ETSI GS QKD 008 V1.1.1 (2010-12)

Group Specification
Quantum Key Distribution (QKD);
QKD Module Security Specification
Disclaimer
This document has been produced and approved by the Quantum Key Distribution (QKD) ETSI Industry Specification
Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the
views of the entire ETSI membership

2 ETSI GS QKD 008 V1.1.1 (2010-12)

Reference
DGS/QKD-0008
Keywords
analysis, protocols, Quantum Key Distribution,
security, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI GS QKD 008 V1.1.1 (2010-12)
Contents
Intellectual Property Rights . 5
Foreword . 5
Introduction . 5
1 Scope . 6
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 13
4 Functional security objectives . 14
4.1 Security requirements . 14
4.2 QKD module specification . 15
4.2.1 Types of QKD modules . 15
4.2.2 Cryptographic boundary . 15
4.2.3 Multiple approved modes of operations . 15
4.2.4 Degraded functionality . 16
4.2.5 Security strength of the module . 16
4.3 QKD module physical ports and logical interfaces . 16
4.4 Roles, authentication, and services . 17
4.4.1 Roles . 17
4.4.2 Operator authentication . 17
4.4.3 Services . 19
4.5 Software security . 20
4.6 Operational environment . 21
4.6.1 Operating system requirements for modifiable operational environments . 21
4.7 Physical security . 23
4.7.1 General physical security requirements . 24
4.7.2 Multiple-chip embedded QKD modules . 25
4.7.3 Multiple-chip standalone QKD modules . 25
4.7.4 Environmental failure protection/testing . 26
4.7.4.1 Environmental failure protection features . 26
4.7.4.2 Environmental failure testing procedures . 27
4.8 Physical Security - Non-Invasive Attacks . 27
4.9 Sensitive Security Parameter (SSP) management . 28
4.9.1 Random bit generators . 28
4.9.2 SSP Generation . 28
4.9.3 SSP Establishment . 29
4.9.4 SSP Entry and Output . 29
4.9.5 SSP Storage . 30
4.9.6 SSP Zeroization . 30
4.10 Self-Tests . 31
4.10.1 Pre-Operational Self-Tests . 31
4.10.2 Conditional Self-Tests . 32
4.10.3 Critical Functions Tests . 33
4.11 Life-Cycle Assurance . 33
4.11.1 Configuration Management . 33
4.11.2 Design . 34
4.11.3 Finite State Model . 34
4.11.4 Development . 35
4.11.5 Vendor Testing . 36
4.11.6 Delivery and Operation . 36
4.11.7 Guidance Documents . 36
ETSI
4 ETSI GS QKD 008 V1.1.1 (2010-12)
4.12 Mitigation of Other Attacks. 37
Annex A (normative): Summary of Documentation Requirements . 38
Annex B (normative): QKD Module Security Policy . 42
B.1 Definition of QKD Module Security Policy . 42
B.2 Purpose of QKD Module Security Policy . 42
B.3 Specification of a Cryptographic Module Security Policy . 42
B.3.1 Identification and Authentication Policy . 43
B.3.2 Access Control Policy . 43
B.3.3 Physical Security Policy . 43
B.3.4 Mitigation of Other Attacks Policy . 43
B.4 Security Policy Check List Tables . 43
Annex C (informative): Recommended Software Development Practices . 45
Annex D (informative): Approved Security Function Example: BB84 . 47
Annex E (informative): Applicable Internet Uniform Resource Locators . 49
Annex F (informative): Bibliography . 50
Annex G (informative): Authors and contributors . 51
History . 52

ETSI
5 ETSI GS QKD 008 V1.1.1 (2010-12)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Group Specification (GS) has been produced by ETSI Industry Specification Group on Quantum Key Distribution
systems (QKD - ISG).
Introduction
The present document specifies the security requirements for QKD modules utilized within security systems to protect
sensitive information in telecommunication systems. The present document has been developed by the ETSI Quantum
Key Distribution Industry Specification Group (QKD-ISG) composed of both operators and vendors. The working
group has identified requirements for QKD modules to provide data security.
