Demonstration of Software Defined Network Services Utilizing Quantum Key Distribution Fully Integrated with Standard Telecommunication Network

We present a demonstration of software defined networking (SDN) services utilizing quantum key distribution (QKD) technology, fully integrated with standard telecommunication network connecting production facilities of Telefonica in Madrid. All communications “co-propagate” over the same fiber infrastructure.


Introduction
Quantum key distribution (QKD) [1,2] is a method for distant key generation employing quantum principles. The latter allow the unprecedented security of the generated key material. This is certainly quantum safe (i.e., the key generation method cannot be broken by prospective quantum computers) [3] in contrast to the presently used computational methods to this end. Its security is independent of the computational power of the attacker and can in principle reach the level of Information Theoretic Security (ITS) [2]. It is, however, theoretically impossible that due to exponential decay with distance, QKD cannot generate a reasonable amount of key material if channel losses exceed 25 to 30 dB (something like 120 to 150 km with state-of-the-art optical fibers and non-forbiddingly demanding technology).
In principle, it is possible to build quantum repeaters [4]: devices that can transmit quantum states over long distances without actually measuring them, and thus preserve the no-cloning principle on which the security of QKD is based [2]. Although proofs of concept for these quantum repeaters performed, these devices are still far away in the future. For this reason, since a long time, there have been attempts to eliminate the distance restriction by designing and implementing so called "QKD networks" [5,6]. In the absence of quantum repeaters, the developers of QKD networks have resorted to hops over trusted stations, known as trusted repeater QKD networks, where the key is revealed and forwarded at each trusted station. The initial interpretation of QKD networks was that of infrastructures for ITS key delivery, (at least logically) decoupled from the telecommunication network. This leads to the idea of parallel communication infrastructures that have to be developed just to enhance the security of communication. A major objective, with a potentially broad economic impact, is to enable QKD utilization without building parallel physical infrastructures by finding ways to integrate QKD in communication networks, increasing their security without the absolute requirement of delivering end-to-end ITS key, as long as trust on the intermediary nodes is assumed.
Simultaneously, until recently the traditional telecommunications network realizations have not been very inviting to integrate QKD within them. Highly specialized and essentially autonomous devices, proprietary to the level of interfaces and not easy to reconfigure, these devices were not designed to extend their functionality beyond what was originally foreseen. For this reason, in analogy to modern computing trends, the software defined networking (SDN) paradigm has emerged to intrinsically increase the flexibility of communication networks. The SDN approach, in contrast to the traditional one, introduces a centralized network controller, which creates on demand a dedicated virtual infrastructure out of general purpose but programmable resources. Using standard interfaces, optical paths are established, wavelength planning is carried out and in general, any networking functionality is realized on a flexible, programmable environment, allowing a quick adaptation to new requirements. SDN is now a major trend in telecommunication, deployed by many operators. Here, we address the adoption of SDN methods also in practical QKD networking.

