Dynamic Quantum Safe Security on Demand

Making efficient use of premium quantum safe encrypted links – using software defined network control to switch create secure ‘network slices’ on demand.

Quantum Key Distribution (QKD) requires a point to point optical link between two endpoints. Low intensity light (close to single photon level) is used to transmit information between the endpoint, and establish a shared secret key which cannot be known by a third party, according to the laws of quantum mechanics. These secret keys can be used for encryption, either by a software application or by a dedicated hardware encryptor. Hardware encryptors are highly efficient, and can be used to bulk encrypt all the traffic passing between two sites. For example, they may add only a few microseconds of latency in encrypting up to 100Gbps of traffic, and decrypting again at the remote site. In some cases the hardware encryptors are built into the layer 1 line cards, encrypting frames in a protocol such as OTN, or in other cases encryptors may work at Layer 2 (Ethernet) or Layer 3 (IP).

Provisioning a link with hardware encryption and QKD represents a significant investment in security. However a pair of endpoints may not require a high level of security for all of their traffic. Perhaps a circuit with the highest level of security and data capacity is required only for certain operations, such as backing up aggregated customer data. Operators may want to allocate this expensive resource dynamically. Provisioning a share of network resources to meet a customer or application requirement is known as allocating a Network Slice.This can be achieved with a combination of software defined network control to dynamically configure optical and ethernet switches to switch in the secure links on demand, while other requirements such as capacity and latency can also be taken into account in the plan. In this way a mesh of secure encrypted links, alongside normal unencrypted links, can be used to satisfy demand across the network for both long term quantum secure encrypted communications links, and standard communications links which rely on end-user encryption in the application layer.