ETSI Releases World’s First Protection Profile for QKD
February 15, 2024 -- This constitutes a major milestone on the path to the certification of QKD products. The Protection Profile was developed within the framework of the ETSI Industry Specification Group ISG-QKD, to which ID Quantique has contributed since its inception in 2008. The Protection Profile has subsequently been fully validated by the SGS evaluation lab in Graz, and the evaluation has been certified by the German certification body BSI.
Common Criteria and the GS QKD 016
Security evaluation and certification is globally recognised as a prerequisite for qualified deployment in real-world applications. It is the only objective way for customers with limited expertise to assess the security credentials of complex QKD solutions. However, effective evaluation becomes difficult if there isn’t an agreed set of standards against which to benchmark security performance.
Common Criteria defines the procedures and elements required for standardisation, including:
- characterization of the optical components used
- protocols and algorithms
- implementation security against particular attacks
- generic security requirements
As the QKD market matures, government customers within Europe will require solutions evaluated to the established Common Criteria for Information Technology Security Evaluation (ISO/IEC/EN 15408). Specific use cases for dedicated industry applications may also require unique security requirements, against which QKD solutions will need to be evaluated.
The GS QKD 016 standard represents a significant milestone in this respect. There is still work to do, with quantum optical evaluation labs still in development – a final phase being managed by the EC project team “Nostradamus”, led by Deutsche Telekom.
ID Quantique, in the meantime is ensuring that its own internal processes are “Common Criteria ready”. This is further evidence of our commitment to standardisation and will help streamline product evaluation once final criteria will have been established.
Global efforts towards standardization
In addition to the ETSI group, several standardisation bodies are also working on QKD.
The CEN/CENELEC Focus Group on Quantum Technologies (FGQT) was established in 2020 and its goal was to prepare European standardisation of Quantum Technologies. In March 2023 its successor, the new joint technical committee JTC22 was founded in CEN/CENELEC, dedicated to the development of standards for European industry and research. The European Commission continues to publish rolling plans for ICT standardisation, including RP2023 for Quantum Technologies.
Elsewhere, the International Telecommunication Union (ITU) is undertaking its own standardisation efforts, with an active work programme: Framework of quantum key distribution protocols in QKD networks. Contributing members of the ITU work group include: The Centre for Quantum Technologies (CQT) in Singapore, the Infocomm Media Development Authority (IMDA), SK Telecom, ID Quantique, the National Institute of Information and Communication (NICT) and the National University of Singapore. With both ISO and IEC pursuing their own standardisation efforts, 2024 is likely to be a landmark year in the development of quantum technology standards.
In parallel, ID Quantique is in the middle of an evaluation process of its QKD products and related key management systems in countries such as South Korea, with the Korean National Security Research Institute (NSRI). It is currently undergoing intensive testing of its optic properties through the Korea Research Institute of Standards and Science (KRISS) to satisfy the preliminary conditions before the evaluation process. In 2022 in Korea, IDQ installed a QKD network connecting 48 government organizations with its partner SK Broadband.