SC-080: Quantum Key Distribution Infrastructure Attack¶

Scenario Overview¶

Field	Detail
ID	SC-080
Category	Defense / Financial Services / Government / Quantum Communications
Severity	Critical
ATT&CK Tactics	Initial Access, Collection, Credential Access, Impact
ATT&CK Techniques	T1557 (Adversary-in-the-Middle), T1040 (Network Sniffing), T1565 (Data Manipulation), T1078 (Valid Accounts), T1588.004 (Obtain Capabilities: Digital Certificates)
Target Environment	Quantum key distribution (QKD) network, BB84 protocol implementation, fiber optic infrastructure, key management servers, classical authentication channel, post-quantum cryptography (PQC) hybrid systems
Estimated Impact	Partial key compromise on 1 of 4 QKD links through photon number splitting attack; 340 symmetric keys potentially exposed over 18-day window; classical authentication channel compromised; detection triggered by QBER anomaly analysis

Narrative¶

Sentinel National Bank (SNB), a fictional systemically important financial institution, has deployed a quantum key distribution (QKD) network to secure communications between its primary data center (DC-Alpha, 10.10.0.0/16), disaster recovery site (DC-Bravo, 10.20.0.0/16), and two high-frequency trading floors (Trading-1 at 10.30.0.0/16, Trading-2 at 10.40.0.0/16). The QKD network uses the BB84 protocol implemented by QuantumShield Systems (fictional vendor) over dedicated dark fiber links.

The QKD infrastructure consists of four point-to-point fiber links totaling 127 kilometers, with QKD transmitters (Alice units) and receivers (Bob units) at each endpoint. A classical authenticated channel runs in parallel over the same fiber (wavelength-division multiplexed) for basis reconciliation, error correction, and privacy amplification. Key management servers at each site (kms.dc-alpha.sentinel-bank.example.com, etc.) store generated quantum keys and distribute them to encryption appliances protecting the inter-site WAN links.

In March 2026, a nation-state threat actor group designated PHOTON SPECTER targets SNB's QKD network. The attack is a sophisticated multi-phase operation combining physical fiber access with classical channel exploitation. PHOTON SPECTER's objective is to silently extract quantum-generated encryption keys to enable future decryption of SNB's inter-site financial communications, including high-frequency trading signals and interbank settlement data.

Attack Flow¶

graph TD
    A[Phase 1: Fiber Route Reconnaissance<br/>Identify accessible fiber segments] --> B[Phase 2: Fiber Tap Installation<br/>Beam splitter on DC-Alpha to Trading-1 link]
    B --> C[Phase 3: Photon Number Splitting<br/>Intercept multi-photon pulses]
    C --> D[Phase 4: Classical Channel Compromise<br/>MITM on authentication channel]
    D --> E[Phase 5: Basis Information Extraction<br/>Correlate intercepted photons with bases]
    E --> F[Phase 6: Key Reconstruction<br/>Partial key recovery from PNS attack]
    F --> G[Phase 7: Detection<br/>QBER anomaly + photon statistics shift]
    G --> H[Phase 8: Response<br/>Decoy-state upgrade + PQC hybrid fallback]

Phase Details¶

Phase 1: Fiber Route Reconnaissance¶

ATT&CK Technique: T1040 (Network Sniffing)

PHOTON SPECTER conducts extensive physical reconnaissance of SNB's fiber routes. Using publicly filed right-of-way permits, utility corridor maps, and aerial surveys, the attacker identifies the fiber path between DC-Alpha and Trading-1 (a 34-kilometer link running through metropolitan underground conduit). The attacker identifies a maintenance access point in a telecommunications vault approximately 12 kilometers from DC-Alpha where the fiber can be physically accessed.

