Using Quantum Key Distribution With Free Space Optics to Secure Communications in High-Speed Trains

In the emerging era of quantum communications, Internet of Things (IoT) devices in high-speed train (HST) environments encounter formidable challenges. These devices are constrained by limited power and computational capabilities while needing to safeguard their data and communications against adversaries equipped with quantum-grade computational power. To counter such threats, Quantum Key Distribution (QKD) emerges as a vital solution, facilitating secure communication between servers and IoT controllers, thereby shielding the more vulnerable IoT sensors. This paper delves into the application of QKD within the unique scenario of HSTs, employing Free Space Optics (FSO) to establish high data rate communication channels. Our experimental setup involves the integration of FSO links for photon exchange essential to QKD. We meticulously explore the QKD process in the context of HSTs, detailing our methodology that involves the alignment of FSO transceivers on ground base stations with those on the moving trains, thereby enabling efficient photon exchange. The study presents quantitative results demonstrating that this approach allows for the exchange of a substantial number of keys, with negligible impact on FSO data throughput. These findings highlight that our proposed method can significantly enhance IoT communication security in HSTs without compromising the Quality of Service (QoS) offered to train passengers. Furthermore, we assess the system’s performance under various visibility conditions, which is crucial for FSO viability. Our results indicate the robustness of the proposed QKD method in diverse operational scenarios, underlining its practical applicability in securing IoT communications within HST environments. Through this study, we provide a comprehensive understanding of implementing QKD in high-speed mobile settings, contributing valuable insights into its effectiveness and feasibility.


I. INTRODUCTION
The past few decades have seen a surge in demand for highspeed transportation, leading to significant developments and increased utilization of high-speed trains (HSTs).HSTs represent the pinnacle of modern transportation technology, The associate editor coordinating the review of this manuscript and approving it for publication was Chen Chen .
offering rapid transit solutions that are both efficient and environmentally friendly.However, alongside these advancements, HSTs bring forward unique challenges, particularly in the realm of digital communication and cybersecurity.One of the primary challenges is providing stable and secure internet access onboard, which is essential for a range of functionalities including real-time video conferencing, HD video streaming, and the operation of advanced driverless train systems [1], [2].The demand for high-bandwidth internet is substantial; for example, a single Netflix HD video user requires a data rate of 5 Mbps.Therefore, in a typical scenario where 20% of passengers use such services, the collective demand can exceed 900 Mbps [3].
The role of the Internet of Things (IoT) in HSTs is also expanding rapidly.IoT devices are integral in monitoring various operational aspects of a train, such as the traveling system, traction, and braking systems [4].These devices form a sensor network that continuously collects and transmits data, ensuring the smooth and safe operation of the train.However, the massive deployment of IoT devices, particularly under the 5G massive machine-type communications (mMTC) paradigm, has led to escalating security concerns.This is primarily due to the limited battery life and processing capabilities of many IoT devices, making them vulnerable to cyber threats [5], [6].The impending transition to sixth generation (6G) networks is expected to exacerbate these challenges, transforming 5G's ultra-reliable low-latency communications (URLLC) into a more complex massive URLLC (mURLLC) scenario [7].
The evolution of the 6G era, with a focus on quantum communications, brings forth new security challenges for IoT devices.In anticipation of the 6G future, enhancing the security of these devices is imperative.Quantum cryptography presents a promising solution to these emerging challenges.However, the limited power and processing capabilities of IoT devices make it impractical for them to handle quantum communications independently.
The current cryptographic landscape is dominated by asymmetric and symmetric key algorithms [8].Asymmetric cryptography, while offering robust security, requires extensive computation and large key sizes, making it less suitable for IoT devices in HSTs.On the other hand, symmetric cryptography is more efficient in terms of computation but introduces significant challenges in the distribution of keys.Ensuring privacy and regular alteration of keys to prevent prediction by attackers is a substantial hurdle [9].
Concurrently, the use of Free Space Optics (FSO) communication has garnered interest due to its potential for high data rates over significant distances [10].FSO technology, applicable in various domains such as deep-space communications, autonomous vehicles, and ultra-high-speed trains, offers a promising avenue for secure communications [1], [11].Over the past three decades, the field of free-space quantum communication, particularly free-space Quantum Key Distribution (QKD), has witnessed remarkable advancements.These include successful demonstrations over various distances and conditions, catering to the evolving needs of secure communication [12], [13], [14], [15], [16].
Despite these advancements, the specific application of QKD in HST scenarios is not just a natural progression of technological advancement but a critical response to several inherent needs and challenges in this environment [17].The dynamic nature of HSTs, combined with their high passenger density, necessitates a robust communication system capable of handling high data rates securely and efficiently [18], [19].Enhanced security for IoT devices is crucial, given their role in various operational and passenger services [20].The mobility and speed of HSTs pose unique challenges for any communication system, and QKD, implemented via FSO, presents an innovative solution to maintain secure communication despite these challenges [21], [22], [23].
This paper aims to bridge this gap by proposing a novel framework utilizing FSO for QKD within HST environments, with a specific focus on securing the communication of IoT devices in a railroad network scenario.Our research delves into the design and implementation of a QKD system that is not only compatible with the dynamic environment of HSTs but also efficient and practical for IoT applications.We explore the integration of FSO technology in QKD, addressing the challenges of aligning FSO transceivers on moving trains with ground stations and ensuring efficient photon exchange for key distribution.
The paper also thoroughly investigates the system's efficiency under varying visibility conditions, a critical factor in the operational viability of FSO.We present detailed quantitative analyses demonstrating that our approach can secure a large number of keys without excessive power consumption or a significant impact on the data throughput of train passengers.This investigation is crucial in highlighting the practicality of our proposed QKD framework in real-world HST scenarios.
QKD emerges as an exceptional security solution for HST communications, marking, according to our knowledge, the first-time incorporation of quantum mechanics-based encryption in this field.This innovative approach provides a level of encryption that remains impervious to all advancements in computational power or algorithmic breakthroughs, setting a new standard for communication security in high-speed rail systems.Unlike traditional methods such as Physical Layer Security [24], which depend on computational hardness and are susceptible to future technological advancements, or systems like Smart Collaborative Networking for Railways (SCN-R) [25] with its newly designed chaotic random number generator for password validation, and Securebox [26] that rely on complex cryptographic algorithms, or even Blockchain [27] that may face challenges due to its computational intensity and latency issues, QKD offers a fundamentally secure communication channel that is resistant to all known cyber threats.Furthermore, the integration of QKD with FSO capitalizes on the high data rates and direct line-of-sight communication advantages of FSO, all while maintaining unmatched security through the quantum properties of laser beam photons.This pioneering amalgamation of high-speed, high-data-rate communication, and robust, unassailable security positions QKD as the superior and novel choice for protecting the complex and critical data exchanges within high-speed railway system.
The contributions of the paper can be summarized as follows:

