1、 ETSI GS QKD 008 V1.1.1 (2010-12)Group Specification Quantum Key Distribution (QKD);QKD Module Security SpecificationDisclaimer This document has been produced and approved by the Quantum Key Distribution (QKD) ETSI Industry Specification Group (ISG) and represents the views of those members who par
2、ticipated in this ISG. It does not necessarily represent the views of the entire ETSI membership ETSI ETSI GS QKD 008 V1.1.1 (2010-12)2Reference DGS/QKD-0008 Keywords analysis, protocols, Quantum Key Distribution, security, system ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE T
3、el.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be mad
4、e available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kep
5、t on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you
6、find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduct
7、ion in all media. European Telecommunications Standards Institute 2010. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Me
8、mbers and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GS QKD 008 V1.1.1 (2010-12)3Conten
9、ts Intellectual Property Rights 5g3Foreword . 5g3Introduction 5g31 Scope 6g32 References 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 13g34 Functional security objectives 14g34.1 Security requirements . 14g
10、34.2 QKD module specification . 15g34.2.1 Types of QKD modules 15g34.2.2 Cryptographic boundary . 15g34.2.3 Multiple approved modes of operations 15g34.2.4 Degraded functionality . 16g34.2.5 Security strength of the module 16g34.3 QKD module physical ports and logical interfaces 16g34.4 Roles, authe
11、ntication, and services . 17g34.4.1 Roles . 17g34.4.2 Operator authentication . 17g34.4.3 Services . 19g34.5 Software security 20g34.6 Operational environment 21g34.6.1 Operating system requirements for modifiable operational environments . 21g34.7 Physical security . 23g34.7.1 General physical secu
12、rity requirements 24g34.7.2 Multiple-chip embedded QKD modules . 25g34.7.3 Multiple-chip standalone QKD modules 25g34.7.4 Environmental failure protection/testing 26g34.7.4.1 Environmental failure protection features . 26g34.7.4.2 Environmental failure testing procedures 27g34.8 Physical Security -
13、Non-Invasive Attacks 27g34.9 Sensitive Security Parameter (SSP) management 28g34.9.1 Random bit generators 28g34.9.2 SSP Generation . 28g34.9.3 SSP Establishment 29g34.9.4 SSP Entry and Output . 29g34.9.5 SSP Storage 30g34.9.6 SSP Zeroization 30g34.10 Self-Tests 31g34.10.1 Pre-Operational Self-Tests
14、 31g34.10.2 Conditional Self-Tests 32g34.10.3 Critical Functions Tests 33g34.11 Life-Cycle Assurance . 33g34.11.1 Configuration Management 33g34.11.2 Design . 34g34.11.3 Finite State Model . 34g34.11.4 Development . 35g34.11.5 Vendor Testing . 36g34.11.6 Delivery and Operation . 36g34.11.7 Guidance
15、Documents 36g3ETSI ETSI GS QKD 008 V1.1.1 (2010-12)44.12 Mitigation of Other Attacks 37g3Annex A (normative): Summary of Documentation Requirements 38g3Annex B (normative): QKD Module Security Policy 42g3B.1 Definition of QKD Module Security Policy . 42g3B.2 Purpose of QKD Module Security Policy 42g
16、3B.3 Specification of a Cryptographic Module Security Policy . 42g3B.3.1 Identification and Authentication Policy 43g3B.3.2 Access Control Policy 43g3B.3.3 Physical Security Policy . 43g3B.3.4 Mitigation of Other Attacks Policy 43g3B.4 Security Policy Check List Tables . 43g3Annex C (informative): R
17、ecommended Software Development Practices 45g3Annex D (informative): Approved Security Function Example: BB84 . 47g3Annex E (informative): Applicable Internet Uniform Resource Locators 49g3Annex F (informative): Bibliography . 50g3Annex G (informative): Authors and contributors 51g3History 52g3ETSI
18、ETSI GS QKD 008 V1.1.1 (2010-12)5Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI S
19、R 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR
20、Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This
21、Group Specification (GS) has been produced by ETSI Industry Specification Group on Quantum Key Distribution systems (QKD - ISG). Introduction The present document specifies the security requirements for QKD modules utilized within security systems to protect sensitive information in telecommunicatio
22、n systems. The present document has been developed by the ETSI Quantum Key Distribution Industry Specification Group (QKD-ISG) composed of both operators and vendors. The working group has identified requirements for QKD modules to provide data security. Following the methodology used in conventiona
23、l cryptographic security modules and systems, eleven security aspects have been identified, and the present document will establish the minimum requirements that QKD modules will fulfil to be in accordance with the present document. Because of the particular requirements and final quality that the Q
24、uantum Key Distribution systems have, the present document has not considered the possibility of having different security levels included in the present document, and it does not consider different degrees of data sensitivity nor different application environments. In the present document, software
25、 requirements are given great prominence because software controls all the actual measurement and communications systems and software security appears as the cornerstone of the general system security. In the present document, requirements that protect the QKD modules against non-invasive attacks ar
26、e also provided. While the security requirements specified in the present document are intended to maintain the security provided by a QKD module, conformance to them is necessary but not sufficient to ensure that a particular module is secure. The operator of a QKD module is responsible for ensurin
27、g that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected, and that any residual risk is acknowledged and accepted. Similarly, the use of a validated QKD module in a computer or telecommunications system is not sufficient to ensur
