1. Introduction

Data transmission in optical networks supports various types of network services, among which several are requiring a highly-secured communication substrate, such as online banking/trading, personal privacy, military applications, etc [1]. However, conventional encryption technologies used in optical communications are potentially challenged by emerging computing methods that might soon become capable to crack keys based on complex mathematical calculation (e.g., important results toward quantum supremacy have been recently announced by Google [2]). To guarantee secure transmission of sensitive data, quantum cryptography (QC) is emerging as an attractive technology that can generate truly random and secure keys. The security of quantum keys derives from the fundamental laws of quantum mechanics like the “no-cloning theorem” and “Heisenberg’s uncertainty principle” [3]. This kind of secret-key provisioning is being introduced in optical networks to provide probabilistically-secure communication. To enable QC over optical networks, quantum key distribution (QKD) is regarded as a common way to share secret keys between each pair of end-points of a communication. Also, optical networks can provide optic fibers as transmission carriers to distribute quantum keys. By leveraging dedicated or multiplexed optical fibers, a QKDN generates and delivers secret keys (i.e., performs “secret-key provisioning (SKP)”) for adjacent, as well as non-adjacent, nodes. With the development of practical development QKD, QKDNs have gradually become a promising and feasible solution.

“Last-mile” secure connection has also been considered in QKDN, and it is referred as Quantum Access Network (QAN), to provide secret-key access to final users. The idea of QAN has attracted a lot of attention (see, e.g., [4,5]), and demonstrated to be capable of guaranteeing security of “last-mile” communication through secure key distribution among a central node (e.g., the network operator’s central office) and several end users. Still, QAN design poses several challenges, spanning from theoretical modeling, to resource allocation algorithms, to testbed experimentation. In the past decades, QANs have been prototyped with different device deployments and channel settings. In [6], the concept of using QC was proposed for the first time to provide secure communication in optical access networks. Since then, various demonstrations of QS-PONs have been experimented and simulated with different QKD configurations (i.e., multiple QKD receivers (Qrec) shared with one QKD transmitter (Qtra) [7–9], multiple Qtras shared with one Qrec [10–12], and multiple Qtras shared with multiple Qrecs [5]). Also, QKD in QAN can be achieved by using wavelength division multiplexing (WDM) [4,13] and time division multiplexing (TDM) [14,15], to share fiber wavelength with classical data channels. These proposals demonstrate QAN physical feasibility, but the problem of how to dynamically allocate QKD wavelengths to generate secure keys for final users has not yet been investigated.

In this paper, we focus on a specific embodiment of QAN, which is Quantum Secured Passive Optical Networks (QS-PONs). In QS-PON, secured data transmission occurs on the standard wavelength channels of a PON, as e.g., in Ref. [16] (note we refer in the following to wavelengths used to transmit secured data as data channels), while SKP is performed over a separate set of wavelengths referred as QKD channels (see Section 2.A for more details). Two basic problems are addressed: i) how to effectively design a QS-PON architecture to arrange secret-key distribution for final users, and ii) how to dynamically allocate QS-PON resources to multiple users based on their requests. For the first one, as QKD transceivers are very expensive, we consider sharing of a single centralized Qrec among several Qtras using time division multiplexing, as proposed in [6]. Then, secret-key distribution can be implemented in a way similar to the scheduling of user requests between the ONUs and the OLT. For the second one, we employ Dynamic Bandwidth Assignment (DBA) to improve the bandwidth utilization (as done in traditional PONs (non-QS)). In this regard, a similar DBA scheme for effective secret-key provisioning must be developed in QS-PON, considering the combination of different constraints driven by QKD like unidirectional secret-key generation assigned for bidirectional data encryption. Hence, even though existing protocols for traditional PONs such as interleaved polling algorithm (IPACT) [17–19] could still be applied to manage time-slot allocation for the QKD, in such existing approaches the generated secret keys will then need to be arranged for non-adjacent nodes by the cache devices like quantum key pool (QKP) [20–22]. To generate and assign secret keys for multiple users, we propose in this paper a dynamic secret-key provisioning (DSKP) algorithm in QS-PON to allocate time slots.