A. DESIGN OF A NOVEL QKD FRAMEWORK FOR HST SCENARIOS
• Developing a unique framework specifically tailored for Quantum Key Distribution in high-speed train environments.
• Addressing the complexities of integrating QKD with the dynamic and fast-paced setting of HSTs.
• Ensuring compatibility of the framework with the existing infrastructure of HSTs and IoT devices.

B. INVESTIGATION OF SYSTEM EFFICIENCY UNDER VARIABLE CONDITIONS
• Conducting thorough investigations to assess the efficiency of the proposed QKD system under different visibility conditions and weather scenarios.
• Exploring the system's performance in realistic settings, accounting for the high-speed movement and changing environments typical of HSTs.
• Providing insights into the operational viability of QKD in such challenging conditions.

C. DEMONSTRATION OF APPLICABILITY AND EFFECTIVENESS IN SECURING IOT COMMUNICATIONS
• Illustrating the practical application of the framework in securing IoT communications within the HST context.
• Showing that the proposed system can generate a high number of secure keys effectively.
• Showing that the system operates without necessitating excessive power consumption and without any noticeable impact on the data throughput for train passengers, thereby not compromising the Quality of Service (QoS).
By addressing these key areas, the paper successfully fills a critical gap in the current research on quantum communications, particularly in the high-speed mobile environment of HSTs.This contribution is significant in advancing the field of secure communications in rapidly evolving transportation systems.
The rest of this paper is organized as follows.Section II presents the system model.The proposed approach is described in Section III.The results are presented and analyzed in Section IV.Finally, conclusions are drawn in Section V.

II. SYSTEM MODEL
The proposed system model is based on our contribution in [1].In [1], the authors of this paper have investigated FSO for HST, and they proposed a communication system based on aligning the base station (BS) transceiver with the transceiver (Tr) on board the train.This led to long coverage distances and to achieving high data rates for passengers.However, in [1], we did not investigate security issues and we did not consider QKD for securing communications, which is the major contribution of this paper.

A. SYSTEM STRUCTURE
In the proposed system, the BS is positioned such that, in the worst scenario, the data rate will be at a minimum target rate DR req .The system is designed such that the received power P rx will be at a minimum needed value in order to achieve DR req .
The suggested communication strategy utilized in this paper is shown in Figure 1.This paper uses gaussian beam distribution for laser beam propagation, just like in previous work cited in related publications [28].Additionally, each BS on the ground has a transceiver that works in accordance with FSO principles, and the train in this model has an FSO transceiver mounted on the top of the vehicle.To produce a high data rate over a long distance, the laser diode generally operates with wavelengths between 780 and 1600 nm (In this paper, the 1.5µm or 1550nm wavelength is used in the calculations).Furthermore, establishing a groundto-train communications link provides a connection between the train and the ground because a transceiver's transmitter and receiver are mutually aligned [29].
However, due to the high speed of the train, vibrations may occur; as a result, an acquisition-tracking-pointing (ATP) system is considered to be used in order to counteract these effects and ensure alignment and easy communication.
According to the authors' research, the majority of researchers looked into a high-speed train traveling at 400 km/h.As a result, this speed will be used as a realistic example in the paper.
Figure 2 shows the top view of the geometrical representation for the FSO ground-to-train communication system.In this figure, the train is assumed to be traveling along a track, and the train communicates by using a transceiver located on the train roof.Due to earth curvature, the distance between the BS and the transceiver cannot exceed 14.2 km; at which point the earth's curvature must be taken into account to continue communication [30], [31], [32].Furthermore, the BS has a vertical height of four meters above the ground.Finally, the divergence angle of the laser beam influences the track coverage length and beam radius w calculated in (1) and (2).Furthermore, the propagation of the beam can be modeled by assuming that lasers produce Gaussian beams (as suggested by [5]), and the radius of the beam at any distance |z| is represented by w(z) and calculated in [28].The authors of [33] assume that the laser beam used in this work has a Gaussian profile.
where z stands for the distance between the sender and receiver, w 0 stands for the laser source's beam waist at the transmitter, and λ represents the wavelength, 1550 nm (Table 1 lists the parameters' typical values).