Following the methodology used in conventional cryptographic security modules and systems, eleven security aspects
have been identified, and the present document will establish the minimum requirements that QKD modules will fulfil
to be in accordance with the present document. Because of the particular requirements and final quality that the
Quantum Key Distribution systems have, the present document has not considered the possibility of having different
security levels included in the present document, and it does not consider different degrees of data sensitivity nor
different application environments.
In the present document, software requirements are given great prominence because software controls all the actual
measurement and communications systems and software security appears as the cornerstone of the general system
security. In the present document, requirements that protect the QKD modules against non-invasive attacks are also
provided.
While the security requirements specified in the present document are intended to maintain the security provided by a
QKD module, conformance to them is necessary but not sufficient to ensure that a particular module is secure. The
operator of a QKD module is responsible for ensuring that the security provided by the module is sufficient and
acceptable to the owner of the information that is being protected, and that any residual risk is acknowledged and
accepted. Similarly, the use of a validated QKD module in a computer or telecommunications system is not sufficient to
ensure the security of the overall system.
The importance of security awareness and of making information security a management priority should be
communicated to all users, managers and system administrators. Since information security requirements vary for
different applications and scenarios, organizations should identify their information resources and determine the
sensitivity to and the potential impact of losses.
Controls should be based on the potential risks and should be selected from available controls, including administrative
policies and procedures, physical and environmental controls, information and data controls, software development and
acquisition controls, as well as backup and contingency planning.
ETSI
6 ETSI GS QKD 008 V1.1.1 (2010-12)
1 Scope
The present document aims to establish the necessary requirements for a QKD module to have a high probability of
detecting and responding precisely and timely to attempts of direct physical access, and use or modification of modules
inside. The principal objective is to detect any possible penetration with high probability, and resulting in the immediate
zeroization of all Critical Security Parameters in plain text.
This objective requires mechanisms to provide a complete envelope of protection around the QKD module, and sensors
and circuits to detect and respond in time to all unauthorized attempts of physical access. This can be obtained using
strong enough enclosures and redundant tamper detection and response circuitry that zeroizes all plaintext Critical
Security Parameters. Enclosure's integrity can be controlled using tamper-evident coatings or seals, and pick-resistant
locks on all removable covers or doors of the module.
Strong enclosures must be opaque to all visual and non-visual radiation examination and the tamper detection and
zeroization circuitry is protected against disablement. When zeroization is required, Public and Critical Security
Parameters are zeroized.
Access and module operation must require identity-based authentication mechanisms that enhance a role-based
organization. This authentication must require at least two-factor authentication for operator authentication (secret
password, physical key or token, biometric.). The proper operation requires the operator's identity authentication and to
verify that he is authorized to assume a specific role and perform a corresponding set of services.
Entry or output of Critical Security Parameters must be done using ports that are physically separated from other ports,
or trough interfaces that are logically separated using a trusted-channel from any other interfaces.
All QKD secure modules must be protected against environmental conditions or fluctuations outside of the module's
normal operating ranges, because such deviations can be seen as an attack, or they can increase the module failure
probability and that can compromise the module security and its operation. The environmental magnitudes to control
must be darkness (when required), temperature, voltage, pressure, humidity, atmosphere chemical composition,
mechanical vibrations and the presence of nuclear and any other ionizing radiation. Because QKD modules include
optical and electro-optical subsystems, it is necessary to control any environmental variable that could affect
specifically to that components and the way that they perform, no matter if it is temporally or permanently.
A QKD module is required to either include special environmental protection features designed to detect fluctuations
and zeroize Critical Security Parameters, or to undergo rigorous Environmental Failure Testing to provide a reasonable
assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that
can compromise its security.
In particular, all QKD modules require the protection of Critical Security Parameters against Timing Analysis attacks,
Simple Power Analysis, Differential Power Analysis attacks, Electromagnetic Emanation Attacks and any attack
performed through the optical channels.
QKD modules must use strong cryptographic protection to detect and prevent the disclosure and modification of Public
Security Parameters as well as Critical Security Parameters when the module is inactive.
To be sure that every time the module is operating in a safe mode, the module must have a clear indication that the
module is operating in an Approved Mode.
