Archive

Archive

Blog.Telekom

Dr. Lars Hanke

0 Comments

What do devices need to be able to do if they want to communicate securely with quantum encryption? And just as importantly, how can this be reliably verified? 

The first certified protection profile for a QKD application comes from Germany.

The first certified protection profile for a QKD application comes from Germany. © iStock

The final accolade is short and sweet. The German Federal Office for Information Security (BSI) has assigned the consecutive number BSI-CC-PP-0120-2024 to a profile for the secure exchange of quantum keys and lists it on its website. This certified profile also receives the highest honors in the plenum of the European Telecommunications Standards Institute (ETSI). A simple document thus becomes a trend-setting industry standard, and my team at Telekom Security GmbH has every right to be proud of it. After all, we have been working on this for around two years on behalf of the BSI.

At first glance, this may seem a little long. And although the technical part of developing a protection profile (PP) is very complex, it only takes up a fraction of these 24 months. The time-consuming factor is a different one. A protection profile must take many interests into account if it is to be suitable as an international standard. These interests are sometimes conflicting, and in extreme cases the positions can be far apart. Over and over again, the wishes of device manufacturers, security authorities and telecommunications service providers have had to be balanced on a scientific, technical or legal basis. However, there are clear rules for a protection profile that do not allow any diplomatic ambiguities. Otherwise it cannot be certified. And it was under these framework conditions that we reached an international agreement on a draft that was ultimately established as a European standard by the ETSI.

What QKD does

But back to the protection profile itself. Quantum Key Distribution (QKD) is a quantum-safe technology that is used to generate random code keys. This is done on the basis of quantum properties, for example the properties of optical signals. What do these quantum properties do? That any attempt to intercept or manipulate the key on the transmission path can be mathematically proven to result in such compromised parts not being used. This ensures that only secure keys are used. The profile now specifies the protection requirements that devices using this technology must meet. Something like this is needed for a binding approval scheme for the industrial production of telecommunications equipment.

Two global firsts included

In the ETSI working group, manufacturers, researchers and security experts from all over the world have contributed their know-how, reviewed and discussed our draft. These included Toshiba, the University of Waterloo in Canada and, of course, the BSI as the client. With the BSI certification, the protection profile can now be used worldwide for security assessments according to the Common Criteria (CC). The CC are a global scheme for IT security. It is considered normative even if the respective national certification authority does not prescribe ETSI standards.

ETSI lists the standard under the cryptic designation GS QKD 016 V2.1.1, behind which the certified profile from our pen is hidden. In fact, it is the first of its kind in the world, and in more ways than one. It is the first protection profile for a QKD application. But it is also the world's first PP according to the new version of the Common Criteria, called CC:2022. Our work has paid off.

A package lies in front of the entrance door

Blog.Telekom

TR4xx@DTSecurity

0 Comments

Security: Moqhao masters new tricks

News from the Moqhao malware family. It attacks Android smartphones and has now even learned to overcome CAPTCHA.

FAQ

Cookies and similar technologies

We use cookies and similar technologies on our website to save, read out and process information on your device. In doing so, we enhance your experience, analyze site traffic, and show you content and ads that interest you. User profiles are created across websites and devices for this purpose. Our partners use these technologies as well.


By selecting “Only Required”, you only accept cookies that make our website function properly. “Accept All” means that you allow access to information on your device and the use of all cookies for analytics and marketing purposes by Deutsche Telekom AG and our partners. Your data might then be transferred to countries outside the European Union where we cannot ensure the same level of data protection as in the EU (see Art. 49 (1) a GDPR). Under “Settings”, you can specify everything in detail and change your consent at any time.


Find more information in the Privacy Policy and Partner List.