Int. J. Security and Networks, Vol. 11, Nos.

1/2, 2016 25

Multi-photon tolerant protocols for quantum secure

communication in wireless standards

Rupesh Nomula*, Mayssaa El Rifai

and Pramode Verma
University of Oklahoma-Tulsa,
Tulsa, Oklahoma, USA
Email: rupeshreddy.n@gmail.com
Email: mayssaa@ou.edu
Email: Pverma@ou.edu
*Corresponding author

Abstract: This paper presents the integration of multi-photon tolerant quantum key distribution
(QKD) protocols into three wireless communication standards. An analysis of the mode of
operation and implementation of multi-photon tolerant QKD protocols in IEEE 802.11, WiMAX,
and LTE wireless networks is presented along with the benefits and challenges of the proposed
schemes. Traditional QKD based on the BB’84 protocol or its derivatives has relied on single
photon protocols; however, the authors of this paper have opted to use multi-photon tolerant
protocols. The choice of multi-photon tolerant protocols is based on the fact that not only the key
distribution process is quantum-secure but also the other parameters (distance, data rate) of
communication are maintained, which is not the case in single photon QKD approaches. This can
be achieved since multi-photon tolerant protocols do not rely on the presence of no more than
single photons per pulse to provide quantum-level security.

Keywords: quantum key distribution; QKD; multi-photon tolerant protocols; three-stage

protocol; four-variable three-stage protocol; single-stage protocol; IEEE 802.11; WiMAX; LTE;
multi-agent software implementation; security.

Reference to this paper should be made as follows: Nomula, R., El Rifai, M. and Verma, P.
(2016) ‘Multi-photon tolerant protocols for quantum secure communication in wireless
standards’, Int. J. Security and Networks, Vol. 11, Nos. 1/2, pp.25–36.

Biographical notes: Rupesh Nomula is a graduate student in Telecommunications Engineering

at the University of Oklahoma-Tulsa. He received his Bachelor’s degree in Electronics and
Communication Engineering from Jawaharlal Nehru Technological University, India in 2013.

Mayssaa El Rifai is a PhD candidate in the School of Electrical and Computer Engineering of
the University of Oklahoma-Tulsa. She received her BSc in Computer and Communication
Engineering from the Hariri Canadian University – Lebanon in 2010. She received her MSc in
Telecommunications Engineering from the University of Oklahoma-Tulsa.

Pramode Verma is Professor and Director of the Telecommunications Engineering Program in

the School of Electrical and Computer Engineering of the University of Oklahoma-Tulsa. He also
holds the Williams Chair in Telecommunications Networking. He obtained his PhD in 1970 from
the Concordia University in Montreal, Canada, and MBA from the Wharton School, University
of Pennsylvania in 1984.

This paper is a revised and expanded version of a paper entitled ‘An IEEE 802.11 quantum
handshake using the three-stage protocol’ presented at The Fourth International Workshop on
Privacy, Security and Trust in Mobile and Wireless Systems (MobiPST 2014), Shanghai, China,
7 August, 2014.

1 Introduction The only known means for unconditionally securing

Securing information in transit is an increasingly
important need in modern societies. However, given
enough computational power any classical means to provide
security can be rendered ineffective.
communication is via quantum cryptography. Quantum
cryptography is based on two main fundamental quantum
mechanics principles; the Heisenberg Uncertainty principle
(Bennett, 1992) and the no-cloning theorem (Wootters and
Zurek, 1982).

Copyright © 2016 Inderscience Enterprises Ltd.

