{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:26Z","timestamp":1783965866639,"version":"3.55.0"},"reference-count":35,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105034","type":"journal-article","created":{"date-parts":[[2026,6,29]],"date-time":"2026-06-29T23:37:40Z","timestamp":1782776260000},"page":"105034","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["SQOUT: A risk-based threat analysis framework for quantum communication systems"],"prefix":"10.1016","volume":"170","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0985-6986","authenticated-orcid":false,"given":"Michal","family":"Krelina","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8986-5539","authenticated-orcid":false,"given":"Tom","family":"Sorger","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8151-5843","authenticated-orcid":false,"given":"Bob","family":"Dirks","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"6","key":"10.1016\/j.cose.2026.105034_b1","doi-asserted-by":"crossref","first-page":"1330","DOI":"10.1103\/PhysRevLett.85.1330","article-title":"Limitations on practical quantum cryptography","volume":"85","author":"Brassard","year":"2000","journal-title":"Phys. Rev. Lett."},{"issue":"8","key":"10.1016\/j.cose.2026.105034_b2","doi-asserted-by":"crossref","first-page":"1438","DOI":"10.1364\/OPTCON.530352","article-title":"Quantum key distribution: a survey on current vulnerability trends and potential implementation risks","volume":"3","author":"Brazaola-Vicario","year":"2024","journal-title":"Opt. Contin."},{"key":"10.1016\/j.cose.2026.105034_b3","series-title":"Implementation attacks against QKD systems","author":"BSI","year":"2023"},{"key":"10.1016\/j.cose.2026.105034_b4","series-title":"Position paper on quantum key distribution","author":"BSI, ANSSI, NLNCSA, Swedish NCSA","year":"2024"},{"issue":"1","key":"10.1016\/j.cose.2026.105034_b5","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1038\/s41534-025-01089-8","article-title":"Implementation of carrier-grade quantum communication networks over 10000 km","volume":"11","author":"Chen","year":"2025","journal-title":"Npj Quantum Inf."},{"key":"10.1016\/j.cose.2026.105034_b6","series-title":"EuroQCI \u2014 Concept of operations (ConOps) \u2014 v3.0","author":"DG Connect","year":"2024"},{"key":"10.1016\/j.cose.2026.105034_b7","series-title":"European quantum communication infrastructure - EuroQCI","author":"European Commission","year":"2025"},{"issue":"6","key":"10.1016\/j.cose.2026.105034_b8","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevApplied.12.064043","article-title":"Laser-seeding attack in quantum key distribution","volume":"12","author":"Huang","year":"2019","journal-title":"Phys. Rev. Appl."},{"issue":"6","key":"10.1016\/j.cose.2026.105034_b9","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevA.87.062329","article-title":"Quantum hacking of a continuous-variable quantum-key-distribution system using a wavelength attack","volume":"87","author":"Huang","year":"2013","journal-title":"Phys. Rev. A"},{"issue":"5","key":"10.1016\/j.cose.2026.105034_b10","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevLett.91.057901","article-title":"Quantum key distribution with high loss: Toward global secure communication","volume":"91","author":"Hwang","year":"2003","journal-title":"Phys. Rev. Lett."},{"key":"10.1016\/j.cose.2026.105034_b11","series-title":"Guide for Conducting Risk Assessments","author":"Initiative","year":"2012"},{"key":"10.1016\/j.cose.2026.105034_b12","series-title":"ISO\/IEC 27005:2022 \u2014 Information security, cybersecurity and privacy protection \u2014 Guidance on managing information security risks","author":"ISO\/IEC","year":"2022"},{"key":"10.1016\/j.cose.2026.105034_b13","series-title":"An Introduction to Factor Analysis of Information Risk (FAIR)","author":"Jones","year":"2006"},{"issue":"23","key":"10.1016\/j.cose.2026.105034_b14","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevLett.94.230504","article-title":"Decoy state quantum key distribution","volume":"94","author":"Lo","year":"2005","journal-title":"Phys. Rev. Lett."},{"key":"10.1016\/j.cose.2026.105034_b15","unstructured":"Lockheed Martin, , 2011. Cyber Kill Chain. n.d. URL https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html."},{"issue":"10","key":"10.1016\/j.cose.2026.105034_b16","doi-asserted-by":"crossref","first-page":"686","DOI":"10.1038\/nphoton.2010.214","article-title":"Hacking commercial quantum cryptography systems by tailored bright illumination","volume":"4","author":"Lydersen","year":"2010","journal-title":"Nat. Photonics"},{"issue":"6","key":"10.1016\/j.cose.2026.105034_b17","doi-asserted-by":"crossref","DOI":"10.1088\/1367-2630\/11\/6\/065003","article-title":"Controlling passively quenched single photon detectors by bright light","volume":"11","author":"Makarov","year":"2009","journal-title":"New J. Phys."