Abstract: In theory, quantum key distribution (QKD) offers information-theoretic security. In practice, however, it does not, due to the discrepancies between the assumptions used in the security proofs and the behaviour of the real apparatuses. Recent years have witnessed a tremendous effort to fill the gap, being the treatment of correlations among pulses a major elusive problem. Here, we close this gap by introducing a simple yet general method to prove the security of QKD with arbitrarily long range pulse correlations. Our method is compatible with those security proofs that accommodate all the other typical device imperfections, thus paving the way towards achieving implementation security in QKD with arbitrary flawed devices. Moreover, we introduce a new framework for security proofs, which we call the reference technique. This framework includes existing security proofs as special cases and it can be widely applied to a number of QKD protocols.