Towards quantum‐secure software defined networks

Abstract

AbstractThe evolution of quantum computers is considered a serious threat to public‐key cryptosystems (e.g. RSA, ECDSA, ECDH, etc.). This is indeed a big concern for security of the Internet and other data communication and storage systems. The reason is that public‐key schemes are the basis in the generation of shared symmetric keys that are used to perform data encryption/decryption in communication and data transfer protocols. One possible approach to address this issue is to use Quantum Key Distribution (QKD) (instead of public‐key schemes) for the ultra‐secure generation of symmetric keys. QKD is a physical layer technology that allows two parties (equipped with optical communication interfaces) to generate secure random keys over a quantum channel that is immune to eavesdropping threats. The keys are then used by symmetric encryption schemes (e.g. AES) to encrypt data over classical channels. This allows us to have data encryption/decryption without needing a public‐key scheme. However, due to its inherent characteristics, the implementation of QKD has mostly been considered in particular contexts only (e.g. backhaul networks, point‐to‐point connections, optical networks, etc.). This indeed limits the utility of QKD technology to only some particular applications while it has the potential to be used in a wide range of used cases. Motivated by this (increasing the usability of QKD technology), in this study, the authors propose a model that enables SDN‐based networks to utilise QKD technology and provide QKD security service (i.e., random key generation service) to network applications and security protocols in a practical and efficient way. In the proposed approach, secret keys are generated based on the distribution of quantum entanglement between QKD nodes deployed in the network. The significant characteristic of our proposed model is that it does not rely on quantum repeaters to operate. This also improves the efficiency of the employed QKD mechanisms in terms of the key generation rate.