A Protocol for Synchronizing Quantum-Derived Keys in IPsec and its Implementation

Publikation aus Digital
Connected Computing

Marksteiner S., Maurhart O.

The Ninth International Conference on Quantum, Nano/Bio, and Micro Technologies (ICQNM 2015), pp. 35 - 40, 2015


This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distribution (QKD)- secured communication through using rapidly rekeyed Internet Protocol security (IPsec) links. QKD is a cutting-edge security technology that provides mathematically proven security by using quantum physical effects and information theoretical axioms to generate a guaranteed non-disclosed stream of encryption keys. Although it has been a field of theoretical research for some time, it has only been producing market-ready solutions for a short period of time. The downside of this technology is that its key generation rate is only around 12,500 key bits per second. As this rate limits the data throughput to the same rate, it is substandard
 for normal modern communications, especially for securely interconnecting networks. IPsec, on the other hand, is a well-known security protocol that uses classical encryption and is capable of exactly creating site-to-site virtual private networks. This paper presents a solution which combines the performance advantages of IPsec with QKD. The combination sacrifices only a small portion of QKD security by using the generated keys a limited number of times instead of just once. As a part of this, the solution answers the question of how many data bits per key bit make sensible upper and lower boundaries to yield high performance while maintaining high security. While previous approaches complement the Internet Key Exchange protocol (IKE), this approach simplifies the implementation with a new key synchronization concept. Furthermore, it provides a Linux-based module for the AIT QKD software using the Netlink XFRM Application Programmers Interface to feed the quantum key to the IPsec cipher. This enables wire-speed, QKD-secured communication links for business applications.

Keywords: Quantum Key Distribution; QKD; IPsec; Cryptography; Protocols