A Security Plane Architecture for Ultra-Low-Energy, High-Capacity Optical Transport Networks

J.M. Rivas-Moscoso, A. Melgar, Luca Poti, K. Krilakis, Luis Velasco, S. Bahrani, M. Svaluto Moreolo, I. Tafur Monroy, P. Nguyen, M. Ruiz, D.K. Syvridis, A. Mandilara, A. Pagano, J. Morales, A. Pastor, R. Nejabati, Rui Wang, P. Nadimi Goki, A. Sanchez-Macian, S. CivelliS. Rommel, C. Rubio Garcia, M. Iqbal, R. Oliviera, J.C. Hernandez-Hernandez, D. Larrabeiti, J. Folgueira

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
22 Downloads (Pure)

Abstract

The evolution toward agile, ultra-low-energy, high-capacity optical transport networks can benefit from solutions incorporating multi-band, multi-fiber, and point-to-multipoint (P2MP)/sliceable high-capacity transport technologies carefully designed to simplify network hierarchy and minimize optical-electrical-optical (OED) conversions. To guarantee quantum-secure communications, these networks require a thorough reassessment of their security plane architecture, acting as a transversal plane to the data and control planes. In this paper, we propose a programmable Quantum Key Distribution (QKD) network built upon multi-protocol QKD systems, including entangled QKD for P2MP secure access/metro scenarios, Quantum Random Key Generation (QRNG) modules as alternative entropy sources for links where QKD system deployment is not economically viable, and hybrid classic/QKD/Post-Quantum Cryptography (PQC) primitives for greater flexibility and backward compatibility. Authentication services are performed through physically-unclonable-function (PUF) certification authorities, particularly implementing strong Rayleigh-backscattering-pattern or speckle-pattern-based optical Physically Unclonable Functions (OP-UFs). These security technologies leverage on agnostic key management system (KMS) and quantum digital twin (QDT) assisted performance optimization, e.g. for artificial intelligence (AI)-based State of Polarization (SOP) compensation. Key relay between border nodes is realized by means of a combination of a centralized PUF and a procedure to securely exchange keys between KMSs based on ETSI-014 and PQC. The KMS can feed keys to encryptors implemented at the different data-plane layers, but the proposed architecture favors encryption relying on physical-layer security techniques to align with the above design principle aimed at a flatter network and fewer OEO conversions. Examples of this are Light Path SECurity (LPSec) techniques, consisting of two nested physical ciphers ensuring a high-security level, and all-optical steganography. Coexistence of classical and quantum signals is generally feasible in the access and metro segments, whereas in the backbone segment it needs to be evaluated on a case-by-case basis.

Original languageEnglish
Title of host publication2024 International Conference on Quantum Communications, Networking, and Computing, QCNC 2024
PublisherInstitute of Electrical and Electronics Engineers
Pages231-235
Number of pages5
ISBN (Electronic)979-8-3503-6677-8
DOIs
Publication statusPublished - 22 Aug 2024
Event1st International Conference on Quantum Communications, Networking, and Computing, QCNC 2024 - Kanazawa, Japan
Duration: 1 Jul 20243 Jul 2024

Conference

Conference1st International Conference on Quantum Communications, Networking, and Computing, QCNC 2024
Country/TerritoryJapan
CityKanazawa
Period1/07/243/07/24

Keywords

  • KMS Relay
  • LPsec
  • Optical Fingerprint
  • Optical Transport Network
  • PUF
  • QKD
  • Steganography

Fingerprint

Dive into the research topics of 'A Security Plane Architecture for Ultra-Low-Energy, High-Capacity Optical Transport Networks'. Together they form a unique fingerprint.

Cite this