Quantum-Safe integration of TLS in SDN networks

TL;DR

This paper presents a practical approach to integrating quantum-safe cryptography into SDN networks by hybridizing TLS with quantum key distribution, ensuring security against quantum attacks while maintaining compatibility and performance.

Contribution

It introduces a novel method for integrating quantum-safe cryptography into TLS within SDN, enabling secure, scalable, and backward-compatible quantum-resistant networking.

Findings

Successful implementation of quantum-safe TLS in SDN networks.

Demonstrated rekeying and key transport over large QKD networks.

Maintained backward compatibility with existing systems.

Abstract

Shor's algorithm efficiently solves factoring and discrete logarithm problems using quantum computers, compromising all public key schemes used today. These schemes rely on assumptions on their computational complexity, which quantum computers can easily bypass. The solutions have to come from new algorithms - called Post-Quantum Cryptography (PQC) - or from new methods, such as Quantum Key Distribution (QKD). The former replicate the computational security ideas of classical public key algorithms, while the latter recurs to use the quantum properties of nature, which also brings a mathematical security proof, potentially offering Information-Theoretic Security. To secure data in the future, we must adopt these paradigms. With the speed of quantum computing advancements, the transition to quantum-safe cryptography within the next decade is critical. Delays could expose long-lived confidential data, as current encryption may be broken before its value expires. However, the shift must balance the adoption of new technologies with maintaining proven systems to protect against present and future threats. In this work, we have selected Transport Layer Security, one of the most widely used protocols, as the foundation to hybridize classical, quantum, and post-quantum cryptography in a way suitable for broad adoption in Software-Defined Networking, the most flexible networking paradigm that has been used to deploy integrated quantum-classical networks. To this end, we use standards for QKD key extraction and SDN integration. The purposed implementation is based on the latest version of TLS and demonstrates advanced capabilities such as rekeying and key transport across a large QKD network, while supporting crypto-agility and maintaining backward compatibility through the use of ciphersuites. The performance of this approach has been demonstrated using a deployed production infrastructure.