The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Presented by: Dr. Piotr (Peter) Tysowski E-mail: p.tysowski@uwaterloo.ca

September 15, 2017 ETSI / IQC Quantum Safe Workshop London, England

2

We have been researching how to practically enable quantum-safe and scalable communication in a real-world context

Project Background

• Overall goal is to show the feasibility of integrating Quantum Key Distribution (QKD) technology with a classical enterprise-level communication network

• Engaged multidisciplinary team of researchers at IQC since 2016

In collaboration with:

Dr. Piotr (Peter) Tysowski Dr. Xinhua (Frank) Ling Prof. Norbert Lütkenhaus Prof. Michele Mosca

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Design Project Team

National Research Council Canada

There is a real need for a quantum-safe multi-site secure communications network for use by industry and government

3

Requirements of a Secure Multi-Site Communications Network

• A metropolitan network requires highly scalability and reliability:

• Must permit quantum-safe communication between arbitrary users of any connected sites

• A metropolitan network may consist of dozens of sites, with each containing thousands of hosts

• Sites may not be fully connected

Multi-Site Network

Sites

Fibre-Optic Links

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

QKD is effective at countering the threat of quantum computers, but QKD in itself is only a point-to-point technology

4

Basic Principles of QKD

• Establishes information-theoretically secure keys based on laws of quantum physics

• Resistant to attack even by quantum computers

• Key generation rate dependent on length of channel

Alice BobQuantum Channel

Authenticated Classical Channel

QKD Transmitter QKD Receiver

QKD Setup

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Dedicatedfibre

channelSwitch

Multiplexer

Hosts

Pairwise Site Communication

• High user populations • Heterogeneous hosts • Constantly-changing demand • Multiplexed fibre channel

Integrate into Pairwise Sites

We have designed a system for enterprise-level sites to securely communicate in a large metropolitan network

5

Network Model

• Multiple communicating sites comprise a metropolitan network

• Key generation occurs using QKD technology over quantum channels connecting pairs of sites

• A scalable Key Management Service (KMS) issues session keys from generated quantum key material to communicating hosts

• Hosts can securely communicate over a conventional network using TCP/IP channels

Multi-Site Network

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Quantum network

Classical network

6

relies onrelies on

supp

orts

supp

orts

QKD Link Layer(QLL)

QKD Network Layer (QNL)

Key Mgmt. ServiceLayer(KMS)

Host Layer*

We have designed a scalable enterprise-level QKD-based system that enables secure multi-site communication

Key Contributions from Our Work

• System design that is compatible with various QKD technologies

• Scalable service to support enterprise-level secure traffic

• Full protocol stack in layered architectural style with well-defined interfaces across layers

• Technology-independent design • Compatible with standards

(including TLS, Kerberos, KMIP) • Quantum key generation system

that dynamically adapts to changes in demand and infrastructure

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Full Protocol Stack

The Service Layer contains a KMS (Key Management Service) that issues quantum-generated keys to hosts on request

7

KMS Functions and Interfaces

Host Interface

QKD Network Layer Interface

Key Management

Quantum Key Pool

Policy Engine

Session Key Construction Key Database Policy

Database

KMS Peer Interface

Key Status Policy InjectionSession Key Assignment

Key Request Error Handling

Remote Pool Sync.

Policy Enforcement

Remote KMS Coordination

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

SiteA SiteB

HostinApplication

Layer

HostinApplication

Layer

QKDNetworkLayer

• Session request• Keyhint• Secureuserdata

• Setupofpools• Synchronization

QKDNetworkLayer

KMS

QuantumKeyPool

KMS

QuantumKeyPool

Detailed view

• Quantum-generatedkeymaterial

• Session keyissuance

Alice Bob

The KMS issues session keys from the key pool. As dictated by the policy, it makes an appropriate

response when it is nearly exhausted.

