QKD enhanced IPsec Encryptor
Thursday 11 June 2009
The QKD enchanced IPsec Encryptor integrates the cryptographic symmetric key generated using the quantum key agreement protocol with the IPsec suite of protocols, in order to provide a point-to-point, quantum-secured communication link operating at layer 3 of the OSI.
The two contributors to this module are:
The ICT Institute of the University of Applied Sciences Western Switzerland in Yverdon-les-Bains (HEIG-VD) and
The ICT Institute brought with it strong experience in the domains of high-speed networking, cryptography and security, and in terms of engineering and development of highly-secure solutions. On the other hand, id Quantique brought with it technology knowledge and quantum cryptography equipments.
The development of the QKD enchanced IPsec Encryptor included the following undertakings:
The specification of an enhanced IPsec IKE protocol able to integrate quantum-generated symmetric keys.
The development of a pair of PC-based high-speed routers using open-source technologies (RedHat CentOS, IPsecTools)
The key contributions of this module is in developing an efficient and secure solution to use quantum keys in combination with standard IPsec keys, taking into account the following constraints:
The system must be able to detect a quantum channel failure and to transparently fall back to normal IPsec mode at any time.
The modifications to the IPsec code should be as light as possible, to ensure an easy integration to other or future implementations of an IPsec library and to guarantee an optimal security.
The key combination procedure must not compromise any of the keys, nor weaken the cryptographic strength of the quantum key with the IPsec key.
The resulting system successfully combines quantum and classical cryptographic keys and is able to implement a quantum-secured Virtual Private Network based on IPsec in a transparent and secure manner, whilst ensuring excellent throughput and latency performances, even on a common and cheap hardware platform.