B. DIVERGENCE ANGLE
The narrowest laser beam is produced by diffraction-limited optics, with a beamwidth of [33]: where D is the diameter of the optical aperture of the transmitter and λ is the wavelength of the laser being transmitted.Taking into account the laser beam width used in the mentioned papers in the related work, a 1550nm wavelength, and the same diameter optical receiver (5 cm), the smallest divergence angle that may be used for the suggested design is 6.944 × 10 −5 radians (this will not be the case in all scenarios with respect to parameters such as distance, vibration, and transceiver diameter).

C. RECEIVED POWER
For typical ground-to-train FSO transmissions, the received power at the receiver can be expressed as follows [34], [35], [36]: In this equation, P tx stands for the transmitted power, θ div for transmitter divergence angle, D for receiver diameter, L for communications distance, γ for atmospheric attenuation coefficient in dB/km (see Table 2), and η tx , η rx for receiver and transmitter efficiency, respectively.

III. PROPOSED QKD APPROACH FOR HST
Using the polarization orientation (such polarized filter) on an ordinary laser beam can produce polarized light, moreover, it is possible to generate a single photon, then make this photon polarized for an angle [37].
For the QKD process to work, two communicating parties (Alice and Bob), and two interconnected networks must all be present.The first network is a quantum channel that sends and receives quantum random-bit signals, while the second network is a conventional channel.Alice must send a stream of random photons to Bob.She accomplishes this by using polarized filters that allow each photon in the stream to have one of four distinct polarizations: 0, 90, 45, and 135 degrees.Because Alice and Bob cannot agree on which of these states corresponds to a ''0'' bit [16], [38], the BB84 protocol can be used to distribute this information [37].
In this section, we propose an architecture for QKD in railroad networks.To cover all aspects of the scenario, we split the problem into two sub-problems: the first one corresponds to QKD for the fixed sensors deployed along the rail track (Section III-A), whereas the second one corresponds to QKD for the sensors on board the train and that are consequently moving at the train speed (Section III-B).

A. QKD FOR FIXED SENSORS ALONG THE RAIL TRACK
The IoT sensors along the rail track can be connected to IoT controllers, which in turn can be connected to key distribution server through a fiber optic network.The keys can be shared through QKD between the server and controllers, and then each controller would distribute the keys locally to the IoT sensors connected to it.We had presented this method in [38].It is summarized here for the sake of completeness of the discussion.The main focus will be on the novel contribution of this paper, which corresponds to QKD using FSO for the sensors on board the HST (to be discussed in Section III-B).
Thus, in the fixed sensors case, in order to share a secret key using the quantum method (QKD), two parties Alice and Bob are required, as well as a fiber optic link used for quantum medium for QKD and a classical link (typically RF) for sending the encrypted message between these two parties [6], [38], as shown in Figure 3. Alice adopts four polarizations: rectilinear (0 • and 90 • ), or diagonal (45 • and 135 • ).Two of these polarizations are arbitrarily chosen to correspond to ''0'' and the other two to correspond to ''1''.An example is shown in Table 3.Then Bob either chooses a rectilinear filter (+) or a diagonal filter (x).Choosing the correct filter will lead to the photons passing unchanged, whereas choosing the wrong filter will either block them or change their polarization.Alice and Bob would then eliminate the wrong choices by communicating over the classic channel.Additional details on how we previously used this approach can be found in [6] and [38].Figure 4 shows the method for using the QKD for securing the communications of the IoT devices along the rail track.Fiber is used for the quantum channel, whereas wireless links are used for the classical channel.This scenario can be easily adapted to the case of edge computing, where the server would be co-located with the BS, instead of being remotely positioned in the cloud.
In [38], in addition to describing the QKD process, we proposed a method for detecting attackers and mitigating their impact, in the case of man-in-the-middle attacks.Although this attacker detection approach can be extended to QKD with the FSO scenario described next in Section III-B, it is not necessary in practice.In fact, due to the high speed of the train, it is extremely difficult and impractical to position an attacker over the FSO link, as it will disrupt the line of sight and will be easily visible and detectable above the train.In addition, due to the high speed of the train, either the attacker has to move at similar speed, or a different attacker is needed for the FSO link between each BS and the train transceiver.

B. QKD FOR SENSORS ON BOARD THE TRAIN
In this section, we discuss the key distribution process over FSO.As stated in the previous section above, it is extremely difficult to have an eavesdropper on the QKD process at the high train speed.Thus, we can simply use QKD on the fixed links discussed in Section III-A, in order to create the keys for the IoT devices inside the train.The FSO link between the BS and the train transceiver can then be used simply to transmit the keys to a server on board the train, which can then distribute them to the IoT devices on the train as needed.This scenario is depicted in Figure 5.The figure shows the FSO link between BS and train transceiver, where a moving bar at the BS opens after the train passes, in order to have perfect alignment of the transceivers using the technique of [1].Here, we focus on key distribution, and we investigate and analyze two different approaches: • In the first approach, we consider that the train's transceiver dedicates all of its communication capacity during a short time interval of T seconds, in order to exchange a very large pool of keys with the BS (much larger than the number of available IoT devices).The keys can then be stored and used for a long period of time.When all the keys have been used, the process is repeated again.
• In the second approach, the train and the BS exchange only the needed amount of keys at a given time (equal to the number of IoT devices).This should occupy a small fraction of the FSO transmission capacity, with the rest being used for passengers' traffic.When new keys are needed, the process is repeated again.Naturally, the key exchange process will be repeated more frequently with this second approach, but the fraction of throughput consumed is much less than the first approach.Finally, at the end of this section, although the high speed FSO link can be considered physically secure, for the sake of completeness, we also describe the QKD process over FSO, 43564 VOLUME 12, 2024 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.i.e., when the FSO link is not just used to send the keys, but also to implement the BB84 QKD process itself.

