Hybrid Quantum-Safe integration of TLS in SDN networks

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-05-20 DOI:10.1016/j.comnet.2025.111355

Jaime S. Buruaga , Ruben B. Méndez , Juan P. Brito , Vicente Martin

{"title":"Hybrid Quantum-Safe integration of TLS in SDN networks","authors":"Jaime S. Buruaga , Ruben B. Méndez , Juan P. Brito , Vicente Martin","doi":"10.1016/j.comnet.2025.111355","DOIUrl":null,"url":null,"abstract":"<div><div>Shor’s algorithm efficiently solves factoring and discrete logarithm problems using quantum computers, compromising all public key schemes used today. Algorithms such as RSA, DHKE, and ECC will not work in a world with quantum computers, since they can easily invert the functions that provide their computational strength in the classical world. These schemes rely on assumptions on their computational complexity, which quantum computers can easily bypass. The solutions have to come from new algorithms – called Post-Quantum Cryptography (PQC) – or from new methods, such as Quantum Key Distribution (QKD). The former replicate the computational security ideas of classical public key algorithms, while the latter recurs to use the quantum properties of nature, which also brings a mathematical security proof, potentially offering Information-Theoretic Security. To secure data in the future, we must adopt these paradigms. With the speed of quantum computing advancements, the transition to quantum-safe cryptography within the next decade is critical. Delays could expose long-lived confidential data, as current encryption may be broken before its value expires. However, the shift must balance the adoption of new technologies with maintaining proven systems to protect against present and future threats. In this work, we have selected Transport Layer Security (TLS), one of the most widely used protocols, as the foundation to hybridize classical, quantum, and post-quantum cryptography in a way suitable for broad adoption in Software-Defined Networking (SDN), the most flexible networking paradigm that has been used to deploy integrated quantum–classical networks. To this end, we use standards for QKD key extraction and SDN integration. The purposed implementation is based on the latest version of TLS (1.3) and demonstrates advanced capabilities such as rekeying and key transport across a large QKD network, while supporting crypto-agility and maintaining backward compatibility through the use of ciphersuites. The performance of this approach has been demonstrated using a deployed production infrastructure.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"267 ","pages":"Article 111355"},"PeriodicalIF":4.6000,"publicationDate":"2025-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625003226","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Shor’s algorithm efficiently solves factoring and discrete logarithm problems using quantum computers, compromising all public key schemes used today. Algorithms such as RSA, DHKE, and ECC will not work in a world with quantum computers, since they can easily invert the functions that provide their computational strength in the classical world. These schemes rely on assumptions on their computational complexity, which quantum computers can easily bypass. The solutions have to come from new algorithms – called Post-Quantum Cryptography (PQC) – or from new methods, such as Quantum Key Distribution (QKD). The former replicate the computational security ideas of classical public key algorithms, while the latter recurs to use the quantum properties of nature, which also brings a mathematical security proof, potentially offering Information-Theoretic Security. To secure data in the future, we must adopt these paradigms. With the speed of quantum computing advancements, the transition to quantum-safe cryptography within the next decade is critical. Delays could expose long-lived confidential data, as current encryption may be broken before its value expires. However, the shift must balance the adoption of new technologies with maintaining proven systems to protect against present and future threats. In this work, we have selected Transport Layer Security (TLS), one of the most widely used protocols, as the foundation to hybridize classical, quantum, and post-quantum cryptography in a way suitable for broad adoption in Software-Defined Networking (SDN), the most flexible networking paradigm that has been used to deploy integrated quantum–classical networks. To this end, we use standards for QKD key extraction and SDN integration. The purposed implementation is based on the latest version of TLS (1.3) and demonstrates advanced capabilities such as rekeying and key transport across a large QKD network, while supporting crypto-agility and maintaining backward compatibility through the use of ciphersuites. The performance of this approach has been demonstrated using a deployed production infrastructure.

查看原文本刊更多论文

SDN网络中TLS的混合量子安全集成

肖尔算法使用量子计算机有效地解决了因数分解和离散对数问题，危及了目前使用的所有公钥方案。RSA、DHKE和ECC等算法将无法在量子计算机的世界中工作，因为它们可以很容易地反转在经典世界中提供计算强度的函数。这些方案依赖于对其计算复杂性的假设，而量子计算机可以很容易地绕过这些假设。解决方案必须来自新的算法——称为后量子密码学（PQC）——或者来自新的方法，如量子密钥分发（QKD）。前者复制了经典公钥算法的计算安全思想，而后者则反复使用自然界的量子特性，这也带来了数学安全性证明，可能提供信息论安全性。为了在未来保护数据，我们必须采用这些范例。随着量子计算的发展速度，在未来十年内向量子安全加密技术的过渡至关重要。延迟可能会暴露长期存在的机密数据，因为当前的加密可能在其价值到期之前被破解。然而，这种转变必须在采用新技术与维护成熟的系统之间取得平衡，以防止当前和未来的威胁。在这项工作中，我们选择了最广泛使用的协议之一传输层安全（TLS）作为混合经典，量子和后量子加密的基础，以适合在软件定义网络（SDN）中广泛采用的方式，这是用于部署集成量子-经典网络的最灵活的网络范例。为此，我们采用了QKD密钥提取和SDN集成的标准。目标实现基于最新版本的TLS(1.3)，并演示了跨大型QKD网络的密钥重置和密钥传输等高级功能，同时支持加密灵活性，并通过使用密码套件保持向后兼容性。使用已部署的生产基础设施演示了这种方法的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.