on altering the detectable computational behaviour without affecting the integrity or outcome of the reconciliation process. These methods, for example, include: Randomizing Power Consumption, Dynamic Voltage and Frequency Scaling, Randomization of Syndrome Computation Order, Insertion of Dummy Operations.

Classical
CM-0074 Quantum Threat Intelligence Program

A Quantum Threat Intelligence Program equips organizations with the capability to generate and analyze threat intelligence specific to quantum systems. This program tracks trends and developments in quantum computing, communication, sensing and cybersecurity, helping to inform defensive strategies and mitigate risks associated with quantum technologies.

An example of such a solution is SQOUT by QuDef.

Classical
CM-0076 Tamper Protection

Tamper Protection involves implementing security measures to prevent "classical" unauthorized access and alterations to the physical hardware and related components.

Classical
CM-0077 End-to-End Encryption for Classical Channels in Quantum Communication Systems

End-to-End Encryption (E2EE) is a countermeasure for securing the classical communication channels within quantum communication systems, ensuring that all data transmitted between devices is encrypted and only accessible to the intended recipients.

Classical
CM-0085 Quantum Network Traffic Rerouting

Quantum Network Traffic Rerouting is a countermeasure in quantum communication systems that involves switching to backup Quantum Key Distribution (QKD) links or altering the routing paths of quantum connections to mitigate the impact of attacks or failures.

Quantum
CM-0086 Prior Hardware Component Study

Conducting studies on individual hardware component behaviour to identify and mitigate potential vulnerabilities under various conditions.

Quantum
CM-0087 Real-time Quadrature Measurements with Random Optical Attenuations

Acquire and process quadrature measurements in real-time at randomly chosen optical attenuations to detect attacks by revealing deviations in the expected linear relationship between signal and noise variances.

Quantum
CM-0088 Pattern Recognition Using Machine Learning

Utilize machine learning with neural networks trained on simulations to recognize patterns of specific attacks.

Hybrid
CM-0089 Discarding Non-linear Data Blocks

Discard data blocks with measurement outcomes outside the linearity region while ensuring the Gaussianity of the remaining data. Applicable for CV-QKD.

Quantum
CM-0095 Proper Quantum Channel Calibration

Regular and randomized calibration of the quantum channel helps prevent intercept-and-resend attacks by ensuring accurate estimation of channel transmittance, thereby protecting the integrity of the secret key.

Quantum
CM-0096 Upgraded Trusted Phase Noise Model

Enhancing the trusted phase noise model by assuming a lossless channel for reference signal transmission can mitigate attacks exploiting phase-reference alignment vulnerabilities.

Quantum
CM-0098 True Discrete Modulation

The goal is to adopt true discrete modulation instead of approximate Gaussian modulation. The discrete modulation can offer better security assurances by eliminating the vulnerabilities associated with the finite resolution and range of the modulation devices.

Quantum
CM-0099 Variable Optical Attenuator

Variable optical attenuators (VOAs) can adjust the optical power reaching each photodiode, compensating for the differences in quantum efficiencies and restoring balance in the homodyne detection process [Kong2022].

Quantum
CM-0101 Effective Photon Lifetime Management

Ensuring that the effective photon lifetime is shorter than the turn-off duration of the laser diode can also help in mitigating phase correlations [Kobayashi2014].

Quantum
CM-0103 Advanced Laser Diodes

Employment of advanced laser diodes in the transmitter can help reduce surface attack for the side-channel attack. This include, e.g. spectral filtering and temperature-stabilized diodes, shorter gates, produced repetition rate, etc.

Quantum
CM-0104 Initializing Modulation Devices After Each Pulse

Resetting the modulation device after each pulse emission by Alice can minimize pulse correlations and protect the security of QKD systems.

Quantum
CM-0107 Replacing Intensity Modulators with IQ Modulators

Replacing traditional intensity modulators with IQ modulators can reduce pattern effects due to intensity correlations, particularly in decoy-state QKD setups.

Quantum
CM-0108 Optimizing DC Bias Conditions

Finding suitable DC bias levels for laser diodes under specific clock speeds can reduce temporal disparities and intensity fluctuations, thereby mitigating laser side channels in QKD systems.

Quantum
CM-0110 Temporal Filtering Techniques

Applying temporal filtering techniques can help remove unwanted photon detections, thereby reducing the quantum bit error rate (QBER) and improving the security of QKD systems.

Quantum