Support for QKD Device Evaluations: The Common Criteria Protection Profile for Prepare and Measure Quantum Key Distribution Modules (L12c)
Quantum Key distribution (QKD) is a vivid and fast developing field where many devices are in a pioneer or prototype stage, deployment of QKD devices in communication infrastructures is planned, and the standardization process is ongoing. With the progress in planning and deployment of quantum technologies for secure communication in metropolitan area networks and wide area networks, the need for QKD capable trustworthy equipment rises.
Sponsored by BSI, Deutsche Telekom Security drafted a Protection Profile (PP) for Prepare and Measure Quantum Key Distribution Modules. It adopts discussed and consolidated comments from the members of the ETSI ISG for Quantum Key Distribution and is to be approved by ETSI as an industrial standard.
With our approach of PP creation we wish to provide guidance with respect to Common criteria security evaluation in that early stage already. The PP describes the security requirements for QKD modules, which use a Prepare and Measure QKD protocol. This PP considers the case, where both modules are located in environments with identical security requirements. This PP deliberately offers degrees of freedom to ST authors in order to allow them to adapt to upcoming QKD standards and to foster innovative solutions in an upcoming technology. The PP fixes the evaluation level EAL4, augmented by the sub-activity vulnerability analysis (AVA_VAN.5), and by the sub-activity for development security ALC_DVS.2. The PP comes with packages. It is written with several incompatible use cases, environments, and business models in mind, and offers options, choices, and even blanks to fill for the ST author to accommodate most of these.