International Association for Cryptologic Research

International Association
for Cryptologic Research

All job postings
Sorbonne Université, Paris, France
Topic: Remote attack on a quantum key distribution system. Modern-era cryptography is threatened by recent developments in quantum computing. One way of mitigating this threat is quantum cryptography, or more specifically quantum key distribution (QKD) protocol. A QKD system consists in hardware to create and transport quantum states, as well as software to interface quantum hardware with classical communication infrastructure. Literature on attacks is still limited in this field. Examples are Makarov et al., Nature Photon. 2010 and Alléaume et al., Phys. Rev. A 2016. These works mainly concern physical vulnerabilities on the hardware hence they require to gain physical access to the network in order to perform the attack. In an objective of certification and standardisation of future QKD systems, the whole spectrum of vulnerabilities must be studied, including remote attacks. The subject of this post-doc offer aims at finding attacks on a QKD system without physical access to the hardware, as well as suggesting countermeasures. In the target attack scenario, the attacker has no physical access to hardware, but he can leave a third-party software on one of the machines of the QKD system. How the attacker gains access to the machine to drop the software file is out of scope. The objective of this work is to make the third-party software modify the behaviour of physical systems in order to cause a leak of sensitive information or a denial of service. Fully software oriented attacks, such as memory scrapping or random generation weakening, are thus excluded from this work. An example of acceptable attack would be a modification of the clock by the third-party, see Jouguet et al., Phys. Rev. A 2020 (the difference being that clock modification is caused by software instead of hardware). Another possibility would be to change the physical parameters of the QKD system, e.g. by using the API of the pilot component of the system. the post-doc will focus on a specific operational QKD system. Ideal profile: PhD in quantum physics with interest for computer security or the opposite. Useful skills: cryptography; reverse engineering; software development.
Contact: Eleni Diamanti, Laboratoire d’Informatique de Sorbonne Université (LIP6)
Last updated: 2022-09-16 posted on 2022-09-14