Cao Yuan, Zhao Yongli, Colman-Meixner Carlos, Yu Xiaosong, Zhang Jie
Opt Express. 2017 Oct 30;25(22):26453-26467. doi: 10.1364/OE.25.026453.
Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.
软件定义光网络(SDON)将成为下一代光网络架构。然而,SDON的光层和控制层容易受到网络攻击。虽然数据加密是将网络攻击负面影响降至最低的有效方法,但安全密钥交换是其主要挑战,而量子密钥分发(QKD)技术可以解决这一问题。因此,在本文中,我们讨论了QKD与波分复用(WDM)光网络的集成,通过引入一种由新颖的路由、波长和密钥分配(RWKA)算法实现的新颖的按需密钥(KoD)方案来保障SDON架构的安全。具有KoD模型的SDON上的QKD通过两个步骤提供安全性:i)构建量子密钥池(QKP)以保障控制信道(CCh)和数据信道(DCh)的安全;ii)KoD方案使用RWKA算法为不同的安全需求分配和更新密钥。为了测试我们的模型,我们定义了一个安全概率指标,用于衡量CCh和DCh中的安全增益。仿真结果表明,通过在QKP中提供足够的密钥并考虑潜在的网络攻击进行密钥更新,可以提高CCh和DCh的安全性能。此外,KoD有利于在安全需求和密钥资源使用之间实现积极的平衡。