26 R. Nomula et al.
It is well known that wireless communication standards
such as IEEE 802.11, WiMAX and LTE rely on classical
means for key distribution. In this paper, a key exchange
scheme using multi-photon QKD protocols is proposed to
address the security needs of wireless standards IEEE
802.11, WiMAX, and LTE. The quantum secure key
exchange algorithms depend on multi-photon tolerant
protocols are proposed in Mandal et al. (2012), Chen et al.
(2013), El Rifai and Verma (2013) and the security of the
proposed protocols is discussed in El Rifai and Verma
(2015). Multi-photon tolerant quantum secure protocols
offer many advantages compared to their single photon
counter-parts (Bennett, 1992; Jin, 2009). The first multi-
photon tolerant quantum key distribution protocol was
proposed in Kak (2006). It is a three-stage protocol that
relies on the usage of unitary transformations known only to
the party applying them. Multi-photon tolerant protocols
offer higher data rates as well as longer communication
distances when compared to single photon QKD protocols.
This paper is organised as follows: In Section 2, the
authors discuss the security issues of the key distribution
process starting with IEEE 802.11 then the WiMAX and
then the LTE wireless standards. The rest of the paper is
divided into three main sections to discuss the current key
distribution scheme as well as the proposed schemes using
multi-photon tolerant QKD starting with IEEE 802.11, then
WiMAX and then LTE. In Section 3, the four-way
handshake using the single photon BB’84 protocol and its
limitations are discussed. In addition, Section 3 proposes
multi-photon handshakes using the three-stage multi-photon
protocol and its variants. In Section 4, authentication and
key exchange in WiMAX are discussed and the integration
of multi-photon tolerant protocols for key exchange in
WiMAX is proposed. In Section 5, authentication and key
agreement (AKA) in LTE are discussed and the integration
for multi-photon tolerant protocols for AKA in LTE
are proposed. In Section 6, the proposed hardware
and software implementations are discussed as well as
advantages and challenges of the integration of multi-
photon tolerant QKD protocols into wireless standards are
discussed. We conclude our work in Section 7.
2 Security issues in IEEE 802.11, WiMAX
and LTE
In this section an overview of the vulnerabilities of classical
key distribution schemes used in IEEE 802.11, WiMAX,
and LTE is presented.
In the initial release of the IEEE 802.11, wired
equivalent privacy (WEP) was the security protocol used.
WEP was intended to provide confidentiality similar to that
of a wired network. WEP uses the stream cipher RC4 for
confidentiality and the CRC-32 checksum for integrity.
WEP was found to be subject to several attacks such as
Message Injection, Authentication Spoofing, Message
Decryption, IV Collisions and Message Modification
(Borisov et al., 2001). Also, it was found to be susceptible
to the Cafe Latte attack. During this attack, an attacker who
is not necessarily in the area of the network can obtain the
WEP key in less than 6 min.
In May 2001, IEEE did set up a working task group
called the Task Group i (TGi) to create new secure means
of authentication and privacy that would overcome
the weaknesses of WEP. Thus, an adjustment to the IEEE
802.11 standard called IEEE 802.11i (LAN/MAN
Standards Committee, 2003) was approved in 2004. For
authentication, 802.11i uses IEEE 802.1X (IEEE 802.1
Working Group, 2001), RSNA (Robust Security Network
Association) defines a protocol using IEEE 802.1X
extensible authentication protocol over LAN (EAPOL) key
frames called four-way handshake. This handshake protocol
completes the IEEE 802.1X authentication process.
The revised version IEEE 802.11i of the 802.11 standard
uses four-way handshake to exchange the key between two
communicating parties. The key obtained through four-way
handshake is the pairwise transient key (PTK). It is used to
build the key hierarchy containing a few other keys that
are needed for various encryption functionalities. The IEEE
802.11 standard requires the encryption keys to be refreshed
regularly, thus the AP (access point) can refresh the PTK
either periodically or upon request from the station (STA).
PTK refreshing is done by running another four-way
handshake with the same pairwise master key (PMK).
However, it was shown that the four-way handshake is
subject to some security issues (He and Mitchell, 2004;
Mitchell, 2004).
WiMAX uses privacy key management (PKM) protocol
for key distribution. PKM utilises X.509 digital certificates
to verify the trustworthiness and authenticate a user to the
Base Station (BS). In its initial release, WiMAX (IEEE
802.16) supported unilateral authentication only, where
Subscriber Station (SS) is authenticated to the base station
(BS), but not vice versa. Thus, an unwanted party can
launch a denial of service attack by pretending to be a BS.
X.509 certificate is unique for each SS and is provided
by the manufacturer. X.509 includes the public key as
well as the MAC address of a SS. During the initial
communication steps the BS verifies the validity of the SS.
Then the BS sends an authorisation reply message back to
the SS. The authorisation reply message is encrypted with
SS’s public key by means of the RSA algorithm. Given
enough computational power, an unwanted party can have
access to the authorisation reply message.
The management messages in IEEE 802.16 are integrity
protected. However, some messages in the authentication
mechanism (such as the authentication message X.509) are
not provided with any security which makes the protocol
vulnerable to attacks. Mutual authentication is provided in
release 802.16e of WiMAX, but this release suffers from
vulnerabilities and security issues as discussed in (Chee and
Teo, 2011; Eren, 2007; Maccari et al., 2007).
Long term evolution (LTE) uses the AKA protocol
for authentication and key agreement. In LTE, mutual
authentication is established using a pre-shared key K that is
 Multi-photon tolerant protocols for quantum secure communication in wireless standards
available only to the universal subscriber identity module
(USIM) and the authentication centre in the user’s home
environment (HE). In LTE, the security of the
authentication and key exchange process is based on the
