The present invention relates to an apparatus for providing eavesdropping detection of an optical fiber communication and a method related thereto.
Several means to eavesdrop optical fibers have been developed in last decades.
This work leads to many techniques to tap optical signals in order to extract information from optical fibers (using for example reflectors such as in U.S. Pat. No. 4,741,585). In order to overcome these means, encryption is usually used to prevent an eavesdropper from understanding extracted information. Even though encryption is usually used, tapped encrypted data may be deciphered thanks to several software or hardware means. Therefore, in some applications it is important to detect interception attempts. This is currently achieved by attenuation monitoring, but it has several limitations. As it is based on a reference signal that cannot detect pre-existing interception devices, aging of components may require resetting of bounds and system can generate some false positive results.
As an example and illustration, Optema, Sterling, Va. 20166, proposes a Fiber Sentinel System as a commercial application based on attenuation and optical anomalies (tapping or injection) detection for optical data signals.
Additional solutions for protection against eavesdropping involve Quantum Cryptography. The primary goal of Quantum Cryptography or Quantum Key Distribution (QKD) is to be able to share between an emitter and a receiver a sequence of bits whose privacy can be proven with a limited set of assumptions. The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179 (IEEE, New York, 1984). QKD (quantum key distribution) involves establishing a key between a sender (“Alice”) and a receiver (“Bob”) by using quantum states carried by either single-photons or weak (e.g., 0.1 photon on average) optical signals (pulses). Those quantum states are called “qubits” or “quantum signals”, and are transmitted over a “quantum channel”. Unlike classical cryptography whose security depends on computational impracticality, the security of quantum cryptography is based on the quantum mechanics principle that measurements of a quantum system will modify its state. Consequently, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the exchanged qubits introduces errors in this list of exchanged qubits that reveal her presence.
Specific QKD systems are described in U.S. Pat. No. 5,307,410 to Bennett (which patent is incorporated herein by reference), and in the article by C. H. Bennett entitled “Quantum Cryptography Using Any Two Non-Orthogonal States” (Phys. Rev. Lett. 68 3121 (1992)). A survey of the bases and methods as well as the historical development of quantum cryptography is contained in the articles by N. Gisin, G. Ribordy, W. Tittel and H. Zbinden, “Quantum Cryptography” (Reviews of Modern Physics. 74, 145 (2002)). In a QKD implementation, the emitter and the receiver are linked by a Quantum Channel (QC), which is a channel over which the qubits are exchanged and a Service Channel (SC) used for all kinds of classical communications between the emitter and the receiver. Part of these classical communications consists in the post-processing of the sequence of qubits exchanged over the QC.
A typical and well known deployment (presented in FIG. 1) involves a pair of QKD devices connected by a Quantum Channel (QC) and Service Channel (SC), as well as at least one pair of encryption devices connected through a second Data Channel (DC) used for data exchange (this data may be encrypted or not). FIG. 1 is a schematic diagram of a prior art communication system with QKD systems based on those disclosed in U.S. Pat. No. 5,307,410 to Bennett and U.S. Pat. No. 5,953,421 to Townsend, both of which are incorporated herein by reference. QKD system includes two QKD stations, 120 and 220, in the emitter Alice 100 and the receiver Bob 200 respectively, and two Data Transmission Terminals, 110 and 210. The simplest form of a system for providing encrypted communication between two different sites is to perform as follows:                Data Transmission Terminal A 110 and B 210 are linked through DC, and        QKD station at emitter Alice 120 and QKD station at Bob 220 are linked one to the other through two channels (e.g. two optical fibers), a Service Channel SC D 500 and Quantum Channel QC E 600.        
An important and unique property of quantum key distribution is its ability to reveal the presence of any third party trying to gain knowledge on the key. This results from a fundamental aspect of quantum mechanics: the process of measuring a quantum system in general disturbs the system. Therefore, a third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using, for example quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping (QKD). If the level of eavesdropping is below a certain threshold, a key can be produced that is guaranteed to be secure (i.e. the eavesdropper has no information about it), otherwise no secure key is possible. Therefore, presence of any eavesdropper 300 intercepting the transmitted key results in a change in the statistics of the received data.
As presented in FIG. 1, a simple embodiment is to use a dedicated optical fiber for each channel (CC, QC and DC) but other possibilities exist. The required separation of the quantum signal from data signal may be provided through: (1) use of two distinguished channels; (2) a reserved wavelength for each signal; or (3) a well defined timing dedicated to a specific signal on the same channel. In the context of the present invention, a “channel” relates to a separated transmission of the quantum signal from the data signal. It does not necessarily mean the presence of two fibers; it may well be one fiber used with light at two different wavelengths or at different polarizations or time-divisions.