Materials and Methods
We put together continuous variable QKD (CV-QKD) devices by Huawei Technologies Duesseldorf GmbH (HWDU), Munich Research Center, and SDN implementations by UPM and Telefonica on a production-level optical fiber infrastructure of Telefonica to demonstrate, for the first time, an operational software defined QKD network (SDQKDN) realization. The first demonstration took place between May and September 2018 in downtown Madrid, using three production sites of Telefonica Spain, forming a triangle of roughly 15 Km perimeter. Figure 1 illustrates the location of the different nodes, including distances and measured attenuations, over a satellite image of the Madrid area where they were located. Quantum Rep. 2019, 1 FOR PEER REVIEW 2 there have been attempts to eliminate the distance restriction by designing and implementing so called "QKD networks" [5,6]. In the absence of quantum repeaters, the developers of QKD networks have resorted to hops over trusted stations, known as trusted repeater QKD networks, where the key is revealed and forwarded at each trusted station. The initial interpretation of QKD networks was that of infrastructures for ITS key delivery, (at least logically) decoupled from the telecommunication network. This leads to the idea of parallel communication infrastructures that have to be developed just to enhance the security of communication. A major objective, with a potentially broad economic impact, is to enable QKD utilization without building parallel physical infrastructures by finding ways to integrate QKD in communication networks, increasing their security without the absolute requirement of delivering end-to-end ITS key, as long as trust on the intermediary nodes is assumed. Simultaneously, until recently the traditional telecommunications network realizations have not been very inviting to integrate QKD within them. Highly specialized and essentially autonomous devices, proprietary to the level of interfaces and not easy to reconfigure, these devices were not designed to extend their functionality beyond what was originally foreseen. For this reason, in analogy to modern computing trends, the software defined networking (SDN) paradigm has emerged to intrinsically increase the flexibility of communication networks. The SDN approach, in contrast to the traditional one, introduces a centralized network controller, which creates on demand a dedicated virtual infrastructure out of general purpose but programmable resources. Using standard interfaces, optical paths are established, wavelength planning is carried out and in general, any networking functionality is realized on a flexible, programmable environment, allowing a quick adaptation to new requirements. SDN is now a major trend in telecommunication, deployed by many operators. Here, we address the adoption of SDN methods also in practical QKD networking.

Materials and Methods
We put together continuous variable QKD (CV-QKD) devices by Huawei Technologies Duesseldorf GmbH (HWDU), Munich Research Center, and SDN implementations by UPM and Telefonica on a production-level optical fiber infrastructure of Telefonica to demonstrate, for the first time, an operational software defined QKD network (SDQKDN) realization. The first demonstration took place between May and September 2018 in downtown Madrid, using three production sites of Telefonica Spain, forming a triangle of roughly 15 Km perimeter. Figure 1 illustrates the location of the different nodes, including distances and measured attenuations, over a satellite image of the Madrid area where they were located. The deployment included several innovations on the software front, using standard interfaces, creating a system to automatize the integration of QKD devices in the network and creating the SDQKDN control mechanisms needed to manage the classical and quantum parts of the network as a single entity. On the hardware front, the QKD systems were made more compact, with increased performance and flexibility, to allow further characteristics (like the directional switching of the quantum channel) to be managed from the controller. Resiliency to the noise of copropagating classical channels was also improved.

Results
The advantage of the SDN approach for QKD is that QKD equipment can in principle be seamlessly integrated into an SDN by appropriate extensions, into a SDQKDN. Naturally, QKD devices need to exhibit a certain degree of flexibility in order to allow for such an integration. They must: (i) be equipped with interfaces that can interpret and respond to the network controller commands, and (ii) be able to react correspondingly to these controller commands, at least in a minimal way. An optimal flexibility would be reached if the devices would be able to: start and stop key generation with minimal latency, after receiving a corresponding command; if different senders and receivers could seamlessly couple/decouple one with the other also after minimal transition periods; if data communication and QKD optical transmission could coexist in parallel over the same optical fiber, and; finally if QKD senders/receivers could change their transmission/reception wavelength on demand. It is worth noting that all these QKD properties are not strictly necessary, their absence implying only a restricted degree of overall flexibility and an increased cost of creating a QKD service in existing networks. Currently, a particular type of the QKD technology, the CV-QKD approach, is the most flexible in the sense discussed above and therefore most appropriate for SDQKDN realizations.