assumption that the key K is secure. In case an unwanted
party has access to the key K, all the keys used for data
encryption and integrity are compromised.
Furthermore, in LTE, when a user is registering for the
first time, the international mobile subscriber identity
(IMSI) of the user is sent in plain text. In case the visiting
network is unable to obtain the user’s temporary identity
(TMSI), it can request the user to send its IMSI in plain text.
Several solutions have been proposed to improve the
security of the AKA in LTE (Hamandi et al., 2013;
Purkhiabani and Salahi, 2012; Xiehua and Yongjun, 2011).
However, all the solutions are based on classical
cryptography and do not offer quantum-level security.
The proposed integration of multi-photon tolerant
QKD in IEEE 802.11, WiMAX, and LTE will elevate their
security to a quantum level. The proposed integration is
discussed in rest of the paper.
3 Four-way handshake and quantum handshake
in IEEE 802.11
In this section, the operation of the four-way handshake and
quantum handshake using the single photon BB’84 protocol
are discussed. In addition, the limitations associated with
using BB’84 to effect the quantum handshake is addressed.
The quantum handshake using multi-photon tolerant
protocols (three-stage protocol and its variants) are
proposed.
IEEE 802.11 standard is the set of MAC and physical
layer protocols that regulate the wireless local area network
(WLAN) communication. The basic version of the IEEE
802.11 standard was created in 1997, and is maintained till
date by the IEEE LAN/MAN Standards Committee (IEEE
802).
As mentioned earlier, the revised version IEEE 802.11i
of the 802.11 standard uses the four-way handshake to
exchange the key between two communicating parties.
3.1 Four-way handshake
IEEE 802.11i uses the four-way handshake to exchange a
PTK between two communicating parties. PTK is used to
build the key hierarchy containing other keys needed
for encryption functionalities. The IEEE 802.11 standard
requires the encryption keys to be refreshed regularly, thus
the AP can refresh the PTK either periodically or upon
request from the STA. PTK is updated by running another
four-way handshake with the same PMK (Mitchell, 2004;
He and Mitchell, 2004).
The four-way handshake process shown in Figure 1
starts after the IEEE 802.11 association and authentication
process. At this point, STA and AP have already derived the
PMK. Some of the flaws of the four-way handshake were
27
explored in De Rango et al. (2006), He and Mitchell (2004),
Mitchell (2004), He and Ca (2004), Bai and Bai (2009).
Figure 1 Four-way handshake
To prevent such attacks and provide quantum-level security,
authors of Wijesekera (2011) proposed the integration of the
BB’84 protocol into the four-way handshake. The four-way
handshake with integrated QKD is called quantum
handshake. However, the BB’84 protocol has its own set of
limitations such as single photon usage, low key generation
rate and limited communication distance. The quantum
handshake proposed in this paper uses multi-photon tolerant
protocols that mitigate the limitations of BB’84 and its
variants.
3.2 Quantum handshake using BB’84
The integration of the BB’84 QKD protocol in the IEEE
802.11i handshake is shown in Figure 2. The four-way
handshake using the BB’84 protocol can be described
as follows (Wijesekera, 2011; Nguyen et al., 2006): The
communication during the quantum handshake is hybrid;
it is done via both quantum and classical channels. After the
PMK has been shared, both STA and AP switch to the
quantum channel to transmit polarised photons representing
the encoded key bits. Each bit of the key is encoded with a
single photon polarised either in (+) or (×) basis.
In step (1) of Figure 2, the STA sends a sequence of
polarised photons representing the random key that the STA
intends to share with the AP. The number of photons
that STA sends depends on the length of the PTK, the QKD
protocol used, and the privacy amplification algorithm.
Sufficient number of photons should be sent since, during
the communication over the classical channel, some of the
bits conveyed over the quantum channel get discarded.
Bits are eliminated owing to sifting, dark counts of the
detector apparatus, error estimation, reconciliation, privacy
amplification, errors introduced owing to noise and
environmental conditions.
Then the AP and STA switch back to the classical
channel. From this point, the key recovery process based on
the BB’84 protocol takes place. Using EAPOL frames for
28 R. Nomula et al.
communication, AP and STA remove erroneous bits and
end up with identical and secured key. During step (2) of
Figure 2, they effect the sifting process.
Figure 2 Quantum handshake using the BB’84 protocol
In step (3) of Figure 2, STA and AP estimate the errors in
the key by sharing a part of it over the classical channel.
In step (4) of Figure 2, STA and AP effect the most crucial
phase of the quantum handshake corresponding to the
reconciliation process. In this step, Alice and Bob correct
the errors in their keys and derive identical keys. The error
correction algorithm that the STA and AP will follow at this
stage has to be agreed on using the Beacon, Probe Request
and Probe Response messages at the beginning of the
communication. At the end of the reconciliation phase, both
the STA and AP have identical copies of an error free key.
The next step is the privacy amplification implemented in
step (5) of Figure 2. During this step, STA and AP will
use a hash function that has already been agreed on by the
Beacon, Probe Request and Probe Response messages at the
beginning of the communication.
The final key recovery process of the quantum
handshake involves removing some bits from the raw key.
In this case, the quantum transmission must ensure
sending sufficient number of photons to recover the final
key containing a number of bits at least greater than or equal
to that of PTK. Any extra bits of the final key will be
removed so that it will have the same length as PTK.
In step (6) of Figure 2, the STA sends Q-MIC to AP.
AP calculates its own version of Q-MIC and upon receiving
Q-MIC from the STA, it compares it with the Q-MIC
version it has calculated. If they match, the STA is
authenticated and the AP will send a success message in
step (7).
PTK is unconditionally secure since it has been shared