# Simulated fiber route analysis (educational only)
QKD Network Topology — Sentinel National Bank
===============================================
Link ID    | Endpoints                  | Distance | Fiber Type  | Status
QKD-Link-1 | DC-Alpha ↔ DC-Bravo       | 48 km    | SMF-28e+    | Active
QKD-Link-2 | DC-Alpha ↔ Trading-1      | 34 km    | SMF-28e+    | Active ← TARGET
QKD-Link-3 | DC-Alpha ↔ Trading-2      | 27 km    | SMF-28e+    | Active
QKD-Link-4 | DC-Bravo ↔ Trading-2      | 18 km    | SMF-28e+    | Active

Target: QKD-Link-2 (DC-Alpha to Trading-1)
Access point: Telecom vault at km 12.3 (utility corridor junction)
Fiber pair: strands 7-8 (QKD quantum channel) + strands 9-10 (classical channel)

# Physical access assessment
Vault security: Standard telecom lock (no alarm system)
Monitoring: None (3rd-party utility corridor)
Access window: 02:00-05:00 local (minimal foot traffic)

Phase 2: Fiber Tap Installation¶

ATT&CK Technique: T1557 (Adversary-in-the-Middle)

PHOTON SPECTER installs a precision beam splitter on the quantum channel fiber at the identified access point. The beam splitter diverts approximately 10% of the optical signal to the attacker's photon detector while allowing 90% to continue to the legitimate receiver. The attacker also installs a classical optical tap on the parallel authentication channel fiber.

The key challenge is that any fiber manipulation introduces measurable loss, which the QKD system can detect. PHOTON SPECTER uses an ultra-low-loss beam splitter (0.5 dB insertion loss) and compensates by splicing in a short segment of lower-loss fiber to partially offset the additional attenuation.

# Simulated fiber tap parameters (educational only)
Fiber Tap Installation Report — QKD-Link-2 (km 12.3)
=====================================================
Component                    | Specification
Beam splitter ratio          | 90:10 (90% pass-through, 10% to attacker)
Beam splitter insertion loss | 0.46 dB
Splice loss (entry)          | 0.08 dB
Splice loss (exit)           | 0.07 dB
Total added loss             | 0.61 dB
Compensating fiber segment   | 200m ultra-low-loss SMF (saves 0.04 dB)
Net detectable loss change   | 0.57 dB

Pre-tap link loss (total)    | 7.82 dB (34 km × 0.23 dB/km)
Post-tap link loss (total)   | 8.39 dB
Loss budget margin           | 2.61 dB remaining (budget: 11 dB)

Classical channel tap         | Passive coupler, 99:1 ratio
Classical tap loss            | 0.05 dB (within noise floor)

# Attacker equipment at vault:
# - InGaAs single-photon detector (cooled to -40°C)
# - Time-correlated single-photon counting (TCSPC) module
# - Classical channel optical receiver
# - Battery-backed data acquisition system (72-hour runtime)
# - Encrypted cellular uplink to 203.0.113.55 for data exfiltration

Phase 3: Photon Number Splitting Attack¶

ATT&CK Technique: T1040 (Network Sniffing)

PHOTON SPECTER exploits a fundamental weakness in practical BB84 implementations: the Alice transmitter uses attenuated laser pulses rather than true single-photon sources. This means some pulses contain more than one photon (multi-photon pulses). The attacker performs a photon number splitting (PNS) attack, selectively intercepting and storing one photon from multi-photon pulses while allowing the remaining photon(s) to reach the legitimate receiver.

The key insight is that multi-photon pulses allow the attacker to measure one photon without disturbing the other, thereby learning the encoded bit value without introducing detectable quantum bit errors.

# Simulated PNS attack analysis (educational only)
BB84 Pulse Statistics — QKD-Link-2 (DC-Alpha Transmitter)
=========================================================
Mean photon number (μ): 0.48 (manufacturer default)
Pulse distribution (Poisson):
  0-photon (vacuum):  61.9% — No information
  1-photon (single):  29.7% — Secure against PNS
  2-photon (multi):    7.1% — VULNERABLE to PNS
  3+ photon (multi):   1.3% — VULNERABLE to PNS

Attack yield:
  Multi-photon pulses intercepted: ~8.4% of all pulses
  Successful PNS measurements: ~6.2% (detector efficiency 74%)
  Key bits recoverable: ~3.1% of raw key (after sifting)

