Extending Quantum-Safe Communications to Real-World Networks: An Adaptive Security Framework
Ane Sanz, Eire Salegi, Asier Atutxa, David Franco, Jasone Astorga, Eduardo Jacob
TL;DR
Addresses the challenge of quantum threats in real-world networks by proposing an adaptive framework that unifies QKD and PQC under centralized management. The approach introduces four security levels and a vKMS/QuSeC control plane to tailor quantum-safe protection to node capabilities, enabling end-to-end security across heterogeneous networks. The framework is implemented in a Kubernetes-based testbed and validated for correctness, interoperability, and latency within ETSI QKD specifications. The results indicate practical viability for gradual, standards-aligned deployment of quantum-safe infrastructure.
Abstract
The advent of quantum computing threats classical cryptographic mechanisms, demanding new strategies for securing communication networks. Since real-world networks cannot be fully Quantum Key Distribution (QKD)-enabled due to infrastructure constraints, practical security solutions must support hybrid operation. This paper presents an adaptive security framework that enables quantum-safe communications across real-world heterogeneous networks by combining QKD and Post-Quantum Cryptography (PQC). Building upon a hierarchical key management architecture with Virtual Key Management Systems (vKMS) and a centralized Quantum Security Controller (QuSeC), the framework dynamically assigns security levels based on node capabilities. By transitioning between pure QKD, hybrid, and PQC modes, it ensures end-to-end quantum-safe protection regardless of the underlying node capabilities. The framework has been implemented and validated on a Kubernetes-based containerized testbed, demonstrating robust operation and performance across all scenarios. Results highlight its potential to support the gradual integration of quantum-safe technologies into existing infrastructures, paving the way toward fully quantum-safe communication networks.