The QKD Devices Developed by HWDU
The CV-QKD development by HWDU (shown in Figure 2) is a particularly advanced CV-QKD prototype, being both robust and flexible by design, in the sense mentioned above. HWDU provided three devices-one sender and two receivers. Each device is equipped with a 3U QKD optical box (the units with a screen on the photo below), a 1U server (Supermicro Super Server 1028R), with 2 Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz-processors 12-core hyperthreading (middle) and standard telecom equipment (Huawei OptiX OSN1800 Optical Transport Network platform), each housing an AES encryption/decryption card (TNF1LTX) with modified firmware to accept the external keying from QKD devices in addition to the default internal Diffie-Hellman based mechanism.
The CV-QKD systems operate using the traditional Gaussian modulation, single polarization, at a relatively low clock rate of 12.5 MHz. The advanced local-local oscillator (LLO) approach, using a pilot tone [7], was implemented. The devices allow the co-propagation of light in the same optical band (the C-Band) of 8 to 10 dBm. The operation is extremely stable (during long periods of time), as the system assesses online all noise sources and thus reduces noise-fluctuation vulnerabilities. All transmitted signals are successfully processed online using the server for DSP and post-processing. The key generation rated reaches of 2 to 3 kb/s at 12 dB channel attenuation. Moreover, using an optical switch, the sender can redirect operation from one receiver to the other with a pretty low switching time of only 10-15 s after disconnecting of the first link. All devices were mounted on flight boxes and operated straight after delivery and later in the harsh and restricted environment of the production facilities. three devices-one sender and two receivers. Each device is equipped with a 3U QKD optical box (the units with a screen on the photo below), a 1U server (Supermicro Super Server 1028R), with 2 Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz-processors 12-core hyperthreading (middle) and standard telecom equipment (Huawei OptiX OSN1800 Optical Transport Network platform), each housing an AES encryption/decryption card (TNF1LTX) with modified firmware to accept the external keying from QKD devices in addition to the default internal Diffie-Hellman based mechanism.

SDN Implementation
A rough sketch of the SDN topology (following the approach of [8]) of the three nodes is given in Figure 3 below. Quantum Rep. 2019, 1 FOR PEER REVIEW 4 The CV-QKD systems operate using the traditional Gaussian modulation, single polarization, at a relatively low clock rate of 12.5 MHz. The advanced local-local oscillator (LLO) approach, using a pilot tone [7], was implemented. The devices allow the co-propagation of light in the same optical band (the C-Band) of 8 to 10 dBm. The operation is extremely stable (during long periods of time), as the system assesses online all noise sources and thus reduces noise-fluctuation vulnerabilities. All transmitted signals are successfully processed online using the server for DSP and post-processing.
The key generation rated reaches of 2 to 3 kb/s at 12 dB channel attenuation. Moreover, using an optical switch, the sender can redirect operation from one receiver to the other with a pretty low switching time of only 10-15 s after disconnecting of the first link. All devices were mounted on flight boxes and operated straight after delivery and later in the harsh and restricted environment of the production facilities.

