IETF Logo Mail Archive

Re: [saag] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08

Chonggang Wang <Chonggang.Wang@InterDigital.com> Sat, 12 February 2022 12:53 UTC

Return-Path: <Chonggang.Wang@interdigital.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 201F43A130F; Sat, 12 Feb 2022 04:53:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=interdigital.com header.b=Uf33OeQr; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=interdigital.onmicrosoft.com header.b=pBrAwRQf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F52kPOEEeWJ1; Sat, 12 Feb 2022 04:53:04 -0800 (PST)
Received: from esa2.hc3352-98.iphmx.com (esa2.hc3352-98.iphmx.com [216.71.148.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B3F43A0FC1; Sat, 12 Feb 2022 04:53:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=interdigital.com; i=@interdigital.com; q=dns/txt; s=esa; t=1644670384; x=1676206384; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=T+4Fpjq5hH0sn06m6hmv8ya6DR+lRehcrBBp+g+oX/4=; b=Uf33OeQrTKMYq/yhN+CNN4OB/iPSrD6NWIbWNrkwyVaYTOPeN6KZ/hog Xj/NR435tKzR8J26mNhFCzWeFqjb8WJh9N9Zwet1vpcoxjE4M3LTImH1m iAoIJ21LziJzNqsfvVvcRlhrwzThbCjJiZCZJJaG0a1bxRh67QY0BvjHB 8DVV6nEb8SdceLfyGYlowxWquyhky382xTTbaqM8BGkGD+8gi8tJ+RQ4u NssTsHoHijPwgdBj9YNg994Zrbk7egG7WBsvHqIEmB7brPhn1g98urGhR IhpMRe/vdxcext3hz8PIU2GNUXt1QLIetbvDKlFmr/P4SR0NvVOx+ip64 Q==;
Received: from mail-bn8nam11lp2169.outbound.protection.outlook.com (HELO NAM11-BN8-obe.outbound.protection.outlook.com) ([104.47.58.169]) by ob1.hc3352-98.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2022 07:50:01 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kDqJks4N1hXlljqYypmbM2JBGqM6nYiN/VgPMt7Ieiq8x2cOMJPqQ8tIiQgP2WF0amMTMnh9FbqVoBNSOrvLMlCskBbU7jIBvTVLT7A8SbY4lycgyi6B/UgP9Sc7nTKP9a9DmfNk386aZ0605hGvRW9Qib+kfV+Xjp3aRS/0Ffb+l/fn5RUORUhm5kJ17zHWGD3Q7Mnmh3gXSBvVlYY370tp7zm0bJZTXxMzJCqlabuo5sbjOx6yX6Iyvkh0KNrqY+W4M/vThD3eawFBcCkmSuHR5E0ugQZyZ1WNZ8xoxjxxlfyg523xBOjviZWbPo34ZNCP87UJjR0q3xF2aB9jGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F2brCVlcIqXM1geeZ8GT/7LJ+a8j2/VpwJYM+rs90i8=; b=hTMBZD5RHpR6IzqKsOaTWoYQ81foaZuj1gG175DewSNS1JfITylKcqVdNtNEmNUzxpTb8mh/+hJaVTJ/gMur3CmEDZPkVm9ZTUFgiXRAG5GNRGiSOeZNqqSq2vI0vPskU8vmiYkH7qKmqy+kkBfSZTgHjXiMS1VxIEPBPTOzg8Lt9q2BPH+6BODElGQW5Cfgn+cKPfFBCQDyUYwoX3UqTShk0uEm8ishA759LVOVCWHev1tqZdttsFtdxosoNaB12eGE2M6RSHzjwqlYF6njCNJfY80c6wU1NozEC4TC4ce0Qt0Q78NzYdeLuk6kZ+ZdyUhaowZZIlto3h3lXC2BhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=interdigital.onmicrosoft.com; s=selector2-interdigital-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F2brCVlcIqXM1geeZ8GT/7LJ+a8j2/VpwJYM+rs90i8=; b=pBrAwRQfpxVyX9bZZMWz/VsrxRj8q08ba3IjTSW5hUIEDly0IWq1Jf06kfZg3o4mjPkSv3hIN086ddK9SdqYUWpsdgrqeQT9JTtoLyHpMk3Jd4F37MSCLDj6xy7XGTBE3QEStKFglcmdy+J0gSxL+83ssBbC7tBybN4TkCpE/zc=