Because software has the final control in any QKD module, this component must provide robust and tested solutions for
the encryption and authentication of all the Critical Security Parameters, all the Sensitive Security Parameters in the
system and also to provide secure integrity tests for the software code when the module is not in use.
ETSI
7 ETSI GS QKD 008 V1.1.1 (2010-12)
QKD Module software components can be executed on a general purpose computing system if the operating system
provides the auditing of all operator accesses to the audit data, to all requests to use authentication data management
mechanisms, all use of security-relevant Crypto Officer Functions, and to all requests to access authentication data
associated with the QKD module. In particular, the operating system running the general purpose computing system has
to:
• prevent operators in the user role from modifying software, system Sensitive Security Parameters (SSPs), and
audit data stored in the operational environment of the module;
• communicate all SSPs, authentication data, control inputs, and status outputs via a trusted channel; and
• audit the operation of any trusted channel.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
Not applicable.
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
approved data authentication technique: approved method that may include the use of a digital signature, message
authentication code or keyed hash
EXAMPLE: RSA, ECDSA and hMAC
approved mode of operation: mode of the QKD module that employs only Approved or Allowed security functions
NOTE: Not to be confused with a specific mode of an Approved security function.
EXAMPLE: AES in CBC mode.
ETSI
8 ETSI GS QKD 008 V1.1.1 (2010-12)
approved security function: security functions are cryptographic algorithms that can be tested, cryptographic key
management techniques or authentication techniques
NOTE: In QKD systems the full protocol, the optical or quantum communication and the algorithm derived with
the Information Theoretical analysis, should be perfectly described as an Approved Security Functions.
bypass capability: ability of a service to partially or wholly circumvent encryption, cryptographic authentication or any
other security function
NOTE: If, as a result of one or more service invocations, the module can output a particular data or status item in
encrypted or cryptographically authenticated form, but instead (as a result of module configuration or
operator intervention) outputs the item in a non-protected form, then a bypass capability exists.
compromise: unauthorized disclosure, modification, substitution, or use of sensitive data or an unauthorized breach of
physical security
conditional test: test performed by a QKD module when the conditions specified for the test occur
confidentiality: property that sensitive information is not made available or disclosed to unauthorized individuals,
entities, or processes
Configuration Management System (CMS): management of security features and assurances through control of
changes made to hardware, software and documentation of a QKD module
control information: information that is entered into a QKD module for the purposes of directing the operation of the
module
Critical Security Parameter (CSP): security-related information (e.g. secret and private cryptographic keys, optical
hardware configuration and authentication data such as passwords and PINs) whose disclosure or modification can
compromise the security of a QKD module
cryptographic officer: operator or process (subject), acting on behalf of the operator, performing cryptographic
initialization or management functions
cryptographic algorithm: well-defined computational procedure that takes variable inputs, which may include
cryptographic keys, and produces an output
cryptographic boundary: explicitly defined continuous perimeter that establishes the physical bounds of a QKD
module and contains all the hardware and software components of a QKD module
cryptographic hash function: computationally efficient function that maps binary strings of arbitrary length to binary
strings of fixed length, such that it is computationally infeasible to invert it, or to find two distinct values that hash into
a common value
cryptographic key (key): parameter used in conjunction with a cryptographic algorithm that determines such
operations as:
• the transformation of plaintext data into ciphertext data;
• the transformation of ciphertext data into plaintext data;
• a digital signature computed from data;
• the verification of a digital signature computed from data;
• an authentication code computed from data; or
• an exchange agreement of a shared secret.
