Hybrid conventional and quantum security for software defined and virtualized networks

Today's networks are quickly evolving toward more dynamic and flexible infrastructures and architectures. This software-based evolution has seen its peak with the development of the software-defined networking (SDN) and network functions virtualization (NFV) paradigms. These new concepts allow operators to automate the setup of services, thus reducing costs in deploying and operating the required infrastructure. On the other hand, these novel paradigms expose new vulnerabilities, as critical information travels through the infrastructure fromcentral offices, down to remote data centers and network devices. Quantum key distribution (QKD) is a state-of-the-art technology that can be seen as a source of symmetric keys in two separated domains. It is immune to any algorithmic cryptanalysis and is thus suitable for long-term security. This technology is based on the laws of physics, which forbids us from copying the quantum states exchanged between two endpoints from which a secret key can be extracted. Thus, even though it has some limitations, a correct implementation can deliver keys of the highest security. In this paper, we propose the integration of QKDsystems with well-known protocols and methodologies to secure the network’s control plane in an SDN and NFV environment. Furthermore, we experimentally demonstrate a workflow where QKD keys are used together with classically generated keys to encrypt communications between cloud and SDN platforms for setting up a service via secure shell, while showcasing the applicability to other cryptographic protocols.

[1]  A R Dixon,et al.  Field test of quantum key distribution in the Tokyo QKD Network. , 2011, Optics express.

[2]  David Elkouss,et al.  QKD in Standard Optical Telecommunications Networks , 2009, QuantumComm.

[3]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[4]  David Elkouss,et al.  Secure optical networks based on quantum key distribution and weakly trusted repeaters , 2013, IEEE/OSA Journal of Optical Communications and Networking.

[5]  Pascal Junod,et al.  A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing , 2013, 1309.2583.

[6]  Debbie W. Leung,et al.  The Universal Composable Security of Quantum Key Distribution , 2004, TCC.

[7]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[8]  Víctor López,et al.  Techno-economic analysis of transmission technologies in low aggregation rings of metropolitan networks , 2017, 2017 Optical Fiber Communications Conference and Exhibition (OFC).

[9]  Mathilde Soucarros,et al.  Practical aspects of security certification for commercial quantum technologies , 2015, SPIE Security + Defence.

[10]  Gilles Brassard,et al.  Quantum Cryptography , 2005, Encyclopedia of Cryptography and Security.

[11]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[12]  Dominic Mayers,et al.  Unconditional security in quantum cryptography , 1998, JACM.

[13]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[14]  Seungjoon Lee,et al.  Network function virtualization: Challenges and opportunities for innovations , 2015, IEEE Communications Magazine.

[15]  John G. Rarity,et al.  Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources , 2016, Journal of Lightwave Technology.

[16]  Oscar Gonzalez de Dios,et al.  ABNO: a feasible SDN approach for multivendor IP and optical networks [Invited] , 2015, IEEE/OSA Journal of Optical Communications and Networking.

[17]  J. P. Fernandez-Palacios,et al.  ABNO: A feasible SDN approach for multi-vendor IP and optical networks , 2014, OFC 2014.

[18]  Wei Yang,et al.  A survey on security in network functions virtualization , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[19]  Christoph Pacher,et al.  The SECOQC quantum key distribution network in Vienna , 2009, 2009 35th European Conference on Optical Communication.

[20]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).