Hacking the Least Trusted Node: Indirect Eavesdropping in Quantum Networks

We study the significance of the common trusted relay assumption in quantum networks. While most practical implementations of quantum networks rely on trusted devices, the question of security without this assumption has been rarely addressed. Device independent security attempts to minimize the assumptions made on the quantum hardware, entanglement based methods try to avoid relays to the extent possible, and multipath transmission improves robustness and security by enforcing the attacker to conquer more than just a single intermediate node. Common to all these past studies is their focus on the physical layer and direct connections. We describe an attack from the networking and routing layer. Assuming at least one node that is not perfectly tamper-proof, meaning that an attacker has established a foothold to read traffic from the inside, we show how to exploit the eavesdropping detection mechanisms of the quantum key distribution (QKD) devices to cause traffic redirection over the vulnerable node, thus defeating security under the trusted node assumption. We experimentally demonstrate how the attack works on networks of different size and topology, and thereby further substantiate the significance of the trust assumptions for end-to-end security of QKD networks.