Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

Growing traffic demands and increasing security awareness are driving the need for secure services. Current solutions require manual configuration and deployment based on the customer's requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer - IP, Ethernet, and optical - network while choosing the appropriate encryption layer using an open-source software-defined networking (SDN) orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM varies between technologies, it needs to be taken into account in the decision-making process.Comment: Parts of the presented work has received funding from the European Commission within the H2020 Research and Innovation Programme, under grant agreeement n.645127, project ACIN

Synchronization of spatiotemporal semiconductor lasers and its application in color image encryption

Optical chaos is a topic of current research characterized by high-dimensional nonlinearity which is attributed to the delay-induced dynamics, high bandwidth and easy modular implementation of optical feedback. In light of these facts, which adds enough confusion and diffusion properties for secure communications, we explore the synchronization phenomena in spatiotemporal semiconductor laser systems. The novel system is used in a two-phase colored image encryption process. The high-dimensional chaotic attractor generated by the system produces a completely randomized chaotic time series, which is ideal in the secure encoding of messages. The scheme thus illustrated is a two-phase encryption method, which provides sufficiently high confusion and diffusion properties of chaotic cryptosystem employed with unique data sets of processed chaotic sequences. In this novel method of cryptography, the chaotic phase masks are represented as images using the chaotic sequences as the elements of the image. The scheme drastically permutes the positions of the picture elements. The next additional layer of security further alters the statistical information of the original image to a great extent along the three-color planes. The intermediate results during encryption demonstrate the infeasibility for an unauthorized user to decipher the cipher image. Exhaustive statistical tests conducted validate that the scheme is robust against noise and resistant to common attacks due to the double shield of encryption and the infinite dimensionality of the relevant system of partial differential equations.Comment: 20 pages, 11 figures; Article in press, Optics Communications (2011

Field test of a practical secure communication network with decoy-state quantum cryptography

We present a secure network communication system that operated with decoy-state quantum cryptography in a real-world application scenario. The full key exchange and application protocols were performed in real time among three nodes, in which two adjacent nodes were connected by approximate 20 km of commercial telecom optical fiber. The generated quantum keys were immediately employed and demonstrated for communication applications, including unbreakable real-time voice telephone between any two of the three communication nodes, or a broadcast from one node to the other two nodes by using one-time pad encryption.Comment: 10 pages, 2 figures, 2 tables, typos correcte

Roadmap on optical security

Postprint (author's final draft

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8