1) STORING A LARGE POOL OF KEYS
Considering the throughput R in bits per second (bps) of the FSO link, we assume that it is dedicated solely for the exchange of secret keys for a short duration of T seconds, and then it is dedicated for regular data communications.Denoting by K S the required size of a single secret key in bits, then the number of exchanged keys N K is given by: Denoting by N D the number of IoT devices in the train, and by T D the time that a key will be used by a device before being changed, then the pool of N K key can be used for ⌊N K /N D ⌋iterations, each of duration T D , where ⌊ •⌋ denotes the floor operation.Consequently, the time T R needed to repeat the whole process and generate a large new pool is given by: This process is summarized in Figure 6.
For additional security, the pool of keys can be transmitted encrypted over the FSO link, with the pool encryption key K P being one of the keys transmitted in the previous pool.The very first pool can be encrypted by some pre-defined key at the start of the train's journey (safely configured as the train would still be at the station).

2) EXCHANGING THE KEYS WHENEVER NEEDED.
As opposed to the previous method, this approach exchanges exactly the number of needed keys for a given time.Thus, with T D being the time that a key will be used by a device before being changed, the number of keys exchanged every T D is N K = N D , i.e., the number of keys equals the number of devices.
Thus, the throughput needed only for key exchange is given by: Consequently, the fraction of the total throughput R needed to transmit the keys is given by: This process is summarized in Figure 7.For additional security, the key of any given device at iteration (t + 1), K t+1 , can be transmitted encrypted by the key of that same device at the previous iteration t, K t , i.e., we transmit (K t+1 ) Kt .The very first set of keys at t = 0 can be encrypted by some pre-defined key at the start of the train's journey (safely configured as the train would still be at the station).

3) FREE SPACE-QKD
In this section, we discuss the scenario where QKD has to be performed over the FSO link itself.It should be noted that Figs. 6 and 7 also accommodate this scenario, as in their first step it is not specified how the QKD process is performed: In the case of Sections III.B.1 and III.B.2, QKD for the sensors on the train is performed between the server and ground BS, then the keys are distributed through FSO.In the scenario of this section, the QKD BB84 process itself is performed through the FSO link, between the BS and the HST.
In order to analyze the QKD process over FSO, let us denote by N P the number of photons received per second.Hence, the number of photons received during a time period T is N P T .Knowing the energy of a photon, where h is Planck's constant, c is the light speed, and λ is the wavelength of the laser that is used for the communication.
Then, denoting by P r the received power, the energy received within a time period T is P r T .Then, the number of photons received can be expressed as: During the key generation process using QKD, some photons will not lead to correct bits in the secret key due to wrong polarization filters by the receiver.Others will be lost due to errors or impairments in the transmission or the circuits used [39], [40], [41].Therefore, we denote by α the fraction of photons that actually lead to valid bits used in the generated secret keys.Consequently, the number of valid key bits obtained from the transmission of N P photons can be expressed as: In order to perform QKD, we need a quantum channel and a classic channel.To be able to perform QKD over FSO in an HST, these channels can be provided using one of the following options, possibly among others: • Using the FSO channel as the quantum channel, and using a traditional RF channel between the BS and HST as the classic channel; • Using two FSO transceivers at each of the BS and train in the scenarios of Figures 1, 2, and 5 (instead of one transceiver).In this case, one pair of transceivers can be used for the quantum channel, and the other pair for the classic channel.When not used for QKD, the two pairs can operate simultaneously in a multiple input multiple output (MIMO) fashion to double the FSO data rate for the train passengers.It should be noted that the placement of the transceivers in this case should be carefully planned to avoid any overlap between their respective beams when the train travels away from the BS; • Using wavelength division multiplexing (WDM), where transmission using one wavelength can be used as the quantum channel, and the other wavelength can be used as the classic channel.

C. STRUCTURED ALGORITHM FOR QKD IMPLEMENTATION IN HSTS USING FSO
The implementation of QKD in HSTs using FSO necessitates a structured and precise approach.An algorithmic framework is essential for ensuring the efficient and secure generation, distribution, and validation of quantum keys.This is particularly important in the dynamic environment of HSTs, where factors such as speed, vibration, and varying communication distances play a critical role.Algorithm 1 provides a systematic procedure for handling these variables while maintaining the integrity and security of the quantum keys.

D. POLARIZATION-BASED QKD IN RAILROAD NETWORKS
In this subsection, we explore the rationale behind our selection of polarization-based QKD and the utilization of polarized filters, specifically tailored for the demanding environment of railroad networks.Polarization-based QKD offers technical efficiency by leveraging the polarization of photons to encode quantum bits, seamlessly integrating with FSO used in HSTs.The deployment of polarized filters is critical, enabling us to establish distinct polarization states needed for QKD, while ensuring high reliability and adaptability in the dynamic, high-speed setting of HSTs.

1) SIGNIFICANCE OF POLARIZED FILTERS IN GENERATING RANDOM PHOTONS
The use of polarized filters is pivotal in our approach, aligning with the first proposed BB84 protocol of QKD in 1984 [37], which utilizes the polarization of photons.These filters enable the generation of random photons in four specific polarizations: 0, 90, 45, and 135 degrees, a technique critical to the integrity of quantum keys.This randomness is essential in HSTs' open wireless communication, mitigating the risk of eavesdropping and unauthorized access.Notably, recent real-world applications in satellite scenarios have demonstrated the practical viability of such systems [42].