Our proposed DSKP algorithm can effectively generate and assign secret keys according to users’ demands. DKSP devises time-slot allocations to support two separate processes, namely secret key generation (SKG) and secret key consumption (SKC). The algorithm aims at improving the successful provisioning of keys to users (effectively scheduling the SKG and SKC processes). To jointly address these two processes, our proposed DSKP algorithm features two phases, the lowest-first secret-key generation (LF-SKG) phase, and hierarchical-clustering secret-key assignment (HC-SKC) phase. After having presented the DKSP algorithm, in this study we provide also an analytical model that describes how secret keys are generated and consumed in QKPs over time. The model is useful to gain some generic insights on the behavior of QKP occupation and on its impact of the SKP process results obtained. Finally, in our illustrative numerical evaluation, we simulatively compare our algorithm to a baseline IPACT-based solution for SKP in terms of service-rejection ratio (SR) and guard-time saving (GTS) among other metrics. Results show that DSKP reduces SR and GTS of about 16% and 39.54%, respectively, compared to a baseline IPACT-based approach.

The remainder of this paper is organized as follows. Section 2 discusses our proposed QS-PON architecture. In Section 3, we clarify the time-slot allocation problem for QKD and we introduce network and requests models. In Section 4, we introduce our DSKP algorithm to generate and assign secret keys based on secure requests. In Section 5, we formulate a QKP model to describe how secret-key volume changes over time. In Section 6, we show some illustrative numerical results to evaluate the effectiveness of the proposed algorithm. Section 7 concludes the paper.

2. Related works of QKD networking

QKD is derivated from QC, and regarded as a critical technology that can provide secret keys for two separated users. Unlike tradition encryption methods, the security of secret keys relies on the fundamental laws of quantum physics, like Heisenberg uncertainty principle and None-cloning theorem. Based on such fundament, QKD has the advantage of allowing two users to share keys while also being aware of the existence of eavesdropper. To explore the feasibility of QKD for practical application, testbeds of QKD integrated in practical optical networks are being currently investigated [23–27]. The latest demonstration of secret-key rate and transmission distance in QKDN have achieved up to 1.26 megabits per second key rates over 50 kilometers of standard optical fiber [28] and 1.16 bits per hour over 404 kilometers of ultra-low-loss fiber [29]. Building on the top of these communication trials, advanced forms of SDN-controlled networking [30–32] and resource allocation [33–35] in QKDN are also being investigated to improve the efficiency and flexibility. Regarding QKD integration in edge network, a quantum-secured, inter-domain 5G service orchestration over optical networks have been recently experimentally demonstrated [32].

3. Illustration of the QS-PON

3.1 QS-PON architecture

A possible architecture of QS-PON is shown in Fig. 1, which is a QAN built over a Time and Wavelength Division Multiplexed PON (TWDM-PON) infrastructure. Within this architecture, Qtras are installed at the ONU side while a Qrec is installed at the OLT side, to jointly perform QKD. A pair of Qtra and Qrec can implement the transmission of quantum signal and the selection of measurement basis [6]. The wavelength channels operating in a QS-PON consist of quantum wavelengths (QWs), optical wavelengths (OWs), and user data wavelengths (UWs). Among them, QW, OW and UW are respectively used for the transmission of quantum bits, optical (not quantum) signals that supports the QKD process (e.g., measurement basis, time synchronization data), users’ data as in traditional PONs (or more advanced forms of TWDM-PON). QWs are placed at approximately 1310 nm [4], OWs and UWs are placed at approximately 1550 nm [4]. They are multiplexed on single fiber by a passive optical splitter (POS). To increase resource efficiency, QWs can be further divided into time slots by using TDM [34,35], thus Qrec can perform QKD with various Qtras during different time slots. Secret keys generated between each pair of Qtra and Qrec are stored in the quantum key pool (QKP) prepared for the subsequent security requests [20–22]. In summary, SKP between OLT and ONUs is achieved by point-to-multi-point QKD and OTDM technologies between Qtras and Qrecs.

 

Fig. 1. The architecture of QS-PON.

Download Full Size | PDF

3.2 Secret key generation (SKG) and secret key consumption (SKC) in the QS-PON

As already mention, SKP includes SKG process and SKC process.

 

Fig. 2. The ONU-to-ONT SKG and ONU-to-ONU SKC diagram, (a) the process of SKG for ONU-to-OLT, (b) the process of SKC for ONU-to-ONU.

Download Full Size | PDF

3.3 SKG workflow in the QS-PON

A workflow clarifies the interaction required to perform on-demand QKD among Qtra, Qrec, OLT, and ONU, as shown in Fig. 3. To start, OLT sends instructions to collect security requests from ONUs. If some ONU’s QKP has a low volume, the ONUs send supplement requests to OLT. At the same time, the ONU checks the status of Qtra to see if the Qtras can be activated to generate new keys. After that, the OLT checks the status of Qrec and the key volume in QKP to verify whether SKG and SKC can be performed (key volume in QKP must be sufficient tos atisfy the security requests as much as possible). After these steps, the OLT formulates a schedule based on the received request to specify time intervals for various ONUs (see Section 3). Finally, the schedule is communicated to all ONUs.

