Secure quantum-enhanced measurements on a network of sensors
Authors:
Sean William Moore,
Jacob Andrew Dunningham
Abstract:
Two-party secure quantum remote sensing (SQRS) protocols enable quantum-enhanced measurements at remote locations with guaranteed security against eavesdroppers. This idea can be scaled up to networks of nodes where one party can directly measure functions of parameters at the different nodes using entangled states. However, the security on such networks decreases exponentially with the number of…
▽ More
Two-party secure quantum remote sensing (SQRS) protocols enable quantum-enhanced measurements at remote locations with guaranteed security against eavesdroppers. This idea can be scaled up to networks of nodes where one party can directly measure functions of parameters at the different nodes using entangled states. However, the security on such networks decreases exponentially with the number of nodes. Here we show how this problem can be overcome in a hybrid protocol that utilises both entangled and separable states to achieve quantum-enhanced measurement precision and security on networks of any size.
△ Less
Submitted 27 June, 2024;
originally announced June 2024.
Secure Quantum Remote Sensing Without Entanglement
Authors:
Sean William Moore,
Jacob Andrew Dunningham
Abstract:
Quantum metrology and quantum communications are typically considered as distinct applications in the broader portfolio of quantum technologies. However, there are cases where we might want to combine the two and recent proposals have shown how this might be achieved in entanglement-based systems. Here we present an entanglement-free alternative that has advantages in terms of simplicity and pract…
▽ More
Quantum metrology and quantum communications are typically considered as distinct applications in the broader portfolio of quantum technologies. However, there are cases where we might want to combine the two and recent proposals have shown how this might be achieved in entanglement-based systems. Here we present an entanglement-free alternative that has advantages in terms of simplicity and practicality, requiring only individual qubits to be transmitted. We demonstrate the performance of the scheme in both the low and high data limits, showing quantum advantages both in terms of measurement precision and security against a range of possible attacks.
△ Less
Submitted 7 February, 2023;
originally announced February 2023.
CompartOS: CHERI Compartmentalization for Embedded Systems
Authors:
Hesham Almatary,
Michael Dodson,
Jessica Clarke,
Peter Rugg,
Ivan Gomes,
Michal Podhradsky,
Peter G. Neumann,
Simon W. Moore,
Robert N. M. Watson
Abstract:
Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing state-of-the-art embedded hardware-software solutions do not work well to enforce software compartmentalization for high-end embedded systems. MPUs are not fine-grained a…
▽ More
Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing state-of-the-art embedded hardware-software solutions do not work well to enforce software compartmentalization for high-end embedded systems. MPUs are not fine-grained and suffer from significant scalability limitations as they can only protect a small and fixed number of memory regions. On the other hand, MMUs suffer from non-determinism and coarse-grained protection. This paper introduces CompartOS as a lightweight linkage-based compartmentalization model for high-end, complex, mainstream embedded systems. CompartOS builds on CHERI, a capability-based hardware architecture, to meet scalability, availability, compatibility, and fine-grained security goals. Microbenchmarks show that CompartOS' protection-domain crossing is 95% faster than MPU-based IPC. We applied the CompartOS model, with low effort, to complex existing systems, including TCP servers and a safety-critical automotive demo. CompartOS not only catches 10 out of 13 FreeRTOS-TCP published vulnerabilities that MPU-based protection (e.g., uVisor) cannot catch but can also recover from them. Further, our TCP throughput evaluations show that our CompartOS prototype is 52% faster than relevant MPU-based compartmentalization models (e.g., ACES), with a 15% overhead compared to an unprotected system. This comes at an FPGA's LUTs overhead of 10.4% to support CHERI for an unprotected baseline RISC-V processor, compared to 7.6% to support MPU, while CHERI only incurs 1.3% of the registers area overhead compared to 2% for MPU.
△ Less
Submitted 11 June, 2022; v1 submitted 6 June, 2022;
originally announced June 2022.