Received: from BN0PR10MB5096.namprd10.prod.outlook.com (2603:10b6:408:117::23) by CY4PR1001MB2279.namprd10.prod.outlook.com (2603:10b6:910:41::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Sat, 12 Feb 2022 12:49:58 +0000
Received: from BN0PR10MB5096.namprd10.prod.outlook.com ([fe80::a897:1084:762a:7d3f]) by BN0PR10MB5096.namprd10.prod.outlook.com ([fe80::a897:1084:762a:7d3f%4]) with mapi id 15.20.4951.019; Sat, 12 Feb 2022 12:49:58 +0000
From: Chonggang Wang <Chonggang.Wang@InterDigital.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "qirg@irtf.org" <qirg@irtf.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>, saag <saag@ietf.org>
Thread-Topic: Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
Thread-Index: AQHYIAwH8zEQdGvQAkOzECXdhs8fp6yP3bVg
Date: Sat, 12 Feb 2022 12:49:57 +0000
Message-ID: <BN0PR10MB5096558FEF15C44C9C9672F2F8319@BN0PR10MB5096.namprd10.prod.outlook.com>
References: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=InterDigital.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 07853432-db87-4dc4-6e6e-08d9ee262d19
x-ms-traffictypediagnostic: CY4PR1001MB2279:EE_
x-microsoft-antispam-prvs: <CY4PR1001MB2279A2ACB5F1E349178534B8F8319@CY4PR1001MB2279.namprd10.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: W6IUzKVF/URYCYvHp2fYa4sSpyb7SHj5F5ccCqI4klswVuXluewTwHwcno7ZmLr8TanW9iIJHieVtDy6Qap0+niE/hV6XlzXPqlZ/8A6/+Bhtzp9s8SZUnSxvnzFCv63FuvABGZeEfkMqtO8/stuh6XSbCqrE7H0gnIemyPE4X3mPdI0VnnqlHnEGTEWQbWrCzQutxEqSV5aUrJbJ63OL+0IwsuWeLYzWTmwNxjGCoWfEINhzM1WK0nJZ+TzqFIZpH53tDdXHxwct72OFMngw5agbcbDzPwvgj3FZQQQIdkkYsLxv+LjO7lYWTZwHUOlIdLu6ldzSfq2+aJsb1WEAeTPoLYTRHu6ZUdbXXjpIxQ9USIix4wVbD/3zEYnS42HKruhY0IqgPvGKOEOeUZ2Mck5Xaf9hlfQizeedXMJEQ7UEf1RSF7Wxo9X5vULbxxQOinTpRTxxZ3ngsF3tQbdQnNkrBJQgIyu5ciRsYggNj6tkYuxgsxXiOEUdcX445geCdze0jrI2c4DA14ViI3zpox0HrIlhTHbzqz2EKoeD7oiHW46KrQ5Ny784eFf1T/Sq7dqoZJDM8+g1Mu7/Dhe67HBo2upCDG9E8OvKM3rxJkvzW13PxSM8jzthHebKaAQ8FhxrQDVYPINZjK8QyRehIn8AYL0bP9s3hQ0fNQ/3ViXIT5nspHkbbGbzrlLRc20oURRsNmlg9y+sAIraSz0B1jsdkFQTELxaimdtbAmdvw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5096.