VNF Deployment and Service Automation to Provide End-to-End Quantum Encryption

The nature of network services has drastically changed in recent years. New demands require new capabilities, forcing the infrastructure to dynamically adapt to new scenarios. Novel network paradigms, such as software-defined networking (SDN) and network functions virtualization (NFV), have appeared to provide flexibility for network management and services. The reliance on software and commoditized hardware of these new paradigms introduce new security threats and, consequently, one of the most desired capabilities is a strengthened security layer when connecting remote premises. On the other hand, traditional cryptographic protocols are based on computational complexity assumptions. They rely on certain mathematical problems (e.g. integer factorization, discrete logarithm or elliptic curve) that cannot be efficiently solved using conventional computing. This general assumption is being revisited because of quantum computing. The creation of a quantum computer would put these protocols at risk and force a general overhaul of network security. Quantum Key Distribution (QKD) is a novel technique for providing synchronized sources of symmetric keys between two separated domains. Its security is based on fundamental laws of quantum physics, which makes impossible to copy the quantum states exchanged between both endpoints. Therefore, if implemented properly, QKD generates highly secure keys, immune to any algorithmic cryptanalysis. This work proposes a node design to provide QKD-enhanced security in end-to-end (E2E) services and analyze the control plane requirements for service provisioning in transport networks. We define and demonstrate the necessary workflows and protocol extensions in different SDN scenarios, integrating the proposed solution into a virtual router providing QKD-enhanced IPsec sessions.