 

Fig. 3. The SKG work flow in QS-PON.

Download Full Size | PDF

4. DSKP in the QS-PON

4.1 Problem description

Let us now describe the problem of time-slot allocation for SKP in QS-PON. We separate SKP into two sub-phases: SKG and SKC. For the SKG phase, when a supplement request arrives, OLT needs to specify time slots for Qtras to perform QKD and supplement keys in the QKP. As we are suing OTDM, a schedule for SKG must be identified such that only one Qtra at a time is served. The other Qtras need to wait for their SKG slot to come, but they can still proceed with normal SKC until key volume in their QKP gets to 0, when SKP requests cannot be served and will be rejected. Thus, our proposed DKSP algorithm initially selects the QKP with lowest key volume as the one to be supplemented first and assigns available time slots to it, as shown in Fig. 4(a). For the SKC phase, (triggered by security requests from ONUs for data encryption), OLT first determines the modality of security requests, then performs key relay for ONU-to-ONU requests (if needed), and finally sends the keys to the requesting ONU. As shown in Fig. 4(b), the processing order follows the arrivals of requests, and a guard time is imposed between each SKC request. When the destination ONU for consecutive SKC requests is the same one, the guard time between these SKC requests is unnecessary and may lead to bandwidth waste. Thus, the objective of DSKP during the SKC phase is to reduce the unnecessary guard time occupation by grouping requests from the same ONU. Focusing on these two phases, our proposed DSKP algorithm, which is described in the next section, aims at scheduling SKC and SKG requests to jointly minimize scheduling delay and service rejection.

 

Fig. 4. Diagram of two sub-problems, (a) SKG, and (b) SKC.

Download Full Size | PDF

4.2 Network model

The physical topology of a QS-PON can be modeled as a graph $G(V,\; {W_c},\; {W_{QKD}},QKP$$({{K_{curr}},{K_{threshold}},\; {K_{full}}} )\; )$, where V denotes the network nodes, and ${W_c}$ and ${W_{QKD}}$ refer to the sets of wavelengths used for normal optical communication and QKD, respectively; and the triplet QKP contains ${K_{curr}}$, that represents current value of secret-key volume in QKP, ${K_{threshold}}$ that is threshold above which SKG is triggered, and ${K_{full}}$ that is the capacity of the QKP. Note that, in this paper, we only focus on the assignment of wavelengths used for QKD, and the assignment of classical communication in TWDM-PON can be performed as in any of several previous studies [16–18]. Since we are considering TDM, ${W_{QKD}}$ is divided into several uniform time slots (${t_{slot}}$), assigned to different users and spaced with a guard time (${t_g}$).

4.3 Request model

Parameter ${K_{rate}}$ indicates as the average secret-key volume generated in a time slot in the network. For the SKG and SKC, two types of requests, i.e., supplement request and security request, are denoted as ${r_{su}}({s,\; \; d,{K_{req}}} )$ and ${r_{se}}({s,\; d,\; {K_{req}}} )$, respectively. s and d are the source and destination nodes, and ${K_{req}}$ represents the secret-key volume required by ONUs. s and d in different requests can refer to different elements, e.g., OLT and ONU, or ONU and ONU. The number of ${t_{slot}}$s to support a supplement request or security request can be described as:

5. Two DSKP components: LF-SKG and HC-SKC

After the illustration of LF-SKG and HC-SKC, we now will elaborate on how the time-slot allocation is performed by the proposed in DSKP algorithm. The DSKP algorithm is correspondingly divided into two sub-algorithms: LF-SKG algorithm and HC-SKC algorithm.

5.1 LF-SKG algorithm

Lowest-first secret-key generation (LF-SKG) is the policy chosen for the time-slot allocation of secret-key generation. The intuitive logic behind this policy is that, the longer time a QKP has to wait to be refilled, the more likely it is deplete its key reserve, which will more likely lead to rejection of subsequent SKP requests. To solve this problem, we designed a LF-SKG algorithm to select the Qtra with the lowest key volume in QKP among various Qtras.

