Toward quantum-safe scalable networks: an open, standards-aware key management framework

With the advent of quantum computing, the increasing threats to security poses a great challenge to communication networks. Recent innovations in this field resulted in promising technologies such as Quantum Key Distribution (QKD), which enables the generation of unconditionally secure keys, establishing secure communications between remote nodes. Additionally, QKD networks enable the interconnection of multinode architectures, extending the point-to-point nature of QKD. However, due to the limitations of the current state of technology, the scalability of QKD networks remains a challenge toward feasible implementations. When it comes to long-distance implementations, trusted relay nodes partially solve the distance issue through the forwarding of the distributed keys, allowing applications that do not have a direct QKD link to securely share key material. Even though the relay procedure itself has been extensively studied, the establishment of the relaying node path still lacks a solution. This paper proposes an innovative network architecture that solves the challenges of Key Management System (KMS) identification, relay path discovery, and scalability of QKD networks by integrating Software-Defined Networking (SDN) principles, and establishing high-level virtual KMSs (vKMS) in each node and creating a new entity called the Quantum Security Controller (QuSeC). The vKMS serves the end-user key requests, managing the multiple KMSs within the node and abstracting the user from discovering the correct KMS. Additionally, based on the high-level view of the network topology and status, the QuSeC serves the path discovery requests from vKMSs, computing the end-to-end (E2E) relay path and applying security policies. The paper also provides a security analysis of the proposal, identifying the security levels of the architecture and analyzing the core networking security properties.