28、e the security of the overall system. The importance of security awareness and of making information security a management priority should be communicated to all users, managers and system administrators. Since information security requirements vary for different applications and scenarios, organiza
29、tions should identify their information resources and determine the sensitivity to and the potential impact of losses. Controls should be based on the potential risks and should be selected from available controls, including administrative policies and procedures, physical and environmental controls
30、, information and data controls, software development and acquisition controls, as well as backup and contingency planning. ETSI ETSI GS QKD 008 V1.1.1 (2010-12)61 Scope The present document aims to establish the necessary requirements for a QKD module to have a high probability of detecting and res
31、ponding precisely and timely to attempts of direct physical access, and use or modification of modules inside. The principal objective is to detect any possible penetration with high probability, and resulting in the immediate zeroization of all Critical Security Parameters in plain text. This objec
32、tive requires mechanisms to provide a complete envelope of protection around the QKD module, and sensors and circuits to detect and respond in time to all unauthorized attempts of physical access. This can be obtained using strong enough enclosures and redundant tamper detection and response circuit
33、ry that zeroizes all plaintext Critical Security Parameters. Enclosures integrity can be controlled using tamper-evident coatings or seals, and pick-resistant locks on all removable covers or doors of the module. Strong enclosures must be opaque to all visual and non-visual radiation examination and
34、 the tamper detection and zeroization circuitry is protected against disablement. When zeroization is required, Public and Critical Security Parameters are zeroized. Access and module operation must require identity-based authentication mechanisms that enhance a role-based organization. This authent
35、ication must require at least two-factor authentication for operator authentication (secret password, physical key or token, biometric.). The proper operation requires the operators identity authentication and to verify that he is authorized to assume a specific role and perform a corresponding set
36、of services. Entry or output of Critical Security Parameters must be done using ports that are physically separated from other ports, or trough interfaces that are logically separated using a trusted-channel from any other interfaces. All QKD secure modules must be protected against environmental co
37、nditions or fluctuations outside of the modules normal operating ranges, because such deviations can be seen as an attack, or they can increase the module failure probability and that can compromise the module security and its operation. The environmental magnitudes to control must be darkness (when
38、 required), temperature, voltage, pressure, humidity, atmosphere chemical composition, mechanical vibrations and the presence of nuclear and any other ionizing radiation. Because QKD modules include optical and electro-optical subsystems, it is necessary to control any environmental variable that co
39、uld affect specifically to that components and the way that they perform, no matter if it is temporally or permanently. A QKD module is required to either include special environmental protection features designed to detect fluctuations and zeroize Critical Security Parameters, or to undergo rigorou
40、s Environmental Failure Testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise its security. In particular, all QKD modules require the protection of Critical Security Parameters against Tim
41、ing Analysis attacks, Simple Power Analysis, Differential Power Analysis attacks, Electromagnetic Emanation Attacks and any attack performed through the optical channels. QKD modules must use strong cryptographic protection to detect and prevent the disclosure and modification of Public Security Par
42、ameters as well as Critical Security Parameters when the module is inactive. To be sure that every time the module is operating in a safe mode, the module must have a clear indication that the module is operating in an Approved Mode. Because software has the final control in any QKD module, this com
43、ponent must provide robust and tested solutions for the encryption and authentication of all the Critical Security Parameters, all the Sensitive Security Parameters in the system and also to provide secure integrity tests for the software code when the module is not in use. ETSI ETSI GS QKD 008 V1.1
44、.1 (2010-12)7QKD Module software components can be executed on a general purpose computing system if the operating system provides the auditing of all operator accesses to the audit data, to all requests to use authentication data management mechanisms, all use of security-relevant Crypto Officer Fu
45、nctions, and to all requests to access authentication data associated with the QKD module. In particular, the operating system running the general purpose computing system has to: prevent operators in the user role from modifying software, system Sensitive Security Parameters (SSPs), and audit data
46、stored in the operational environment of the module; communicate all SSPs, authentication data, control inputs, and status outputs via a trusted channel; and audit the operation of any trusted channel. 2 References References are either specific (identified by date of publication and/or edition numb
47、er or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location mig
48、ht be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present docume
49、nt. Not applicable. 2.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. Not applicable. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: approved data authentication technique: approved method that may include the use of a digital signature, message authentication code or keyed hash EXAMPLE: RSA, ECDSA and hMAC approved mode of operation: mode of t