Quantum Inf Process

DOI 10.1007/s11128-015-1129-3

Towards secure quantum key distribution protocol for

wireless LANs: a hybrid approach

R. Lalu Naik1 · P. Chenna Reddy2

Received: 11 December 2014 / Accepted: 18 September 2015

© Springer Science+Business Media New York 2015

Abstract The primary goals of security such as authentication, confidentiality,

integrity and non-repudiation in communication networks can be achieved with secure
key distribution. Quantum mechanisms are highly secure means of distributing secret
keys as they are unconditionally secure. Quantum key distribution protocols can effec-
tively prevent various attacks in the quantum channel, while classical cryptography is
efficient in authentication and verification of secret keys. By combining both quantum
cryptography and classical cryptography, security of communications over networks
can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic par-
adigms for provably secure communications to prevent replay, man-in-the-middle,
and passive attacks. In this paper, we propose a new scheme with the combination of
quantum cryptography and classical cryptography for 802.11i wireless LANs. Since
quantum cryptography is premature in wireless networks, our work is a significant
step forward toward securing communications in wireless networks. Our scheme is
known as hybrid quantum key distribution protocol. Our analytical results revealed
that the proposed scheme is provably secure for wireless networks.

Keywords Quantum cryptography · Superposition states · Wireless networks ·

Active attacks · Passive attacks

B R. Lalu Naik
rlalunaikphd@gmail.com; rlalunaik519@gmail.com
P. Chenna Reddy
Pchennareddy511@gmail.com

1 Tirumala Engineering College, Guntur, India

2 JNTUA College of Engineering, Pulivendula, India

123
 R. L. Naik, P. C. Reddy

1 Introduction

Wireless local area networks (WLANs) have become ubiquitous as they are easy to
install, flexible, scalable, have mobility, and can reduce the cost of ownership. WLAN
needs access points (APs) and network interface cards (NICs) besides mobile devices.
Communication technologies used in WLANs include spread-spectrum and OFDM.
Due to mobility and the resource-constrained nature of the devices, the network is
vulnerable to various attacks such as denial-of-service (DOS) attack, spoofing, ses-
sion hijacking, and eavesdropping. Adversaries can generate radio interference over
WLANs with ease as the network exhibits relatively low bit rates. As there are no
strong authentication mechanisms in IEEE 802.11 network, attackers might spoof
MAC address and hijack sessions. In case of eavesdropping, an attacker can intercept
the data being transmitted over the air from a nearby place. These security vulnerabili-
ties are due to the drawbacks of Wi-Fi Protected Access II (WPA2) protocol, which has
no forgery protection, no protection against replays and reuse of initialization vectors.
Therefore, WLANs need to be protected from all the possible attacks.
WLANs are to be secured using security mechanisms such as authentication, con-
fidentiality, integrity, and non-repudiation. The existing solutions are of two types,
namely classical cryptography and quantum cryptography. Again, classical cryptosys-
tems are divided into symmetric and asymmetric models. The security of public-key
cryptosystems depends on the computational complexity. There is no guarantee that the
security of it cannot be broken. A relatively new alternative is quantum key cryptogra-
phy, which is based on quantum mechanics that makes key distribution unconditionally
secure. Therefore, QKDPs can prevent various attacks in the quantum channel, while
classical cryptography is efficient in authentication and verification of secret keys.
In classical cryptography, time stamps1 [1–3] and challenge response mechanisms
[3–7] are used. These mechanisms are especially used in three-party key distribution
protocols as explored in [1–5].
Classical cryptography suffers from the following problems:
• Minimum of two communication rounds is necessary when they use challenge
response mechanisms.
• The assumption of clock synchronization is required when they use time stamps
for key distribution which is not suitable in the presence of possible attacks and
unpredictable delays.
• Moreover, classical cryptography cannot detect passive attacks like eavesdropping.
With the usage of quantum cryptography, passive attacks and eavesdropping can be
eliminated. There are many existing QKDPs. Uncertainty of quantum measurement2
was employed by Bennett and Brassard [8] along with four qubit states in order to
distribute session key between two parties in a secure fashion. Later Bennett [9] used
only two qubits of non-orthogonal in nature in order to achieve the same. A trusted

1 Key distribution protocols with time stamps stop replays of compromised keys. The time stamps have
the further advantage of replacing a four step handshake.
2 Allow Alice and Bob be the two participants in a quantum channel, where Alice is the sender of qubits
and Bob is the receiver of qubits. The horizontal polarizations and the vertical polarizations (defined in
Sect. 6.2) are required to create or calculate qubits.

