Portal de Periódicos da CAPES

Virtual Network Function Deployment and Service Automation to Provide End-to-End Quantum Encryption

2018; Volume: 10; Issue: 4 Linguagem: Inglês

10.1364/jocn.10.000421

1943-0639

Alejandro Aguado, Vı́ctor López, Jesús Martínez-Mateo, Momtchil Peev, Diego López, Vicente Martín,

Software-Defined Networks and 5G

The nature of network services has drastically changed in recent years. New demands require new capabilities, forcing the infrastructure to dynamically adapt to new scenarios. Novel network paradigms, such as software-defined networking (SDN) and network functions virtualization, have appeared to provide flexibility for network management and services. The reliance on software and commoditized hardware of these new paradigms introduces new security threats and, consequently, one of the most desired capabilities is a strengthened security layer when connecting remote premises. On the other hand, traditional cryptographic protocols are based on computational complexity assumptions. They rely on certain mathematical problems (e.g., integer factorization, discrete logarithms, or elliptic curves) that cannot be efficiently solved using conventional computing. This general assumption is being revisited because of quantum computing. The creation of a quantum computer would put these protocols at risk and force a general overhaul of network security. Quantum key distribution (QKD) is a novel technique for providing synchronized sources of symmetric keys between two separated domains. Its security is based on the fundamental laws of quantum physics, which makes it impossible to copy the quantum states exchanged between both endpoints. Therefore, if implemented properly, QKD generates highly secure keys, immune to any algorithmic cryptanalysis. This work proposes a node design to provide QKD-enhanced security in end-to-end services and analyze the control plane requirements for service provisioning in transport networks. We define and demonstrate the necessary workflows and protocol extensions in different SDN scenarios, integrating the proposed solution into a virtual router providing QKD-enhanced IPsec sessions.