Guardado en:
Detalles Bibliográficos
Autores principales: Sanz, Ane, Atutxa, Asier, Franco, David, Astorga, Jasone, Jacob, Eduardo, López, Diego
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2509.09453
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866914201305350144
author Sanz, Ane
Atutxa, Asier
Franco, David
Astorga, Jasone
Jacob, Eduardo
López, Diego
author_facet Sanz, Ane
Atutxa, Asier
Franco, David
Astorga, Jasone
Jacob, Eduardo
López, Diego
contents With the advent of quantum computing, the increasing threats to security poses a great challenge to communication networks. Recent innovations in this field resulted in promising technologies such as Quantum Key Distribution (QKD), which enables the generation of unconditionally secure keys, establishing secure communications between remote nodes. Additionally, QKD networks enable the interconnection of multinode architectures, extending the point-to-point nature of QKD. However, due to the limitations of the current state of technology, the scalability of QKD networks remains a challenge toward feasible implementations. When it comes to long-distance implementations, trusted relay nodes partially solve the distance issue through the forwarding of the distributed keys, allowing applications that do not have a direct QKD link to securely share key material. Even though the relay procedure itself has been extensively studied, the establishment of the relaying node path still lacks a solution. This paper proposes an innovative network architecture that solves the challenges of Key Management System (KMS) identification, relay path discovery, and scalability of QKD networks by integrating Software-Defined Networking (SDN) principles, and establishing high-level virtual KMSs (vKMS) in each node and creating a new entity called the Quantum Security Controller (QuSeC). The vKMS serves the end-user key requests, managing the multiple KMSs within the node and abstracting the user from discovering the correct KMS. Additionally, based on the high-level view of the network topology and status, the QuSeC serves the path discovery requests from vKMSs, computing the end-to-end (E2E) relay path and applying security policies. The paper also provides a security analysis of the proposal, identifying the security levels of the architecture and analyzing the core networking security properties.
format Preprint
id arxiv_https___arxiv_org_abs_2509_09453
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Toward quantum-safe scalable networks: an open, standards-aware key management framework
Sanz, Ane
Atutxa, Asier
Franco, David
Astorga, Jasone
Jacob, Eduardo
López, Diego
Networking and Internet Architecture
With the advent of quantum computing, the increasing threats to security poses a great challenge to communication networks. Recent innovations in this field resulted in promising technologies such as Quantum Key Distribution (QKD), which enables the generation of unconditionally secure keys, establishing secure communications between remote nodes. Additionally, QKD networks enable the interconnection of multinode architectures, extending the point-to-point nature of QKD. However, due to the limitations of the current state of technology, the scalability of QKD networks remains a challenge toward feasible implementations. When it comes to long-distance implementations, trusted relay nodes partially solve the distance issue through the forwarding of the distributed keys, allowing applications that do not have a direct QKD link to securely share key material. Even though the relay procedure itself has been extensively studied, the establishment of the relaying node path still lacks a solution. This paper proposes an innovative network architecture that solves the challenges of Key Management System (KMS) identification, relay path discovery, and scalability of QKD networks by integrating Software-Defined Networking (SDN) principles, and establishing high-level virtual KMSs (vKMS) in each node and creating a new entity called the Quantum Security Controller (QuSeC). The vKMS serves the end-user key requests, managing the multiple KMSs within the node and abstracting the user from discovering the correct KMS. Additionally, based on the high-level view of the network topology and status, the QuSeC serves the path discovery requests from vKMSs, computing the end-to-end (E2E) relay path and applying security policies. The paper also provides a security analysis of the proposal, identifying the security levels of the architecture and analyzing the core networking security properties.
title Toward quantum-safe scalable networks: an open, standards-aware key management framework
topic Networking and Internet Architecture
url https://arxiv.org/abs/2509.09453