123
Toward secure quantum key distribution protocol for...

center (TC) is not used for establishing a session key between legitimate parties as
they assume authenticated participants. When the assumption is released these systems
are vulnerable to man-in-the-middle attacks. Rephrasing secret key by participants is
required in the modified quantum key cryptography proposed by [10]. In [11] the
concept of pre-sharing a secret key with a three-party QKDP was explored.
All QKDPs mentioned above are based on either security proof or theoretical design
or physical implementation. However, they are not tailored for WLANs. In this paper,
we proposed a hybrid protocol named HQKDP which makes use of both classical
and quantum cryptographies to ensure secure key distribution and communications in
802.11 WLANs. Our contributions in this paper are as follows.
1. We proposed a QKD protocol named HQKDP that integrates traditional and quan-
tum cryptographies.
2. We explored handshake and quantum handshake for 802.11i WLANs.
3. We explored on the application of proposed HQKDP to 802.11i WLANs.
The rest of the paper is structured as follows. Section 2 reviews the literature per-
taining to classical cryptography, quantum cryptography and so on. Section 3 focuses
on motivating scenario and the threat model. Section 4 throws light into preliminaries
such as classical cryptography, quantum cryptography, and motivation toward a hybrid
approach and applying it to the WLAN. Section 5 integrates HQKDP with 802.11i. In
Sect. 6, HQKDP model using superposition states is presented.

2 Related works

This section reviews literature on cryptographic methods. In classical cryptography,

many researchers studied the security aspects of communication networks [1–7]. The
classical cryptography made use of mechanisms like a challenge and response and
time stamps in order to secure communication networks. However, they have certain
drawbacks. For instance, more rounds of communication are required with challenge
and response mechanisms and clock synchronization is the problem which is not a
practical solution in case of time stamps. Moreover, these classical cryptosystems are
not able to prevent passive attacks like eavesdropping. The public-key cryptography
is secure. However, its security depends on the computational complexity which may
be broken in the future with high performance systems. To overcome this problem,
quantum cryptography came into existence which is based on the quantum physics. Its
quantum channel is unconditionally secure. Many quantum key distribution (QKD)3
came into existence with [8–11,17–22,25,26,28]. These security mechanisms are able
to avoid replay attacks, detect eavesdropping, and prevent man-in-the-middle attacks.
Huang and Sharma [14] studied the possibilities of applying quantum key cryptog-
raphy to WLANs. In particular, this researcher investigated two phases of quantum
key distribution (QKD) in various kinds of wireless networks such as Wi-Fi (IEEE
802.11 standard). The two phases they investigated include raw key extraction and
error estimation. Mink et al. [15] explored various QKD methods which are based

3 QKD uses quantum mechanics to promise safe message through by quantum superposition states (defined
in Sects. 4.1, 4.2 and 6.2) [8–11,17–20,25–28].

123
 R. L. Naik, P. C. Reddy

Fig. 1 A typical WLAN scenario

on quantum physics. Ahmed et al., explored quantum cryptography in wireless sensor

networks (WSNs). In particular, they focused on using reversible quantum logic gates.
These researchers used EPR-pair allocation scheme in order to address the problem
of susceptibility caused by compromised nodes in WSNs.
Mendonça and Ramos combined the concepts of physical encryption and parallel
quantum key distribution for secure key distribution. Thayananthan and Alzahrani [16]
also applied quantum cryptography and key management to WSNs. These researchers
proposed an enhanced version of quantum cryptography and key management for
WSNs. Kuhn used classical resources and quantum cryptography for securing com-
munications with the help of authentication and authorization.

3 Motivating scenario

Here, we describe the motivating scenarios pertaining to security problems in wireless

LANs in key distribution and the need for a new scheme for key distribution. This
subsection provides the system model with theoretical description. It provides details
about a typical WLAN scenario and communication technologies in WLAN such as
spread-spectrum and OFDM.

3.1 Typical WLAN scenario

This subsection provides a WLAN scenario. The aim of this section is to describe how
the WLANs are vulnerable to attacks and window of possibilities for various attacks
and the need for protecting WLANs. A typical WLAN is presented in Fig. 1. The
network is presented with devices such as an AP (1), mobile phone (2), WLAN USB
Adapter (3), Wi-Fi Printer (4), WLAN PCMCIA card (5), personal digital assistant
(PDA) (6), Notebook (7), PC or Mac (8). All these devices are connected to WLAN
network through AP.
The devices communicate over network using radio waves. In spite of the many
advantages of WLAN, the wireless nature of the network causes security threats such

123
Toward secure quantum key distribution protocol for...

as DOS, spoofing, session hijacking, eavesdropping, and replay attacks. There are
other possible attacks such as cloning. When an intruder is able to flood messages
that cause problems to the availability of resources over the network, it is known as
a DOS attack. Overwhelming the relatively low bit rate WLAN can be easily made
by the adversaries. As the IEEE 802.11 network does not authenticate source address,
adversaries can spoof MAC addresses and hijack the session with ease. More common
attack on WLAN is eavesdropping in which adversaries can disrupt the confidentiality
of the network by passively intercepting the messages being transferred over the air.
Cloning attack is made by making a clone of one of the nodes in the WLAN and
taking advantage through it by hackers. Replay attack is another kind of attack in
which adversary fraudulently repeats a valid data transmission to overrule encryption
kind of techniques. Since the WLAN is being used by officers in many companies and
its ubiquitous nature, prevention of such attacks is to be given paramount importance.

3.2 Communication technologies of WLANs

This section describes two different types of underlying communication technologies

of WLANs.

