Quantum Cryptography in Practice

BBN, Harvard, and Boston University are building the DARPA Quantum Network, the world's first network that delivers end-to-end network security via high-speed Quantum Key Distribution, and testing that Network against sophisticated eavesdropping attacks. The first network link has been up and steadily operational in our laboratory since December 2002. It provides a Virtual Private Network between private enclaves, with user traffic protected by a weak-coherent implementation of quantum cryptography. This prototype is suitable for deployment in metro-size areas via standard telecom (dark) fiber. In this paper, we introduce quantum cryptography, discuss its relation to modern secure networks, and describe its unusual physical layer, its specialized quantum cryptographic protocol suite (quite interesting in its own right), and our extensions to IPsec to integrate it with quantum cryptography.Comment: Preprint of SIGCOMM 2003 pape

Field-Trial of Machine Learning-Assisted Quantum Key Distribution (QKD) Networking with SDN

We demonstrated, for the first time, a machine-learning method to assist the coexistence between quantum and classical communication channels. Software-defined networking was used to successfully enable the key generation and transmission over a city and campus network

Experimental Demonstration of DDoS Mitigation over a Quantum Key Distribution (QKD) Network Using Software Defined Networking (SDN)

We experimentally demonstrate, for the first time, DDoS mitigation of QKD-based networks utilizing a software defined network application. Successful quantum-secured link allocation is achieved after a DDoS attack based on real-time monitoring of quantum parametersComment: Accepted for presentation in OFC 2018 Conference. M2A.

Quantum networks in the UK

We describe recent progress in quantum secured optical networks in the UK. The Cambridge Quantum Network has been operating for several years with 3 nodes separated by between 5-10 km of installed fibre. All links are secured by QKD systems operating with secure key rates in excess of 1 Mb/s, the highest recorded long term key rates in a deployed network. The network operates in the presence of 100Gb/s classical traffic with no significant reduction of secure key generation rate. In addition, the Bristol Quantum Network has four nodes 1-3km apart connected in a mesh protected by two pairs of QKD systems. The network is designed to be very dynamic, switching both QKD and WDM classical traffic to enable rapid reconfiguration and is used as a testbed for QKD protected dynamic applications. The two metropolitan networks are being connected by a 410 km QKD link, with 4 spans, the longest of which operates over 129km of fibre with an attenuation of 28dB achieving secure key rates of 2.7kb/s, the longest and highest loss QKD field trial to date. A 120km extension of the UK quantum network from Cambridge to BT Labs, Adastral Park operates with fully commercially available components and is an important testbed comprising 3 intermediate nodes and operates with 5 x 100Gb/s classical channels. This helps determine how to proceed with a large-scale commercial deployment of QKD

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

Quantum key distribution (QKD) is a state-of-the-art method of generating cryptographic keys by exchanging single photons. Measurements on the photons are constrained by the laws of quantum mechanics, and it is from this that the keys derive their security. Current public key encryption relies on mathematical problems that cannot be solved efficiently using present-day technologies; however, it is vulnerable to computational advances. In contrast QKD generates truly random keys secured against computational advances and more general attacks when implemented properly. On the other hand, networks are moving towards a process of softwarization with the main objective to reduce cost in both, the deployment and in the network maintenance. This process replaces traditional network functionalities (or even full network instances) typically performed in network devices to be located as software distributed across commodity data centers. Within this context, network function virtualization (NFV) is a new concept in which operations of current proprietary hardware appliances are decoupled and run as software instances. However, the security of NFV still needs to be addressed prior to deployment in the real world. In particular, virtual network function (VNF) distribution across data centers is a risk for network operators, as an eavesdropper could compromise not just virtualized services, but the whole infrastructure. We demonstrate, for the first time, a secure architectural solution for VNF distribution, combining NFV orchestration and QKD technology by scheduling an optical network using SDN. A time-shared approach is designed and presented as a cost-effective solution for practical deployment, showing the performance of different quantum links in a distributed environment

Quantum Key Distribution (QKD) over Software-Defined Optical Networks

Optical network security is attracting increasing research interest. Currently, software-defined optical network (SDON) has been proposed to increase network intelligence (e.g., flexibility and programmability) which is gradually moving toward industrialization. However, a variety of new threats are emerging in SDONs. Data encryption is an effective way to secure communications in SDONs. However, classical key distribution methods based on the mathematical complexity will suffer from increasing computational power and attack algorithms in the near future. Noticeably, quantum key distribution (QKD) is now being considered as a secure mechanism to provision information-theoretically secure secret keys for data encryption, which is a potential technique to protect communications from security attacks in SDONs. This chapter introduces the basic principles and enabling technologies of QKD. Based on the QKD enabling technologies, an architecture of QKD over SDONs is presented. Resource allocation problem is elaborated in detail and is classified into wavelength allocation, time-slot allocation, and secret key allocation problems in QKD over SDONs. Some open issues and challenges such as survivability, cost optimization, and key on demand (KoD) for QKD over SDONs are discussed