TY - GEN
T1 - Key Management Systems for Large-Scale Quantum Key Distribution Networks
AU - James, Paul
AU - Laschet, Stephan
AU - Torresetti, Luca
A2 - Ramacher, Sebastian
PY - 2023/8/29
Y1 - 2023/8/29
N2 - The Key Management System (KMS) is an important component in scaling up from link-to-link key generation to large key distribution networks. In this work we provide an overview of a KMS in the context of Quantum Key Distribution Networks (QKDN) and give a thorough summary of the functionality of a KMS in such an application. Beyond classical QKDNs, we discuss Post Quantum Cryptography (PQC) hybridization techniques at the KMS level. These methods add an additional layer of security against quantum computer driven attacks. We also discuss selected topics regarding the development, deployment and operation of components for such security infrastructure. In addition, relevant standards in the realm of Quantum Key Distribution (QKD) are outlined and analyzed. As some of the necessary interfaces have not been standardized, namely the interface between two KMS instances and the interface between the KMS and the Software Defined Network (SDN) Agent, we propose APIs for these two cases. The design of the interface between the KMS and QKD modules is discussed and, considering their resource constraints, a push mode for the ETSI GS QKD 004 standard is proposed. Finally, implementation details of a prototype KMS are outlined and trade-offs are discussed.
AB - The Key Management System (KMS) is an important component in scaling up from link-to-link key generation to large key distribution networks. In this work we provide an overview of a KMS in the context of Quantum Key Distribution Networks (QKDN) and give a thorough summary of the functionality of a KMS in such an application. Beyond classical QKDNs, we discuss Post Quantum Cryptography (PQC) hybridization techniques at the KMS level. These methods add an additional layer of security against quantum computer driven attacks. We also discuss selected topics regarding the development, deployment and operation of components for such security infrastructure. In addition, relevant standards in the realm of Quantum Key Distribution (QKD) are outlined and analyzed. As some of the necessary interfaces have not been standardized, namely the interface between two KMS instances and the interface between the KMS and the Software Defined Network (SDN) Agent, we propose APIs for these two cases. The design of the interface between the KMS and QKD modules is discussed and, considering their resource constraints, a push mode for the ETSI GS QKD 004 standard is proposed. Finally, implementation details of a prototype KMS are outlined and trade-offs are discussed.
UR - https://www.mendeley.com/catalogue/2015174f-227f-3913-ad09-033d3017f854/
U2 - 10.1145/3600160.3605050
DO - 10.1145/3600160.3605050
M3 - Conference Proceedings with Oral Presentation
SN - 9798400707728
T3 - ACM International Conference Proceeding Series
SP - 1
EP - 9
BT - ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
T2 - ARES 2023: The 18th International Conference on Availability, Reliability and Security
Y2 - 29 August 2023 through 1 September 2023
ER -