cryptographic key component (key component): parameter used in conjunction with other key components in an
Approved Security Function to form a plaintext cryptographic key or perform a cryptographic function
cryptographic module (module): set of hardware and/or software that implements Approved Security Functions
(including cryptographic algorithms and key generation) and is contained within the cryptographic boundary
ETSI
9 ETSI GS QKD 008 V1.1.1 (2010-12)
cryptographic module Security Policy: description of how the specific module meets the security requirements of the
standard, including the rules derived from the requirements of the present document and additional rules imposed by the
vendor
cryptographically protected Critical Security Parameter (CSP): Critical Security Parameter (CSP) that is
cryptographically protected against unauthorized disclosure, modification and substitution, and for which the protection
mechanism's strength rationale relies only on Approved Security Functions
cryptographically protected Public Security Parameter (PSP): Public Security Parameter (PSP) that is
cryptographically protected against unauthorized modification and substitution and for which the protection
mechanism's strength rationale relies only on Approved Security Functions
cryptographically protected Sensitive Security Parameter (SSP): either a cryptographically protected Critical
Security Parameter (CSP) or a cryptographically protected Public Security Parameter (PSP)
data path: physical or logical route over which data passes (a physical data path may be shared by multiple logical data
paths)
Differential Power Analysis (DPA): analysis of the variations of the electrical power consumption of a QKD module,
using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to
cryptographic keys used in a cryptographic algorithm or to any sensitive physical and logical internal state of the QKD
module
digital signature: result of a cryptographic transformation of data which, when properly implemented, provides the
services of:
• origin authentication;
• data integrity; and
• signer non-repudiation.
ElectroMagnetic Emanations (EMEs): intelligence-bearing signal, which, if intercepted and analyzed, potentially
discloses the information that is transmitted, received, handled, or otherwise processed by any information-processing
equipment
electronic key entry: entry of cryptographic keys into a QKD module using electronic methods such as a smart card or
a key-loading device
NOTE: The operator entering the key may have no knowledge of the value of the key being entered.
electronic key transport: transport of cryptographic keys, usually in encrypted form, using electronic means such as a
computer network
EXAMPLE: Key transport/agreement protocols.
ElectroStatic Discharge (ESD): sudden and momentary electric current that flows when an excess of electric charge,
stored on an electrically insulated object, finds a path to an object at a different electrical potential (such as ground)
encrypted key: cryptographic key that has been encrypted using an approved security function with a key encrypting
key
entity: person, a group, a device, or a process
entropy: uncertainty of a random variable
Environmental Failure Protection (EFP): use of features to protect against a compromise of the security of a QKD
module due to environmental conditions or fluctuations outside of the module's normal operating range
Environmental Failure Testing (EFT): use of specific test methods to provide reasonable assurance that the security
of a QKD module will not be compromised by environmental conditions or fluctuations outside of the module's normal
operating range
Error Detection Code (EDC): code computed from data and comprised of redundant bits of information designed to
detect, but not correct, unintentional changes in the data
ETSI
10 ETSI GS QKD 008 V1.1.1 (2010-12)
Finite State Model (FSM): mathematical model of a sequential machine that is comprised of a finite set of input
events, a finite set of output events, a finite set of states, a function that maps states and input to output, a function that
maps states and inputs to states (a state transition function), and a specification that describes the initial state
hard/hardness: relative resistance of a metal or other material to denting, scratching, bending or penetration; physically
toughened; rugged, and durable
hardware: physical equipment within the QKD boundary used to process programs and data (includes
non-reprogrammable software)
hardware module: module composed primarily of hardware, which may also contain some software
hash value: output of a cryptographic hash function
hybrid module: module whose cryptographic functionality is primarily contained in software, which also includes
some special purpose hardware within the cryptographic boundary of the module
Initialization Vector: vector used in defining the starting point of a cryptographic process within a cryptographic
algorithm
input data: information that is entered into a QKD module for the purposes of transformation or computation using an
Approved security function
integrity: property that sensitive data has not been modified or deleted in an unauthorized manner without detection
interface: logical entry or exit point of a QKD module that provides access to the module for logical information flows
representing physical signals
key agreement: key establishment procedure (either manual or electronic) where the resultant key is a function of
information securely contributed by two or more participants, so that no party can predetermine the value of the key
independently of the other party's contribution
key encrypting key: cryptographic key that is used for the encryption or decryption of other keys
key establishment: process by which cryptographic keys are securely established among QKD modules using key
transport and/or key agreement procedures
key loader: self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key
component that can be transferred, upon request, into a QKD module
key management: activities involving the handling of cryptographic keys and other related security parameters
(e.g. Initialization Vectors (IVs) and passwords) during the entire life cycle of the keys, including their generation,
storage, establishment, entry and output, and zeroization
key transport: secure transport of cryptographic keys (Critical Security Parameters) from one QKD entity to another
entity
logical protection: protection against unauthorized access (including unauthorized use, modification, substitution, and,
in the case of Critical Security Parameters, disclosure) by means of the Module Software Interface under operating
system control
NOTE: Logical protection of software Sensitive Security Parameters does not protect against physical tampering.