2) EXPERIMENTAL DATA AND THEORETICAL SUPPORT
To substantiate our approach, we reference experimental studies and simulations that demonstrate the effectiveness of polarization-based QKD under conditions mimicking those of HST environments.These studies indicate a consistent maintenance of security and integrity of the quantum keys, even under various high-speed and environmental stressors.
For instance, simulations under conditions of fluctuating temperatures and mechanical vibrations have shown that polarization-based QKD maintains lower quantum bit error rates compared to other methods [43], [44].

3) SECURITY ANALYSIS IN RAILROAD NETWORK CONTEXT
We delve into the specific security challenges of railroad networks, such as heightened risks of eavesdropping due 43566 VOLUME 12, 2024 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

Algorithm 1 QKD in HSTs over FSO Input
• R : Data rate of the FSO link in bite per second (bps).
• K S : Size of a single searet key in bite • N D : Number of loT devices in the train.
• T D :Time duration for which a key ia used by a device before being changed.Output • A pool of quantum keys distributed to IoT devices on the HST.Algorithm Steps: 1) Initialization: • Set the photon polarization states for QKD (0 2) Key Generation: • Use polarized filters to generate a stream of random photons with distinct polarizations.
• Implement the B884 protocol for secure key distribution between the server (Alice) and IoT controller (Bob).
3) Key Distribution: • For fixed sensors along the rail track: -Distribute key via a fiber optic network connecting IoT controller to a key distribution server.-For sensors on board the train: * Utilize two approaches: Approach 1: Large Pool of Keys -Exchange a large pool of keys during a short interval of T seconds.
-Calculate the number of exchanged keys, N K , using N K = R•T K S (Equation 5).-Determine the time T R to repeat the process: 6).Approach 2: Exchange Keys as Needed -Exchange only the number of keys at a given time.
-Calculate the throughput needed for key exchange, R K , using R K = N D •K S T D (Equation 7).-Calculate the fraction of total throughput needed, R K R (Equation 8).
to the open nature of wireless communication.Polarizationbased QKD effectively counters these threats, as any attempt to intercept the quantum keys alters the polarization states, thereby signaling a potential security breach.This inherent feature of polarization-based QKD provides an added layer of security, crucial for the public and dynamic context of railroad networks [45], [46].

4) PRACTICAL INTEGRATION CONSIDERATIONS
Integrating this technology into existing railroad communication systems is feasible.The modifications required primarily involve the addition of polarized filters and calibration of existing FSO equipment to accommodate the polarization states.This ensures an efficient upgrade to a more secure communication framework [47].

IV. RESULTS AND DISCUSSION
In this section, we present and analyze the results corresponding to the proposed methods.It should be noted that most of the calculations and simulations were implemented using MATLAB ® .

A. PRACTICAL KEY LENGTHS
As discussed previously, symmetric encryption is a good option for IoT devices with limited capabilities.For example, AES encryption can be used with a key length of 128 bits.Figure 8 shows the number of bits needed for a varying number of IoT devices inside the train, each requiring a 128-bit key.These devices could include, for example, control and monitoring sensors onboard the train, in addition to surveillance cameras that monitor the security inside the train.

B. RECEIVED POWER
Obviously, transmission power influences received power, which affects data rate.Because equation ( 4) shows that the received power directly determines the necessary transmitted power, a fixed received power ensures the required data rate, such as 1.25 Gbps, as used in the literature, e.g., [1] and the references therein.To achieve this target rate, we assume that the power can be varied at the BS, such that the received power remains fixed at a target of -36 dBm [48].However, it cannot exceed a maximum transmit power, considered to be 27 mW as indicated in Table 1.This affects the placement of BSs, which should take into account the various visibility conditions.Considering the relation between transmit and received power in various visibility conditions at a wavelength of 1550nm, we obtain the results of Figure 9. Figure 9 depicts the received power versus distance using a divergence angle of 6.944 × 10 −5 and a transmitted power of 27mW, under different visibility conditions.In the worst-case scenario, the target received power of -36 dBm, leading to a data rate of 1.25 Gbps [1], is achieved at a distance of 3700 m.Thus, we assume the BSs are placed along the rail track with a BS separation not exceeding 3700 m, in order to allow the target received power and target data rate to be achieved.It should be noted that this result, although not directly related to the main contribution of this paper (focused on QKD for IoT), outperforms other solutions in the literature, e.g., [49].

C. KEY DISTRIBUTION OVER FSO USING METHOD 1
Using Method 1 described in Section III-B.1 and implementing Equation ( 5) with K S = 128 bits, T = 1 sec, and R= 1.25 Gbps, we obtain a number of keys in the pool N K = 9,765,625 keys.Using this number in Equation (6) with N D = 1000 devices and T D = 1 sec, we obtain T R = 9765 sec, which corresponds approximately to 2 hours and 42 minutes!In other words, assuming a transmission every 1 second on average (depending on the nature of their measured data, some sensors might need to transmit more frequently, while others need to transmit less frequently), we have enough keys to be used as one-time pad (OTP) for 1000 devices, for a duration corresponding to almost the whole trajectory of many practical train trips.This pool of keys was collected only through 1 second transmission using the target data rate.

D. KEY DISTRIBUTION OVER FSO USING METHOD 2
Using Method 2 described in Section III-B.2, and implementing Equation (7) with N D = 1000 devices, K S = 128 bits, and T D = 1 sec, we obtain R K = 128 kbps.Using this value in equation ( 8) with R = 1.25 Gbps, we obtain a ratio of 0.01%.
Thus, assuming a transmission every 1 second on average (depending on the nature of their measured data, some sensors might need to transmit more frequently, while others need to transmit less frequently), we can continuously transmit enough keys to be used as OTP for 1000 devices, while affecting only 0.01% of the FSO throughput!

