European Telecommunications Standards Institute (ETSI) has introduced a new Protection Profile (PP) called ETSI GS QKD 016, which aims to evaluate the security of quantum key distribution (QKD) modules. The PP is considered a pioneering step that recognizes the importance of quantum-safe cryptography; it also enables manufacturers to submit pairs of QKD modules for security certification using the widely recognized security certification scheme of the Common Criteria for Information Technology Security Evaluation. This move is seen as a significant development in quantum communication security.
As a European Standards Organization, ETSI deals with telecommunications, broadcasting, and other electronic communications networks and services. It holds a significant position in Europe as it supports the creation of Harmonised European Standards, which help in compliance with European regulations and legislation. The recognition of European Standards (ENs) is limited to the standards created by the three ESOs – CEN, CENELEC, and ETSI.
In addition, ETSI provides an open and inclusive environment for members to develop, ratify, and test internationally applicable standards for ICT systems and services across all industries and societies. They are considered a non-profit association with over 900 member groups from over 60 countries and five continents worldwide.
Safeguarding your Networks through ETSI’s Protection Profile
QKD is one method of securely distributing cryptographic keys between two parties based on the principles of quantum mechanics. It provides an unconditionally secure way of required distribution, which is impervious to interception and manipulation by adversaries.
Thus, this Protection Profile delineates fundamental criteria for the physical implementation of prepare and measure QKD protocols and the generation of final secret keys. This development is a huge leap in the quantum cryptography field, with telecom operators and businesses able to employ these modules to safeguard their networks with the assurance that accredited products have undergone a thorough security evaluation process.
“The development of large-scale quantum computers threatens most of the public-key cryptography in use today. For some use cases, quantum key distribution could provide an addition to post-quantum cryptography to mitigate this threat. In order to develop trustworthy QKD devices, appropriate security requirements and evaluation criteria are crucial in BSI’s view. This Protection Profile for quantum key distribution modules is the first of its kind and an important first step in this direction. That is why BSI has supported its development and would like to thank the ETSI Industry Specification Group Quantum Key Distribution for the fruitful collaboration.”
Dr. Günther Welsch, BSI (German Federal Office for Information Security), Head of Division Information Assurance Technology and IT Management
“We are delighted to publish this initial Protection Profile as an important step to help certify QKD modules under the widely recognized security certification scheme of the Common Criteria for Information Technology Security Evaluation.”
Martin Ward, Chair of the ETSI ISG QKD.
The Quantum Key Distribution Industry Specification Group of ETSI unites professionals from diverse companies and organizations interested in QKD certification. This includes prospective application and system manufacturers, customers, security experts from certification scheme organizations, and academia.
Members include significant and small business companies, research institutions, universities, governments, and public organizations. Furthermore, The European Union has officially recognized ETSI as a European Standardization Organization (ESO).
More here.
