AAU Student Projects is unavailable between June 15th 1.30pm and 17th 1.30pm due to planned system maintenance. The projects cannot be downloaded during this period.
AAU Student Projects - visit Aalborg University's student projects portal
An executive master's programme thesis from Aalborg University
Book cover


A Unified Security Assessment Framework for Hybrid Cryptographic Key Distribution Architectures

Author

Term

4. semester

Education

Cyber Security, Master

Publication year

2026

Pages

54

Abstract

Quantum Key Distribution (QKD), a method that uses quantum physics to exchange secret keys, is increasingly seen as a promising path to long-term secure communication against future quantum-capable adversaries. In practice, QKD does not stand alone: deployments also rely on classical communication, authentication, synchronization, and key management. As a result, the overall security of hybrid QKD systems rests on assumptions that are often treated as trusted rather than systematically verified. This thesis introduces a structured security assessment framework for QKD-based key distribution architectures. The framework combines attacker models, explicit security assumptions, hands-on validation, and a risk scoring model to check whether deployments deliver their intended security guarantees. It is not purely theoretical; it requires running practical attacks on the infrastructure to evaluate it.

Kvantenøgle-distribution (QKD), en metode der bruger kvantefysik til at udveksle hemmelige nøgler, anses i stigende grad for en lovende vej til langsigtet sikker kommunikation mod fremtidige modstandere med kvantekapacitet. I praksis står QKD ikke alene: udrulninger afhænger også af klassisk kommunikation, autentificering, synkronisering og nøglehåndtering. Derfor bygger den samlede sikkerhed i hybride QKD-systemer på antagelser, som ofte behandles som betroede frem for systematisk verificerede. Denne afhandling introducerer en struktureret ramme for sikkerhedsvurdering af QKD-baserede nøglefordelingsarkitekturer. Rammen kombinerer angribermodeller, tydelige sikkerhedsantagelser, praktisk validering og en risikoscoringsmodel for at afgøre, om udrulninger lever op til deres tilsigtede sikkerhedsgarantier. Den er ikke kun teoretisk; den kræver også at køre praktiske angreb mod infrastrukturen for at evaluere den.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Keywords

Quantum Key Distribution ; Post-quantum cryptography ; Quantum Resilience ; Risk Assessment ; Security Assessment Framework

Documents

Download PDF
View record in AAU Student Projects