E. ACTUAL IMPLEMENTATION OF QKD OVER FSO
In this section, we present the results corresponding to the approach of Section III-B.3,where QKD is performed over the FSO link.The QKD relies on the received photons or the final key length that is represented by two polarized photons to get ''0'' or ''1''.So, from the energy of a photon expressed in Equation ( 9), we have: Given, the received power in dBm and converting it to Watts: P r = −36 dBm= 2.5×10 −7 W. Thus, implementing Equation (10) gives that the number of photons emitted per second is:  11), we can calculate the number of bits that can be used for generating keys, from the above number of photons.Then, taking the example of K S = 128 bits per key and N D = 1000 devices, we obtain the results of Figure 10. Figure 10 shows that, after implementing QKD for 1 second, the number of photons exchanged is enough to support a huge number of keys for each device on the train, with each key consisting of 128 bits.The values of Figure 10 for N D = 1000 devices are summarized in Table 4. Thus, even under bad conditions (α = 0.1), 1.5 million keys can be stored for each device.Then they can be distributed locally and used inside the train as needed.If an OTP is needed every 1 second, we would have enough keys for 422 hours!

F. PRACTICAL IMPLICATIONS, SCALABILITY, AND LIMITATIONS
In this subsection, we address the practical aspects, scalability challenges, and potential limitations of implementing the proposed QKD system using FSO in HSTs.This analysis is crucial to understanding the real-world applicability of our approach and the trade-offs involved.

1) PRACTICAL IMPLICATIONS AND POTENTIAL OBSTACLES
• Integration with Existing Systems: Our findings indicate that while the proposed QKD system is technically feasible, integration with existing HST communication systems presents challenges.This includes retrofitting older trains and ensuring compatibility across diverse train and station architectures.
• Environmental Sensitivity: The effectiveness of FSO in QKD is subject to atmospheric conditions.Our simulations show that factors like fog and rain can impact photon transmission, suggesting a need for contingency plans or complementary technologies in adverse weather conditions.
• Alignment and Stability Requirements: The high-speed and vibrations of HSTs demand sophisticated tracking and stabilization systems for FSO alignment.Our results highlight the critical need for these systems to maintain consistent quantum communication.

2) SCALABILITY ISSUES
• Network Expansion Challenges: As HST networks grow, scaling the QKD system becomes more complex.
Managing an increasing number of quantum keys and securing distribution to more IoT devices are identified as key scalability challenges.
• Adaptability to Varied Train Speeds: The QKD system's adaptability to different speeds and routes is essential.Our discussion points out that varying speeds and routes introduce distinct communication challenges, necessitating a flexible and robust system design.

3) TRADE-OFFS AND LIMITATIONS
• Throughput vs. Security Balance: We observe a trade-off between securing communication through QKD and the available bandwidth for passenger data services.Allocating more bandwidth to QKD enhances security but at the cost of reduced data throughput for other services.
• Cost Implications: The implementation of a comprehensive QKD system, especially with advanced tracking and stabilization, is cost-intensive.This subsection discusses the need to balance cost with desired security and performance levels.

4) POINTING ERROR
One critical factor in Quantum Free Space Optics communication systems, especially relevant to the QKD efficacy and the final key length received at the destination, is the pointing error.This error, often stemming from vibrations in HSTs, significantly impacts the QKD rate.Subsection IV-G delves into a detailed analysis of this issue, examining its effects and exploring potential solutions and mitigation strategies.

5) ADDRESSING THE CHALLENGES
In conclusion, while our proposed QKD system offers a novel approach to securing IoT communications in HSTs, it is accompanied by practical challenges, scalability concerns, and inherent trade-offs.Future research should focus on developing cost-effective, scalable solutions and addressing the environmental sensitivity of FSO-based QKD systems.This comprehensive analysis underscores the importance of a nuanced approach to implementing quantum communication technologies in real-world transport scenarios.

G. THE EFFECT OF THE POINTING ERROR IN QUANTUM COMMUNICATION
In quantum communication through space, it is crucial to accurately point the laser beam.These pointing errors can cause problems, as they make the beam wander off course, especially when weather conditions are not stable.
The impact of pointing errors on a system can be analyzed using the Moment Generating Function (MGF) of θ 2 as [50]: where: • E[•] is the expectation operator.
• s is the variable in the MGF.This MGF characterizes the statistical properties of pointing errors, useful for deriving key statistical measures and assessing the effects of these errors on QKD system performance.However, this equation is general; specific conditions like vibration induced pointing errors may require a more focused approach, especially since other factors like atmospheric conditions are already considered in the paper.
Therefore, this wandering is measured by a variance of σ 2 p and it is a major concern because it directly affects the security and effectiveness of QKD [51].In this section, we focus on these pointing errors and how they can affect communication.We also discuss some ways to fix or reduce these errors to make the quantum communication system more reliable.
Pointing errors arise due to jitter and imprecise tracking at the transmitter, leading to centroid wandering of the beam.The variance σ 2 p is directly related to the pointing error angle at the transmitter and the propagation distance z.
We can calculate the variance σ 2 p based on the pointing error: • Pointing Error Angle (θ): This is the angular deviation in the pointing of the beam, typically measured in radians or microradians (µrad).It is an indication of how accurately the transmitter can point the beam toward the receiver.
• Propagation Distance (z): This is the distance over which the beam travels from the transmitter to the receiver.The authors of [51] described the variance due to pointing errors σ 2 p as: To link the equation for pointing error variance σ 2 p with the height of objects requires understanding the geometric relationship between the transmitter, the receiver, and the object that might be causing the pointing error.

