Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Quantum-safe Edge Applications: How to Secure Computation in Distributed Computing Systems

Claudio Cicconetti, Dario Sabella, Pietro Noviello, Gennaro Davide Paduanelli

TL;DR

The paper addresses securing distributed edge computing against quantum-era threats by integrating Quantum Key Distribution with ETSI MEC and MEC federation. It proposes a detailed software architecture and a security-context creation flow that provide QKD-based symmetric keys for edge application data, enabling end-to-end protection across domains. The work analyzes motivating use cases in healthcare and automotive, discusses deployment costs, limitations, and practical challenges such as last-mile connectivity and cross-domain federation. It also outlines a look-ahead for federation-wide QKD-enabled secure communication and identifies standardization gaps and necessary API and signaling enhancements to realize interoperable secure edge deployments.

Abstract

The advent of distributed computing systems will offer great flexibility for application workloads, while also imposing more attention to security, where the future advent and adoption of quantum technology can introduce new security threats. For this reason, the Multi-access Edge Computing (MEC) working group at ETSI has recently started delving into security aspects, especially motivated by the upcoming reality of the MEC federation, which involves services made of application instances belonging to different systems (thus, different trust domains). On the other side, Quantum Key Distribution (QKD) can help strengthen the level of security by enabling the exchange of secure keys through an unconditionally secure protocol, e.g., to secure communication between REST clients and servers in distributed computing systems at the edge. In this paper, we propose a technical solution to achieve this goal, building on standard specifications, namely ETSI MEC and ETSI QKD, and discussing the gaps and limitations of current technology, which hamper full-fledged in-field deployment and mass adoption. Furthermore, we provide our look-ahead view on the future of secure distributed computing through the enticing option of federating edge computing domains.

Quantum-safe Edge Applications: How to Secure Computation in Distributed Computing Systems

TL;DR

The paper addresses securing distributed edge computing against quantum-era threats by integrating Quantum Key Distribution with ETSI MEC and MEC federation. It proposes a detailed software architecture and a security-context creation flow that provide QKD-based symmetric keys for edge application data, enabling end-to-end protection across domains. The work analyzes motivating use cases in healthcare and automotive, discusses deployment costs, limitations, and practical challenges such as last-mile connectivity and cross-domain federation. It also outlines a look-ahead for federation-wide QKD-enabled secure communication and identifies standardization gaps and necessary API and signaling enhancements to realize interoperable secure edge deployments.

Abstract

The advent of distributed computing systems will offer great flexibility for application workloads, while also imposing more attention to security, where the future advent and adoption of quantum technology can introduce new security threats. For this reason, the Multi-access Edge Computing (MEC) working group at ETSI has recently started delving into security aspects, especially motivated by the upcoming reality of the MEC federation, which involves services made of application instances belonging to different systems (thus, different trust domains). On the other side, Quantum Key Distribution (QKD) can help strengthen the level of security by enabling the exchange of secure keys through an unconditionally secure protocol, e.g., to secure communication between REST clients and servers in distributed computing systems at the edge. In this paper, we propose a technical solution to achieve this goal, building on standard specifications, namely ETSI MEC and ETSI QKD, and discussing the gaps and limitations of current technology, which hamper full-fledged in-field deployment and mass adoption. Furthermore, we provide our look-ahead view on the future of secure distributed computing through the enticing option of federating edge computing domains.
Paper Structure (10 sections, 6 figures)

This paper contains 10 sections, 6 figures.

Table of Contents

  1. Introduction
  2. Motivating Use Cases
  3. Cybersecurity in Healthcare
  4. Cybersecurity in Automotive
  5. Interworking of MEC and QKD
  6. Detailed Software Architecture
  7. Security context creation
  8. Discussion
  9. Looking ahead
  10. Conclusions

Figures (6)

  • Figure 1: Distributed computing scenarios
  • Figure 2: Exemplary deployment of a MEC federation
  • Figure 3: High-level interworking between ETSI MEC and QKD.
  • Figure 4: Detailed software architecture of an ETSI MEC computing infrastructure providing clients with services, also including encryption of private data with keys made available by a QKD network through an ETSI QKD 014 API. The security context creation procedure (step 10) is shown separately in \ref{['fig:sec-context-creation']}.
  • Figure 5: Security context creation procedure within the proposed software architecture (step 10 in \ref{['fig:arch']}).
  • ...and 1 more figures