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(26005)(7696005)(9686003)(53546011)(6506007)(9326002)(83380400001)(8936002)(186003)(66574015)(55016003)(15650500001)(5660300002)(2906002)(52536014)(38100700002)(110136005)(38070700005)(54906003)(508600001)(316002)(71200400001)(122000001)(4326008)(86362001)(8676002)(66556008)(66476007)(66446008)(64756008)(76116006)(66946007)(33656002)(85282002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XIUKvuDZ+Pwllw6PvNrhfxw2ihzrhC10Axt7/uoOpqovzLHmze6YlbYlpb9/lB7CPg06MLexkaTv2eldSGZpqR3+y2K9l5ycHOy0a9fSZlcU3xti/CbPmFP7o9hfLexfYIoeRDAPNrJ8XiFAiWQPTikogg9SzKsOf0rXUfjpQbGPQWSKcGuDmCy/PlxX80vicocn4LuTkVMjDIbKMFtWyKLBP+d8WHB634kUWz1eOhC9unixM7HR6g4EpCJ1fuqBJMlc6AeDFDJo1Le67Z/Ws6dk6bHzIeqB6RnqWGku+MR8yplMc8bqoCXA5+BalrG/L9PKLU239KivD4a4iCpBVeQqnulMXDyqvVI1qxfvlJm771D/47Usl+IuXa8QqQu6y8YBaOhGCHIG9GQWiptLr+mLKTi5Pxt1cyKEIQDi5xjUyCzbZA3CW77v+1dZ4SiVciXMjddEo9urQ2AlhIN1q2lt7cb3SEyW7KBLeYQS3k5wlpi0BQLZoqALPZstOl7J6BVrgAPnZUXj+KRr0tLLR4f8J4goVsYd3RPWaAnws2qWlTo6eeqByIk5njJ/KcbkRs9btLAZG66jJkyhDspxnXYhIe4SsjFsFsP+qunrK+pblNUbYMjz18c/OaKuRVvl0BOIGUkvZ6n3j/kdXKRXy7K68EgP6GdPMb1EnEgImu+Nx6QDzVHRHk6etOWjrIWaq0q2XwGw1BZ7ofKnu8YhOf0b7SnMWb47+JwY7yVZtCAcJJ2VthW+MHWFBsyHNGcPpRPlwL4WYEorHFI9VwwgpNeEmWBPauwIHFg0NPD33oH3FdKQqsTDWGfMGM7Qc28uPj6db7dQo6dETITyuH3BjlobTGgjPZe7SdhPsKTsMsP6vDKiq/n7iQpIIiJS//POi81EdG7GuIKjulu70pJYjpFOYDRcn6+qVpSJfVWz+rL194lereLNvH/jYESW3LyCc9hq6a7oYHFmnszH8VJTJWE0VMaiClMf0h8TsWbjKoF7HA5eLhYkuNnxa5TDCuYorp9rXakKVvA+/wlXiRFK7yFvkedwdwhjmTk9M9sR4NhSW8VafcGzvr/9wk4w8WmfLBIylX4zHcx2LR1Qpb972dgDjHGAJ3/c4aPEdkdubHbMpNPSesJ1oplsOb5umlylysx+HUE9G5Ruadb1SX5zc9dYIYZ7Yo77anZNdaH0U6/sLGUuotxtFQpsNcbP8GOy7XUvFVSqeAFfGoI4ACztWbqhAEEbIqdDHgDWM4rK972GrC9dc1rxrxqYwND+rHzztM0r1fEHHDcerOUGOfMgxdCoKGmnERHiVhiDS32WeuieX+TnritEtNMOhTglQD34u5czWz83dqLL3axqLrPiNTUE9AvLiiIyomKBgJVYjBe0ckhpKRxgIEIcB7Is+rrOkQRHdU+lyIw1JCjAJBxB30SWDS2VsPNhnR06cNtpFfueK3UmjXUhjc+5yq0ghHMt3DrVpSiARXBMb3VxL2zi2eFMkVdgdX9WdAqndi7KFnm8STCuPOMUd/qKMeg5LKyMmB6fTbAZDTcmkL3k09aEh60elcPBPQiiJ9r/3Y7OcXAAbUeBTfbhbp8rYm8Yt3gzhS6lxI2xgNnBWu5C/1DZaN5/cnnf7XvVCUaSetxySW7hHXduZjHMIHpJmOHReq5TWviSHko4Jw2K5qsIlH6Xuw==
Content-Type: multipart/alternative; boundary="_000_BN0PR10MB5096558FEF15C44C9C9672F2F8319BN0PR10MB5096namp_"
MIME-Version: 1.0
X-OriginatorOrg: interdigital.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5096.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07853432-db87-4dc4-6e6e-08d9ee262d19
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2022 12:49:58.0727 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e351b779-f6d5-4e50-8568-80e922d180ae
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fXS0G1K23h5K8zloxq/CvssH2lDc2tyOZTmYhmbRYJC5qkmUTSS+Wj5IbH1d+kc7EEzoc/dEVAcpIJOUZIVduXxLDOtXSH8A71YEBQuAx2g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1001MB2279
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sDdVRNpCUfdgYTUZGjklT3JxuxY>
Subject: Re: [saag] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Feb 2022 12:53:09 -0000