3.2.1 Spread-spectrum

It is a technique that enables signal transmission of bandwidth which is larger than the
original information’s frequency content. This technique has many advantages such as
avoiding interception, privacy of transmission, resistance to fading, accurately finding
a low power position, and improved multiple access schemes. This technique is known
as code division multiple access (CDMA).

3.2.2 OFDM Radio

OFDM is an emerging communication technology for WLAN which supports high

data rates. Many technologies such as DVB, LTE, WiMax, and IEEE 802.11a have
already adopted OFDM for wireless communications which is a form of multicarrier
transmission. OFDM is best used to transform a frequency-selective wideband channel
into multiple narrow-band channels of non-selective in nature. This makes OFDM a
robust technology against large delays. Nevertheless, OFDM has its own weaknesses
as it does not focus on channel diversity, change to experience deep fade which leads
to performance issues [13].

4 Preliminaries

This section throws light into the preliminaries that are required to understand the
proposed security architecture with ease.

123
 R. L. Naik, P. C. Reddy

4.1 Classical cryptography

Classical cryptography has been around for many years. Basically, it is of two types,
namely private-key cryptography or symmetric cryptography and public-key cryp-
tography or asymmetric cryptography. There is key sharing problem in private-key
cryptography, while the strength of public-key cryptography depends on its computa-
tional complexity. The three-party key distribution protocols that came into existence
provide more secure communication over networks. The three-party key distribution
protocols utilize time stamps and challenge response mechanisms in order to prevent
replay attacks. The drawbacks of classical cryptography include that when they use
challenge response mechanisms they use more communication rounds. When they
use time stamps, they invite the problem of clock synchronization as it is not a prac-
tical solution in the real world. Moreover, the classical cryptographic methods cannot
detect passive attacks like eavesdropping. To overcome these drawbacks, quantum
cryptography came into existence.

4.2 Quantum cryptography

Quantum cryptography is based on quantum mechanics which is unconditionally

secure. The quantum channel eliminates attacks such as replay and eavesdropping.
By using this, it is possible to reduce the number of rounds of communication when
compared with classical cryptography that uses challenge response mechanisms. There
are many existing quantum key distribution protocols (QKDPs) [1–5] that make use of
quantum physics in order to distribute public discussions and session keys in provably
secure fashion. More information on the practical usage of quantum cryptography can
be found in Sect. 5.

4.3 Motivation to hybrid approach

This paper is aimed at exploring unconditionally secure communications in WLANs.

Recently, Hwang et al. [12] exploited both cryptographic paradigms such as classical
cryptography and quantum cryptography for provably secure communications to pre-
vent replay, man-in-the-middle, and passive attacks. Motivated by this, in this paper,
we are integrating classical cryptography and quantum key cryptography and apply
the proposed scheme for a WLAN.

4.4 Why to apply to WLAN?

Since WLAN is vulnerable to various attacks, the proposed scheme when applied
to WLAN can provide unconditionally secure communication. The proposed scheme
leverages the efficiency of classical cryptography in terms of authentication and verifi-
cation, unconditionally secure nature of quantum key cryptography and the lightweight
nature of zero knowledge protocol in order to provide highly secure communications
over 802.11i WLAN.

123
Toward secure quantum key distribution protocol for...

Fig. 2 Keys required for quantum handshake

4.5 USB assumption

Based on the no-cloning theorem originally proposed by Waters and Zurek [23],
Hwang, Lee, and Li proposed USB assumption which assumes that the probabil-
ity of identification of the polarization basis of a quantum state is negligible; this helps
in the security proof of QKDP. In this paper, we fast it is suitable for security proof of
our HQKDP.

5 Integrating HQKDP with 802.11i

The purpose of the integration is to make use of unconditionally secure quantum

key distribution protocol named HQKDP proposed in this paper. As the quantum
cryptography is used for secure key transmission, but not for actual encryption, it
is understandable that the four-way handshake process needs to be altered so as to
integrate our protocol with 802.11i standard. At the same time, the HQKDP is also
tailored to take part in the quantum four-way handshake.
As can be seen in Fig. 2, the PMK is used to derive KCK, while quantum pair
wise transient key is derived from the HQKDP. In turn from Q-PTK, the KEK and
TK are derived. These keys are used in the quantum handshake. Instead of using
a traditional BB84 protocol, which is vulnerable to man-in-the-middle attack, the
proposed HQKDP is used for secure key transmission. A step-by-step change to four-
way handshake process of 802.11i standard has been studied and presented in Fig. 3.
The quantum handshake is adopted from [24] and altered to incorporate the pro-
posed HQKDP. As presented in Fig. 3, there is a secure handshake mechanism between
mobile client and access point with respect to 802.11i WLAN. The first two messages
of the quantum handshake are exchanged between the authenticator and mobile client.
Afterward, the proposed protocol comes into picture. As per the tailored HQKDP, the
steps are carried out. Then, the last two messages exchanged between the two par-
ties complete the quantum handshake. The QKD process ensures that there is secure
transmission of keys between the two roles Alice and Bob or, in other words, authen-
ticator and mobile terminals. The role of these two is interchangeable. The quantum

123
 R. L. Naik, P. C. Reddy

Fig. 3 Illustrates quantum handshake

handshake is the attempt made to integrate HQKDP with 802.11i WLAN. This we
thought is possible in the real world as the authentication process of 802.11i is flexi-
ble. As WLANs operate in a limited geographical area, the proposed protocol can be
adapted to wireless LANs. The three important components such as mobile terminal,
authenticator ,and authentication server described earlier in this paper can be mapped
to the architecture proposed for HQKDP. However, more effort is required in order
to have seamless integration between the proposed protocol and 802.11i standard. An
empirical study in the future can achieve this goal.