manual key (Sensitive Security Parameter) entry: entry of cryptographic keys into a QKD module, using devices
such as a keyboard
Message Authentication Code (MAC): cryptographic checksum on data that uses a symmetric key to detect both
accidental and intentional modifications of data
EXAMPLE: A Hash Based Message Authentication Code.
microcode: elementary processor instructions that correspond to an executable program instruction
min-entropy: worst-case (that is, greatest lower bound) measure of uncertainty for a random variable
modifiable operational environment: operational environment that is designed to contain some non-validated
software
ETSI
11 ETSI GS QKD 008 V1.1.1 (2010-12)
Module Software Interface (MSI): set of commands used to request the services of the module, including parameters
that enter or leave the module's cryptographic boundary as part of the requested service
multiple-chip embedded module: physical embodiment in which two or more integrated circuit chips are
interconnected and are embedded within an enclosure or a product that may not be physically protected
EXAMPLE: Adapters and expansion boards.
multiple-chip standalone module: physical embodiment in which two or more integrated circuit chips are
interconnected and the entire enclosure is physically protected
EXAMPLE: Encrypting routers or secure radios.
non-invasive attack: attack that can be performed on a QKD module without direct physical contact with the module
non-modifiable operational environment: operational environment that is designed to contain only validated software
opaque: (i.e. to light within a given wavelength range, to ionizing radiation within a given energy range, etc.)
impenetrable by the specified radiation neither transparent nor translucent
operational environment: set of all software and hardware required for the module to operate securely
operator: individual accessing a QKD module or a process operating on behalf of the individual, regardless of the
assumed role
output data: information that is produced from a QKD module
passivation: process in the construction of semiconductor devices in which junctions, surfaces of components and
integrated circuits are afforded a means of protection against the modification of circuit behaviour
password: string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access
authorization
Personal Identification Number (PIN): numeric code, used to authenticate an identity
physical protection: safeguarding of a QKD module, cryptographic keys, or Critical Security Parameters using
physical means
plaintext key: unencrypted cryptographic key
port: physical entry or exit point of a QKD module that provides access to the module for physical signals represented
by logical information flows (physically separated ports do not share the same physical pin or wire)
pre-operational test: test performed by a QKD module between the time a QKD module is powered on and the time
that the QKD module uses a function or provides a service using the function being tested
private key: cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an
entity and is not made public
production grade: industry standard manufacturing
public key: cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity
and that may be made public
NOTE: Public keys are not considered Critical Security Parameters.
public key certificate: set of data that contains a unique identifier associated with an entity, contains the public key
associated with the identifier, and is digitally signed by a trusted party, thereby binding the public key to the identifier
public key (asymmetric) cryptographic algorithm: cryptographic algorithm that uses two related keys, a public key
and a private key
NOTE: The two keys have the property that deriving the private key from the public key is computationally
infeasible.
Public Security Parameter (PSP): security-related public information whose modification can compromise the
security of a QKD module
ETSI
12 ETSI GS QKD 008 V1.1.1 (2010-12)
QKD module: set of hardware and software components that implements cryptographic functions and quantum optical
processes, including cryptographic algorithms and protocols and key generation, and is contained within a defined
cryptographic boundary
radiation hardening: improving the ability of a device or piece of equipment to withstand nuclear or other radiation;
applies mainly to dielectric and semiconductor materials
Random Bit Generator (RBG): device or algorithm that outputs a sequence of bits that appears to be statistically
independent and unbiased
removable cover: part of a QKD module's enclosure that permits physical access to the contents of the module
secret (symmetric) key: cryptographic key, used with a symmetric secret key cryptographic algorithm that is uniquely
associated with one or more entities and should not be made public
security policy: See cryptographic module security policy.