# Over 18-day attack window:
  Total key bits generated: ~2.4 million
  Raw key bits per session: ~12,000
  PNS-compromised bits per session: ~370
  Total compromised key material: ~340 symmetric keys (256-bit)

# Critical: This attack works because μ = 0.48 is too high
# Decoy-state protocol would detect the photon statistics anomaly
# but SNB's QKD system does not implement decoy states

Phase 4: Classical Channel Compromise¶

ATT&CK Technique: T1557 (Adversary-in-the-Middle)

To complete the key recovery, PHOTON SPECTER must learn which measurement basis Alice used for each pulse. This information is exchanged over the classical authenticated channel during the basis reconciliation step of BB84. The attacker's passive tap on the classical channel captures this basis information in plaintext.

Additionally, PHOTON SPECTER discovers that the classical channel's authentication mechanism uses a pre-shared key (PSK) that is refreshed quarterly. The attacker compromises the key management server's remote administration interface at kms.dc-alpha.sentinel-bank.example.com through a vulnerability in the web management console.

# Simulated classical channel interception (educational only)
Classical Channel Capture — Basis Reconciliation
=================================================
[2026-03-22 14:00:01.234] ALICE → BOB: BASIS_ANNOUNCE
  Session: QKD-S-20260322-140000
  Pulse indices: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ...]
  Alice bases:   [H, V, H, D, D, H, V, D, H, V, ...]
  # H = Horizontal/Vertical basis
  # D = Diagonal basis (+45°/-45°)

[2026-03-22 14:00:01.456] BOB → ALICE: BASIS_MATCH
  Matching indices: [1, 3, 5, 7, 10, ...]
  # Bob announces which pulses he measured in the same basis
  # These become the sifted key

[2026-03-22 14:00:01.789] ALICE → BOB: ERROR_ESTIMATE
  Sample indices: [1, 7, 10, ...]
  Sample values: [0, 1, 1, ...]
  # Subset of sifted key disclosed for QBER estimation
  # Estimated QBER: 2.8% (below 11% threshold — session accepted)

# Attacker correlation:
# For each PNS-intercepted multi-photon pulse, the attacker now knows:
# 1. The bit value (from photon measurement)
# 2. Whether it was kept in the sifted key (from basis matching)
# 3. The basis used (from basis announcement)
# This allows partial reconstruction of the final quantum key

Phase 5: Basis Information Extraction¶

ATT&CK Technique: T1565 (Data Manipulation)

PHOTON SPECTER correlates the intercepted photon measurements from the PNS attack with the basis reconciliation data captured from the classical channel. For each multi-photon pulse where the attacker successfully split and measured a photon, the classical channel data reveals whether that pulse was kept in the sifted key and what basis was used.

# Simulated key reconstruction (educational only)
PNS Attack Key Reconstruction — Session QKD-S-20260322-140000
=============================================================
Step 1: PNS-intercepted pulses (multi-photon only)
  Pulse #   | Photons | Attacker measurement | Basis used
  47        | 2       | 1                    | H/V
  183       | 2       | 0                    | Diagonal
  291       | 3       | 1                    | H/V
  445       | 2       | 0                    | H/V
  ...

Step 2: Cross-reference with classical channel basis reconciliation
  Pulse 47:  Alice basis = H/V, Bob basis = H/V → MATCHED (in sifted key)
  Pulse 183: Alice basis = Diag, Bob basis = H/V → DISCARDED (basis mismatch)
  Pulse 291: Alice basis = H/V, Bob basis = H/V → MATCHED (in sifted key)
  Pulse 445: Alice basis = H/V, Bob basis = Diag → DISCARDED

Step 3: Recovered sifted key bits
  Position in sifted key | Value | Confidence
  23                     | 1     | HIGH (PNS + basis match)
  84                     | 1     | HIGH
  127                    | 0     | HIGH
  ...

