Abstract

Quantum key distribution (QKD) is a physical technology that enables the secure generation of bit streams (keys) in two separated locations. This technology is designed to provide a solution for very secure (quantum-safe) key agreement, which is nowadays at risk due to advances in quantum computing. The recent demonstration of a QKD network in the metropolitan area of Madrid shows how these networks can be deployed in current production infrastructure by following existing networking paradigms, such as software-defined networking. In particular, a three-node QKD network is implemented on the metropolitan area network using existing infrastructure and coexisting with other data and control services. On the other hand, telecommunication networks are drastically changing the way services are architectured. Users of the operator’s infrastructure are moving from traditional connectivity services (e.g., virtual private networks) to a set of interconnected network functions, either physical or virtual, in the shape of service function chaining (SFC). However, SFC users do not have a method to validate that the traffic flow is appropriately forwarded across the nodes in the network, a situation that may lead to very critical security breaches (e.g., a security node or a firewall in the chain that is bypassed). This work presents a method for validating ordered proof-of-transit (OPoT) on top of the Madrid Quantum Network. We first provide a general description of the QKD network deployed in Madrid. Then, we describe an existing security protocol for PoT in packet networks, analyzing its issues and vulnerabilities. Finally, this work presents a protocol for alleviating the security breach found in this work and for providing OPoT in SFC. Finally, an example of the real implementation is shown, where nodes being part of the OPoT scheme are provisioned with QKD-derived keys.

© 2020 Optical Society of America

Full Article  |  PDF Article
OSA Recommended Articles
Virtual Network Function Deployment and Service Automation to Provide End-to-End Quantum Encryption

Alejandro Aguado, Victor Lopez, Jesus Martinez-Mateo, Momtchil Peev, Diego Lopez, and Vicente Martin
J. Opt. Commun. Netw. 10(4) 421-430 (2018)

Cost-Efficient Quantum Key Distribution (QKD) Over WDM Networks

Yuan Cao, Yongli Zhao, Jianquan Wang, Xiaosong Yu, Zhangchao Ma, and Jie Zhang
J. Opt. Commun. Netw. 11(6) 285-298 (2019)

Hybrid Conventional and Quantum Security for Software Defined and Virtualized Networks

Alejandro Aguado, Victor Lopez, Jesus Martinez-Mateo, Thomas Szyrkowiec, Achim Autenrieth, Momtchil Peev, Diego Lopez, and Vicente Martin
J. Opt. Commun. Netw. 9(10) 819-825 (2017)

References

You do not have subscription access to this journal. Citation lists with outbound citation links are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Cited By

You do not have subscription access to this journal. Cited by links are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Figures (11)

You do not have subscription access to this journal. Figure files are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Equations (19)

You do not have subscription access to this journal. Equations are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription