Scalable QKD Network Design and Integration
with Classical Cryptography
Zhangchao MaCAS Quantum Network Co., Ltd.
Email: [email protected]
November 8, 2018ETSI / IQC Quantum Safe WorkshopBeijing, China
Two key issues for QKD to "take off"
1. How to build scalable, service-oriented and cost-efficient QKD network?
2. How to extend QKD service to various devices and applications?
CAS Quantum Network 2018 2
[C. H. Bennett & G. Brassard, BB84 protocol (1984) ]
QKD State-of-the-art: Networks
CAS Quantum Network 2018 3
2002~2007:USA
DRAPA Network[1]
2004~2008:EU
SECOQC Network [2]
2011~:Japan
Tokyo Network [3]
2013~:China
Satellite-ground integrated
wide-area network
[1] Elliott C: The DARPA quantum network, Quantum Communications and cryptography: CRC Press, 2005: 91-110.
[2] Alleaume R, et al. SECOQC white paper on quantum key distribution and cryptography[R]. 2007.
[3] Sasaki M, et al. Field test of quantum key distribution in the Tokyo QKD Network[J]. Optics express, 2011, 19(11): 10387-10409.
QKD State-of-the-art: Challenges
⚫ No available quantum repeater technique
⚫ No effective support for wireless terminal
⚫ No mature standards and certification
⚫ High device cost and low efficiency
CAS Quantum Network 2018 4
High level requirements for QKD network
CAS Quantum Network 2018 5
• Support MP-to-MP ITS Key transport
• Flexible and economic network expansion according to service growth
• Support flexible network topology for wide-area coverage
• Support efficient one-to-many QKD for access network
R1 Scalability
• Support efficient key supply and relay node routing schemes
• Provide high secret-key throughput and low latency to satisfy various application requirements
R2 Efficiency
• Fast fault detection and recovery when some nodes or links fail to ensure service continuity
R5 Robustness
• Provide developer-friendly APIs for QKD network capabilities
• Facilitate integration with various ICT protocols and applications
R4 Application-oriented
• Provide per-secret-key-flow QoS and Charging policy control and enforcement
R7 Policy control
• Strict QKD protocol security proof and certification
• Effective countermeasures against known quantum layer threats
• Support effective security enhancements for trusted relay
R3 Security
• Support multi-vendor interoperability for both QKD and network management devices
R6 Interoperability
QKD Network | Data-plane functions
CAS Quantum Network 2018 6
QKD data plane functions
• Deliver key material to APP according to requested
parameters
• Relay key material to the peer APP via one-time pad
encrypted tunnel
CAS Quantum Network 2018 7
QKD Control plane functions
• Q-AuC: Node Register and Authentication
• Q-PCRF: QoS Policy and Charging Rules control
• Q-MN: Routing and Resource
Management, e.g., load balancing
QKD Network | Control-plane functions
CAS Quantum Network 2018 8
InternetQKD-based SSL, IPSEC, …
A2
QKD Network | Network Elements and Interfaces
QKD Application layer
QKD Physical layer
QKD Network Management layer
• Offsite Backup/Business Continuity
• Enterprise Metropolitan Area Network
• Critical Infrastructure Control and Data
Acquisition
• Backbone Protection
• High Security Access Network
• Satellite Long-Haul Service
QKD-integrated security applications
CAS Quantum Network 2018 9
ETSI specified use cases(*GS QKD 002) China demonstrated series of applications
QKD-based VideoConference
QKD-based Enterprise VPN
QKD-basedBank data transfer and DC backup
Restricted to fiber or satellite-reached scenarios
QKD-based secure communication solution
CAS Quantum Network 2018 10
QKD Pros Cons
① Root key Pre-share Pre-distribute user-specific
symmetric root key
Complex
management
② Identity Authentication APP and QKD node use symmetric
root key for initial authentication
Quantum-resistance
③ Session key agreement Use QKD network to produce and
distribute session key via OTP
ITS,Quantum-resistant ,
forward security, high speed
Limited scenario,
Trusted relay
④ Encrypted comm. Use symmetric session key for
AES encrypt/decrypt
3GPP LTE architecture
Comparison with classical cryptography I
CAS Quantum Network 2018 11
Symmetric Cryptography
Asymmetric Cryptography
• Mobile network including 2G/3G/4G/5G
• Kerberos based enterprise systems
• Part of Bank systems, e.g., PBOC …
• Internet apps usually based on PKI,
including https, software update, VPN,
secure email, Blockchain, …
TLS procedure
Comparison with classical cryptography II
CAS Quantum Network 2018 12
KDC Pros Cons
① Root key
Pre-share
Pre-distribute user-specific
symmetric root key
Complex
management
② Identity
Authentication
Use symmetric root key for
authentication
Quantum-
resistance
③ Session key
agreement
Use symmetric root key to
derive session keys via KDC
Quantum-
resistance
No forward
security
④ Encrypted
comm.
Use symmetric session key
for AES encrypt/decrypt
Symmetric Cryptography
PKI Pros Cons
① Root key
Pre-share
Pre-distribute CA-specific
certificates and public keys
Easy to
Manage
② Identity
Authentication
CA issues certificate to B, A
verifies B’s certificate via CA
Not Q-safe
③ Session key
agreement
Use public key to negotiate
symmetric session keys
Not Q-safe;
Long latency
④ Encrypted
comm.
Use symmetric session key
for AES encrypt/decrypt
QKD can be
used to ensure
secure root
Key/Certificate
distribution
Asymmetric Cryptography
QKD solution extended to mobile use cases
CAS Quantum Network 2018 13
Utilizing terminal’s
secure storage
to cache secret-keys
Electricity
Enhanced QKD solution with PKI and KDC
CAS Quantum Network 2018 14
QKD enhanced with PQC and KDC Vs. KDC Vs. PKI
① Root key Pre-share Pre-distribute PQC certificates to QKD node and terminal secure storage Easy
management
② Identity
Authentication
2-1: Use PQC certificates for QKD node and terminal initial authentication
2-2: Use symmetric Q-keys for authentication in following sessions
QC-safe
③ Session key
agreement
3-1: Use QKD network to distribute temporary session keys via OTP;
then store symmetric key-pool to the terminal and KDC
3-2: Use KDC to negotiate real-time session key
Forward security QC-safe;
Fast
④ Encrypted comm. Use symmetric session keys for encrypt & decrypt via AES algorithm Vs. KDC
Summary
• The success of QKD network requires multi-disciplinary collaboration between quantum physics, cryptography, network engineering and IT development, etc.
• Based on today’s technique, QKD can basically work with well-design network architecture and the help of classical cryptography.
• QKD is still limited by quantum layer characteristics, e.g., rate, distance, cost, channel. The real long-distance, mobile, miniaturized and chip-scale QKD devices are always in pursuit.
CAS Quantum Network 2018 15
Thanks!Q&A
CAS Quantum Network 2018