Home
Resources
News
Secure connectivity
Towards a better approach for ...
Towards a better approach for Quantum-Key-Distribution (QKD) Networks key management
Powerful Quantum Computers represent a risk to traditional security. They have the potential to break the currently usedcryptography. Despite the fact that quantum computers with such a capacity are foreseen to arrive in the next 10 years,valuable data can already be exposed.
The secure communications can be recorded now and decrypted with a quantumcomputer in the future. Quantum-key-Distribution (QKD) can be used to securely exchange cryptographic keys amongdifferent communication parties by using QKD nodes (also known as “trusted nodes”).
Usually, trusted nodes integrateQKD modules and a distributed key manager, which demands the meeting of strong security requirements.
Different architectural choices of the quantum network might relax the security requirements of the trusted nodes.
In this article we discuss our findings on the role of a centralized key manager and the effect on the relaxation of the security restrictions ofthe trusted nodes so as to better and more efficiently use the QKD technology.
The EuroQCI (European Quantum Communication Infrastructure) initiative
EuroQCI is a European initiative towards the implementation of an ultra-secure communication infrastructure, resistant to classical and quantum attacks, which is based on quantum technologies for the protection of European assets including its overseas territories.
EuroQCI is deployed through terrestrial and space connectivity. The first service of the EuroQCI is theQuantum Key Distribution (QKD), being able to perform the secure key exchange among communication parties.
These keys can be used by users to perform different security functionalities. In the future, the EuroQCI could be updated tosupport the future quantum Internet.
By using quantum channels, the information encoded as quantum states can be exchanged. An attacker cannot clone noreavesdrop the channel without being noticed.
Philippe Barbier
Head of Systems & Satcom Services Programs AIRBUS Defence and Space.
This is especially attractive for users that require key exchange with a high security level.
The European Commission selected in 2021 the consortium OQTAVO, led by Airbus and composed by eight partners todesign the end-to-end EuroQCI architecture. It included Airbus Defence and Space, Airbus Cyber, Leonardo, Orange, PwCFrance and Maghreb, Telespazio (a Leonardo and Thales joint venture), the Consiglio Nazionale delle Ricerche (CNR) andthe Istituto Nazionale di Ricerca Metrologica (INRiM). Results were successfully delivered to the European Commission onJuly 2022.
In January 2023, 26 National Quantum Communication Infrastructures (NatQCIs) across 26 EU Member States started to beplanned and deployed. It is expected that in 2027 the EuroQCI can be demonstrated.
From Quantum links to Quantum Networks
QKD is one of the building blocks of the overall information security infrastructure. The QKD is used to generate anddistribute cryptographic keys. In contrast with traditional approaches, the security does not rely on the hardness ofmathematical problems, but on the properties of physics. To exchange a key, transmitter (Alice) and receiver (Bob) QKDmodules are connected by a quantum link composed by:
- Quantum channel, that transmits quantum information encoded as photons through a direct optical fi ber or free-space link;and
- Public channel, for further supporting and post-processing of the exchanged information.
These modules are able to establish the same secret key at both sides (KA, KB). In order to establish these quantum-securekeys, QKD nodes that host QKD receiver/transmitter modules are used. As there are not yet quantum memories, thequantum information at the receiver is measured and stored in a classical buffer at each QKD node. At this state, the quantum advantage disappears and information is prone to be copied, thus QKD nodes need to be secure. These nodes areusually called trusted nodes and should be encapsulated into a secure boundary so as to prevent any tampering.
Figure 1. Two QKD modules
The key sets established at Alice and Bob (KA, KB) are identical Quantum networks integrate a set of trusted nodes to widely distribute QKD keys to end users, which are in the capacity toemploy the keys to implement different security functionalities. The functional structure of the quantum network is based ona layered approach to ease its programmability, the flexibility and the virtualization capabilities as defined in different standards.
Four layers can be identified:
- Control Layer, defining the routes of the quantum material between the end-users;
- Management Layer, monitoring and controlling the health and security and capacity of the system;
- Key Management layer, implementing functionalities required to support the key lifecycle. It includes relaying the keysacross the network, and supplying the keys to cryptographic applications.
- Quantum and optical layer, including the quantum and optical devices required for establishing the optical and quantum links.
Usually each trusted node integrates different QKD modules (transmitter/receiver) and a key manager (KM) [REF Fig2] to implement the functionalities of the key management layer. It includes synchronization and re-formatting of agreed bitstrings and key storage in the trusted node. In a quantum network, each KM relays key material through a KM link in anencrypted way (e.g., One-Time-Pad). Once the keys are used, they are discarded. Note that a distributed KM forces the transmission of sensitive information through the different trusted nodes. The neighbor trusted node has part of the secretand can infer the value of the previous keys.
As a consequence, strong security boundaries should be put in place and theuser should fully trust the infrastructure or complex key derivation functions to strongly encrypt the KM link should be usedand the complexity of the network is increased.
Figure 2. Each QKD node integrates a QKD module and the key manager (KM) which relays keys in an encrypted mannerto the next QKD node
A fully distributed KM approach imposes strong security requirements at each trusted node. The capture of a trusted nodemight leak critical information. Thus, the cost of the infrastructure to secure these nodes can be high.
Innovation
OQTAVO-EuroQCI explored different quantum network architectural solutions. Among the different alternatives, our innovative centralized Key management for QKD
shows attractive security properties. In this approach, the quantum-secure material generated by the QKD nodes is used to create secure masks (e.g., C1x [REF Fig3]). That is, during thecreation of the masks, they were not copied and not eavesdropped. These masks are used to transport a secret key (S)generated at Alice’ side in a quantum-secure way. The masks generated in the different trusted nodes are collected by thecentralized Key Manager (note that this is a logically centralized element and can be implemented in different ways) toencrypt the secret key (s). An XOR is used (i.e., OTP) but any other cryptographic transformation can be employed (e.g.,AES, Post-quantum Cryptographic primitives). If a trusted node is compromised by an attacker and a mask is captured, thesecret (s) will not be retrieved neither by Bob nor the attacker. As no sensitive information is being exchanged through thetrusted nodes (i.e., the secret s), the security requirements of the trusted node can be relaxed. The key manager shouldremain secure. Nevertheless, different techniques to ensure the security of the key management to the highest level ofsecurity are already known and used in the real world.
This centralized key relay approach strongly protects the key material, since only trusted nodes located at the user side (UserNodes Alice and Bob) have access to the key material in the clear. Also note that different key derivation functions that canbe used to generate more elaborate masks can be used, providing different security properties to the transported secret key.
Figure 3. Use of a centralized Key management scheme for QKD
This is a logical view. The user key material (s), securely generated in the Node A, is XOR-ed with KA,x, and sent to theXOR collectors in the Key Manager. Note that different key derivation functions can be used for secure Cx. As shown, onlythe Node B can recover the secret key (s). The Key Manager allows to precompute the data necessary to relay the key usinga certain route. In this way the key relay can be even more efficient.
In contrast with the fully distributed approach, our proposal allows the relaxation of the security requirements on the trustednodes. When a QKD node is compromised, the information gained by an attacker is not enough to retrieve the secret (sincethis information is only used for masking purposes). The key management layer, implemented with traditional technology, can be secured using different widely known techniques.
We believe that quantum communication is a key building block for the quantum-secure era.
The QKD and post-quantum cryptography are relevant security primitives that exhibit different properties and that are expected to work together toensure the wide quantum-resistant protection. We think that using a logically centralized Key Manager will ease the secure adoption of the QKD technology for different applications and will ease the certification processes. The complete technical description of this approach will be soon published in a scientific article.