6 Construction of HQKDP model using superposition states

This section provides insights into the proposed protocol.

6.1 Notations

See Table 1.

6.2 Quantum superposition states

The proposed protocol makes use of quantum superposition states. This section throws
light into this. As presented in Fig. 4, for the purpose of measuring and encoding
sequence of polarized photons, horizontal–vertical polarization base is used. Both
horizontally and vertically polarized photons can be represented as logic zero, |0 =
(1 0)T and one, |1 = (0 1)T respectively.

123
Toward secure quantum key distribution protocol for...

Table 1 Notations used in

Notation Description
protocol description
θj Rotation angle of photon
|ψ0  Encrypted qubit
Ui Participant
TC Trusted center
K Secret key shared between WLAN and participants
K 1,T Secret key shared between TC and Alice
K 2,T Secret key shared between TC and Bob
EK Encrypted with secret key
Dk Decryption with secret key
h(.) One way hash function
HQKDP Hybrid quantum key distribution protocol
HAQKDP Hybrid authentication quantum key distribution protocol
CKDP Classical key distribution protocol
AQKD Authentication quantum key distribution

Fig. 4 Horizontal and vertical polarizations

When a sender has a message denoted as Sm , and the message has n classical bits,
the following can be used to represent the encoded qubit states.
 
Sm = |i 1  ⊗ |i 2  ⊗ · · · ⊗ |i j , where i j = 0 or 1, j = 1, 2, | . . . , n

Here, a tensor product is represented by ⊗. To avoid malicious user from eavesdrop-

ping transmitted photons, the rotation of polarization and superposition is used by
the sender. The polarization states used include vertically polarized and horizontally
polarized states (Fig. 5).
After an n-bit message is encoded into n photons, the polarization of each photon is
rotated by an angle θ j , which is chosen rotation randomly for each qubit. The rotation
operation can be represented using the Jones matrix as follows.

123
 R. L. Naik, P. C. Reddy

Fig. 5 Horizontal polarization and rotation angle θ

 
cos θ j sin θ j
R(θ j ) =
− sin θ j cos θ j

The data qubit |ψ0  with θs is encrypted by sender where θs is chosen randomly and
known (shared) to sender and receiver. The encryption process carried out using secret
key K and data Sm is as follows.
    
cos θs sin θs 1 cos θs
E k [Sm ] = R (θs ) .|0 = =
− sin θs cos θs 0 − sin θs
= cos θs .|0 − sin θs .|1 = |ψ1 

Once receiver gets superposition states from the sender, the receiver is supposed to
rotate the photon before measuring it. The rotation is performed in the opposite −θs
direction of that made by the sender. The decryption process is as follows.
 
cos(−θs ) sin(−θs )cosθs
R(−θs ).|ψ1  =
−sin(−θs ) cos(−θs )
−sinθs
   
cos2θ s + sin2θ s 1
= = = |0
sinθ s cosθ s −cosθ s sinθ s 0

Each polarized photon is subjected to this process. For a given n-bit message, a
sequence of rotation angles can form K (secret key) which is represented as follows.

 
K = θ j : 0 ≤ θ j <, π, j = 1, 2, 3 . . . n

The position of the message at which the process of encryption is applied with an
angle θ j is represented by the subscript. One of the pros of this kind of encryption or
decryption is that the decryption process need not be the reverse process at the receiver
end.

123
Toward secure quantum key distribution protocol for...

6.3 Architectural overview of HQKDP

6.3.1 Implicit authentication phase

Trusted third party (TTP) is involved in the implicit authentication process. The TTP
is also known as trusted center (TC). Once the TC gets notification for implicit authen-
tication, the following procedure will take place.
Step 1 Two random numbers are generated by TC and computes X and Y as follows.

X = h (K 1.T , r1 ) ⊗ (U1 ||U2 )

Y = h (K 2.T , r2 ) ⊗ (U2 ||U1 )

where r1 and r2 are random numbers and X and Y are computed values used further.
Then pre-shared key is issued to polarize and encrypt r1 ||r2 ||X . The result of the
operation is K 1.T which is sent to Alice through a secure quantum channel. In the
same fashion, the mechanism is applied to r2 ||r1 ||Y in order to obtain the result K 2.T
which is sent to Bob over secure quantum channel.
Step 2 The received qubits are decrypted and then measured by Alice. Alice then uses
K 1.T and r1 to compute a hash value to get values of U1 ||U2. Afterward, the values of
U1 and U2 are verified by Alice.
Step 3 The qubits received by Bob are decrypted and measured. Then hash value
is computed using K 2.T and r2 to get values for U2 ||U1 . Afterward, U1 and U2 are
verified by Bob.
Thus, the session is completed successfully, while implicit authentication is made
between Alice and Bob with the help of TC. Though TC sends two random numbers
to both parties in the beginning, only one value is used by the parties for explicit
authentication phase.