Therefore, the set of techniques related to option (2) is commonly called Wavelength Division Multiplexing. In this case a wavelength window is dedicated to the quantum signal and a distinguished wavelength window is for the communication signal. WDM enables signals of multiple wavelengths to be concurrently transmitted over a given optical medium. Several implementation alternatives have been disclosed where quantum channel is isolated by means of wavelength-sensitive passive optical components such as WDM couplers and filters in Townsend, P. D., “Quantum cryptography on optical fiber networks” (SPIE Conference on Photonic Quantum Computing II, SPIE vol. 3385, (Orlando, Fla.). (April, 1998), 12 pp.) and Townsend, P. D., “Simultaneous quantum cryptographic key distribution and conventional data transmission over installed fibre using transmission over installed fibre using wavelength-division multiplexing” (Electronics Letters, 33(3), (1997), 2 pp.)
Alternatively, it is possible using option (3) to operate the quantum and data channels at the same wavelength and achieve isolation by means of polarization- or time-division multiplexing. Time Division Multiplexing, already known in QKD, referring to Mo & al., 2011, is characterized by the use of quantum frames, which consists of alternating sequences of high-intensity laser pulses (forming classical frames for data communications) and faint laser pulses (encoding quantum data).
In summary, to perform QKD and encrypted data exchange, one must implement two parties, one emitter Alice 100 with one Data transmission terminal 110, and a QKD terminal 120 and one receiver Bob 200 with one Data transmission terminal 210 and a QKD terminal used for quantum data 220, that are linked for communication, by at least three channels 400, 500, 600. One Quantum Channel 600 allows them to exchange the quantum data and one Data Channel 400 allows them to communicate together. The last channel SC 500 is used for terminal synchronization and post-processing functionalities. Further developments include as an example U.S. Pat. No. 5,953,421 where signals corresponding to different encoded states are detected independently in two branches and the rate of detection of coincident signals is determined. This rate is compared with a threshold to detect the presence of an eavesdropper.
An improved method is described in U.S. Pat. No. 7,068,790 where the system as used establishes a path for distributing data through an optical network, including an optical switch establishing a first and a second encryption key distribution path through the optical network. Both encryption key distribution paths include multiple optical switches and optical links. A data distribution endpoint determines whether eavesdropping has occurred on, e.g., the first encryption key distribution path using quantum cryptography. The optical switch establishes said second data distribution path through the optical network responsive to the eavesdropping determination.
Furthermore US 2008/0175385 provides a QKD system having QKD link redundancy between two sites, wherein the system has only one QKD station at each site. Several, e.g. two, QKD links are operably coupled to the QKD stations. The QKD stations have respective optical switches that are optically coupled to both QKD links and that are controlled by respective controllers in each of the QKD stations. If one of the QKD links fails or has trouble transmitting optical signals, the QKD switches are switched so that the optical path between the QKD stations uses the remaining QKD link. This arrangement requires allegedly only two QKD stations rather than the four QKD stations as previously known from the prior art.
Moreover, some experimental demonstration of Quantum Communication and QKD beyond point-to-point optical links toward a dynamically reconfigured optical network including optical-layer multiplexing, switching and routing has been demonstrated in T. E. Chapuran et al (“Optical networking for quantum key distribution and quantum communications”, New J. Phys. 11 105001, 2009). The use of an optical switch has also been applied to prevent QKD systems from denial of service. U.S. Pat. No. 7,068,790 and US Patent No. 2008/0175385 disclose QKD systems with a switch used to provide redundancy. Switches are exploited to provide several alternative paths for quantum communications, which ensures QKD working even in case of fiber disruption.
In the following description, “channel” should be understood in a generic sense: a physical medium which can transmit a modulation of some physical property. This modulation can be used to transmit data. The specification describes in detail the apparatus and method used, whereby direct reference is made to the following non-patent literature documents, inter alia, to define wordings and terminology of this specific field of technology.
Further non-patent literature includes:    C. H. Bennett, 1992, “Quantum Cryptography Using Any Two Non-Orthogonal States”, Phys. Rev. Lett. 68 3121;    T E Chapuran et al, 2009, “Optical networking for quantum key distribution and quantum communications”, New J. Phys. 11 105001;    N. Gisin, G. Ribordy, W. Tittel and H. Zbinden, 2002, “Quantum Cryptography”, Reviews of Modern Physics. 74, 145.    P. D., Townsend, 1998, “Quantum cryptography on optical fiber networks”, SPIE Conference on Photonic Quantum Computing II, SPIE vol. 3385, (Orlando, Fla.). (April 1998), 12 pp;    P. D., Townsend, 1997, “Simultaneous quantum cryptographic key distribution and conventional data transmission over installed fibre using transmission over installed fibre using wavelength-division multiplexing”, Electronics Letters, 33(3), 2 pp; and    X. F. Mo, I. Lucio-Martinez, P. Chan, C. Healey, S. Hosier, W. Tittel, 2011, “Time-cost analysis of a quantum key distribution system clocked at 100 MHz”, arXiv:1105.3761v1, 18 May 2011.