using the BB’84 QKD protocol. The rest of the key
structure of 802.11 inherits the same quantum-level security
as PTK. In a wireless environment, vulnerability of a signal
containing a single photon to environmental noise will be
higher than its wired counterpart. This is why it is important
to look into solutions where different QKD multi-photon
tolerant protocols can be used (Mandal et al., 2012; Chen
et al., 2013; Kak, 2006).
3.3 Quantum handshake using multi-photon tolerant
protocols
The three-stage protocol (Kak 2006) use multi-photon
approaches to share a key between a sender and the
receiver. Multi-photon protocols mitigate some of the
known limitations of the BB’84 protocol. The three-stage
protocol has two other variants: three-stage protocol using
four variables where an initialisation vector is used and a
chaining mode is implemented to update the vector, and the
single stage protocol where an initialisation vector is used as
the set of initial transformation to be applied on the message
transmitted. In this paper, the three-stage protocol and its
variants are used as an alternative to BB’84 in IEEE 802.11,
WiMAX and LTE.
3.3.1 Hybrid three-stage protocol
The three-stage protocol uses the quantum channel three
times to establish a key between the STA and the AP.
Thus, a line of sight is required three times to generate
a single key. One can think of a hybrid version of the
three-stage protocol where only two stages are done over
the quantum channel and thus a line of sight is required
twice rather than thrice.
The operation of the three-stage protocol is shown in
Figure 3. The three-stage protocol is unconditionally secure
when the second transmission of the protocol is done using
a multi-photon optical beam. In this case, an intruder cannot
measure the polarisation value X + α + β, thus he or she
cannot calculate the value of the message X even if he or she
has access to the first and last transmissions. In addition,
when the second transmission uses a quantum channel,
the third one should use a quantum channel as well.
The operation of the hybrid three-stage protocol can be
described as follows:
Step 1: Alice sends the polarisation value of the first
transmission X + α, using the classical channel. X is
the value of the corresponding bit of the key (90° for
bit value 1 and 0° for bit value 0) and α is the rotation
applied by Alice.
Step 2: Bob receives the value of the polarisation X + α,
generates a multi-photon beam having the corresponding
polarisation, applies his rotation transformation to the beam,
then sends it back to Alice using the quantum channel.
The set of photons he sent have a polarisation of X + α + β,
where β is the polarisation rotation applied by Bob.
 Multi-photon tolerant protocols for quantum secure communication in wireless standards
Step 3: Alice removes her transformation and sends using
the quantum channel, the set of photons of polarisation
equal to X + β.
Step 4: Bob receives the set of photons from Alice, removes
his transformation and measures the initial value of X.
Figure 3 The three-stage protocol
3.3.2 Quantum handshake using the three-stage
protocol
Figure 4 shows the integration of the three-stage protocol
into the IEEE 802.11i. Quantum handshake is the part
modified in the standard.
Figure 4 Quantum handshake using the three-stage protocol
The quantum handshake starts with step (2), the quantum
channel is used for steps (2) and (3). Then both AP and STA
switch back to the classical channel. It is worth noting
that the quantum handshake using the three-stage
protocol requires fewer flows between the AP and the STA
compared to the quantum handshake using the BB’84
protocol.
3.3.3 Quantum handshake using the four-variable
three-stage protocol
The three-stage protocol using four variables is described in
(El Rifai and Verma, 2013). An initialisation vector F
is used in this protocol to enhance the security of the
29
three-stage protocol. A chaining will be implemented to
update the value of the initialisation vector F for each
iteration of the protocol. The four- variable three-stage
protocol is a key expansion algorithm that uses the fact that
an intruder having access to the three stages of the protocol
will face the problem of solving an undetermined set of
equations.
During the implementation of the four-variable three-
stage protocol, PMK can be used as an initialisation vector.
Later on, PTK can be used to update the value of the
initialisation vector. Figure 5 shows the integration of this
variation of the three-stage protocol into the quantum
handshake.
Figure 5 Quantum handshake using the four-variable three-stage
protocol
3.3.4 Quantum handshake using the single-stage
protocol
The single-stage protocol can be seen as a special case of
the four-variable three-stage protocol. Both Alice and Bob
(in our case STA and AP) possess an initialisation vector
and use a chaining mode to update the initialisation
vector. The difference between the single-stage protocol and
the four-variable three-stage protocol lies in the type
of transformation (polarisation rotation) as well as the
number of stages needed to execute the protocol. Whereas,
the four-variable three-stage stage protocol uses unitary
transformations that need not to be shared between Alice
and Bob, the single-stage protocol makes use of complex
transformations known to both Alice and Bob. Furthermore,
rather than using three transmissions to convey the key the
single-stage protocol needs only one transmission to do so.
Prior to initiating the quantum handshake using the
single-stage protocol, Alice and Bob should have a set of
transformations that they will apply to the exchanged
messages. This set of transformations can be derived from
the PMK and updated according to the value of the shared
PTK.
30 R. Nomula et al.
The operation of the single-stage protocol can be
described as follows (Thomas, 2007):
Step 1: Alice applies her complex transformation on the
message and sends UA(X) to Bob.
Step 2: Bob removes the transformation applied by Alice,
by applying its transpose complex conjugate, since he has a
prior knowledge of this transformation.
The quantum handshake of the IEEE 802.11i protocol using
the single-stage protocol is shown in Figure 6.
Figure 6 Quantum handshake using the single-stage protocol
4 Quantum secure key distribution in WiMAX