# Recovery rate: ~3.1% of sifted key bits per session
# After privacy amplification: effective key compromise ~1.8%
# Over 18 days: sufficient material to attempt partial key recovery
# on approximately 340 out of 19,200 generated symmetric keys

Phase 6: Key Reconstruction¶

ATT&CK Technique: T1588.004 (Obtain Capabilities: Digital Certificates)

With partial knowledge of generated quantum keys, PHOTON SPECTER combines the PNS-derived key fragments with information from the compromised key management server to reconstruct usable encryption keys. The attacker accesses the KMS at kms.dc-alpha.sentinel-bank.example.com through a web console vulnerability and extracts key metadata including key identifiers, generation timestamps, and associated link encryption sessions.

# Simulated KMS compromise (educational only)
# Attacker accesses KMS web console via CVE in management interface
$ curl -k https://kms.dc-alpha.sentinel-bank.example.com:8443/api/v1/keys \
    -H "Authorization: Bearer REDACTED"

# KMS API response (synthetic — educational only)
{
  "link": "QKD-Link-2",
  "keys": [
    {
      "key_id": "QK-L2-20260322-0001",
      "generated": "2026-03-22T14:00:02Z",
      "algorithm": "AES-256-GCM",
      "status": "ACTIVE",
      "link_session": "WAN-ENC-L2-20260322-140002",
      "bits_from_qkd": 256,
      "privacy_amplification_ratio": 0.42
    },
    {
      "key_id": "QK-L2-20260322-0002",
      "generated": "2026-03-22T14:05:01Z",
      "algorithm": "AES-256-GCM",
      "status": "ACTIVE",
      "link_session": "WAN-ENC-L2-20260322-140501",
      "bits_from_qkd": 256,
      "privacy_amplification_ratio": 0.41
    }
  ],
  "total_keys_generated_today": 1067
}

# Attacker strategy:
# 1. PNS provides ~1.8% of each quantum key's bits (after amplification)
# 2. KMS metadata identifies which quantum keys are assigned to which
#    WAN encryption sessions
# 3. Combined with traffic capture, this enables targeted partial
#    decryption attempts on high-value financial communications
# 4. Full key recovery is NOT possible from PNS alone — but partial
#    key knowledge significantly reduces brute-force complexity

Phase 7: Detection¶

The attack is detected on day 18 through two independent mechanisms:

Mechanism 1: QBER Statistical Anomaly — SNB's quantum security monitoring team performs weekly statistical analysis of quantum bit error rates (QBER) across all four QKD links. Analyst David Park notices that QKD-Link-2's QBER has shown a subtle but statistically significant upward trend — from a baseline of 1.8% to 2.8% — over the past 18 days. While still below the 11% abort threshold, the trend is inconsistent with the link's historical noise profile.

Mechanism 2: Photon Counting Statistics Shift — A deeper analysis reveals that the photon counting statistics at the Bob receiver on QKD-Link-2 have shifted. The ratio of detected single-photon to multi-photon events has changed in a way consistent with selective interception of multi-photon pulses — the signature of a PNS attack.

# Simulated QBER analysis (educational only)
QKD Link Performance Report — Weekly Review
============================================
Link       | QBER (baseline) | QBER (current) | Trend      | Status
QKD-Link-1 | 1.6%           | 1.7%           | Stable     | NORMAL
QKD-Link-2 | 1.8%           | 2.8%           | Rising ↑   | INVESTIGATE ←
QKD-Link-3 | 2.1%           | 2.0%           | Stable     | NORMAL
QKD-Link-4 | 1.4%           | 1.5%           | Stable     | NORMAL

# Detailed QBER trend — QKD-Link-2
Day | QBER  | Delta from baseline
1   | 1.82% | +0.02%
3   | 1.89% | +0.09%
5   | 1.97% | +0.17%
8   | 2.14% | +0.34%
11  | 2.41% | +0.61%
14  | 2.58% | +0.78%
18  | 2.81% | +1.01%   ← Statistical significance: p < 0.001

# Photon counting statistics shift
Metric                        | Expected | Measured | Delta
Multi-photon detection rate   | 8.4%     | 6.1%     | -2.3%  ← PNS signature
Single-photon detection rate  | 29.7%    | 29.4%    | -0.3%  (within noise)
Vacuum (no detection)         | 61.9%    | 64.5%    | +2.6%  ← Compensating shift

# The reduction in multi-photon detection with stable single-photon
# rate is pathognomonic for a photon number splitting attack