},{"issue":"3","key":"10.1016\/j.cose.2026.105034_b18","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevA.94.030302","article-title":"Creation of backdoors in quantum communications via laser damage","volume":"94","author":"Makarov","year":"2016","journal-title":"Phys. Rev. A"},{"key":"10.1016\/j.cose.2026.105034_b19","unstructured":"MITRE Corporation, , 2013. MITRE ATT&CK. n.d. URL https:\/\/attack.mitre.org\/."},{"key":"10.1016\/j.cose.2026.105034_b20","unstructured":"MITRE Corporation, , 2021. MITRE D3FEND. n.d. URL https:\/\/d3fend.mitre.org\/."},{"key":"10.1016\/j.cose.2026.105034_b21","series-title":"Risk Analysis in Engineering: Techniques, Tools, and Trends","author":"Modarres","year":"2016"},{"key":"10.1016\/j.cose.2026.105034_b22","unstructured":"NASA, 2011. Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners, Technical Report NASA\/SP-2011-3421, second ed. URL https:\/\/ntrs.nasa.gov\/citations\/20120001369."},{"key":"10.1016\/j.cose.2026.105034_b23","series-title":"Quantum key distribution (QKD) and quantum cryptography (QC)","author":"National Security Agency","year":"2023"},{"key":"10.1016\/j.cose.2026.105034_b24","unstructured":"QuDef, , 2024. QuDef \u2013 Securing the Quantum Frontier. n.d. URL https:\/\/qudef.com\/."},{"issue":"11","key":"10.1016\/j.cose.2026.105034_b25","doi-asserted-by":"crossref","first-page":"5110","DOI":"10.1038\/s41598-021-84139-3","article-title":"An approach for security evaluation and certification of a complete quantum communication system","volume":"11","author":"Sajeed","year":"2021","journal-title":"Sci. Rep."},{"issue":"12","key":"10.1016\/j.cose.2026.105034_b26","first-page":"21","article-title":"Attack trees","volume":"24","author":"Schneier","year":"1999","journal-title":"Dr. Dobb\u2019s J."},{"key":"10.1016\/j.cose.2026.105034_b27","series-title":"Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs","author":"Singhal","year":"2011"},{"issue":"1","key":"10.1016\/j.cose.2026.105034_b28","article-title":"Recent progress in quantum key distribution network deployments and standards","volume":"2416","author":"Stanley","year":"2022","journal-title":"J. Phys.: Conf. Ser."},{"key":"10.1016\/j.cose.2026.105034_b29","unstructured":"U.S. Nuclear Regulatory Commission, 1990. Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants. Technical Report NUREG-1150, URL https:\/\/www.nrc.gov\/reading-rm\/doc-collections\/nuregs\/staff\/sr1150\/."},{"issue":"13","key":"10.1016\/j.cose.2026.105034_b30","doi-asserted-by":"crossref","first-page":"2023","DOI":"10.1080\/09500340108240904","article-title":"Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography","volume":"48","author":"Vakhitov","year":"2001","journal-title":"J. Modern Opt."},{"issue":"13","key":"10.1016\/j.cose.2026.105034_b31","doi-asserted-by":"crossref","first-page":"2023","DOI":"10.1080\/09500340108240904","article-title":"Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography","volume":"48","author":"Vakhitov","year":"2001","journal-title":"J. Modern Opt."},{"issue":"14","key":"10.1016\/j.cose.2026.105034_b32","doi-asserted-by":"crossref","DOI":"10.1103\/PhysRevLett.113.140501","article-title":"Fully device-independent quantum key distribution","volume":"113","author":"Vazirani","year":"2014","journal-title":"Phys. Rev. Lett."},{"key":"10.1016\/j.cose.2026.105034_b33","series-title":"Proc. ACM Workshop on Quality of Protection (QoP)","first-page":"49","article-title":"Toward measuring network security using attack graphs","author":"Wang","year":"2007"},{"key":"10.1016\/j.cose.2026.105034_b34","series-title":"Proc. IEEE\/IFIP International Conference on Dependable Systems and Networks","first-page":"211","article-title":"Using Bayesian networks for cyber security analysis","author":"Xie","year":"2010"},{"issue":"2","key":"10.1016\/j.cose.2026.105034_b35","doi-asserted-by":"crossref","DOI":"10.1103\/RevModPhys.92.025002","article-title":"Secure quantum key distribution with realistic devices","volume":"92","author":"Xu","year":"2020","journal-title":"Rev. Modern Phys."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002105?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002105?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:12:44Z","timestamp":1783962764000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002105"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":35,"alternative-id":["S0167404826002105"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105034","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"SQOUT: A risk-based threat analysis framework for quantum communication systems","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105034","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105034"}}