6.3.2 Key distribution phase

This phase is meant for establishing a secret key ‘K ’ between two parties such as
Alice and Bob. ‘K ’ should not be disclosed to others, including the trusted center.
Shamir’s three-pass protocol is used along with quantum superposition states for key
establishment. This is done due to vulnerability of classical Shamir’s protocol.
Without losing generality, in the following it can be assumed that X can be repre-
sented as Sm = |0 (i.e., n = 1 and i 1 = 0) in single photon-encoded format. Then,
key distribution is initiated by Alice. The procedure is as follows.
Step 1 First of all session keys K 1 = θ1 and K 2 = θ2 are generated by Alice and Bob,
respectively.
Step 2 The message Sm is encrypted by Alice using her session key, K 1 . The result of
this is as follows.
   
cosθ1 sinθ1 1
E K 1 [Sm ] : R(θ1 ).|0 = · = cosθ1 .|0 − sinθ 1 .|1 = |ψ1 
−sinθ1 cosθ1 0

123
 R. L. Naik, P. C. Reddy

Fig. 6 Authentication and key distribution phase

where E K 1 represents an encryption which is performed using K 1 . The resultant state

is known as superposition state. The resulting state denoted by |ψ1  is sent by Alice
to Bob.
Step 3 From the state |ψ1  sent photon is received by Bob and using K 2 for encrypting
the same.

E K 2 [E K 1 [Sm ]] : R(θ2 ) · |ψ1  = cos(θ2 + θ1 ). |0 − sin(θ2 + θ1 ).|1 = |ψ2 

Still, the resulting state is known as superposition state. That state is sent back by Bob
to Alice.
The resulting state |ψ2  is still a superposition state. Bob sends it back to Alice.
Step 4 On receiving it, Alice decrypts it and the resultant superposition state |ψ3  is
sent back to Bob. The decryption is done by the simple act of rotating it back with
certain angle, θ1 .

D K 1 [E K 2 [E K 1 [Sm ]]] = E K 2 [Sm ] : R(−θ1 ).|ψ2  = cosθ2 .|0 − sinθ2 .|1 = |ψ3 

where D K 1 represents the decryption process carried out using the session key K 1 .
Step 5 On receiving it, Bob decrypts it through the act of reading it back with certain
angle θ2 .
    
cos(−θ2 ) sin(−θ2 ) cosθ 2 1
D K 2 [E K 2 [Sm ]] : R(−θ2 ).|ψ3  = = = |0
−sin(−θ2 ) cos(−θ2 ) −sinθ 2 0

By this time, Bob has the original message denoted as Sm = |0. The authentication
and actual key distribution phases are presented in Fig. 6.
The summary of the steps is as follows.
• TC-> Alice: E k(1.T ) [r1 ||r2 ||X ] Where X = h(K 1.T , r1 ) ⊗ (U1 ||U2 ).
• TC-> Bob: E k(2.T ) [r2 ||r1 ||Y ], Where Y = h(K 2.T , r2 ) ⊗ (U2 ||U1 ).
• Alice: Dk(1.T ) [E k(1.T ) [r1 ||r2 ||X ]] and verifies U 1||U2 .
• Bob: Dk(2.T ) [E k(2.T ) [r2 ||r1 ||Y ]] and verifies U2 ||U1 .
• Alice: R(θ1 ).|ψ0  = R(θ1 ).|0 = |ψ1 
• Alice-> Bob:|ψ1  = cos θ1 . |0 − sin θ1 .| 1
• Bob: |ψ2  = R(θ2 ).|ψ1 
• Bob-> Alice: |ψ2  = cos(θ2 + θ1 ). |0 − sin(θ2 + θ1 ).|1
• Alice: |ψ3  = R(−θ1 ).|ψ2 
• Alice->Bob: |ψ3  = cos θ2 .|0 − sin θ2 .|1

123
Toward secure quantum key distribution protocol for...

• Bob: R(−θ2 ).|ψ3  = |0 = |ψ0 

Once the key distribution is completed, both Alice and Bob have the key ‘K.’

6.3.3 Explicit authentication phase

There are two steps to be followed for mutual authentication that is explicitly carried
out between the parties in the communication.
Step 1 Alice uses the shared key ‘K’ and random number r2 to encrypt and transmits the
result to Bob. Then Bob is responsible to decrypt it and get value r21 . The authentication
is said to be done positively if r21 = r2 .
Step 2 Bob uses the shared key ‘K’ and random number r1 for encrypting and sends
the result to Alice. Then Alice is responsible to decrypt in order to obtain value r11 .
Successful authentication of Bob to Alice is done if r11 = r1 . The explicit authentication
mechanism is presented in Fig. 6.