1) UNDERSTANDING THE SCENARIO
• Transmitter Height (h T ): The height at which the transmitter is placed.
• Receiver Height (h R ): The height at which the receiver is placed.
• Distance Between Transmitter and Receiver (d): The horizontal distance between the transmitter and the receiver.

2) CALCULATING THE ELEVATION ANGLE
The elevation angle (α) is the angle between the line-of-sight from the transmitter to the receiver and the horizontal plane.
It can be calculated using trigonometry if the heights and distance are known: 3) CALCULATING THE POINTING ERROR ANGLE (θ ) The pointing error angle (θ) could be influenced by the presence of the object.If the object causes a deviation in the beam, θ might be the difference between the actual elevation angle (α) and the elevation angle considering the object (β): Equation ( 15) considers the scenario in which an obstruction causes additional deviation, with the pointing error angle (θ) representing the difference between the deviation angle (β) due to the obstruction and the initial elevation angle (α) from the transmitter to the receiver.
Given the scenario of a high-speed train communication system using QKD with FSO, it is imperative to accurately model the impact of pointing errors on the system's performance.The mathematical framework established here aims to model the pointing error variance (σ 2 p ) as a function of both the height of the receiver and the distance between the transmitter and the receiver.The following parameters and equations constitute the core of this framework: • Transmitter Height (h T ) : Set at a fixed height of 4 meters.
• Distance Between Transmitter and Receiver (d): Variable, ranging between 200 meters and 14200 meters.
• Elevation Angle (α): The elevation angle is the angle between the direct line of sight from the transmitter to the receiver and the horizontal plane.Mathematically, it's defined as: • Pointing Error Angle (θ): In the given scenario, the pointing error angle is essentially the elevation angle itself, as there's no obstruction causing additional deviation in the HST scenario of Figure 1.Therefore, we have: Equation ( 17) corresponds to a scenario without any obstruction, where the pointing error angle (θ) is directly equivalent to the elevation angle (α), indicating that the pointing direction is solely determined by the line-of-sight elevation without any additional angular deviation.
• Pointing Error Variance (σ 2 p ): The pointing error variance is a crucial factor in determining the stability and reliability of the FSO link.It is calculated based on the pointing error angle and the distance between the transmitter and the receiver: This mathematical framework provides a structured approach to quantitatively analyze the impact of pointing errors on an FSO-based QKD system.Implementing this model in a computational environment allows for simulating the system's performance under varying conditions, facilitating a comprehensive understanding of how pointing errors influence the overall efficiency and reliability of quantum communication in high-speed train scenarios.
Figure 11 represents the relationship between the pointing error variance (σ 2 p ) in a FSO communication system, the receiver height (h R ), and the distance (d) between the transmitter and the receiver.
Figure 11 illustrates that the pointing error variance increases with the distance between the transmitter and the receiver, which is an expected behavior in FSO systems.The plot shows that at the minimum distance of 200 meters, the variance starts at a lower value and rises as the distance extends to 14200 meters.The receiver height is varied between 4 and 4.06 meters as in [17] the vibration of the train could make a bigger height of 60 mm, and it is observed that changes in receiver height have a relatively minor impact on the pointing error variance compared to the changes induced by varying the distance.Notably, at 14200 meters and a receiver height of 4.06 meters, the pointing error variance is indicated as approximately 0.0036 on the plot of Figure 11.
The detailed behavior of the plot suggests that the system's susceptibility to pointing errors becomes more pronounced with distance, which could lead to a decrease in the effectiveness of the quantum key distribution due to increased misalignment between the transmitting and receiving optics.The slight increase in height from 4 to 4.06 meters does not appear to cause a significant variance in the pointing error, indicating that within this small height range, the height's impact is minimal compared to the impact of the distance.This kind of analysis is crucial for understanding and optimizing the performance of QKD systems over various distances and under different environmental conditions.
In our scenario, we are focusing on the impact of pointing error (0.0036) on the QKD process for securing IoT devices in HSTs.The scenario involves a transmitter at a fixed height of 4 meters, a receiver whose height varies between 4 and 4.06 meters, and a distance between the transmitter and receiver varying from 200 meters to 14200 meters.We then develop the mathematical framework and then implement it in code to visualize the results.
• Distance Between Transmitter and Receiver (d): Varies between 200 meters and 14200 meters.

5) CALCULATION OF POINTING ERROR ANGLE ( )
The pointing error angle can be influenced by the deviation in the line-of-sight due to the varying height of the receiver.
We calculate the angle θ as:

6) CALCULATION OF ELEVATION ANGLE AND DEVIATION ANGLE
The elevation angle (α) represents the ideal line-of-sight angle, and the deviation angle (β) represents the actual line-of-sight considering the heights of the transmitter and receiver.
where h is the deviation in height due to pointing error.