Hi John,

Thanks for your feedback. We will incorporate your suggested texts to the next version of this document.

Best regards,
Chonggang

From: Qirg <qirg-bounces@irtf.org> On Behalf Of John Mattsson
Sent: Saturday, February 12, 2022 7:36 AM
To: qirg@irtf.org
Cc: cfrg@ietf.org; saag <saag@ietf.org>
Subject: [Qirg] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08

 
Hi,

I think this document is progressing nicely, but the security considerations are severely lacking. I don't think the document can be published without additions to the security considerations. The document mostly focuses on that fact that QKD is information-theoretically secure but misses a lot of practical security weaknesses. Only relying on QKD would catastrophically decrease the security of modern networks and augmenting modern networks with QKD does not make a significant difference.

I think the security consideration has to mention zero-trust as well as referring to the very good overviews given in [3][4][5].

Suggested text:

"
Modern networks are implemented with zero trust principles where classical cryptography is used for confidentiality, integrity protection, and authentication on many of the logical layers of the network stack, often all the way from device to software in the cloud [1]. The cryptographic solutions in use today are based on well-understood primitives, provably secure protocols and state-of-the-art implementations that are secure against a variety of side-channel attacks.

In contrast to conventional cryptography and PQC, the security of QKD is inherently tied to the physical layer, which makes the threat surfaces of QKD and conventional cryptography quite different. QKD implementations have already been subjected to publicized attacks [2] and the NSA notes that the risk profile of conventional cryptography is better understood [3]. The fact that conventional cryptography and PQC are implemented at a higher layer than the physical one means PQC can be used to securely send protected information through untrusted relays. This is in stark contrast with QKD, which relies on hop-by-hop security between intermediate trusted nodes. The PQC approach is better aligned with the modern technology environment, in which more applications are moving toward end-to-end security and zero-trust principles. It is also important to note that while PQC can be deployed as a software update, QKD requires new hardware.

Regarding QKD implementation details, the NSA states that communication needs and security requirements physically conflict in QKD and that the engineering required to balance them has extremely low tolerance for error. While conventional cryptography can be implemented in hardware in some cases for performance or other reasons, QKD is inherently tied to hardware. The NSA points out that this makes QKD less flexible with regard to upgrades or security patches. As QKD is fundamentally a point-to-point protocol, the NSA also notes that QKD networks often require the use of trusted relays, which increases the security risk from insider threats.

The UK's National Cyber Security Centre cautions against reliance on QKD, especially in critical national infrastructure sectors, and suggests that PQC as standardized by the NIST is a better solution [4]. Meanwhile, the National Cybersecurity Agency of France has decided that QKD could be considered as a defense-in-depth measure complementing conventional cryptography, as long as the cost incurred does not adversely affect the mitigation of current threats to IT systems [5].
"

[1]  NIST, Zero Trust Architecture, August 2020
[2] Physical Review A 78, Experimental demonstration of time-shift attack against practical quantum key distribution systems, October 28, 2008, Zhao, Y.; Fung, C.; Qi, B.; Chen, C.; Lo, H.
[3] NSA, Post-Quantum Cybersecurity Resources
[4] National Cyber Security Centre, Quantum security technologies, March, 2020
[5] ANNSI, Should quantum key distribution be used for secure communications?, May 2020

v2.23.0 | Report a Bug | By Email