6.4 Security proof of HQKDP

We prove the security of the proposed HQKDP formally using the following theorem.
We consider an adversary who tries to break the security of HQKDP. When A succeeds
in breaking security of HQKDP, our protocol detects such event and breaks USB
assumption.
Theorem 1 HQKDP is the protocol presented in this paper. This protocol when
broken, adversaries get the CKDP security. Assume that the advantage of violating
authentication process in the protocol HQKDP includes QKDP and HQKDP. When
security of HQKDP is broken by the adversary in giving time after making qh Hash
queries qse Send queries and qini Initiate queries,

HQKDP HQKDP qh
advCKDP (A) ≤ 2.advCKDP () + where t 1 ≤ t + (qini + qh + qse )T _re;
2U
where Tre is denoted as the time required to replay a query.
If the adversaries might try to break CKDP, security of our protocol HQKDP in
given time period t, after qh Hash queries qse Send queries and qini Initiate queries,
then we have.

HQKDP HQKDP qh
advCKDP (A) ≤ 2.advCKDP () +
2u − 1

where t 1 ≤ t + (qini + qse + qh) T _re;

Proof The security of the proposed protocol is based on the security of HQKDP. For
instance, when attackers launch an attack on CKDP and are capable of breaking the
HQKDP security of CKDP, the attacker will be able to crack the CKDP security of
HQKDP. The same is described as follows.
In a given time t, let us assume that an adversary r1 breaks the security of HQKDP
and gets advantage advHQKDP (r1 ). The advantage gained by attacking 1 with this

123
 R. L. Naik, P. C. Reddy

event is denoted as advHQKDP (1 ). Successful attack does mean that the adversary
can gain access to seek after breaking the security of HQKDP. The adversary 1
executes r1 and gives responses to the queries about it. To say it differently, r1 is
queried from an adversary and then send to HQKDP and gets answers and send them
to r1 . Moreover, randomly generated qubits are also sent from 1 to r1 in order to
simulate the authentication process of HQKDP. It is to be kept in mind that if the test
query is revealed by 1 , the 1 can generate a hash query which is padded with 0
prior to returning the result to r1 .
If r1 makes a (Test;πUs ) query at some point, r1 will send a (Test;πUs ) query to
HQKDP. Afterward, 1 receives a u-bit random string to HQKDP. Once $ is received
from (Test;πUs ) query, a bit 0 is returned by r1 as output. In this case, 0 is not useful to
adversary 1 to break the CKDP security of the proposed protocol. The reason behind
this is that 0 is answered by r1 dishonestly. The hash table of r1 is looking out by the
adversary 1 instead of depending on 0 in order to verify the presence of query known
as hash query denoted as h(w, 0). The adversary r1 gives 1 as output when h(w, 0) is
found. When r1 is able to help breaking the security of the proposed protocol and get
the session key, the hash table of r1 should have h(w, 0).
Let δ be the probability that r1 makes the hash query, h(w, 0). We know that,
δ ≥ advHQKDP (A) since r1 may make the hash query, h(w, 0), but does not make
the (Test; πUs ) query. From the discussion made above, it can be understood that the
probability of adversary breaking CKDP security is similar to the probability of r1
making hash query. It is done purely by chance with security probability w = sk:
   
1 qh 1 qh
. adv HQKDP
(A) − ≤ . β− = advHQKDP (1 )
2 2u 2 2u

Considering that the time to relay a query is Tre , the time required for 1 is the time
required by A plus time of relaying queries. The same is represented as follows.

t 1 ≤ t + (qini + qse + qhl )Tre ;




6.5 HQKDP security

Consider that adversary r2 get the advantage advCKDP HQKDP (A2) to break the CKDP
security of HQKDP in the given time period. The gain of an attacker with successful
event in the given time t. In the same fashion, for breaking CKDP security, an adversary
HQKDP (2 ) in the given time t0 . To say differently, the 2 can obtain so
2 gains advCKDP
successfully on breaking security of HQKDP. The adversary 2 runs subroutine in the
form of r2 , besides answering queries of r2 . To say differently, adversary gets queries
from r2 , and they are forwarded and results are obtained. The results are relayed to r2 .
At a point of time, the adversary 2 sends (Test; πUs ) query in order to get u-bit string
from 2 . Here, the adversary expects the r2 break the security of the HQKDP. Once
r2 is completed, the adversary verifies the presence of hash query denoted as h(w, r ).

123
Toward secure quantum key distribution protocol for...

Here in the hash table h 1 (w, r ). The adversary returns 1 if h 1 (w, r ) to HQKDP. When
the CKDP security of h 1 (w, r ) is broken by r2 and try to fake the authentication
process, the hash table of r2 should have authenticator.
Let Tre is the probability of making hash query h 1 (w, r ) by r2 . It is well known that
HQKDP
advCKDP (r2 ) is the gain of r2 by making hash query without computing authenticator
of the proposed protocol. Thus, the advantage to adversary to break the security of
HQKDP is similar to the probability of hash query h 1 (w, r ) of r2 minus hash query
h 1 (sk, r ) of r2 by change, and the same is multiplied as required such that w = sk:
 