As shown in Table 1, LF-SKG algorithm aims to arrange time slots for supplement requests ($r_{su}^i$s). Let us assume that $r_{su}^i$ arrives dynamically from ONUs to OLT during the current time period (that is referred as time window “$Windo{w_{T\_SKG}}$”). After each $Windo{w_{T\_SKG}}$, OLT initially collects $r_{su}^i$ from ONUs into the set ${R_{su}}$ and checks the ${W_{QKD}}$s to find whether there is an available capacity to perform QKD. Then, we look the volume of secret keys in the QKPs in which includes both of source and destination nodes in each $r_{su}^i$ to identify the order of $r_{su}^i$s in ${R_{su}}$ for the SKG. The order of $r_{su}^i$s follows the LF-SKG principle, that means the $r_{su}^i$ with the lowest secret-key volume is arranged as the first one to be allocated with time slots and perform SKG. Next, we calculate and allocate available ${W_{QKD}}$s for each $r_{su}^i$ in the ${R_{su}}$. To achieve it, we first count the number of time slots that is required a $r_{su}^i$ for the SKG. The required number (n) of time slots is calculated by the ratio of ${K_{req}}$ of the $r_{su}^i$ and the ${K_{rate}}$ (as shown in Eq. (1)). OLT allocates the corresponding n consecutive $t\_slot$s to the $r_{su}^i$, and the series of allocated $t\_slot$s for various $r_{su}^i$ within a $Windo{w_{T\_SKG}}$ can form a SKG cycle. Finally, OLT broadcasts the SKG cycle to all ONUs, and the ONUs control the on/off states of Qtras.

Table 1. LF-SKG algorithm

View Table | View all tables in this article

5.2 Hierarchical-clustering in SKC

HC is a statistical method that clusters various samples into different groups with similar features [37–38]. To reduce the unnecessary guard-time occupation in SKC process, HC is used to cluster SKP requests with the same destination nodes. The clustering process depends on similarity degree between two different samples (i.e., destination nodes). The similarity degree can be, e.g., represented by the calculation of using distances like Minkowski and Euclidean Distance, etc. To simplify the calculation, we adopt a simple clustering distance, i.e., the Absolute Value Distance. The distance under absolute value d for two nodes ${w_i}$ and ${w_j}$ in total requests $k = \{{1, \cdots ,p} \}$ can be calculate as in Eq. (3).

When the number of requests becomes large, the distance value of each pair of requests is better to be presented in the form of a matrix $\textrm{W}$, as shown in Eq. (4) (n.b.: the distance of a node to itself is the case of $d = 0$ in the diagonal). The difference between the max and min distances in matrix $\textrm{W}$ calculated by Eq. (5) is referred as a distance gap ${d_{gap}}$.

After the calculation of $\textrm{W}$, the clustering process can start. We exploit height to constantly select and merge the requests with same distance in the matrix. First, all elements in $\textrm{W}$ are grouped together in a set ${\textrm{H}_1}$ with a height 0. If we assume the number of clusters is c, then the height is constructed by ${d_{gap}}/c$ as a constant value. As shown in Eqs. (6)–9, several groups in the set ${\textrm{H}_1}$ with the same height can be merged a common sub-set ${h_1}$. Sub-set ${h_1}$ is as one factor put in a new set ${\textrm{H}_2}$ with the other factors that have different height in sub-set ${h_1}$. Also, set ${\textrm{H}_3}$ with height $2 \times {d_{gap}}/c$ can be constructed by composing ${h_2}$, ${w_{i + 3}}$, and ${w_{i + 4}}$. Analogously, elements and sub-sets can be constantly composed until one sub-set remained in (${H_n}\,{H_n} = {d_{gap}}$). The grouped clusters are shown in each step of composing with different heights.

5.3 HC-SKC algorithm

As shown in Table 2, HC-SKC is for the situation where OLT receives security request ($r_{se}^i$) from ONUs and relays secret keys from the source node to the destination node. Since SKC process occurs in parallel to SKG, we suppose they have different time window for the generation and assignment of secret keys. Analogously, the sets of ${W_c}$ and ${R_{se}}$ will be updated at the beginning of each $Windo{w_{T\_SKC}}$. Then, we consider two possible cases, based on the key volume of QKP: ${K_{curr}} = 0$ and ${K_{curr}} > 0$. For ${K_{curr}} = 0$, SKC cannot be performed since there are no keys in QKP to be provided for the requests. For ${K_{curr}} > 0$, as mentioned in Section 2. B, SKC can be achieved by the relaying function that is directly performed in the OLT side and the transmission of the secret keys from OLT to ONU. Next, we apply the clustering of $r_{se}^i$s according to the algorithm in Section 4.B to reduce the guard time in SKC process. By calculating the absolute distance ${d_{{d_i},{d_j}}}$ between $r_{se}^i$s, the $r_{se}^i$s generated between ONUs will be grouped to a set ${S_{{d_i}}}$ if they have the same destination node. The other $r_{se}^i$s with different ${d_{{d_i},{d_j}}}$ values will be put into set ${S_{{d_{ir}}}}.\,r_{se}^i$. $r_{se}^i$ in set ${S_{{d_{ir}}}}$can be grouped as ${S_{{d_{ir}}}}\{{\{{r_{se}^i,r_{se}^j} \},\{\cdots \}\cdots \; } \}$ according to ${d_{{P_i},{p_j}}}$ following the HC process described in section4.B. Next, $r_{se}^i$s in the sets ${S_{{d_i}}}$, and ${S_{dir}}$ will also be dealt one by one according to HC process, and the output order will be set as SKC cycle (${C_{SKC}}$). Finally, the time-slot allocation for each $r_{se}^i$ is included in ${C_{SKC}}$, and the number of ${C_{SKC}}$ will be $\textrm{Max}({N_{slot}^{{r_{su}}}} )/n$ if there are n $t\_slot$s of each $r_{se}^i$ in ${C_{SKC}}$.

