QKD enhanced Fiber Channel Encryptor
Thursday 11 June 2009
The QKD enhanced Fiber Channel Encryptor was developed as part of the project Quantum Cryptography based point-to-point Secure Data Communication System , under the research unit of the Commission for Technology and Innovation (CTI), funded by the Swiss Confederation.
The aim of this module was to develop a QKD enhanced standalone encryption device supporting 2G Fiber Channel networks.
The collaborators of this project include:
idQuantique (idQ) - IDQ as industrial partner helped defining the commercial objectives of this project and designing the technical specifications, the host controller and its interfaces target.
IIS of the ETH Zurich (ETHZ) - ETH brought a strong knowledge in hardware implementation of complex algorithms and more particularly cryptographic primitives.
Fachhochschule Nordwestschweiz (FHNW) - FHNW came with strong skills in mathematics and security analysis.
The QKD enhanced encryption device realizes high-speed 2Gbps encryption at layer 2 of the Open Systems Interconnection (OSI). It employs the Advanced Encryption Standard (AES) algorithm in the Galois/Counter Mode (GCM) for data origin authentication.
The encryption device has the following components:
Encryption Board - which realizes layer 2 high-speed AES encryption & decryption in GCM mode that guarantees both confidentiality and authenticity of the FPGA bit-streams.
Embedded System - which manages the encryption board, encryption & authentication keys and interfaces with external systems with speeds up to 2Gbps. The application running on the embedded system connects to the USB interface on the encryption board for transmission of necessary configurations, keys etc. This also includes the transmission of the keys produced according to the dual key agreement, which is an XOR between the PKI key and the key produced by the QKD server.
The device is also SNMP enabled to allow remote control over the system through a simple ethernet administration access.
Apart from development of a QKD enabled standalone encryption device, the key contributions of this module lie in:
The design of an efficient high speed GCM authenticated AES encryption engine.
Allows the combination of a PKI key and a QKD key forming a dual key agreement.
The results of the performance tests can be found on the Performance of Fiber Channel Encryptor page.
 project number: 8483.1; 3 NMPP-NM