QKD Class Reference

QKD QKDKeyManagerSystemApplication is a class used to serve requests for cryptographic keys from user's applications. More...

Detailed Description

QKD QKDKeyManagerSystemApplication is a class used to serve requests for cryptographic keys from user's applications.

association link

QKD Encryptor is a class used to perform encryption, decryption, authentication, atuhentication-check and encoding operations.

From the perspective of the SD-QKD node, a QKD application is defined as any entity requesting QKD-derived keys from the key manager within the node.

QKD QKDSDNController is a class used to controll the requests from KMSs and manage QKD network.

QKD QKDPostprocessingApplication is a class used to generate QKD key in key establishment process.

Note

QKDNetSim implements Key Management System (KMS) as an application that listens on TCP port 80. The KMS can be installed on any node but the QKD post-processing application expects the existence of a local KMS application on the same nodes where the post-processing application is implemented. The local KMS is contacted to add the keys to the QKD buffer and is contacted during the operation of the QKD application to retrieve the keys from the QKD buffer as described in the following section. Communication between KMS systems installed on different nodes is under construction and will be based on the ETSI QKD 004 standard. The KMS application tracks REST-full design serving status and key retrieval requests from QKD applications. The KMS follows HTTP 1.1 specification including Request-URI for mapping of request-response values. More details available at https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html

QKD protocols are used to securely generate new key material. Although there are different types of QKD protocols, each of them requires raw material processing through post-processing applications implementing the following steps: the extraction of the raw key (sifting), error rate estimation, key reconciliation, privacy amplification and authentication. However, since the QKDNetSim focus is primarily QKD network organization, management and network traffic, one uses QKD post-processing application to imitate the network activity of a QKD protocol. The goal was to build an application that credibly imitates the traffic from the existing post-processing applications to reduce the simulation time and computational resources. Such implementation of QKD post-processing allows analyzing the influence of various parameters on the state of the network, such as: the impact of key generation rate, the impact of traffic volume of the reconciled protocol on network capacity and others.

QKDNetSim implements Software Defined Network (SDN) controller as an application that listens on TCP port 3060. The SDN can be installed on any node within the network. It establishes sockets to all KMSs in the network

These applications might be external (e.g. an end-user application, a Hardware Security Module (HSM), a virtual network function, an encryption card, security protocols, etc.) or internal (keys used for authentication, to create a virtual link - for key transport, e.g. a forwarding module). From the software perspective, an application is a concrete running instance or process consuming keys at a given point in time. A single instance or process may also require to open different isolated sessions (with a unique ID) with the SD-QKD node. More details in ETSI GS QKD 015 V2.1.1 (2022-04)

Note

QKD Encryptor uses cryptographic algorithms and schemes from Crypto++ free and open source C++ class cryptographic library. Currently, QKD Encryptor supports following crypto-graphic algorithms and schemes:

• One-Time Pad (OTP) cipher,
• Advanced Encryption Standard (AES) block cipher,
• VMAC message authentication code (MAC) algorithm,
• MD5 MAC algorithm (not safe),
• SHA1 MAC algorithm.

As these algorithms can put a significant computational load on machines performing the simulation, the users can turn off actual execution of such algorithms and allow efficient simulation with more significant QKD topologies.

A QKD Key Association Link is a logical key association between two remote SD-QKD nodes. These links associations can be of two different types: direct (also called physical), if there is a direct quantum channel through which keys are generated, i.e. a physical QKD link connecting the pair of QKD modules, or virtual if keys are forwarded (key relay) through several SD-QKD -trusted- nodes to form an end-to-end key association. i.e. there is no direct quantum channel connecting the endpoints, and a set of them have to be concatenated such that for each a secret key is produced and then used to relay a key from the initial to the endpoint in a multi-hop way. Any new key association link created in an SD-QKD node has to be tracked, labelled and isolated from other links. Virtual links are also registered as internal applications, as they make use of QKD-derived keys from other QKD key association links for the key transport. More details in ETSI GS QKD 015 V2.1.1 (2022-04)

---

The documentation for this class was generated from the following files:

• src/applications/model/qkd-key-manager-system-application.h
• src/applications/model/qkd-postprocessing-application.h
• src/applications/model/qkd-sdn-controller.h
• src/qkd/model/qkd-application-entry.h
• src/qkd/model/qkd-encryptor.h
• src/qkd/model/qkd-key-association-link-entry.h