In this section, the authentication and key exchange in
WiMAX are discussed and the integration of multi-photon
tolerant protocols into the key exchange protocols of
WiMAX is proposed.
WiMAX was introduced in 2001 by the WiMAX forum.
It is used as last mile wireless broadband access. WiMAX
operates in the frequency range of 2–66 GHz and provides
data rates of 1 Gbps for fixed stations.
The security sub layer provides the subscribers with
privacy, authentication and confidentiality across a WiMAX
wireless network. The privacy sub layer has two component
protocols: an encapsulation protocol which defines a set
of cryptographic suites, and a key management protocol
(PKM) which provides the secure distribution of the keys.
PKM allows unilateral as well as mutual authentication.
It also allows periodic reauthorisation/re-authentication
and renewal of keys. PKM can either use X.509 digital
certificates with public key encryption or EAP. The PKM’s
authentication protocol establishes a secret authorisation
key (AK) between SS and BS. The shared secret key
AK is then used to derive key encryption keys (KEK)
that are used to encrypt traffic encryption keys (TEK)
(LAN/MAN Standards Committee, 2012).
When SS logs into to a WiMAX network, BS authorises
the connection and a security association (SA) is
established. There are three types of SAs: primary, static
and dynamic. A primary SA is established by each SS
during the initialisation process. Static SA is provisioned
in the BS. Dynamic SA is established and eliminated
in response to the initiation and termination of a service
flow. Each SS will establish a Primary SA with its BS.
A Security Association is identified by its security
association ID (SAID). Using the PKM protocol, SS
requests the BS for TEKs associated with the primary
SA (LAN/MAN Standards Committee, 2012).
4.1 Authentication and key exchange
Each SS has a X.509 certificate issued by the manufacturer.
It also has an associated X.509 certificate of the
manufacturer. SS sends X.509 digital certificate of the
manufacturer to the BS to check the trustworthiness of
the SS. Then, SS presents its X.509 certificate issued by the
manufacturer in case of RSA or an operator specified
credential (SIM) in case of EAP based authentication.
The digital certificate contains SS’s public key and MAC
address. The BS verifies the digital certificates sent by SS
and then uses the public key of SS to encrypt an AK. The
key AK has a limited life time. SS requests new keying
material before the current key expires. In response to the
Authorisation request message, BS sends a reply message
which includes AK encrypted with the public key of SS,
4-bit key sequence number to differentiate from other
successive keys, key life time, SAID for which BS is
authorised to request the keying information. This AK
is then used by SS to calculate KEK and the message
authentication keys (HMAC) (LAN/MAN Standards
Committee, 2012). SS has to keep its authorisation status
active to receive TEKs that will be used for traffic
encryption. So, it periodically renews the AK by authorising
itself to the BS. Figure 7 shows Authentication and key
exchange in WiMAX.
After successful authentication, exchange of TEKs
is initiated. The SS starts a TEK state machine for
each SAID in the Authorisation reply message. TEK state
machines are responsible for managing the key material
associated with its respective SAID. They periodically
request the BS for refreshing the keys for their respective
SAIDs. The BS then responds with a Key reply message
with the active key material for specific SAID. The TEKs
are encrypted using appropriate KEK derived from
the AK. The BS always maintains two active TEKs for
each SAID. The lifetime of two keys overlap such that
each key becomes active halfway through the life of the
previous key and expires halfway through the life of next
key (LAN/MAN Standards Committee, 2012). The BS in its
key reply message includes two active keys and their
lifetime for an SAID. SS uses this remaining lifetime of the
keys to evaluate when base station will invalidate a
particular TEK and decides when to schedule future key
requests.
 Multi-photon tolerant protocols for quantum secure communication in wireless standards
Figure 7 Authentication and key exchange in WiMAX
4.2 Key exchange using multi-photon protocols
In this section, key exchange using the multi-photon
protocols in WIMAX is discussed.
After the authorisation using regular mechanism
in 802.16, BS and SS switch to quantum channel. Key
exchange in 802.16 using the multi-photon protocol requires
line of sight between BS and SS. The set of parameters used
in the multi-photon protocol are exchanged during the
authorisation request and authorisation reply messages.
If either BS or SS does not support multi-photon protocol,
they will proceed with regular mechanisms used in 802.16
for authentication and key exchange.
Figure 8 Key exchange using the three-stage multi-photon
protocol in WiMAX
31
4.2.1 Key exchange using the three-stage protocol
After calculating KEK, HMAC keys and establishing line of
sight, SS and BS switch to quantum channel. The procedure
to exchange TEKs is shown in Figure 8 and is implemented
as follows:
• BS will send photons of polarisation value X + α, where
X is the value of corresponding bits of TEK reply
message and α is the rotation applied by BS.
• SS receives the photons and applies its rotation β,
then sends back the photons with polarisation
value X + α + β to BS.
• BS removes its rotation α, and then sends back the
photons with polarisation value X + β to SS.
• BS removes its rotation β, and then measures the initial
value of X which is corresponding bits of TEK reply
message.
After key exchange process, BS and SS switch to the
classical wireless channel and use the exchanged keys for
data encryption.
4.2.2 Key exchange using the four-variable
three-stage protocol
The four-variable three-stage multi-photon protocol
proposed in this section uses AK exchanged during
authorisation as an initialisation vector. KEK derived from
AK can be used for updating the initialisation vector.
The procedure for exchanging TEKs using the four-variable
three-stage protocol is shown in Figure 9.
Figure 9 Key exchange using the four-variable three-stage
multi-photon protocol in WiMAX
32 R. Nomula et al.
4.2.3 Key exchange using the single-stage protocol
