README
¶
Proto KMS
This is a prototypically Key Management System (KMS) for Quantum Key Distribution Networks (QKDN).
It uses, by now, an emulation of a quantum link to exchange random numbers between neighboring quantum network elements.
Note well This is not intended to be used in production environments, neither in networks that can be reached by everybody, nor in other uncontrolled settings.
Acknowledgements
This prototypically Key Management System (KMS) has been developed in the DemoQuanDT project ("Quantenschlüsselaustausch im deutschen Telekommunikationsnetz für höhere IT-Sicherheit", engl. quantum key exchange in the german telecommunications network for higher IT security).
The DemoQuanDT project is funded by the german ministry of education and research (BMBF).
Implementation of the Quantum Layer
Pseudo Random Number Generator (PRNG) based Emulation
Overview
The generation of random numbers is done via the golang's crypto/rand pseudo random number generator (PRNG). The sending quantum network element takes the generated random numbers and sends them by means of an UDP datagram to the receiving quantum network element. The receiver can take these random numbers and hand them over to the KMS for further processing.
The quantum network element is integrated with the proto-kms, in case of this PRNG-based emulation.
The KMS receives an amount or random numbers from the quantum layer, whereas the actual amount will vary over time.
Generation of Random Numbers
As mentioned above, golang's crypto/rand pseudo random number generator (PRNG).
First, rand is used to generate the amount of random numbers numRandsand then uses this to generate the actual random numbers (stored in b). This is done in func (qlemuprng *QuantumlayerEmuPRNG) GenerateRandomNumbers() (randNums []byte)
numRands, randError := rand.Int(rand.Reader, big.NewInt(1000)b := make([]byte, numRands.Uint64())_, randError = rand.Read(b)
Quantum Layer Links: Peers
A quantum layer link peer is the communication partner on a point-to-point link. One has to generate a new peer in the quantum layer in order to communicate with the peer.
Interfaces to the proto-kms
Interface to the Quantum Layer
This interface is solely a go API within the proto-kms.
Inter-KMS Communication
This interface is required for the communication between the peering KMS in order to coordinate their actions for key selection and key forwardwing path configuration. This is in interkmsproto.
ETSI-Interfaces
There are basically two ETSI interfaces, i.e.,
- ETSI QKD GS 14 for retrieval of keys by an external entity from the kms
- ETSI QKD GS 15 for the configuration of the key forwarding process and peers of the kms
However, at this point of this, both interfaces are lumped together in one gRPC interface kmsetsiproto.
Encryption Key Retrieval Interface
SDN Controller (ETSI GS QKD 15)
Interactions (AKA Flowcharts)
sequenceDiagram
QKDNC->>KMS1: ETSIGetQuantumInterfaces()
loop
KMS1->>KMS1: range es.handlingEkms.QuantumElements
end
KMS1-->>QKDNC: List QuantumInterfaces
QKDNC->>KMS1: ETSIAddKMSPeer(KMS2)
KMS1-->>QKDNC: KMSPeer added
KMS1->>KMS2: InterComCapabilities()
KMS2->>KMS1: InterComCapabilitiesReply
QKDNC->>KMS1: AddSession() NOTIMPLYET
KMS1->>KMS2: InterComKeyTransportSessionHandling()
KMS2->>KMS1: InterComKeyTransportSessionHandlingReply
KMS1-->>QKDNC: SessionReply NOTIMPLYET
Directories