Quantum key distribution (QKD) harnesses the principles of quantum physics to secure the transmission of sensitive data, resistant to eavesdropping and hacking attempts. PacketLight’s DWDM/OTN devices are ideal for the successful integration of QKD technology.
The world has become reliant on digital communication for all private and professional aspects of life. In today's interconnected world, data security is a top concern for individuals, businesses, and governments alike.
PacketLight’s Layer-1 encryption ensures the confidentiality and integrity of the data transmitted over fiber optic networks. The solution is based on GCM-AES-256 encryption standards, and uses Diffie-Hellman (DH) Elliptic Curve Key Exchange algorithm with P-384 curve and SHA-384 authentication. It provides security while keeping full transparency of the data transmitted, ensuring deliverability while strengthening data integrity.
The growing sophistication of cyber threats and the development of quantum computers may put optical networks at risk, requiring them to increase security and strengthen key exchange methods.
Please contact us for a quote or further assistance.
Diffie-Hellman key exchange is a robust security solution and is considered very secure. However, the emergence of quantum computers may require reinforcing the key exchange with a method that is not breakable even with these highly sophisticated computers.
QKD meets this demand by ensuring that highly secure and unbreakable encryption keys are shared between the parties, safeguarding their communication with quantum-level protection.
How does QKD work?
QKD enables two parties to generate a shared secret key, known only to them, for encrypting and decrypting messages. The process ensures exceptionally secure and unbreakable encryption keys, providing quantum-level protection against eavesdropping and hacking. QKD detects third party attempts to compromise the encryption key, by measuring a quantum system and identifying disturbances inadvertently left behind by eavesdroppers.
QKD can be implemented over C‑band or over O-band (1310 nm). The encryption bits are transmitted over a Quantum channel (Q-channel), either over a dedicated fiber, or over an existing wavelength.
QKD architecture
Each secured application entity (SAE) node, the data transfer nodes provided by PacketLight that use encryption/decryption, uses standard secured REST API protocol to receive the next quantum key from the local key management entity (KME) node, which are the QKD nodes provided by the QKD supplier, responsible for creating the quantum keys. The KME nodes use the QKD scheme to create a list of identical keys on both sides.
QKD over a dedicated fiber
The quantum channel is sensitive. The photons traversing through it must contend with distance and noise, which adversely affect the quality of the signal, especially over longer distances. For example, when using additional devices such as a multiplexer, which adds attenuation and reduces the quality of the signal.
Adding dark fiber between the sites which is dedicated to the Q channel enables the QKD to transmit more smoothly. This requires allocating a wavelength for the Clock (C-band) between the QKD units (multiplexed with the traffic wavelengths), as seen in Figure 2.
QKD over the same fiber
In this approach, a dedicated channel is allocated for the QKD units, with separate wavelengths for the Clock (C-band) and the Q-Channel (1310nm) multiplexed with the traffic wavelengths. One of the key benefits of this method is cost-effectiveness, as it avoids the need for additional infrastructure (fiber), as seen in Figure 3. The use of the same fiber for both purposes introduces noise, which limits the maximal QKD distance.