Table 2. HC-SKC algorithm

View Table | View all tables in this article

5.4 Analysis of DKSP complexity

Time complexity of DSKP algorithm comprises two parts, respectively for LF-SKG and HC-SKC. LF-SKG complexity depends on the ‘for’ loops (line 3 to 6 in Algorithm 1) related to the number of $r_{su}^i$s. Higher number of $r_{su}^i$s ($V \uparrow $) will bring higher complexity ($\textrm{O}({K + V} )\uparrow $). HC SKC complexity mainly is contributed by HC process, that can be estimated as $\textrm{O}({t \times {\alpha^2}} )$ [39], where t is the number of iterations and α is sample quantity. Thus, the overall complexity is $\textrm{O}({K + V + t \times {\alpha^2}} )$.

6. QKP modeling and verifying in the QS-PON

6.1 QKP modeling

QKP is an important component in QS-PON and there is no QKP in traditional PONs. It is used for the storage of secret keys for supplement requests and the continuous fulfillment for security requests, thereby introducing a balance between SKG and SKC processes on the key volume. In this section, we construct a mathematical model of QKP, analyze the relationship between SKG and SKC, and quantify their influence on secret-key volume in QKP as a function of time. The symbols used in our mathematical model are listed in Table 3.

Table 3. Parameters

View Table | View all tables in this article

SKG and SKC directly influence secret-key volume in QKP, which will, in turn, also influence SKP for users. Here, we construct mathematical formulations respectively for SKG and SKC.

Equation (10) describes the consumption volume of secret keys within a ${t_{slot}}$. Arrival of security requests follows heavy-tailed distribution which can describe the network data traffic realistically. Suppose that the average number of the requests at ${t_{slot}}$ is M, required key volume is N, and P is a constant value where key volume required by users can be represented by $P \times N$ ($0 < \textrm{P} < 1$). The probability density function is $\frac{\textrm{a}}{\textrm{k}}{\left( {\frac{\textrm{k}}{{{t_{slot}}}}} \right)^{\textrm{a} + 1}}$, where a and k are constants and $\textrm{a} \ge \textrm{k},{\; k} > 0$.

Equation (11) describes the generation volume of secret keys within a ${t_{slot}}$. It can be seen as a fixed value within a certain time.

Equation (12) describes the volume of consumed keys within n continuous ${t_{slot}}$s in QKP. In addition, to ensure the subsequent secret-key provision capacity, the volume of consumed keys in QKP should be bigger than 0 and smaller than ${K_{full}}$. Correspondingly, Eq. (13) shows the size of a ${t_{slot}}$ should be satisfied.

Equation (14) describes the volume of generated keys in n${t_{slot}}$s. It has the same restriction with consumed value as shown in Eq. (15), and that is the generated volume in n${t_{slot}}$s should be bigger than 0 and smaller than ${K_{full}}$.

Based on the above equations of SKG and SKC, the key volume stored or consumed per time slot in a QKP can be judged by the rates of SKG and SKC.

Equation (16) evaluates the key volume to be generated or consumed in a ${t_{slot}}$.

When ${S_{{g_{\_slot}}}}({{t_{slot}}} )> {S_{c\_slot}}({{t_{slot}}} )$, Eq. (17) represents an excess key volume that can be stored in QKP. Put ${K_{inve}}({{t_{slot}}} )\ge 0$ into Eq. (16), we can get $n{t_{slot}} < {(\frac{{MN{k^a}}}{{MN - {K_{rate}}}})^{\frac{1}{a}}}$ which means that key supplement can not only satisfy consumption, but also have the ability to store keys within a certain time period.

