The aim of this chapter is to emphasize the multidisciplinary nature of the research in the field of Quantum Key Distribution Networks (QKDNs). Such networks consist of a number of nodes that can perform security protocols protected by some basic laws of physics. The operation of QKDNs mainly requires the integration of Quantum Key Distribution (QKD) protocols with the already-existing network security infrastructures. The authors report on the current state-of-the-art in the field and give some recommendations for future research. As computer simulation can be very useful in dealing with advanced technology subjects like QKDNs, they outline a simple and efficient modeling and simulation approach for various QKDN configurations. Then, the issue of unconditionally secure authentication of the public channel in QKD is considered. This issue is of crucial importance from both theoretical and practical sides. In this context, the proposed hybrid authentication strategy is reviewed and an authenticated version of the Bennett-Brassard-84 (BB84) QKD protocol based on this strategy is described. Next, a novel extension of the SSL protocol for QKDN settings, which the authors call Quantum SSL (QSSL), is explained. Finally, the chapter is concluded.
TopIntroduction
Data transmission has always been vulnerable to eavesdropping. Conventional cryptography has provided many security services in data communication; however, it has serious limitations when dealing with passive eavesdropping. Indeed, security with today's cryptography can usually be achieved on the basis of computational complexity. Thus, almost all cryptosystems can be broken with enormous amounts of calculations.
The recent application of the principles of quantum mechanics to cryptography has led to remarkable new dimension in secret communication. The most important contribution of Quantum Cryptography (QC) or, more precisely, quantum key distribution (QKD) is a mechanism for detecting eavesdropping. This is totally new contribution to the field of cryptography. Neither symmetrical cryptographic systems nor public–key systems have such a capability. QKD delivers cryptographic keys whose secrecy is guaranteed by the laws of physics. QKD offers new methods of secure communications that are not threatened even by the power of quantum computers.
The only cipher system known to have guaranteed (unconditional) security is the Vernam cipher (the one-time pad). This system is a symmetric cryptosystem that requires a key as long as the message; the key is used only once and then carefully destroyed. Furthermore, it requires the correspondents to share initial secret key information. Hence, the key management and distribution problems become terrifying with this kind of cipher systems. In QC, physically secure quantum key distribution is usually combined with the mathematical security of the Vernam cipher to produce a significantly secure system.
In order to facilitate the evolution of QC towards a practical “quantum information security era” in which QC becomes more closely integrated with conventional information security systems and communication networks infrastructures, a more collaborated scientific research among specialists from several fields is required. In particular, this research activity has to bring together theoretical and experimental physicists, computer scientists and electrical engineers, and communications and information security specialists.
QKD basically enables two parties (traditionally referred to as Alice and Bob) to produce the shared secret keys required for secure communications, through a combination of quantum and conventional communication steps. Today QKD systems can be operated over metro-area distances on optical fibers and across line-of-sight “free-space” paths. Thus, in addition to stand-alone point-to-point (PTP) systems, QKD can be integrated within optical communication networks at the physical layer, and with key-management infrastructures. This significantly facilitates applications in the environments of “QKD networks” (QKDNs). In general, it is possible to define a QKDN as an infrastructure composed of quantum links connecting multiple distant nodes that have the capability of performing QKD.
The main goal of this chapter is to bring the attention of people working in both QC and traditional network security fields so as to reach a better understanding of all theoretical and practical issues related to the integration of QKD with the already-existent information security infrastructure. We will report on theoretical, simulation, and practical work in the field of QKDNs. Modeling and simulation can be used efficiently to study and analyze QKDN various possible settings. Various secure communication network models can be studied. The security of these network models is solely achieved using QKD. Both point-to-point and multiple-access broadcast networks might be considered. To reach this goal, some basic configurations for communication nodes and communications channels in QKD networks have to be developed at first. Details of the required modeling and simulation approach will be described in this chapter.
Furthermore, it is well known that QKD requires a classical public channel with trusted integrity as otherwise a potential eavesdropper (Eve) can easily amount a man-in-the-middle attack. In case that Eve can manipulate messages on the public channel, it is clear that she could sit between Alice and Bob impersonating each of them to the other. As a result, Eve would thus share two independent keys with the two the legitimate parties and gain full control of all the subsequent communication, without being noticed (Peev et al., 2005; Bennett, Bessette, Brassard, Salvail, and Smolin, 1992). It was suggested that this crucial property of the public channel can be implemented using either of the followings (Bennett et al., 1992):