Distributed Symmetric Key Exchange: A scalable, quantum-proof key
distribution system
- URL: http://arxiv.org/abs/2205.00615v3
- Date: Fri, 25 Nov 2022 03:16:39 GMT
- Title: Distributed Symmetric Key Exchange: A scalable, quantum-proof key
distribution system
- Authors: Hoi-Kwong Lo, Mattia Montagna and Manfred von Willich
- Abstract summary: We propose and implement a protocol for a scalable, cost-effective, information-theoretically secure key distribution and management system.
The system, called Distributed Symmetric Key Exchange (DSKE), relies on pre-shared random numbers between DSKE clients and a group of Security Hubs.
- Score: 1.6114012813668934
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We propose and implement a protocol for a scalable, cost-effective,
information-theoretically secure key distribution and management system. The
system, called Distributed Symmetric Key Exchange (DSKE), relies on pre-shared
random numbers between DSKE clients and a group of Security Hubs. Any group of
DSKE clients can use the DSKE protocol to distill from the pre-shared numbers a
secret key. The clients are protected from Security Hub compromise via a secret
sharing scheme that allows the creation of the final key without the need to
trust individual Security Hubs. Precisely, if the number of compromised
Security Hubs does not exceed a certain threshold, confidentiality is
guaranteed to DSKE clients and, at the same time, robustness against
denial-of-service (DoS) attacks. The DSKE system can be used for quantum-secure
communication, can be easily integrated into existing network infrastructures,
and can support arbitrary groups of communication parties that have access to a
key. We discuss the high-level protocol, analyze its security, including its
robustness against disruption. A proof-ofprinciple demonstration of secure
communication between two distant clients with a DSKE-based VPN using Security
Hubs on Amazon Web Server (AWS) nodes thousands of kilometres away from them
was performed, demonstrating the feasibility of DSKEenabled secret sharing
one-time-pad encryption with a data rate above 50 Mbit/s and a latency below 70
ms.
Related papers
- Never Gonna Give You Up: Exploring Deprecated NULL Ciphers in Commercial VoWiFi Deployments [0.0]
Many operators use Voice over Wi-Fi (VoWiFi) allowing customers to dial into their core network over the public Internet.
To protect against malicious actors on the WiFi or Internet domain, the traffic is sent over a series of IPsec tunnels.
We want to analyze security configurations within commercial VoWiFi deployments, both on the client and server side.
arXiv Detail & Related papers (2024-06-18T07:32:38Z) - The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption [43.669192188610964]
Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated databases to an honest-but-curious server.
This paper studies a new and practical security risk to DSSE, namely, secret key compromise.
We introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates.
arXiv Detail & Related papers (2024-03-22T09:21:47Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - Composable Security of Distributed Symmetric Key Exchange Protocol [5.825036587554501]
We show the composable security of the DSKE protocol in the constructive cryptography framework of Maurer.
As DSKE is scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe solution to safeguarding the network security against the threat of quantum computers.
arXiv Detail & Related papers (2023-04-26T19:14:52Z) - Establishing shared secret keys on quantum line networks: protocol and
security [0.0]
We show the security of multi-user key establishment on a single line of quantum communication.
We consider a quantum communication architecture where qubit generation and measurement happen at the two ends of the line.
arXiv Detail & Related papers (2023-04-04T15:35:23Z) - First demonstration of a post-quantum key-exchange with a nanosatellite [58.579141089302816]
We demonstrate a post-quantum key-exchange with the nanosatellite SpooQy-1 in low Earth orbit using Kyber-512.
This implementation demonstrates the feasibility of a quantum-safe authenticated key-exchange and encryption system on SWaP constrained nanosatellites.
arXiv Detail & Related papers (2022-06-02T10:45:27Z) - Experimental symmetric private information retrieval with
measurement-device-independent quantum network [2.549884936158282]
We report a realisation of provably-secure SPIR supported by a quantum-secure key-exchange network.
The SPIR scheme looks at biometric security, offering secure retrieval of 582-byte fingerprint files from a database with 800 entries.
arXiv Detail & Related papers (2021-09-27T06:56:45Z) - Experimental quantum conference key agreement [55.41644538483948]
Quantum networks will provide multi-node entanglement over long distances to enable secure communication on a global scale.
Here we demonstrate quantum conference key agreement, a quantum communication protocol that exploits multi-partite entanglement.
We distribute four-photon Greenberger-Horne-Zeilinger (GHZ) states generated by high-brightness, telecom photon-pair sources across up to 50 km of fibre.
arXiv Detail & Related papers (2020-02-04T19:00:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.