When ${S_{{g_{\_slot}}}}({{t_{slot}}} )< {S_{c\_slot}}({{t_{slot}}} )$, Eq. (18) represents the needed key volume and the key shortage can be supplemented by the keys remained in previous time slots in QKP. Also, if we put ${K_{inve}}({{t_{slot}}} )< 0$ into Eq. (16), we can get $\textrm{n}{t_{slot}} > {(\frac{{MN{k^a}}}{{MN - {K_{rate}}}})^{\frac{1}{a}}}$.

Equation (19) describes the real-time-slot key volume in QKP.

Equation (20) is the integral results of Eq. (19), representing the current secret-key volume in QKP changing over ${t_{slot}}.\,{C_1}$. is a positive constant. In order to guarantee successful SKP, two parameters, full volume and threshold volume, are set in QKP. According to the capacity of providing keys, the current secret-key volume in QKP can be divided into three phases. If ${K_{full}} > {K_{curr}}({{t_{slot}}} )> {K_{threshold}}$, this means secret keys in the QKP can fully support the SKC of users. If $\; {K_{threshold}} \ge {K_{curr}}({{t_{slot}}} )> 0$, this means secret keys in the QKP will be totally consumed and a key supplement is needed in the QKP. If ${K_{curr}}({{t_{slot}}} )\le 0$, this means secret keys in the QKP cannot serve security requests and this is the case when the LF-SKG algorithm must be performed. Moreover, as the ${t_{slot}}$ increases, ${K_{curr}}({{t_{slot}}} )$ in QKP will decrease from full to a value below ${K_{threshold}}$.

Equation (21) represents the key volume to be supplemented. Consider the key consumption involved in this process, $\alpha $ is set as a surplus-dependent parameter of consumption rate ($0 \le \; \alpha \le 1$).

Equation (22) calculates the numbers of ${t_{slot}}$s used for a request.

Limited by $\; \; {K_{full}} > {K_{curr}}({{t_{slot}}} )> {K_{threshold}}$ and $\; {K_{threshold}} \ge {K_{curr}}({{t_{slot}}} )> 0$, Eqs. (23) to (26) show two phases of secret-key volume changing over ${t_{slot}}$ in QKP. When$\; {K_{threshold}} \ge {K_{curr}}({{t_{slot}}} )> 0$, it will trigger the supplement of secret keys. ${C_1}$ and ${C_2}$ are positive constants.

6.2 Performance analysis of QKP modeling

After having introduced our mathematical model for SKG and SKC in QS-PON, in this subsection we explore the influence of several parameters on SKG and SKC behavior. We run the proposed mathematical model in static setting (in Matlab) and also a dynamic network simulation (developed in C++) as a comparison. In these simulations, we consider a 32-ONU PON where Qtras and Qrec are located at OLT and ONUs. Arrival of security requests follows heavy-tailed Pareto distribution, and the source and destination nodes are randomly selected. Required key volume in the security requests is randomly selected from different ranges, which can be set as variables. SKG and SKC rates are then selected as a function of the required key value within a certain range. Simulations show how the volume of secret keys changes in QKP influenced by SKG and SKC. We conduct the simulation using the parameters listed in Table 4, but the parameter settings are not limited to these values.

Table 4. Parameters

View Table | View all tables in this article

Figure 5 shows the trend of key volume in QKP based on our model. It includes two sub-phases to show how secret-key volume in QKP changes over time under the situations with and without SKG. In the first sub-phase, as we can see, secret keys in QKP are gradually consumed to a value below ${K_{threshold}}$. This part only contains the consumption of secret keys until key volume is below the threshold, and then SKG will be triggered to supplement keys in QKP. The key volume gradually increases since the secret-key supplement works to enhance SKP capacity of QKP.

 

Fig. 5. QKP model shows how secret-key volume changes over time in QKP with SKC and SKG (SKG rate = 60 and SKC rate selected from range [0, 400]).

Download Full Size | PDF

Figure 6 shows, using dynamic simulation, how SKG and SKC rates affects secret-key volume in QKP. In Figs. 6(a) and (b)we plot the SKC and SKG rate, considering that SKC occurs during the whole process, while SKG (in red) is triggered only when key volume goes below a threshold. Note that SKG lasts as long as it is needed to fill up the QKP. It can be observed, comparing the two figures, that higher SKG takes shorter time to fill up the QKP. Figures 6(c) and (d) show the secret-key volume changing over time with different SKG rates. Also, comparing Figs. 6(c)-(e) with Fig. 5 we can observe that higher SKG rate enables shorter time to fill up the QKP (also called “supplementing time”). Note that a similar temporal trend for key volume in QKP has been presented in Ref. [40], which supports the correctness of our QKP model. Figure 6(e) show the secret-key volume changing over time with different ${K_{threshold}}$s. Bigger ${K_{threshold}}$ can shorten the time consumed by SKG and thus causing shorter time period. In addition, similar to Fig. 6, the changing trend of secret-key volume is periodic.