Phase 8: Response¶

Upon confirming a PNS attack on QKD-Link-2, SNB activates its Quantum Communications Incident Response Plan:

Immediate Actions (0-4 hours):

QKD-Link-2 suspended — All quantum key generation on the compromised link halted
Key revocation — All 340 potentially compromised keys generated during the 18-day window revoked and replaced with keys from the uncompromised links
PQC hybrid fallback — Inter-site encryption between DC-Alpha and Trading-1 switches to hybrid post-quantum cryptography (ML-KEM-1024 + X25519) as interim protection
Fiber integrity investigation — Physical inspection team dispatched to survey the QKD-Link-2 fiber route

# Simulated incident response timeline (educational only)
[2026-04-08 09:00:00 UTC] ALERT: Quantum Security Team — PNS attack confirmed
[2026-04-08 09:15:00 UTC] ACTION: QKD-Link-2 SUSPENDED
  Alice unit (DC-Alpha): Laser disabled
  Bob unit (Trading-1): Detector gated off
  Key generation: HALTED

[2026-04-08 09:20:00 UTC] ACTION: Key revocation initiated
  Keys generated: 2026-03-21 to 2026-04-08 on QKD-Link-2
  Total keys revoked: 340
  Replacement source: QKD-Link-1 and QKD-Link-3 (verified clean)
  WAN encryption re-keyed: 340 sessions

[2026-04-08 09:30:00 UTC] ACTION: PQC hybrid fallback activated
  Link: DC-Alpha ↔ Trading-1
  Algorithm: ML-KEM-1024 (FIPS 203) + X25519 (hybrid)
  Implementation: QuantumShield PQC-Bridge v2.1
  Status: ACTIVE — encrypted traffic flowing

[2026-04-08 10:00:00 UTC] ACTION: Fiber inspection dispatched
  Team: Physical Security + Fiber Engineering (4 personnel)
  Route: DC-Alpha to Trading-1 (34 km, 12 access points)
  Priority: All utility vault access points
  Estimated completion: 8 hours

Fiber Inspection Results (4-12 hours):

# Simulated fiber inspection report (educational only)
Fiber Inspection Report — QKD-Link-2
=====================================
Access Point 7 (km 12.3 — Utility Vault Junction)
  Finding: UNAUTHORIZED FIBER MODIFICATION DETECTED
  Description:
    - Precision beam splitter installed on strands 7-8 (quantum channel)
    - Passive coupler installed on strands 9-10 (classical channel)
    - 200m segment of non-standard fiber spliced in (loss compensation)
    - Battery-backed data acquisition unit in vault (serial: removed)
    - Cellular uplink antenna (connected to 203.0.113.55)
  Evidence collection:
    - Beam splitter preserved for forensic analysis
    - Data acquisition unit imaged (encrypted — analysis pending)
    - Fingerprint and DNA sampling of equipment surfaces
    - Vault access records subpoenaed from utility provider
  Fiber restoration:
    - Unauthorized components removed
    - Original fiber re-spliced (loss restored to 7.84 dB)
    - OTDR verification: clean trace, no additional anomalies

Recovery (1-4 weeks):

QKD-Link-2 upgraded to decoy-state BB84 protocol (3-intensity decoy states)
Mean photon number reduced from 0.48 to 0.35 across all links
Fiber route diversification: secondary fiber path installed for QKD-Link-2
Continuous OTDR monitoring deployed on all QKD fiber routes
Quantum random number generator (QRNG) added for classical channel authentication key refresh
PQC hybrid mode maintained as permanent secondary layer alongside QKD

Detection Opportunities¶

Quantum Channel Monitoring¶

Detection Point	Method	Indicator
QBER trend analysis	Statistical process control	QBER increasing beyond historical baseline
Photon counting statistics	Chi-squared test on detection rates	Shift in multi-photon vs. single-photon ratio
Link loss monitoring	Continuous OTDR	Loss increase exceeding 0.3 dB from baseline
Key generation rate	Rate anomaly detection	Decrease in sifted key rate without known cause
Timing jitter analysis	Photon arrival time statistics	Additional jitter from inserted optical components

