Abstract

The nature of network services has drastically changed in recent years. New demands require new capabilities, forcing the infrastructure to dynamically adapt to new scenarios. Novel network paradigms, such as software-defined networking (SDN) and network functions virtualization, have appeared to provide flexibility for network management and services. The reliance on software and commoditized hardware of these new paradigms introduces new security threats and, consequently, one of the most desired capabilities is a strengthened security layer when connecting remote premises. On the other hand, traditional cryptographic protocols are based on computational complexity assumptions. They rely on certain mathematical problems (e.g., integer factorization, discrete logarithms, or elliptic curves) that cannot be efficiently solved using conventional computing. This general assumption is being revisited because of quantum computing. The creation of a quantum computer would put these protocols at risk and force a general overhaul of network security. Quantum key distribution (QKD) is a novel technique for providing synchronized sources of symmetric keys between two separated domains. Its security is based on the fundamental laws of quantum physics, which makes it impossible to copy the quantum states exchanged between both endpoints. Therefore, if implemented properly, QKD generates highly secure keys, immune to any algorithmic cryptanalysis. This work proposes a node design to provide QKD-enhanced security in end-to-end services and analyze the control plane requirements for service provisioning in transport networks. We define and demonstrate the necessary workflows and protocol extensions in different SDN scenarios, integrating the proposed solution into a virtual router providing QKD-enhanced IPsec sessions.

© 2018 Optical Society of America

Full Article  |  PDF Article
OSA Recommended Articles
Hybrid Conventional and Quantum Security for Software Defined and Virtualized Networks

Alejandro Aguado, Victor Lopez, Jesus Martinez-Mateo, Thomas Szyrkowiec, Achim Autenrieth, Momtchil Peev, Diego Lopez, and Vicente Martin
J. Opt. Commun. Netw. 9(10) 819-825 (2017)

Highly Available SDN Control of Flexi-Grid Networks With Network Function Virtualization-Enabled Replication

Ramon Casellas, Ricard Vilalta, Ricardo Martínez, and Raül Muñoz
J. Opt. Commun. Netw. 9(2) A207-A215 (2017)

Software-Defined Optical Networks and Network Abstraction With Functional Service Design [Invited]

Xiaoyuan Cao, Noboru Yoshikane, Ion Popescu, Takehiro Tsuritani, and Itsuro Morita
J. Opt. Commun. Netw. 9(4) C65-C75 (2017)

References

You do not have subscription access to this journal. Citation lists with outbound citation links are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Cited By

You do not have subscription access to this journal. Cited by links are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Figures (14)

You do not have subscription access to this journal. Figure files are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription

Tables (1)

You do not have subscription access to this journal. Article tables are available to subscribers only. You may subscribe either as an OSA member, or as an authorized user of your institution.

Contact your librarian or system administrator
or
Login to access OSA Member Subscription