Building quantum-safe networks with Symmetric Key Distribution
Melchior Aelmans, Juniper Networks
Introducing an approach to symmetric key distribution that enables robust, scalable, and future-proofed security without reliance on asymmetric encryption, both with and without the need for QKD.
We will highlight our recent trials of QKD with L2 (MACSEC) and L3 (IPSEC) encryption, including the Juniper QuTech QKD trial and provide a technical overview of the QuTech approach to QKD.
Symmetric Key Distribution can be proved to achieve information-theoretical security, and a very high level of scalability. Other advantages include computational efficiency and potentially the limited amount of code needed to implement, reducing the surface attack.
Symmetric Key Distribution system can be used in situations where asymmetric cryptographic schemes are not suitable, for example:
- Quantum-secure communication, including government communication, national security systems and critical infrastructure, which may have security requirements that asymmetric cryptographic schemes cannot deliver. The US National Security Agency recommends the use of symmetric Pre-Shared Keys (PSKs) instead of or in addition to asymmetric public/private key pairs to provide quantum-resistant cryptography.
- Large meshed networks, where the use of IKE and PKI can become a computational bottleneck, or can require the management of a large number of certificates, which increase network complexity and reduce scalability. Such networks include large meshed SD-WAN and Border Gateway Protocol (BGP) routers, among others.
- Cross domain communication, where a single authority or service provider (like a CA) can not be fully trusted. Instead, multiple parties can establish their own infrastructure in which the trust is distributed among them.
- Constrained devices, where key establishment via asymmetric cryptographic schemes is challenging due to the high computational requirements. Examples of these networks include sensor networks.
- Cloud authentication services.
Intra-city quantum networks and Inter-city satellite QKD
Siddarth Joshi, Bristol University
Arbitrary quantum states cannot be perfectly copied. On one hand this is great news because we can use this to obtain mathematically perfect security for communications, on the other it makes overcoming loss and networking a monumental task. In this talk I will cover efforts to build scalable Quantum Local Area Networks and long distance links via satellite. I will introduce both the ongoing efforts with wavelength multiplexed entanglement distribution networks and discrete variable QKD part of the UK national quantum communication satellite – the SPOQC mission.
Characterisation of Faint-Pulse-Sources for QKD
Peter J. Schlosser, Fraunhofer UK Research Ltd.
Quantum Key Distribution (QKD) is the method of secure sharing of encryption keys between two end users by the application of quantum technology. Satellite based; free space quantum key distribution has the potential to provide the means of transmitting secure keys between end users across the globe and overcome limitations posed by fibre-optic based system designs. An important challenge in free space QKD is the availability of suitable transmitter devices with a low size, weight, power consumption and cost. In this work, we are looking at alternative light sources for the use in transmitter modules. Commercially available VCSEL devices are being investigated as directly modulated faint-pulse-sources to determine important parameters, such as spectral, polarisation, power, bandwidth and pulse-to-pulse performance, that are key for QKD applications.
An Integrated Fibre and Satellite QKD Network Optimisation
Vasileios Karavias, University of Cambridge
Quantum Key Distribution (QKD) promises information theoretic security. Limitations on fibre based QKD mean long distance QKD necessary for global Quantum Networks is currently only possible using satellites. We construct Mixed Integer Linear Program models to investigate how to best connect the core fibre network to ground stations to minimise the overall network cost. We use the models designed to investigate how different allocation strategies to ground stations changes the number of satellites needed to satisfy transmission requirements showing that appropriate allocation strategies can yield a reduction of over 40% in the number of satellites. Furthermore, we use these models to investigate securing the Data Centre traffic in 2 networks, one European and one Global. We show that optimally configuring the core sites to ground stations can reduce the cost of the network by up to 40% compared to simply connecting the core sites to their geographically nearest ground station.