In the case where three-stage protocol or the four-variable
three-stage protocols are used, key exchange requires
three transmissions over the quantum channel whereas
in the case of single-stage protocol, BS and SS requires only
one transmission over the quantum channel to exchange the
key. The complex transformations used in the case of the
single-stage protocol can be derived from AK exchanged
during authorisation stage and can be updated according to
the value of KEK derived from AK. The single-stage
protocol is shown in Figure 10 and is implemented as
follows:
• BS applies a complex transformation on the
corresponding bits of TEK reply message and sends
U(X) to SS
• SS removes the transformation applied by BS by
applying its transpose complex conjugate and obtains
the TEK reply message.
Figure 10 Key exchange using the single-stage multi-photon
protocol in WiMAX
5 Quantum secure key agreement in long term
evolution
In this section, the AKA protocol in LTE is discussed. In
addition, the integration of multi-photon tolerant protocols
into the AKA protocols in LTE is proposed.
LTE/SAE architecture has two components: the access
network (evolved universal terrestrial radio access)
and the core network (evolved packet core). System
architecture evolution (SAE) comprises of mobility
management entity (MME), serving gateway, packet data
network-gateway and home subscriber server (HSS).
5.1 Authentication and key agreement
MME is responsible for authenticating the user equipment
(UE) by interacting with the HSS. Mutual authentication is
achieved by the user and network by using a secret key K
which is known only to USIM and authentication centre
(AuC) in the users Home Environment. A user is identified
on the radio access link by temporary mobile subscriber
identity (TMSI) and location area identification (LAI).
Permanent subscriber identity (IMSI) is used if the user is
registering for the first time or if serving network cannot
identify the user by temporary identity (Specification,
2010).
After identification of user equipment, MME sends
the authentication data request to HE/HLR. After receiving
request, the HE/HLR generates an ordered array of
authentication vectors and sends them back to MME. Every
authentication vector consists of random number (RAND),
expected response XRES, a cipher key CK, an integrity key
IK, and an authentication token (AUTN). AUTN consists of
a sequence number (SQN), an authentication management
field (AMF) and a message authentication code (MAC). AK
is used to encrypt SQN as it may expose the identity and
location of the user.
These parameters are calculated by HE/HLR as follows:
AV = RAND XRES CK IK AUTN
AUTN = SQN ⊕ AK AMF MAC
(
MAC = f 1k SQN RAND AMF )
XRES = f 2k ( RAND )
CK = f 3k ( RAND )
IK = f 4k ( RAND )
AK = f 5k ( RAND )
MME initiates the AKA as shown in Figure 11. It selects
the next authentication vector from ordered array and sends
the parameters RAND and AUTN to the user. USIM first
calculates AK and retrieves the sequence number. It then
calculates XMAC and compares it with MAC. If they are
equal, USIM verifies the freshness of the sequence number
and whether it is in the correct range. The mechanism for
verifying the freshness of the sequence number allows the
SQN to be accepted if it is among the last 32 sequence
numbers generated to minimise the authentication failure
rate owing to synchronisation failures. After verifying the
SQN, USIM calculates the response RES, CK and IK.
The parameters are calculated by USIM as follows:
AK = f 5k ( RAND )
(
XMAC = f 1k SQN RAND AMF )
RES = f 2k ( RAND )
CK = f 3k ( RAND )
IK = f 4k ( RAND )
 Multi-photon tolerant protocols for quantum secure communication in wireless standards
The user sends back the response RES to the MME. Upon
receipt of user authentication response, the MME compares
the response RES with the expected response XRES from
the selected authentication vector. If both are equal, user is
authenticated. Appropriate CK and IK are selected from
authentication vector by MME for ciphering and integrity.
If RES and XRES are different, MME generates an
authentication failure report and sends it to MS and
HE/HLR (Specification, 2010).
Figure 11 Authentication and key agreement in LTE
5.2 Authentication and key agreement using
multi-photon protocols
After identifying the user using temporary subscriber
identity or permanent subscriber identity, MME sends the
authentication data request to HE/HLR. After receiving
authentication vectors, MME and the user switch to
quantum channel. The set of parameters used in multi-
photon protocols should be exchanged while identifying the
user. If MS or MME does not support multi-photon
protocols, they will continue with the regular mechanism
used in LTE for AKA.
5.2.1 Authentication and key agreement using the
three-stage protocol
AKA using the three-stage multi-photon protocol is shown
in Figure 12 and is implemented as follows:
• MME using the access point eNB sends photons on
quantum channel with polarisation X + α, where α is
33
the rotation applied by MME and the value of X is the
corresponding bits of RAND(i ) || AUTN(i )
• MS receives the photons with polarisation X + α on
quantum channel, applies its rotation β to the received
photons and sends it back to the MME
• MME removes her rotation α and sends photons of
polarisation X + β to the MS using the quantum
channel.
MS receives photons of polarisation X + β on quantum
channel, removes its transformation β and measures the
value of X (RAND(i ) || AUTN(i )) .
USIM verifies AUTN and calculates RES. MS then
sends back RES to MME and calculates CK, IK for
ciphering and integrity of data. MME compares RES with
XRES and if they are equal, MS is authenticated. MME uses
appropriate CK and IK from the authentication vector for
ciphering and integrity.
Figure 12 Authentication and key agreement in LTE using the
three-stage multi-photon protocol
5.2.2 Key agreement using the single-stage
multi-photon protocol
In the single-stage protocol, both MS and MME use
complex transformation known to both of them. Thus, rather
than using three transmissions, MS and MME use
one transmission to exchange random number RAND
and authentication token AUTN. The set of complex
transformations can be exchanged and updated using CK
and IK exchanged using three-stage protocol. In case if MS
34 R. Nomula et al.

