Miralem Mehic Stefan Rass Peppino Fazio Miroslav Voznak Quantum Key Distribution Networks A Quality of Service Perspective Quantum Key Distribution Networks Miralem Mehic • Stefan Rass (cid:129) Peppino Fazio (cid:129) Miroslav Voznak Quantum Key Distribution Networks A Quality of Service Perspective MiralemMehic StefanRass DepartmentofTelecommunications, SecureSystemsGroup,LITSecureand FacultyofElectricalEngineering CorrectSystemsLab UniversityofSarajevo JohannesKeplerUniversity Sarajevo,BosniaandHerzegovina Linz,Austria PeppinoFazio MiroslavVoznak DepartmentofTelecommunications DepartmentofTelecommunications VSB-TechnicalUniversityofOstrava VSB-TechnicalUniversityofOstrava Ostrava,CzechRepublic Ostrava,CzechRepublic ISBN978-3-031-06607-8 ISBN978-3-031-06608-5 (eBook) https://doi.org/10.1007/978-3-031-06608-5 ©SpringerNatureSwitzerlandAG2022 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Miralem:toLejlaandmyfamily Stefan:dedicatedtomylovingfamily Peppino:tomylovelyfamily,mom,dad,and Francesco Miroslav:tomybelovedfamily Acknowledgments The research leading to the published results was supported by the Ministry of the Interior of the Czech Republic under grant ID VJ01010008 within the project NetworkCybersecurityinPost-QuantumEra. WewouldliketothankOliverMaurhart,MarcinNiemiec,andEmirDervisevic forhelpfuldiscussionsandcommentsonthemanuscript. vii Contents 1 FundamentalsofQuantumKeyDistribution............................. 1 1.1 Information-TheoreticSecrecy......................................... 4 1.2 QKDProtocols.......................................................... 6 1.2.1 BB84Protocol .................................................. 7 1.2.2 B92Protocol.................................................... 20 1.2.3 CV-QKD ........................................................ 21 1.3 KeyLength.............................................................. 23 1.4 Summary ................................................................ 24 References..................................................................... 24 2 QualityofServiceRequirements........................................... 29 2.1 QualityofService....................................................... 30 2.2 QualityofServiceConstraints.......................................... 30 2.3 QualityofServiceComponents........................................ 33 2.4 QKDNetworking ....................................................... 35 2.4.1 QKDNetworks ................................................. 37 2.4.2 QKDVirtualPrivateNetworking.............................. 42 2.4.3 IPsec............................................................. 45 2.4.4 IPsecandQKD ................................................. 53 2.4.5 PassiveandActiveEavesdropping............................. 61 2.4.6 QoSConstraintsinQKDNetwork............................. 62 2.5 SimilaritiesBetweenQKDandAdHocNetworking ................. 63 2.6 Summary ................................................................ 65 References..................................................................... 65 3 QualityofServiceArchitecturesofQuantumKeyDistribution Networks...................................................................... 73 3.1 IntegratedServices...................................................... 74 3.1.1 RSVPProtocol.................................................. 78 3.1.2 ETSI004:QKDApplicationInterface ........................ 84 3.2 DifferentiatedServices.................................................. 89 3.2.1 DiffServComponents .......................................... 90 ix x Contents 3.2.2 ThePerHopBehavior(PHB)Classes......................... 91 3.2.3 Per-DomainBehavior(PDB)Metrics ......................... 92 3.2.4 ETSI014:ProtocolandDataFormatofREST-Based KeyDeliveryAPI............................................... 93 3.3 MultiProtocolLabelSwitching......................................... 95 3.3.1 MPLSOperationandArchitectureBasics..................... 96 3.3.2 MPLSandQKD ................................................ 100 3.4 FlexibleQualityofServiceModel..................................... 102 3.5 Summary ................................................................ 104 References..................................................................... 105 4 QualityofServiceMediaAccessControlofQuantumKey DistributionNetworks....................................................... 