Fiber Physical Integrity Monitoring¶

# Educational example: OTDR-based fiber tap detection
from dataclasses import dataclass

@dataclass
class OTDRTrace:
    distance_km: list[float]
    loss_db: list[float]
    timestamp: str

def detect_fiber_tap(current: OTDRTrace,
                     baseline: OTDRTrace,
                     loss_threshold_db: float = 0.3,
                     reflection_threshold_db: float = -55.0) -> list[dict]:
    """Compare OTDR traces to detect fiber taps or splices."""
    anomalies = []

    for i in range(len(current.distance_km)):
        loss_delta = current.loss_db[i] - baseline.loss_db[i]

        if abs(loss_delta) > loss_threshold_db:
            anomalies.append({
                'type': 'LOSS_ANOMALY',
                'distance_km': current.distance_km[i],
                'current_loss_db': current.loss_db[i],
                'baseline_loss_db': baseline.loss_db[i],
                'delta_db': round(loss_delta, 3),
                'timestamp': current.timestamp,
                'assessment': 'Possible fiber tap or unauthorized splice'
            })

    return anomalies

# Example usage (synthetic data only)
# anomalies = detect_fiber_tap(current_trace, baseline_trace)
# if anomalies: trigger_alert("FIBER_INTEGRITY_VIOLATION", anomalies)

Key Management Server Monitoring¶

# KQL — Detect QKD key management anomalies (educational)
QKDKeyManagementLog
| where TimeGenerated > ago(24h)
| where LinkID == "QKD-Link-2"
| extend KeyAge = datetime_diff('hour', now(), KeyGeneratedTime)
| summarize
    AvgQBER = avg(SessionQBER),
    MaxQBER = max(SessionQBER),
    KeysGenerated = count(),
    AvgMultiPhotonRate = avg(MultiPhotonDetectionRate)
  by bin(TimeGenerated, 1h)
| where AvgQBER > 2.5  // Above historical baseline
    or AvgMultiPhotonRate < 0.065  // Below expected 8.4%
| project TimeGenerated, AvgQBER, MaxQBER,
          KeysGenerated, AvgMultiPhotonRate

Lessons Learned¶

Key Takeaways

Practical QKD implementations have known vulnerabilities — The gap between theoretical BB84 security (perfect single-photon sources) and practical implementations (attenuated lasers with multi-photon pulses) creates exploitable attack surfaces. Decoy-state protocols are essential to close this gap.
Photon number splitting attacks are physically realizable — PNS attacks are not theoretical curiosities; they require only commercially available photon detectors and precision optical components. Any QKD deployment with mean photon number above 0.1 without decoy states is vulnerable.
Classical channel security is equally critical — The classical authenticated channel carries basis reconciliation data that is essential for key recovery. Compromising the classical channel transforms a partial quantum attack into a full key recovery attack. The classical channel must use information-theoretically secure authentication.
Physical fiber security is the foundation of quantum security — QKD's security guarantee assumes the attacker can only interact with photons in transit. If the attacker can install persistent fiber taps with low-loss beam splitters, they gain repeated access to multi-photon pulses. Continuous OTDR monitoring and fiber route security are non-negotiable.
QBER monitoring must use statistical trend analysis, not just thresholds — A simple QBER threshold (e.g., abort at 11%) will not detect sophisticated PNS attacks that keep QBER below the threshold. Continuous statistical process control on QBER trends and photon counting statistics is required.
PQC hybrid mode provides defense in depth — Maintaining post-quantum cryptographic (PQC) algorithms alongside QKD ensures that a QKD compromise does not result in complete loss of confidentiality. Hybrid QKD+PQC is the recommended architecture until QKD implementations mature.

MITRE ATT&CK Mapping¶

Technique ID	Technique Name	Phase
T1557	Adversary-in-the-Middle	Initial Access / Collection
T1040	Network Sniffing	Collection
T1565	Data Manipulation	Impact
T1078	Valid Accounts	Credential Access
T1588.004	Obtain Capabilities: Digital Certificates	Resource Development