Resource Allocation in Optical Networks Secured by Quantum Key Distribution Yongli Zhao, Yuan Cao, Wei Wang, Hua Wang, Xiaosong Yu, Jie Zhang, Beijing University of Posts and Telecommunications, Beijing, China Massimo Tornatore, Politecnico di Milano, Milan, Italy Yu Wu, Biswanath Mukherjee, University of California, Davis, CA, USA Abstract Optical-network security is attracting increasing research attention, as loss of confidentiality of data transferred through an optical network could impact a huge number of users and services. Data encryption is an effective way to enhance optical network security. In particular, quantum key distribution (QKD) is being investigated as a secure mechanism to provide keys for data encryption at the end-points of an optical network. In a QKD-enabled optical network, apart from traditional data channels (TDChs), two additional channels, called quantum signal channels (QSChs) and public interaction channels (PIChs), are required to support the secure key synchronization. How to allocate network resources to QSChs, PIChs, and TDChs is emerging as a novel problem for the design of a security-guaranteed optical network. This article addresses the resource-allocation problem in optical networks secured by QKD. We first discuss a possible architecture for a QKD-enabled optical network, where a software-defined networking (SDN) controller is in charge of allocating the three types of channels (TDCh, QSCh, and PICh) over different wavelengths exploiting wavelength-division multiplexing (WDM). To save wavelength resources, we propose to adopt optical time-division multiplexing (OTDM) to allocate multiple QSChs and PIChs over the same wavelength. A routing, wavelength, and time-slot assignment (RWTA) algorithm is designed to allocate wavelength and time-slot resources for the three types of channels. Different security levels are included in the RWTA algorithm by considering different key-updating periods (i.e., the period after which the secure key between two end-points has to be updated). Illustrative simulation results show the effects of different security-level configuration schemes on resource allocation. 1. Introduction Optical networks today represent a fundamental infrastructure for data transport in the Internet, with more than two billion kilometers of fibers deployed globally [1]. Fiber transmission in optical networks has been traditionally considered as a very secure communication platform, due to the inherent isolation of the optical signal inside the fiber medium (as opposed to wireless communication). Yet, over the past decade, several incidents have shaken this confidence. As an example, only in 2015, there were 16 known attacks on fiber-optic cables just in the San Francisco area; and, in several other cases, confidentiality of data transferred through an optical network is suffering from increased eavesdropping and interception [2]. Thus, implementation of security countermeasures directly at the optical layer is gaining importance. Data encryption is an effective way to enhance communication security, as it prevents eavesdroppers to access the data unless they possess the encryption key. Several architectures that enable fast encryption in the optical domain have been proposed [3]; a commonly-used and fast data encryption method is the advanced encryption standard (AES) algorithm, whose encryption efficiency [4] makes it suitable for high-bit-rate optical networks. However, the security of current key-distribution techniques relies on their computational complexity, and the emergence of high-performance quantum computers will render most of today’s encryption insecure [5]. Quantum key distribution (QKD) represents a future-proof solution to guarantee secure key distribution as it relies on quantum mechanics. The basic principles of quantum mechanics, e.g., quantum no-cloning theorem (i.e., an unknown quantum state cannot be copied) and Heisenberg uncertainty principle (i.e., no measurement by an eavesdropper can determine the value of both observables simultaneously) [6], can be used to prove that two remote end-points of an optical link can generate a shared random secure key known only to them by using specific quantum-communication protocols, such as BB84 proposed by IBM in 1984 [7]. Such a shared random secure key can then be used to encrypt the messages exchanged between the two end-points. The most important and unique feature of QKD is that the two communicating end-points are able to detect the presence of any third party trying to gain knowledge of the key, and this feature can significantly enhance the security of the key-distribution system. For each optical connection to be established in the network, in addition to the traditional data channel (TDCh), QKD