 

Fig. 6. Simulation results showing how SKG and SKC rates affects secret-key volume in QKP. (a) and (b) show the SKC rate versus different SKG rates (SKC rate selected from range [0, 400], SKG rate=60 and 120 respectively). (c) and (d) show secret-key volume in QKP changing over time with different SKG rates (SKG rate=60 and 120 respectively). (e) shows how key volume in QKP changes with different ${K_{threshold}}$ values (i.e., ${K_{threshold}}$=50000, respectively), and the SKC and SKG rates are set to fixed values in this case.

Download Full Size | PDF

6.3 Summary

In this section, we constructed a mathematical model representing the key volume in the QKP and analyzed the performance obtained from the model with simulation. We can observe that the change of SKG and SKC rates will influence the key volume in QKP. This shows the setting of threshold value for the supplement has a strong impact on the performance of SKP. In addition, the simulation results of the trend of key volume changing over time have a similar trend performance with that in Ref. [40].

7. Illustrative numerical results and discussion

To evaluate the effectiveness of the DSKP algorithm, we extended the dynamic network simulation discussed above to evaluate more performance metrics. With the parameters described in Section 5.B, the DSKP algorithm is simulated and compared to a baseline IPACT-based SKP that supports SKG and SKC according to the order of user arrivals. The ${K_{threshold}}$ of QKPs, ${K_{rate}}$ in different links, $Windo{w_{T\_SKG}}$, and the offered load of requests ($OL$) are set as variable parameters for the comparisons. The guard time between different ONUs is set to 800 ns according to [41]. ${K_{req}}$ in each security request is a random value selected from the range [0, 400]. We consider 1 quantum channel to transmit quantum signals (|QW|=1) (it is also assumed that 2 other optical channels transmit measurement basis and sync signals respectively (|OW|=2), but their resource assignment simply follows resource assignment it the QKD wavelength). Note that the number of QKD wavelengths must be set proportionally to the number of QKD devices (so, in our setting for 32 ONUs, each hosting one Qtra, we estimated that 1 QW is enough). Based on the above simulation settings, the performance of our proposed algorithms is evaluated in terms of service-rejection ratio (SR), time-slot utilization (TU), guard time saving (GTS), and clustering tree diagram (CTD). Namely:

7.1 Service-rejection ratio (SR)

As shown in Fig. 7, we present SR under the combined impact of three variable factors (i.e., $OL$, $Windo{w_{T\_SKG}}$, ${K_{threshold}}$) plotted in the form of bar graphs. The figure is divided by a red dashed line, which shows the IPACT-based SKP on the left side and the DSKP on the right side. In general, DSKP significantly reduces SR compared to the IPACT-based SKP. This is because DSKP (specifically, during the LF-SKG phase) generates keys starting from the ONU with lowest number of keys in the QKP, hence alleviating the SR. Also, SR decreases for higher ${K_{rate}}$, since higher ${K_{rate}}$ increases the generation of secret keys. As for varying $OF$ (as shown in Fig. 7(a)), SR increases with bigger $OL$, because bigger $OL$ accelerates the consumption of secret keys. For the changing of $Windo{w_{T\_SKG}}$ and ${K_{threshold}}$ shown in Figs. 7(b) and 7(c), the two figures show that $Windo{w_{T\_SKG}}$ has no influence on SR, and SR decreases for higher ${K_{threshold}}$, since higher ${K_{threshold}}$ can always guarantee a certain number of secret keys in QKP to satisfy security requests.

 

Fig. 7. Plots of SR under the combined impact of three factors (i.e., $OL$, $Windo{w_{T\_SKG}}$, ${K_{threshold}}$). Note that ${K_{rate}}$ is varied from 35 to 50 with two unequal spacings (i.e., 1 and 5), and SKC rate is a value selected from a fixed range [0, 400]. (a), (b) and (c) are changing with three different variable parameters, i.e., $OL$, ${K_{threshold}}$, and $Windo{w_{T\_SKG}}$. Specifically, in (a) we assume ${K_{threshold}}$=5000 and $Windo{w_{T\_SKG}}$=5, in (b) we assume $OL$=20000 and ${K_{threshold}}$=5000, and in (c) we assume $OL$=20000 and $Windo{w_{T\_SKG}}$=5.