The KMS issues keys to hosts using a generic protocol or one that is fully integrated with TLS or Kerberos

8

Site AAlice KMS Policy

EngineSite BPolicy

Engine KMS Bob

Local Session Key Request Check Policy

Policy ConstraintsLocal Session Key Grant

Remote Session Key Negotiation (Host-to-Host)

Remote Session Key RequestCheck Policy

Policy Constraints Remote Session Key Grant

Remote Session Key Confirmation

Encrypted Communication using Session Key

1

2

3

4

5

6

7 7

Alice obtains the quantum key from pool

Key Negotiation

Protocol

Bob obtains the quantum key from pool

Alice sends key selection info to Bob

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

The QNL (QKD Network Layer) provides quantum key material to the KMS based on optimized key generation in the network

9

QKD Network Layer Functions

Extends QKD from point-to-point links to a network • Generates quantum key material for every pair of nodes • Routes and relays key material via trusted nodes • Responds to demand dynamics with scheduling

InterfacetoKMS

KeyGenMsgFunction

QKDRoutingFunction

SchedulingFunction

InterfacetoQKDLinkLayer

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

QKD

QKD QKD

QKD

QKD

A

B C

D

E

CAB

CBC

CCD

CDECAE

Link Capacities

Trusted Sites (Nodes) Network Flow Optimization

• Based on pairwise key needs, allocates key generation workloads in the system to best utilize available capacity and constrain costs

• Routes along multiple paths of trusted nodes if needed

Encrypted pairwise keys

The QLL (QKD Link Layer) produces raw quantum key bits over each link by executing a QKD key generation protocol

10

Main QKD Link Layer Functions

Establish quantum key material between connected node pairs and provide it to the QNL: • Expose switching/addressing functionality to the QNL • Utilize existing infrastructure and shared resources

(multiplexing QKD and classical traffic, optical switching)

Multiple Useful QKD Link Technologies

A plethora of protocols and platforms: • Different complexities, key rates, robustness • Metropolitan distances over fibre, free-space links • Long distances over quantum repeaters, satellites

Fibre-link QKD Free-space QKD (ground, aircraft, satellite)

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Interface

11

QKD augments the conventional QRA (Quantum Resistant Algorithms) ecosystem to provide robust security for users

QKD

QRACombined (QKD+QRA)session key

2

1

A Possible Key Construction Strategy in the KMS

• Theoretically most secure but requires special hardware and has limited key rate over long distance

• Not suitable as one-time pad in enterprise setting, but can contribute to creation of session keys

QKD (Quantum Key Distribution)

• Produces keys inexpensively with new algorithms, requires no new infrastructure, works with public keys

• Active research area and long road ahead to build confidence in primitives and implementations

QRA (Quantum Resistant Algorithms)

QRA authenticates the QKD channel viaPKI (Public Key Infrastructure)

QRA generates a session key, and QKD generates another

The QRA and QKD keys are combined; the attacker needs to break both

2

21

Key generation

Key generation

Authentication

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

We have demonstrated host-to-host secure communication using QKD over a multiplexed (shared) fibre-optic link

12

Overview of Demonstration

• ID Quantique (IDQ) Clavis 3 QKD devices • QKD @1310nm multiplexed with classical @1550 nm over 13 km fibre optic lines • Classical traffic produced/managed by enterprise-scale Cisco15454 equipment • QKD generated keys were used to secure a TLS session

Alice Bob

Fibre spools

Clavis 3 QKD devices

Cisco 15454

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

Dr. Brendon Higgins, Dr. Jean-Philippe Bourgoin, Shravan Mishra, Prof. Thomas Jennewein Demo Project Team

We have identified lessons and success factors for designing and implementing a QKD-based system in the future

13

Myriad of still-evolving technologies

Challenges Lessons Learned

• Generic technology-agnostic framework • Run the system as services with plug-and-play layers

Limited key generation rate • Security levels dictate key consumption • Dynamic key pool sizing to satisfy peak demand

Communication across entire network • Intermediate nodes assist with key generation • Real-time network monitoring and intelligence

Constantly-changing demand for keys • Real-time monitoring of host demand • Continuous and on-demand key generation

Switching cost to QKD technology• Integrate with existing security protocols and standards • Share resources with existing infrastructure

The Engineering of a Scalable Multi-Site Communications System Utilizing QKD

1

2

3

4

5