Research On Survivability Technology Of Quantum Key Distribution Networks

Security of network information is a guarantee asset for building a network power,which has a temporary impact on social economy,science,and other aspects.Quantum key distribution(QKD)can provide a secure distribution method,and thus the forming of QKD networks is a high strategic competition for science,national strength,and military warfare of strong countries.Thus,the development of QKD networks becomes an important strategic task of these countries,and is of great significance to the further guarantee of network security.This paper focuses on the survivability technologies of QKD networks,starting from the connectivity of end-to-end secret-key provisioning,with the studies of end-to-end QKD network architecture which mainly includes QKD core networks and QKD edge networks.In the QKD core network,targeting at the challenge of efficiency and the flexibility increasement of secret-key provisioning,we designed a"double" protection technology and a "multi-dimensional" recovery technology for the secret-key provisioning capability.In the QKD edge networks,a "resilient" secret-key reservation technology is designed to improve the survivability.Next,the main work and innovation are described as follows:(1)Research on QKD network architecture for the software-defined-based interconnection.Aiming at the connectivity of end-to-end secret-key provisioning,we propose a QKD network architecture based on software-defined interconnection.The architecture is divided into core area and edge areas which are respectively placed controllers.The end-to-end key supply connection interaction process under different user key request types is designed to provide an interconnection mechanism for the secret-key provision under different network areas.Considering trusted-relaying process for QKD,there are security risks in the subsequent process which requires a secret-key provisioning strategy with path selection based on the least number of relaying hops,optimal use of network resources.Also,a global network strategy is proposed to alleviate the conflicts between security enhancement and resource shortage faced by end-to-end secret-key provisioning.Simulations verify the effectiveness of the proposed architecture,and the results show that the proposed strategies have different advantages,which can respectively reduce the failure rate nearly 9.6%,reduce two-hop relay times on average,and increase the network-resource utilization about 6%.(2)Research on the "dual protection" technology of secret-key provisioning and secret-key updating for the QKD in core network.Aiming at the efficacy and invulnerability of secret-key provisioning in QKD core network,three key update processes,i.e.,"full update,partial update,and no update" are designed to ensure the security of the keys and slow down the security of the keys at the node and the contradiction with tight network resource occupancy.In view of the characteristics of a large number of secret-key provisions in QKD core networks,different degrees of protection are set for the normal secret-key provision and key updating.The dual protection technology of "secret-key provisioning and secret-key updating" prevents large-scale impacts caused by the link failure,having the ability to provide effective protection after a single protection failure.The simulation results show that there is a competitive relationship between the protection and the updating in terms of wavelength and key resources.(3)Research on "multi-dimensional" recovery technology of secret-key provision in QKD edge networks.Aiming at the efficacy and invulnerability of secret-key provisioning in QKD core network,we built a mathematical model of key flow before and after the failure,which are quantified by three states "oversupply,temporary full supply,and short supply".In view of diversified characteristics of QKD-network resources,the recovery of secret-key provision schemes is designed under routing dimension,channel dimension and time dimension.Also,the three latitudes are combined to provide survival guarantee for key supply in the network,to enhance the QKD network's ability to against single link failure.Simulation verified that the proposed schemes have different levels of recovery performances.The results show that when the routing dimension cannot provide recovery,the channel dimension scheme can recover 30%of the secret-key provision,and the time dimension can recover 100%.(4)Research on the "elastic" reservation technology of backup keys in QKD edge networks.Aiming at the elasticity and invulnerability of QKD edge networks,the elasticity of secret-key provision in QKD network is studied,and a mathematical model is built for the key numbers in key pool changing over time.The simulation results show that key volume of key pool changes periodically over time,and key supplememnt and consumption rate will increase or shorten the cycle length.For the problem of QKD edge network against link failure,we designed a backup key reservation technology though the estimation of the amount of key required by a single user during a single-link failure,and makes full use of network time slots to reserve keys,which can increase the supply capacity of the key pool to satisify user requests during the failure.The simulation results show that the proposed scheme can not only increase the key supply capacity efficiently,but also improve the efficiency of key reservation.