Download Full Size | PDF

7.2 Time-slot utilization (TU)

Figure 8 shows the TU changing with different variable parameters, i.e., ${K_{rate}}$ vs ${K_{req}}$, ${K_{threshold}}$ vs $OL$, $Windo{w_{T\_SKC}}$ vs $OL$. In Fig. 8(a), we can see bigger ${K_{req}}$ and smaller ${K_{rate}}$ can increase TU, since higher consumption rate requires higher time slots, and more SKG will enable QKP to support more SKC, thus occupying more time slots. As shown in Figs. 8(b) and 8(c),$\; {K_{threshold}}$ and $Windo{w_{T\_SKC}}$ almost have no influence on TU, as TU depends on the key volume contained in each security request (which is not affected by ${K_{threshold}}$ or $Windo{w_{T\_SKC}}$), while bigger $OL$ can increase TU as more time slots will be occupied by increasing number of secret-key requests in a window. Note that the proposed algorithms are not compared with the benchmark, as the proposed algorithms and the IPACT benchmark have no different influence on TU which merely depends on key-volume requirements.

 

Fig. 8. The time-slot utilization (TU) under different variable parameters. (a) TU variation for different ${K_{rate}}$ and ${K_{req}}$, (b) and (c) TU variations, for fixed ${K_{rate}}$ and ${K_{req}}$ (i.e., ${K_{rate}}$=60 and ${K_{req}}$ in the range [0, 400]), but changing $OF$, ${K_{threshold}}$, and $Windo{w_{T\_SKC}}$.

Download Full Size | PDF

7.3 Guard time saving (GTS)

Figure 9 shows the impact of several system parameters GTS. Note that positive values of GTS mean HC SKC can save guard time, and the GTSs are always positive values under different parameter settings. For ${K_{rate}}$=180, $Windo{w_{T\_SKC}}$=20 and ${K_{threshold}} = 40000$, GTS can be up to almost 40%. Specifically, Fig. 9(a) shows that ${K_{rate}}$ and ${K_{req}}$ have no influence on GTS, instead Fig. 9(b) shows that increase in $OL$ and $Windo{w_{T\_SKC}}$ result in an increased GTS. This is because larger $Windo{w_{T\_SKC}}$ can allow more arrival of request to increase the probability of having same destination nodes to save time. In Fig. 9(c), ${K_{threshold}}$ also shows no influence on GTS, but bigger $OL$ can slightly increase GTS for the same reason seen in Fig. 8(b).

 

Fig. 9. The GTS under different variable parameters. The specific parameter settings are the same as in Fig. 8.

Download Full Size | PDF

7.4 Service-rejection ratio (SR)

In Fig. 10, the CTDs graphically represent the clustering process of security requests during four time windows. The x- and y-axis represents the sample requests and the $\textrm{H}$ of each time clustering (see Section 4.B), respectively. We randomly select the sample requests in a common time window to present their clustering tree diagram. At the beginning, every request is located in a common, and then we merge the two closest clusters to form a new sub-cluster according to H. As the cluster height increases, samples are decomposed into more classes. In addition, initial merging processes help increasing time saving, as it has been discussed in Section 5.D.

 

Fig. 10. Diagrams of clustering tree during four $Windo{w_{T\_SKC}}$s in SKC process.

Download Full Size | PDF

8. Conclusions

This paper investigates a QS-PON architecture to secure data transmission in PON via SKP, driven by point-to-multi-point QKD. By deploying QKD in PON, the QS-PON architecture shows how QKP can be used to efficiently distribute secret keys in QS-PON. After discussing the problems related to the processes of generation and consumption of secret keys, an algorithm, called DSKP, is devised to generate and assign secret keys on demand. Two targets are sought by DSKP, namely, to reduce service-rejection ratio and to avoid wastage of guard time as much as possible. To verify the effectiveness of our simulation settings, we construct a general QKP model that has similar performance with results presented in Ref. [40]. Then, we analyze the behavior of this model under both static and dynamic network settings. Finally, using dynamic simulation, we illustrate the effectiveness of DSKP algorithm in comparison with an IPACT-based baseline dynamic bandwidth assignment algorithm. We analyze four main metrics, SR, CTD, TU, and ITS, and we show that DSKP can reduce SR and ITS by about 16% and 39%, respectively. As future work, we plan to investigate aspects related to survivability of SKP in QS-PON.