Abstract
Quantum key distribution (QKD) is a physical technology that enables the secure generation of bit streams (keys) in two separated locations. This technology is designed to provide a solution for very secure (quantum-safe) key agreement, which is nowadays at risk due to advances in quantum computing. The recent demonstration of a QKD network in the metropolitan area of Madrid shows how these networks can be deployed in current production infrastructure by following existing networking paradigms, such as software-defined networking. In particular, a three-node QKD network is implemented on the metropolitan area network using existing infrastructure and coexisting with other data and control services. On the other hand, telecommunication networks are drastically changing the way services are architectured. Users of the operator’s infrastructure are moving from traditional connectivity services (e.g., virtual private networks) to a set of interconnected network functions, either physical or virtual, in the shape of service function chaining (SFC). However, SFC users do not have a method to validate that the traffic flow is appropriately forwarded across the nodes in the network, a situation that may lead to very critical security breaches (e.g., a security node or a firewall in the chain that is bypassed). This work presents a method for validating ordered proof-of-transit (OPoT) on top of the Madrid Quantum Network. We first provide a general description of the QKD network deployed in Madrid. Then, we describe an existing security protocol for PoT in packet networks, analyzing its issues and vulnerabilities. Finally, this work presents a protocol for alleviating the security breach found in this work and for providing OPoT in SFC. Finally, an example of the real implementation is shown, where nodes being part of the OPoT scheme are provisioned with QKD-derived keys.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.