moves from one service area to another, MS sends its
TMSI and LAI to the new MME by which new MME can
obtain complex transformations from the previous MME.
However, if either of MS and MME does not support the
single-stage multi-photon protocol or if MME can not
obtain complex transformations from previous MME,
then authorisation can be done using the three-stage multi-
photon protocol or original authentication mechanisms
used by LTE. The single-stage multi-photon protocol is
implemented as shown in Figure 13.
Figure 13 Authentication and key agreement in LTE using the
single-stage multi-photon protocol
6.2 Software implementation
The three-stage multi-photon protocol and its variants can
be implemented using a multi agent software approach
(Wijesekera et al., 2009) as shown in Figure 15. For the
four-variable three-stage multi-photon protocol and the
single-stage multi-photon protocol an additional agent
is required for generating and updating the initialisation
vector. The single-stage multi-photon protocol will need
fewer agents to share the keys between the users.
Polarisation value agent has two sub-agents, one for
sending polarised photons and the other for applying the
transformation on the received photons. Error correction and
estimation agent is used to detect and correct any errors in
the shared key.

Figure 14 Implementation of multi-photon protocols

Figure 15 Agents used for the three-stage protocol

6 Implementation
In this section the hardware and software implementation of
multi-photon tolerant QKD protocols in wireless standards
are presented. In addition, the analysis of how the
integration of such protocols in wireless standards affects
them is discussed.

