Background and Project Content

Reliable encryption methods are indispensable for protecting and transferring safety-critical information. However, with digitalization and global distribution of data, it is increasingly challenging to guarantee secure transmission and storage of data. On top of that, current cryptographic methods, which mainly are based on mathematically complex problems, are expected to become easier to break with the advent of quantum computing. Post-quantum cryptography is often seen as a promising solution, though it still relies on similar principles. Like traditional cryptography, it aims to create security through complex mathematical methods. An alternative is key exchange methods whose security is based on physical laws. Research in this area has already gained momentum; however, due to its fundamental differences and the need for a solid understanding of physical principles, there are still numerous misconceptions and uncertainties as well.

In the current study, we focus on physical methods for generating and distributing cryptographic keys and intend to clear up existing misunderstandings. We compare four different methods in a technology-neutral, accessible, and understandable manner and lay out the technologies they are based on and which problems they can solve.

Approaches and Goals

In our project we focus on four physical key exchange methods:

• Quantum Key Distribution (QKD) based on entangled photons
• QKD based on the BB84 protocol, where single or continuous photons are randomly polarized, transmitted via fiber optic networks, free-space channels, or satellites, and their polarization is then randomly measured
• Key distribution through highly secure SSD (solid-state storage) or memory sticks with a built-in PIN keypad and integrated AES-256 hardware encryption
• Methods based on the reciprocity of radio transmission and measurement of radio channel characteristics

The primary goal is to present, in an accessible and understandable way, which of the above methods are best suited for different application scenarios. We highlight the advantages and disadvantages of each method, considering factors such as IT security, functionality, market readiness, key rate, range, cost, robustness, and portability. The practical usability of these systems and the level of protection they provide under real-world conditions are key priorities in our efforts.

Results

• We detail differences between various methods and products on the market, along with their pros and cons. Security (how each method performs under various attack scenarios), functionality, market readiness, key rate, cost, robustness, and portability are the main criteria we focus on.
• We place high value on practical applicability and test rigorously which methods perform well under real-world conditions and offer full-featured protection.
• We point out where further research and development are needed, while also highlighting the potential of the techniques currently in use.
• A brochure (or book) on the findings is to be published, and a half-day event will be held immediately before ITSecX 2025. Additionally, the insights gained during the project are incorporated into academic teaching.