Cryptographic methods can provide data recipients with assurances on the authenticity of the origins of multicast data to protect against impersonation, substitution or replay attacks. However, in the context of many applications, such as electric grid control, it is difficult to simultaneously meet a desired security and quality-of-service (QoS). For example, although appending a message authentication code (MAC) tag to data using a pre-shared group key would be sufficiently fast, this would be vulnerable to compromise of a single node.
Latency requirements are major obstacles to achieving security objectives for critical infrastructure with conventional approaches based on public key cryptography: the necessary number-theoretic computations are too time-consuming when implemented on the commodity processors that are typically used. Symmetric key cryptographic methods of authentication using keyed message authentication codes, using the keyed-Hash Message Authentication Code (HMAC) algorithm for example, also have latency problems associated with the buffering of data required to evaluate the HMAC tag at the transmitter, and the hold-back of data at the receiver required to confirm the tag. This approach also introduces an undesirable amount of bandwidth expansion. One-time signature (OTS) schemes would be capable of meeting both the authenticity and latency requirements, but the key management for these schemes has been identified as a major unsolved challenge. Key management more generally, and the production, capture and secure distribution of entropy as cryptographic keys in particular, is a specific cyber security challenge for applications such as the Smart Grid, high speed trading, and applications using multiplexed data streams over a single optical fiber. From a system management cost perspective, it is highly desirable that a solution implemented today have reliable security assurances, obviating the need for future security upgrades. In contrast public key methods require active management (of key sizes) to stay ahead of advances in computational number theory.
Quantum key exchange and other quantum protocols can provide enhanced security. These quantum protocols are based on the transmission and detection of properties of one or a few photons. Quantum protocols generally require the associated optical signals to be isolated from conventional optical signals which are at optical powers that are many orders of magnitude greater than the very small powers of the quantum signals. Unfortunately, many communication standards are based on one or two optical fibers so that quantum signals and classical communications signals must necessarily share an optical fiber. Thus, conventional quantum security approaches cannot co-exist with conventional optical communications, and cannot be used in many applications in which both quantum and classical communication are required on a single fiber.