6.1 Hardware implementation

There are no commercially available wireless devices that
can support the three-stage multi-photon protocol based
communication. The Quantum channel used in the multi-
photon tolerant QKD protocols can be established as a
separate channel using free space optics (FSO). This is
shown in Figure 14.The three-stage multi-photon protocol,
the four-variable three-stage multi-photon protocol and the
single-stage multi-photon protocol are implemented using
the same setup.
6.3 Comparison of the proposed protocols with
currently used classical cryptography and
single-photon QKD approaches
Integrating multi-photon QKD protocols into the key
distribution process of any wireless standards presents
several advantages and some challenges. This section
compares the proposed protocols with the currently used
classical cryptography as well as single-photon QKD based
approaches.
 Multi-photon tolerant protocols for quantum secure communication in wireless standards
• The security mechanism in the proposed protocol is
based on quantum physics and thus offers quantum
level security.
• Compared to the contemporary QKD approaches, the
proposed protocols does not require the generation and
detection of single photons. This, in turn, increases the
communication distance and data rates.
• The proposed protocol requires an increased number of
flows based on the three-stage protocol to exchange the
key between communicating parties.
• The proposed protocols require line of sight to
exchange key. In some cases a line of sight might not
be available to effect a key update. One way to
overcome this problem is by using the keys initially
shared using quantum protocols and subsequently
updating them with classical mechanisms to come up
with secure keys.
7 Conclusion
This paper has presented a model for the integration of the
three-stage multi-photon tolerant quantum cryptography
protocol and its variants for offering quantum-level
security in various wireless communication standards.
It has proposed the three-stage protocol and its variants
for integration into the key exchange protocols of IEEE
802.11, WiMAX, and LTE. Using the proposed approach
to effect the key exchange in any wireless standard
will elevate its security to a quantum-secure level.
Compared to their single-photon counterparts, multi-photon
tolerant protocols offer several advantages such as
maintaining high data rates without the distance limitation
associated with conventional QKD systems. This is because
multi-photon tolerant protocols do not rely on no more than
a single photon per pulse to provide a quantum-level
security. Furthermore, this paper has presented a multi-
agent software approach to implement the quantum secure
key distribution process in IEEE 802.11, WiMAX, and LTE
standards.
Acknowledgement
This research was supported in part by National Science
Foundation (NSF) under Grant 1117179.
References
Bai, Z. and Bai, Y. (2009) ‘4-way handshake solutions to avoid
denial of service attack in ultra wideband networks’, 2009
Third International Symposium on Intelligent Information
Technology Application, pp.232–235, Available at: http://
ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=53
69466 (Accessed 29 October, 2014).
35
Bennett, C. (1992) ‘Quantum cryptography using any two
nonorthogonal states’, Physical Review Letters, Available at:
http://journals.aps.org/prl/abstract/10.1103/PhysRevLett.68.3
121 (Accessed 30 October, 2014).
Borisov, N., Goldberg, I. and Wagner, D. (2001) ‘Intercepting
mobile communications: the insecurity of 802.11’,
Proceedings of the 7th Annual International Conference
on Mobile Computing and Networking, Available at:
http://dl.acm.org/citation.cfm?id=381695 (Accessed 30
October, 2014).
Chee, J. and Teo, M. (2011) ‘Improving security in the IEEE
802.16 standards’, 2011 Eighth International Conference on
Information Technology: New Generations, pp.408–412,
Available at: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper
.htm?arnumber=5945270 (Accessed 23 October, 2014).
Chen, Y., Kak, S., Verma, P.K., Macdonald, G., El Rifai, M. and
Punekar, N. (2013) ‘Multi-photon tolerant secure quantum
communication – from theory to practice’, 2013 IEEE
International Conference on Communications (ICC),
pp.2111–2116, Available at: http://ieeexplore.ieee.org/lpdocs/
epic03/wrapper.htm?arnumber=6654838
De Rango, F., Lentini, D.C. and Marano, S. (2006) ‘Static and
dynamic 4-way handshake solutions to avoid denial of service
attack in Wi-Fi protected access and IEEE 802.11i’,
EURASIP Journal on Wireless Communications and
Networking, Vol. 2006, pp.1–19, Available at: http://jwcn.
eurasipjournals.com/content/2006/1/047453 (Accessed 29
October, 2014).
El Rifai, M. and Verma, P.K. (2013) ‘An algorithmic approach
to securing the three-stage quantum cryptography
protocol’, 2013 12th IEEE International Conference on Trust,
Security and Privacy in Computing and Communications,
pp.1803–1807, Available at: http://ieeexplore.ieee.org/
lpdocs/epic03/wrapper.htm?arnumber=6681055 (Accessed
29 October, 2014).
El Rifai, M. and Verma, P.K. (2015) ‘Quantum secure
communication using a multi-photon tolerant protocol’,
Advances in Photonics of Quantum Computing, Memory, and
Communication VIII, Vol. 9377, p.937713, Available at:
http://proceedings.spiedigitallibrary.org/proceeding.aspx?doi=
10.1117/12.2077229
Eren, E. (2007) WiMAX Security Architecture – Analysis and
Assessment, September, Available at: http://ieeexplore.ieee.
org/xpl/login.jsp?tp=&arnumber=4488507&url=http://ieeexpl
ore.ieee.org/xpls/abs_all.jsp?arnumber=4488507
Hamandi, K., Sarji, I., Chehab, A., Elhajj, I.H. and Kayssi, A.
(2013) ‘Privacy enhanced and computationally efficient HSK-
AKA LTE Scheme’, 2013 27th International Conference on
Advanced Information Networking and Applications
Workshops, pp.929–934, Available at: http://ieeexplore.
ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6550514
(Accessed 23 October, 2014).
He, C. and Ca, S. (2004) Security Analysis and Improvements for
IEEE 802.11i, Available at: http://theory.stanford.edu/~
jcm/papers/NDSS05.pdf
He, C. and Mitchell, J.C. (2004) Analysis of the 802.11i 4-Way
Handshake, Available at: http://www.google.com/url?sa=
t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CB8QFjAA
&url=http%3A%2F%2Ftheory.stanford.edu%2F~changhua%
2Ffp09-he.ps&ei=hoYVVZScGIj2oASek4DoDA&usg=
AFQjCNHjE7eZJKs0cEQLIujAHwMUWuWbqw&bvm=bv.
89381419,d.cGU
36 R. Nomula et al.
IEEE 802.1 Working Group (2001) Port-Based Network Access
Control, IEEE Std., Available at: http://scholar.google.com/
scholar?hl=en&btnG=Search&q=intitle:Port-Based+Network
+Access+Control#6 (Accessed 30 October, 2014).
Jin, D. (2009) ‘Fast convergent key distribution algorithms
using a dual quantum channel’, Security and Communication
Networks, December, 2008, pp.519–530. Available
at: http://onlinelibrary.wiley.com/doi/10.1002/sec.91/abstract
(Accessed 30 October, 2014).
Kak, S. (2006) ‘A three-stage quantum cryptography protocol’,
Foundations of Physics Letters, Vol. 19, No. 3, pp.293–296,
Available at: http://link.springer.com/10.1007/s10702-006-
0520-9 (Accessed 29 October, 2014).
LAN/MAN Standards Committee (2003) Part 11: Wireless LAN
Medium Access Control (MAC) and Physical Layer (PHY)
Specifications, IEEE-SA Standards Board, 2012 (March),
Available at: http://scholar.google.com/scholar?hl=en&btnG
=Search&q=intitle:Part+11+:+Wireless+LAN+Medium+Acc
ess+Control+(+MAC+)+and+Physical+Layer+(+PHY+)+S+p
ecifications#0 (Accessed 30 October, 2014).
LAN/MAN Standards Committee (2012) IEEE Standard
for Air Interface for Broadband Wireless Access Systems,
Available at: https://standards.ieee.org/findstds/standard/
802.16-2012.html
Maccari, L., Paoli, M. and Fantacci, R. (2007) ‘Security analysis
of IEEE 802.16’, IEEE International Conference on
Communications, 2007. ICC ‘07, pp.1160–1165, Available at:
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288868
(Accessed 23 October, 2014).
Mandal, S., Macdonald, G. and Rifai, M. (2012) ‘Implementation
of secure quantum protocol using multiple photons
for communication’, arXiv:1208.6198, Available at:
http://arxiv.org/abs/1208.6198 (Accessed 30 October, 2014).
Mitchell, J.C. (2004) 1 Message Attack on 4-Way Handshake,
pp.1–9, Available at: http://www.google.com/url?sa=t&rct
=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=
0CCgQFjAA&url=http://theory.stanford.edu/~changhua/11-
04-0497-02-000i-1-message-attack-on-4-way-handshake.
doc&ei=taMUVdsugr2CBIz5g2A&usg=AFQjCNFuhiRfENK
zH1z_UL6K_qWk4LR5xA&b
Nguyen, T., Sfaxi, M.A. and Ghernaouti-Helie, S. (2006)
‘Integration of quantum cryptography in 802.11 networks’,
The First International Conference on Availability, Reliability
and Security, 2006. ARES 2006, Available at: http://
ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1625301
(Accessed 30 October, 2014).
Purkhiabani, M. and Salahi, A. (2012) ‘Enhanced authentication
and key agreement procedure of next generation 3GPP
mobile networks’, Int. J. Inf. Electron. Eng., Vol. 2, No. 1,
Available at: http://www.ijiee.org/papers/57-C099.pdf
(Accessed 23 October, 2014).
Specification, T. (2010) Universal Mobile Telecommunications
System; Security Architecture, pp.0–69, Available at:
http://www.etsi.org/deliver/etsi_ts/133100_133199/133102/0
8.06.00_60/ts_133102v080600p.pdf
Thomas, J.H. (2007) Variations on Kak’s Three Stage Quantum
Cryptography Protocol, (Figure 1), pp.1–7, Available at:
http://arxiv.org/abs/0706.2888 (Accessed 29 October, 2014).
Wijesekera, S. (2011) Quantum Cryptography for Secure
Communication in IEEE 802.11 Wireless Networks, June,
Available at: http://www.canberra.edu.au/researchrepository/
file/8d7d9273-886b-6270-1793-fd1b4d74deaf/1/full_text.pdf
Wijesekera, S., Huang, X. and Sharma, D. (2009) ‘Multi-agent
based approach for quantum key distribution in WiFi
networks’, Agent and Multi-Agent Systems: Technologies
and Applications, (MiM), pp.293–303, Available at:
http://link.springer.com/chapter/10.1007/978-3-642-01665-
3_30 (Accessed 30 October, 2014).
Wootters, W. and Zurek, W. (1982) ‘A single quantum cannot be
cloned’, Nature, Available at: http://www.nature.com/
nature/journal/v299/n5886/abs/299802a0.html (Accessed
30 October, 2014).
Xiehua, L. and Yongjun, W. (2011) Security Enhanced
Authentication and Key Agreement Protocol for LTE/SAE
Network, pp.0–3, Available at: http://ieeexplore.ieee.org/xpl/
login.jsp?tp=&arnumber=6040169&url=http://ieeexplore.ieee
.org/xpls/abs_all.jsp?arnumber=6040169