security strength: number associated with the amount of work (that is, the number of operations) that is required to
break a cryptographic algorithm or module
sec strength - 1
NOTE: The average amount of work needed is 2 .
seed key: secret value used to initialize a cryptographic function or operation
sensitive data: data that, in user's view, requires protection
Sensitive Security Parameters (SSPs): Critical Security Parameters and Public Security Parameters
service input: all data or control information utilized by the cryptographic module that initiates or obtains specific
operations or functions
service output: all data and status information that results from operations or functions initiated or obtained by service
input
service: any externally invoked operation and/or function that can be performed by a QKD module
Simple Power Analysis (SPA): direct (primarily visual) analysis of patterns of instruction execution (or execution of
individual instructions), obtained through monitoring the variations in electrical power consumption of a QKD module,
for the purpose of revealing the features and implementations of cryptographic and non-cryptographic algorithms and
subsequently the values of cryptographic keys
software: programs within the cryptographic boundary, usually stored on erasable media that can be dynamically
written and modified or reprogrammed
EXAMPLE: Ferro-electric and magneto resistive RAM, EEPROM, Flash Memory, magnetic disk.
software module: module that is composed solely of software
split knowledge: process by which a cryptographic key is split into multiple key components, individually providing no
knowledge of the original key, which can be subsequently input into, or output from, a QKD module by separate
entities and combined to recreate the original cryptographic key
status information: information that is output from a QKD module for the purposes of indicating certain operational
characteristics or states of the module
strong: not easily defeated; having strength or power greater than average or expected; able to withstand attack; solidly
built
system software: special software within the cryptographic boundary (e.g. operating system, compilers or utility
programs) designed for a specific computer system or family of computer systems to facilitate the operation and
maintenance of the computer system, associated programs, and data
tamper detection: automatic determination by a QKD module that an attempt has been made to compromise the
physical security of the module
ETSI
13 ETSI GS QKD 008 V1.1.1 (2010-12)
tamper evidence: external indication that an attempt has been made to compromise the physical security of a QKD
module
NOTE: The evidence of the tamper attempt should be observable by an operator subsequent to the attempt.
tamper response: automatic action taken by a QKD module when a tamper attempt has been detected
Timing Analysis (TA): attack on a QKD module that is based on an analysis of time periods between the time a
command is issued and the time the result is obtained
trusted channel: mechanism through which a QKD module provides a trusted, safe and discrete communication
pathway for Sensitive Security Parameters and other critical information, between the QKD module and the module's
intended communications endpoint
NOTE: A trusted channel exhibits a verification component that the operator or module may use to confirm that
the trusted channel exists. A trusted channel protects against eavesdropping, as well as physical or logical
tampering by unwanted operators/entities, processes or other devices, both within the module and along
the module's communication link with the intended endpoint (e.g. the trusted channel will not allow
man-in-the-middle or replay types of attacks). A trusted channel may be realized in one or more of the
following ways:
� A communication pathway between the QKD module and endpoint that is entirely local, directly
attached to the QKD module and has no intervening systems.
� A mechanism that cryptographically protects Sensitive Security Parameters during entry and output
and does not allow misuse of any transitory Sensitive Security Parameters.
two-factor authentication: type of authentication that requires two independent methods to establish identity and
authorization to perform services
NOTE: The three most recognized factors are:
� "something you are" (e.g. biometrics);
� "something you know" (e.g. password);
� "something you have" (e.g. smart card).
user: individual or process (subject) acting on behalf of the individual that accesses a QKD module in order to obtain
cryptographic services
validated: validated by the validation authority
validation authority: entity that will validate the testing results for conformance to the present document
zeroization: method of erasing electronically stored data to prevent the recovery of the data
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
CMS Configuration Management System
CSP Critical Security Parameter
DPA Differential Power Analysis
DSA Digital Signature Algorithm
ECDSA Elliptic Curve Digital Signature Algorithm
EDC Error Detection Code
EFP Environmental Failure Protection
EFT Environmental Failure Testing
EME ElectroMagnetic Emanation
ESD Electrostatic Discharge
FIPS Federal Information Processing Standard
FSM Finit
...