7) IMPACT ON QKD KEY RATE (K)
The QKD key rate can be affected by the pointing error as it influences the link efficiency and the photon arrival rate at the receiver.The key rate can be modeled as: where: • K 0 is the ideal key rate without pointing errors.
• η(θ,d) represents the link efficiency as a function of pointing error and distance, which can be derived from the misalignment of the beam due to pointing error.Incorporating the calculation of link efficiency (η), reflecting the impact of pointing error and distance, into the framework of Equation ( 22) necessitates its expression in the form: Following this integration, Equation ( 23) evolves to encapsulate the QKD Key Rate (K ), merging the foundational key rate (K 0 ) with the modulation introduced by η, thereby embedding the effects of alignment precision and spatial separation of the communicating entities.The refined equation: effectively marries the theoretical key rate with practical considerations, yielding a more accurate representation of system performance under real-world conditions.Figure 12 elucidates the QKD key rate (K ) relative to the ideal rate (K 0 ), depicted as the ratio K /K 0 , within the context of HST vibrations that cause receiver height to vary slightly between 4 and 4.06 meters.This visual representation demonstrates that at a closer range, specifically at 200 meters, the vibration influences the key rate more significantly, with K being 0.999986 of K 0 .At a longer distance of 14200 meters, the effect of pointing errors on the key rate is marginal, with K attaining 0.999998 of K 0 , illustrating an almost indiscernible impact on QKD efficacy.Moreover, the graphic illustrates that the distance between transmitter and receiver markedly impacts the key rate more than the receiver height does.With increasing distance, the key rate notably declines, which emphasizes the critical need for precise alignment in mobile communication systems over longer distances.Despite potential pointing errors due to HST vibrations, the system's capacity to maintain a key rate very close to K 0 showcases the QKD system's resilient design.This robustness is crucial for optimizing QKD functionality and ensuring secure communication in the dynamic environment of high-speed transit.
For a deeper insight into Figure 12 and to gain a more comprehensive understanding, refer to Figure 13, which provides additional data or alternative perspectives on the influence of pointing errors and distance on the QKD key rate within this specialized communication context.Figure 13 depicts the variation of the pointing error angle in micro-radians as a function of the distance from the transmitter to the receiver.The graph displays a steep decline in the pointing error angle as the distance increases.Specifically, at a distance of 200 meters, the pointing error angle is quite high at 300 micro-radians, indicating a significant potential for misalignment at closer ranges.However, as the distance extends to 14,200 meters, the angle diminishes substantially to approximately 4.225 microradians, suggesting that the impact of pointing errors on beam alignment is greatly reduced at longer distances.This reduction in the pointing error angle with increasing distance highlights the importance of precision in initial beam alignment, especially at shorter distances, to ensure effective quantum key distribution in free-space optical communication systems.
Figures 12 and 13 jointly reveal that while HST vibrations induce more significant key rate reductions at shorter distances due to higher pointing error angles, the QKD system demonstrates remarkable resilience over longer distances.The steep decline in pointing errors with increased distance underscores the importance of precise beam alignment at closer ranges, where misalignments are more impactful.Despite the initial sensitivity to alignment imperfections at shorter distances, the QKD system maintains near-ideal key rates over extended ranges, showcasing its robust design and the diminishing impact of pointing errors with distance, thereby ensuring reliable and secure communication in dynamic environments.

V. CONCLUSION
In this paper, we have delved into the complex issue of enhancing the security of IoT devices in high-speed train (HST) scenarios through the implementation of Quantum Key Distribution (QKD) using Free Space Optics (FSO).Our approach involved two methods: performing QKD over wired links with base stations (BSs) along the track, then utilizing FSO to transmit the security key bits, or directly using FSO links for photon exchange required for QKD with the BSs.Our findings indicate the feasibility of exchanging a substantial number of keys with minimal impact on the data throughput of FSO links, highlighting the potential of this method in practical applications.However, the implementation of this approach in real-world HST scenarios presents several challenges and limitations that need careful consideration.First, the dynamic nature of HSTs, involving high speeds and constant movement, poses challenges in aligning and maintaining FSO links, which are crucial for effective QKD.Ensuring stable and uninterrupted quantum communication in such a fluctuating environment requires suitable technological solutions and could lead to increased complexity and cost.Secondly, environmental factors, including weather conditions and physical obstructions along the rail track, can impact the reliability and efficiency of FSO-based communication systems.The susceptibility of FSO to atmospheric disturbances and the need for clear lineof-sight between transceivers necessitate additional planning and contingencies to maintain consistent communication quality.Moreover, while our study demonstrates the capability of exchanging a large number of keys, managing and updating these keys efficiently in a high-speed, continuously operating HST system presents logistical and operational 43572 VOLUME 12, 2024 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
challenges.The integration of this QKD system with existing IoT networks in trains also requires seamless compatibility and minimal interference with other onboard systems and passenger services.
In conclusion, while our proposed methods exhibit significant promise for securing IoT devices in HSTs, they also bring to light important practical considerations that must be addressed for successful real-world application.Future work in this area should focus on developing robust solutions to these challenges, exploring the overall feasibility of integrating these advanced security measures into the fast-evolving domain of high-speed railway transportation.

FIGURE 2 .
FIGURE 2. Geometrical top view for the proposed method.

FIGURE 3 .
FIGURE 3. The structure of two parties to share QKD.

FIGURE 4 .
FIGURE 4. Infrastructure of the railroad communication with QKD scenario.

FIGURE 5 .
FIGURE 5.The proposed structure for the QKD to secure the sensors inside the train.

FIGURE 6 .
FIGURE 6. Key exchange using method 1: Sending a large pool of keys to the HST.

FIGURE 7 .
FIGURE 7. Key exchange using method 2: Sending exactly the number of needed keys to the HST.

FIGURE 8 .
FIGURE 8. Number of bits needed for security keys vs. the number of IoT devices, assuming AES is used with 128-bit key for each device.

FIGURE 9 .
FIGURE 9. Number of bits needed for security keys vs. the number of IoT devices, assuming AES is used with 128-bit key for each device.

FIGURE 10 .
FIGURE 10.Number of keys per device stored on the train, when implementing QKD over FSO with different values of α.

TABLE 4 .
Number of keys per device, when 1000 IOT devices are inside the train.

FIGURE 11 .
FIGURE 11.Pointing error variance as a function of receiver height and distance.

FIGURE 12 .
FIGURE 12.QKD key rate as a function of pointing error effect.

TABLE 2 .
Typical values of attenuation with corresponding visibilities.

TABLE 3 .
The polarization states and bit representations.