A Secure Communication Network Infrastructure Based on Quantum Key Distribution Technology

Yoshimichi TANIZAWA  Ririka TAKAHASHI  Hideaki SATO  Alexander R. DIXON  Shinichi KAWAMURA  

IEICE TRANSACTIONS on Communications   Vol.E99-B   No.5   pp.1054-1069
Publication Date: 2016/05/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.2015AMP0006
Type of Manuscript: Special Section PAPER (Special Section on Internet Architectures and Management Methods that Enable Flexible and Secure Deployment of Network Services)
secure communication,  network infrastructure,  key management,  Quantum Key Distribution,  

Full Text: PDF(2.9MB)>>
Buy this Article

Quantum key distribution (QKD), a cryptography technology providing information theoretic security based on physical laws, has moved from the research stage to the engineering stage. Although the communication distance is subject to a limitation attributable to the QKD fundamentals, recent research and development of “key relaying” over a “QKD network” is overcoming this limitation. However, there are still barriers to widespread use of QKD integrated with conventional information systems: applicability and development cost. In order to break down these barriers, this paper proposes a new solution for developing secure network infrastructure based on QKD technology to accommodate multiple applications. The proposed solution introduces 3 functions: (1) a directory mechanism to manage multiple applications hosted on the QKD network, (2) a key management method to share and to allocate the keys for multiple applications, and (3) a cryptography communication library enabling existing cryptographic communication software to be ported to the QKD network easily. The proposed solution allows the QKD network to accommodate multiple applications of various types, and moreover, realizes applicability to conventional information systems easily. It also contributes to a reduction in the development cost per information system, since the development cost of the QKD network can be shared between the multiple applications. The proposed solution was implemented with a network emulating QKD technology and evaluated. The evaluation results show that the proposed solution enables the infrastructure of a single QKD network to host multiple applications concurrently, fairly, and effectively through a conventional application programming interface, OpenSSL API. In addition, the overhead of secure session establishment by the proposed solution was quantitatively evaluated and compared.