requires a quantum-signal channel (QSCh) and a public-interaction channel (PICh) for secure key synchronization [8]. Until now, researchers have tried to verify QKD’s practicality in existing optical networks by testing quantum-signal transmission and secure key generation rate over different fiber spectrum areas [9-11], showing, e.g., that best transmission performance of QSCh is achieved in the C-band [10]; and that, to reduce the negative impact of physical-layer impairments, such as Raman scattering and four- wave-mixing, QSCh should be located at the highest frequency, and a large guard band, e.g., 200 GHz, should be reserved between QSCh and PICh [11]. So far, no studies have appeared on the networking aspects and algorithmic solutions related to QSCh and PICh allocation in the fiber spectrum. Using wavelength-division multiplexing (WDM), QSChs and PIChs can share the same fiber with traditional data channel (TDCh) to conserve fiber resources in optical networks. Since fiber spectral resources are finite (and precious, especially in the long haul), novel strategies for effective resource utilization in QKD-enabled optical networks are necessary. In this article, we discuss the resource-allocation problem that arises when jointly serving the aforementioned three types of channels, and we propose an effective algorithmic solution to the problem. The contributions of this article are three-fold: 1) We illustrate a QKD-enabled optical network architecture, in which control plane is realized by using software-defined networking (SDN), and the three types of channels are configured by an SDN controller over different wavelengths. 2) We introduce the concept of different security levels, associated to different key-updating periods in QKD-enabled optical networks, and study the impact of two different configuration schemes for the key-updating periods. 3) We propose a novel routing, wavelength, and time-slot assignment (RWTA) algorithm to allocate resources for the three types of channels, and evaluate the benefits of RWTA over different scenarios, e.g., different key-updating periods and different configuration schemes of security levels. 2. Resource Allocation Problem in QKD-Enabled Optical Networks 2.1 Point-to-point QKD mechanism To describe the basic idea of QKD, Fig. 1 shows the point-to-point QKD system for data encryption and decryption based on the most-widely-used QKD protocol, i.e., BB84 [7]. Note that, in long-distance networks, BB84 should be implemented based on a polarization-coding scheme combined with a decoy method, and in our system model, we assume that vacuum states are adopted as decoy states (for more information about physical-layer issues of QKD, as decoy and vacuum states, please refer to [9]). An example of the procedure to establish a secure optical channel with QKD is reported in Fig. 1: QSS (quantum signal source) transmits single photons to PF1 (polarization filter), and RNG1 (random number generator) generates random binary bits, e.g., ① 100110, to PF1. A string of single photons passes through PF1, where each photon can be polarized in one of four states: vertical (V→1+), horizontal (H→0+), and diagonal (+45°→1× and −45°→0×), according to the generated random bit (i.e., either 1 or 0) and measuring-basis② (i.e., either rectilinear (+) or diagonal (×)). The polarized single photons (called quantum signals) encoded with the random binary bits are also called quantum bits (qubits). Alice sends qubits to Bob via QSCh, while PICh is used for clock synchronization of qubits. After transmission, each qubit will be detected at PF2 using a randomly-selected measuring-basis ③ (generated by RNG2). QD (quantum detector) detects the qubits from PF2 and decodes them to binary bits. Bob sends his selected measuring-basis to④ Alice via PICh. Alice confirms the correct measuring-basis via PICh to Bob. Bob discards the bits which correspond to ⑤the unmatched measuring basis, and filters the final secure keys out after error correction,⑥ privacy amplification, and authentication via PICh [7].⑦ Alice uses the secure keys obtained as described above to⑧ encrypt data. Alice transports encrypted data to Bob via TDCh. Bob uses the shared keys from quantum receiver to decrypt data. ⑨ ⑩ ⑪ Data transceiver Data transceiver Traditional Data Channel (TDCh) Alice Wavelength Bob Division Public-Interaction Channel (PICh) Secure Keys(Encrypt) Multiplexing Secure Keys(Decrypt) Quantum-Signal Channel (QSCh) 9 11 10 (WDM) Quantum RNG1 RNG2 Quantum PF: Polarization Filter transmitter receiver QD: Quantum Detector 7 6 8 Fiber QSS: Quantum Signal Source 1 2 3 4 5 RNG: Random Number Generator QSS PF1 PF2 QD Figure 1. Point-to-point QKD system for data encryption and decryption. Based on this mechanism, Alice and Bob