1 qh 1
. advHQKDP (A2) −
CKDP
≤ . (β − 2) = advCKDP
HQKDP (2 )
2 2u − 1 2

Consider that Tre is the time required to relay a query. Then it can be observed that
2 running time is less than that of r2 plus the time required for relaying queries:

t 1 ≤ t + (qini + qse + qhl ) Tre

6.6 Security proof of HAQKDP

The subsequent theorem proves the safety of HAQKDP. The major thought is that the
opponent tries to fracture the AQKD safety of HAQKDP. If the opponent succeeds,
the USB distinguisher  can use the incident to fracture the USB statement.
AQKD
Theorem 2 • Let advHAQKDP (A) be the benefit in the breaking the AQKD security
of HAQKDP.
ϕ () be the benefit in breaking the USB statement used in ϕ.
• Let advUSB
• If adversary A breaks the AQKD security of HAQKDP with in time t qini Initiate
queries, qse Send queries, and qh Hash queries within time t, an USB statement
attacker  will have an benefit to fracture the USB safety of ϕ that is:

AQKD 2. (qini + qse )

advHAQKDP (A) ≤ .advUSB
ϕ ()
qini

where t 1 ≤ t + (qini + qse Tr n ) Tr n is the time to generate a random number.

Proof The proposed protocol is security of HAQKDP based on the AQKD security
of ϕ. For instance, when attackers launches an attack on HAQKD and are capable of
breaking the AQKD security of USB, the attacker will be able to crack the AQKD
security of ϕ. The same is described as follows.
In given time t, let us assume that an adversary r1 breaks the security of HQKDP
and gets advantage advHAQKDP (r1 ). The advantage gained by attacker  with this
event is denoted as advHAQKDP (1 ). Successful attack does mean that the adversary
can gain access to the security of AQKD. The adversary r1 executes A1 and gives
responses to the queries about it. To say it differently, A1 is queried from an adversary
and then sent to AQKD and gets answers and sends them to A1. Moreover, randomly
generated qubits are also sent from 1 to A1 in order to simulate the authentication

123
123
Table 2 Comparison of QKD protocols

HQKDP 3QKDPMA ZZ00 Case 8 Case 2 QDKDP 3AQKDP Zero knowledge

[12] [11] of [3] of [3] protocol [ZKP]

Cryptographic mechanism Quantum + Quantum + Quantum classical Classical Quantum + Quantum + Quantum +
classical classical classical classical classical
+
802.11i
Pre-shared Secret key Long- Long- EPR Pairs Long- Long- EPR Pairs Long- Long-
termed termed termed termed termed termed
Communication rounds 3 3 6 4 3 3 3 3
Quantum channel Y Y Y N N Y Y Y
Clock synchronization N N N N Y Y N N
Vulnerable to man-in-the-middle attack N N N N N N N N
Vulnerable to passive attack N N N Y Y N N N
Vulnerable to replay attack N N N N N N N N
Formal security proof Y Y N N N Y Y Y
R. L. Naik, P. C. Reddy
Toward secure quantum key distribution protocol for...

process of HAQKDP. It is to be kept in mind that if the test query is revealed by A1,
1 can generate a hash query which is padded with 0 prior to returning the result to
A1.
AQKD qini AQKD n qini
advHAQKDP (A) ≤ advHAQKDP (A) . . = advUSB
ϕ ()
2(qini + qse ) 2 qini + qse

Considering the time to relay a query is Tre , the time required for 1 is the time
required by A1 plus time of relaying queries. The same is represented as follows.

t 1 ≤ t + qini Tr n .



6.7 Comparison of HQKDP with other QKDP protocols

This section compares our protocol “HQKDP” with other existing QKDP protocols
in terms of various properties such as cryptographic mechanism, pre-shared secret
key, communication rounds, quantum channel, clock synchronization, vulnerable to
man-in-the-middle attack, vulnerable to passive attack, vulnerable to replay attack,
and formal security proof. The results are as shown in the Table 2.

7 Conclusions and future work

Wireless local area networks are vulnerable to various kinds of attacks due to their
mobility and open nature. In this paper, we studied the security mechanisms such as
classical cryptography and quantum cryptography. Our study revealed that quantum
cryptography can withstand various kinds of attacks such as replay and passive attacks.
We combined both the cryptographic methods in order to leverage the advantages of
both. We applied these mechanisms along with a zero knowledge protocol to WLAN
in order to ensure unconditionally secure communications over the network. As we
use three parties, HQKDP model that reduces communication rounds, reducing the
communication cost, efficiently achieve key verification, user authentication, and pro-
tect a long-term secret key among the TC and each user. Our analytical study revealed
that the proposed approach can provide an unconditionally secure communications in
802.11 WLAN. As future work, we will make an empirical study of application of
HQKDP to 802.11i WLANs.

Acknowledgments The authors would like to thank the anonymous reviewers for their very helpful and
valuable comments to enhance the clarity of the manuscript.