109 4.1 Post-ProcessingApplications........................................... 110 4.1.1 ImprovingErrorReconciliation................................ 115 4.1.2 Out-of-BandAuthenticationandKeyValidation.............. 119 4.2 OverlayQKDNetworking.............................................. 123 4.3 ImpactofQKDKeyManagement ..................................... 126 4.4 Summary ................................................................ 131 References..................................................................... 131 5 Quality of Service Signaling Protocols in Quantum Key DistributionNetworks....................................................... 135 5.1 In-BandsignalingandQKD............................................ 137 5.1.1 QSIP:AQuantumKeyDistributionSignalingProtocol...... 137 5.2 Out-of-BandSignalingandQKD ...................................... 139 5.2.1 Q3P:QuantumPoint-to-PointProtocol........................ 140 5.2.2 RSVP............................................................ 144 5.3 Summary ................................................................ 147 References..................................................................... 147 6 QualityofServiceRoutinginQuantumKeyDistributionNetworks .. 151 6.1 RoutinginGeneral...................................................... 152 6.1.1 RoutingAlgorithms............................................. 152 6.1.2 RoutingArchitecture ........................................... 153 6.2 RoutingRequirementsinQKDNetworks............................. 154 6.3 AddressinginQKDNetworks.......................................... 158 6.4 RoutingProtocols....................................................... 159 6.4.1 DistanceVectorRoutingProtocols ............................ 160 6.4.2 LinkStateRoutingProtocols................................... 164 6.4.3 QKDRoutingBasedonLink-States........................... 167 6.5 GreedyPerimeterStatelessRoutingforQKDNetworks ............. 169 6.5.1 QKDLinkMetric............................................... 172 6.5.2 GreedyForwarding............................................. 176 6.5.3 Recovery-ModeForwarding ................................... 178 Contents xi 6.6 Summary ................................................................ 180 References..................................................................... 180 7 FromPoint-to-PointtoEnd-to-EndSecurityinQuantumKey DistributionNetworks....................................................... 183 7.1 Single-PathTransmission:TrustedRelay.............................. 183 7.2 RelaxingtheTrustAssumption:MultipathTransmission............. 186 7.2.1 QuantifyingtheProbabilityofEavesdropping................ 187 7.2.2 QuantifyingtheProbabilityforaDoS......................... 199 7.2.3 QuantifyingMultipleSecurityGoals.......................... 200 7.3 WeaponizingtheDetectionofEavesdropping......................... 204 7.4 Summary ................................................................ 206 References..................................................................... 206 8 ModernTrendsinQuantumKeyDistributionNetworks ............... 209 8.1 QKDin5GNetworks................................................... 209 8.2 Measurement-DeviceIndependentQKD .............................. 215 8.3 QuantumRepeater ...................................................... 219 8.4 Summary ................................................................ 219 References..................................................................... 220 Acronyms 5G Thefifthgenerationofcellularnetworks AAU ActiveAntennaUnit AES AdvancedEncryptionStandard AIT AustrianInstituteofTechnology API ApplicationProgrammersInterface ASMT ArbitrarilySecureMessageTransmission ATM AsynchronousTransferMode BBN BoltBeranekandNewman BBU BaseBandUnit BF Bellman-Ford BGP BorderGatewayProtocol CAC CallAdmissionControl CC CommonCriteria CIA Confidentiality-Integrity-Availability CLI CommandLineInterface CO CentralOffice CV-QKD Continuous-VariableQKD CVSS CommonVulnerabilityScoringSystem DDoS DistributedDenial-of-Service DH Diffie-Hellmankeyagreementprimitive DHE EphemeralDiffie-Hellman(DHE) DiffServ DifferentiatedServices DIQKD Device-IndependentQuantumKeyDistribution DoS Denial-of-Service DSCP DifferentiatedServicesCodePoint DSDV Destination-SequencedDistance-Vector DU DigitalUnit DV DistanceVector DV-QKD DiscreteVariablesQKD E2E End-to-End ECN ExplicitCongestionNotification xiii