Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Quantum Key Distribution Networks -- Key Management: A Survey

Emir Dervisevic, Amina Tankovic, Ehsan Fazel, Ramana Kompella, Peppino Fazio, Miroslav Voznak, Miralem Mehic

TL;DR

This survey analyzes the evolution of key management for QKD networks, highlighting how secure, timely ITS keys rely on decoupled key generation, storage, and supply with QoS-aware provisioning. It reviews a broad set of KM solutions (from DARPA to Cisco SKIP) and standard interfaces (ETSI QKD 014/004), identifying architectural patterns, storage models, and access control mechanisms. The work identifies gaps in standardization, scalable key formatting, and inter-vendor interoperability, and provides guidelines for future system-level design. The practical impact lies in informing researchers and practitioners how to architect KM layers that can support enterprise-scale QKD deployments with predictable security and performance.

Abstract

Secure communication makes the widespread use of telecommunication networks and services possible. With the constant progress of computing and mathematics, new cryptographic methods are being diligently developed. Quantum Key Distribution (QKD) is a promising technology that provides an Information-Theoretically Secure (ITS) solution to the secret-key agreement problem between two remote parties. QKD networks based on trusted repeaters are built to provide service to a larger number of parties at arbitrary distances. They function as an add-on technology to traditional networks, generating, managing, distributing, and supplying ITS cryptographic keys. Since key resources are limited, integrating QKD network services into critical infrastructures necessitates effective key management. As a result, this paper provides a comprehensive review of QKD network key management approaches. They are analyzed to facilitate the identification of potential strategies and accelerate the future development of QKD networks.

Quantum Key Distribution Networks -- Key Management: A Survey

TL;DR

This survey analyzes the evolution of key management for QKD networks, highlighting how secure, timely ITS keys rely on decoupled key generation, storage, and supply with QoS-aware provisioning. It reviews a broad set of KM solutions (from DARPA to Cisco SKIP) and standard interfaces (ETSI QKD 014/004), identifying architectural patterns, storage models, and access control mechanisms. The work identifies gaps in standardization, scalable key formatting, and inter-vendor interoperability, and provides guidelines for future system-level design. The practical impact lies in informing researchers and practitioners how to architect KM layers that can support enterprise-scale QKD deployments with predictable security and performance.

Abstract

Secure communication makes the widespread use of telecommunication networks and services possible. With the constant progress of computing and mathematics, new cryptographic methods are being diligently developed. Quantum Key Distribution (QKD) is a promising technology that provides an Information-Theoretically Secure (ITS) solution to the secret-key agreement problem between two remote parties. QKD networks based on trusted repeaters are built to provide service to a larger number of parties at arbitrary distances. They function as an add-on technology to traditional networks, generating, managing, distributing, and supplying ITS cryptographic keys. Since key resources are limited, integrating QKD network services into critical infrastructures necessitates effective key management. As a result, this paper provides a comprehensive review of QKD network key management approaches. They are analyzed to facilitate the identification of potential strategies and accelerate the future development of QKD networks.
Paper Structure (37 sections, 2 equations, 14 figures, 3 tables)

This paper contains 37 sections, 2 equations, 14 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Motivation
  3. Comparison to Existing Surveys
  4. Contribution
  5. Paper Organization
  6. Key Management
  7. Secure Key Storage
  8. Key synchronization
  9. Global key distribution
  10. Key supply
  11. ETSI GS QKD 014
  12. ETSI GS QKD 004
  13. Cisco SKIP protocol
  14. Key management solutions
  15. DARPA quantum network key management
  16. ...and 22 more sections

Figures (14)

  • Figure 1: a) Quantum key distribution between two remote sites. QKD-derived key material is used to establish quantum-secure flow of data between two applications dervisevic2021overview; b) Hop-by-hop global key distribution of a random key generated at a source node.
  • Figure 2: a) Most essential cryptographic key life cycle management; b) QKD process is performed in several sequential steps. The process begins with the quantum transmission of a random sequence of key bits. The correctness of information received through quantum transmission is highly dependent on measurement. Information obtained from incompatible measurements is discarded during a sifting procedure. The next step involves estimating the error rate and using its value to discover the eavesdropper. If the error rate is less than the threshold, the process proceeds to the error correction step. At the very end, a privacy amplification step is performed. The entire process must be authenticated.
  • Figure 3: The layered architecture of QKD network.
  • Figure 4: a) Use-case of the ETSI QKD 014 key supply interface; b) Use-case of the ETSI QKD 004 key supply interface. Only key stream session establishment is shown.
  • Figure 5: a) The IKEv2 key derivation function - a mixture of the traditional key and the PPK; b) Quantum-Safe IKEv2 and IPsec Session Keys with a dynamic PPK as proposed by the Cisco
  • ...and 9 more figures