References
1. Neuman, B., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun.
32(9), 33–38 (1994)
2. Kohl, J.T.: The evolution of the Kerberos authentication service. In: EurOpen Conference Proceedings,
pp. 295–313 (1991)

123
 R. L. Naik, P. C. Reddy

3. Li, G.: Efficient network authentication protocols: lower bounds and optimal implementations. Distrib.
Comput. 9(3), 131–145 (1995)
4. Wen, H.A., Lee, T.F., Hwang, T.: A provably secure three-party password-based authenticated key
exchange protocol using Weil pairing. IEE Proc. Commun. 152(2), 138–143 (2005)
5. Nam, J., Cho, S., Kim, S., Won, D.: Simple and efficient group key agreement based on factoring. In:
Proceedings of International Conference on Computational Science and Its Applications (ICCSA ’04),
pp. 645–654 (2004)
6. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings
of 27th ACM Symposium Theory of Computing, pp. 57–66 (1995)
7. Kehne, A., Schonwalder, J., Langendorfer, H.: A nonce-based protocol for multiple authentications.
ACM Oper. Syst. Rev. 26(4), 84–89 (1992)
8. Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In:
Proceedings of IEEE International Conference Computers, Systems, and Signal Processing, pp. 175–
179 (1984)
9. Bennett, C.H.: Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett. 68, 3121
(1992)
10. Hwang, W.Y., Koh, I.G., Han, Y.D.: Quantum cryptography without public announcement of bases.
Phys. Lett. A 244, 489–494 (1998)
11. Zeng, G., Zhang, W.: Identity verification in quantum key distribution. Phys. Rev. A 61, 22–23 (2000)
12. Hwang, T., Lee, K.-C., Li, C.-M.: Provably secure three-party authenticated quantum key distribution
protocols. IEEE Trans. Dependable Secure Comput. 4, 71–80 (2007)
13. Elsevier (n.d). Fundamentals of spread-spectrum techniques. Elsevier, pp. 153–194. MérouaneDebbah,
“Short introduction to OFDM”. Supelec, pp. 1–11 (2002)
14. Huang, X., Wijesekera, S., Sharma, D.: Agent-Oriented Novel Quantum Key Distribution Protocol for
the Security in Wireless Network. ISBN 978-3-902613-51-6. 0 (0), pp. 1–17 (2009)
15. Mink, Alan, Frankel, Sheila, Perlner, Ray: Quantum key distribution (QKD) and commodity security
protocols: introduction and integration. Int. J. Netw. Secur. Appl. 1(2), 1–12 (2009)
16. Thayananthan, V., Alzahran, A.: Analysis of Key Management and Quantum Cryptography in Wireless
Sensors Networks. IJCA Special Issue on “Network Security and Cryptography” NSC, p1-1 (2011)
17. Einstein, A., Podolsky, P., Rosen, S.: Can quantum-mechanical description of physical reality be
considered complete? Phys. Rev. 47, 777–780 (1935)
18. Gisin, N., Ribordy, G., Tittel, W., Zbinden, H.: Quantum cryptography. Rev. Mod. Phys. 74, 145–190
(2002)
19. Hughes, R.J., Luther, G.G., Morgan, G.L., Peterson, C.G., Simmons, C.: Quantum cryptography over
underground optical fibers. In: Proceedings of Advances in Cryptology (CRYPTO ’96), pp. 329–342
(1996)
20. Townsend, P.D.: Secure key distribution system based on quantum cryptography. Electron. Lett. 30,
809–811 (1994)
21. Bennett, C.H., Bessette, F., Brassard, G., Salvail, L., Smolin, J.: Experimental quantum cryptography.
J. Cryptol. 5, 3–28 (1992)
22. Gottesman, D., Lo, H.-K.: Proof of security of quantum key distribution with two-way classical com-
munications. IEEE Trans. Inf. Theory 49, 457 (2003)
23. Wootters, W.K., Zurek, W.H.: A single quantum cannot be cloned. Nature 299, 802–803 (1992)
24. Nguyen, T.M.T., Sfaxi, M.A., Ghernaouti-Hélie, S.: Integration of quantum cryptography in 802.11
networks. In: Proceedings of the First International Conference on Availability, Reliability and Security
(ARES), pp. 116–123, Vienna (2006)
25. Gong, Li-Hua, Song, Han-Chong, He, Chao-Sheng, Liu, Ye, Zhou, Nan-Run: A continuous variable
quantum deterministic key distribution based on two-mode squeezed states. Phys. Scr. 89(3), 035101
(2014)
26. Zhou, Nan-Run, Wang, Li-Jun, Ding, Jie, Gong, Li-Hua: Quantum deterministic key distribution
protocols based on the authenticated entanglement channel. Phys. Scr. 81(4), 045009 (2010)
27. Zhou, Nan-Run, Wang, Li-Jun, Ding, Jie, Gong, Li-Hua: Novel quantum deterministic key distribution
protocols with entangled states. Int. J. Theor. Phys. 49(9), 2035–2044 (2010)
28. Zhou, Nan-Run, Wang, Li-Jun, Gong, Li-Hua, Zuo, Xiangwu, Liu, Ye: Quantum deterministic key
distribution protocols based on teleportation and entanglement swapping. Opt. Commun. 284(19),
4836–4842 (2011)

123