SDN Implementation
A rough sketch of the SDN topology (following the approach of [8]) of the three nodes is given in Figure 3 below. The design logically positions each QKD device in a SDQKDN node, which comprises a SDQKDN agent and a local key management store (LKMS). The LKMS stores key material, as pushed by QKD. The agent interacts with the central SDQKDN controller and both ensure key routing over the full network and key availability announcement and subsequent retrieval to applications. Secure applications are collocated with the respective secure nodes and directly interact with the LKMS. Hop-by-hop key forwarding can also be performed, if required, by the LKMS and the QKD device (set in a relay mode), acting as a trusted station. In general, the nodes must be trusted, in contrast to the controller, accessed by the system administrator through a Command Line Interface (CLI). It is important to stress that the controller never gets hold of any key material, private or critical data. Thus, a failure or malicious operation cannot contribute to a security breach but at most to a Denial of Service (DoS) attack. Trusting the node SDQKDN agent is a security design choice. Not including the controller in the QKD security perimeter ensures the scalability in spite of the relatively short range of QKD: trusting the controller and some of its communications with the agents might be sometimes desirable, but then a mechanism alternative to QKD, such as e.g., post-quantum crypto [8], well suited for non-regular and short-term secure communication, might be considered.
For demonstration of simplicity, all the SDN software was deployed on isolated virtual machines on the mentioned HWDU device servers. A classical communication networks was established The design logically positions each QKD device in a SDQKDN node, which comprises a SDQKDN agent and a local key management store (LKMS). The LKMS stores key material, as pushed by QKD. The agent interacts with the central SDQKDN controller and both ensure key routing over the full network and key availability announcement and subsequent retrieval to applications. Secure applications are collocated with the respective secure nodes and directly interact with the LKMS. Hop-by-hop key forwarding can also be performed, if required, by the LKMS and the QKD device (set in a relay mode), acting as a trusted station. In general, the nodes must be trusted, in contrast to the controller, accessed by the system administrator through a Command Line Interface (CLI). It is important to stress that the controller never gets hold of any key material, private or critical data. Thus, a failure or malicious operation cannot contribute to a security breach but at most to a Denial of Service (DoS) attack. Trusting the node SDQKDN agent is a security design choice. Not including the controller in the QKD security perimeter ensures the scalability in spite of the relatively short range of QKD: trusting the controller and some of its communications with the agents might be sometimes desirable, but then a mechanism Quantum Rep. 2020, 2 457 alternative to QKD, such as e.g., post-quantum crypto [8], well suited for non-regular and short-term secure communication, might be considered.
For demonstration of simplicity, all the SDN software was deployed on isolated virtual machines on the mentioned HWDU device servers. A classical communication networks was established seamlessly using the intrinsic functionalities of the OSN 1800 Optical Transport Network (OTN) platform. Moreover, whenever block-cipher encryption for secure data transport is being used, the built-in Advanced Encryption Standard (AES) encryption/decryption cards are employed.

Discussion
The QKD devices were first installed in the Future Technologies laboratory in Telefonica Research premises, where the testing and installation of the mentioned SDN software implementation in the device servers took place. Subsequently the devices were distributed to three production facilities used by Telefonica of Spain for the commercial service provision in the Madrid metropolitan area [9].
To be more precise, dedicated dark fibers were provided, connecting these facilities, operating a full-scale network over these. Due to standard security procedures for the operators, neither the HWDU team nor the collaborating UPM and Telefonica teams were allowed to deploy the devices, and certified subcontractors of Telefonica with no experience in QKD did the installation following the same procedures as that used for the standard network equipment. This is important to demonstrate the maturity of the development. The deployment was carried out in a single day, the control over the QKD devices and SDQKDN nodes configured, and the full-scale operation of the network initiated. The network was running continuously during three months without experiencing any major issue. Only a single instance of a power outage took the network down, but functionality was automatically restored. The QKD devices resumed normal operation after a standard recalibration procedure, like the ones used to the keep the performance of the systems at an optimal level. Actually, recalibration is run periodically as part of automatic maintenance procedures.
The SDQKDN was used to demonstrate Network Function Virtualization (NFV) and data-center-based protection of the SDN and NFV control and data planes [7], and novel (ordered) proof of transit (OPoT/PoT) service provision protocols [10]. It will be used on a set of new use-cases, mainly devoted to secure the control and data planes of the network as a critical infrastructure, in an enlarged testbed starting in the fourth quarter of 2020. The testbed is now composed not only of the existing quantum ring, but also part of the RediMadrid network. This network is a production network providing connectivity to the universities and research centers in the Madrid region, under strict service level agreements (SLA) for the classical communications. The limited resources of the network, with only two strands of fiber connecting the nodes, forced the quantum and classical channels to share the same fiber adding complexity to the deployment and run-time. With the experience gained in this first deployment, we plan to demonstrate a new generation of QKD devices and new integration patterns supporting more complex use-cases on the enlarged testbed, such as the ones designed to increase the security in 5G B2B networks, showcasing the maturity of the technology in the real-world.
Moreover, the functionality of the physical layer operation was also tested. The quantum-classical channel co-propagation with up to seventeen co-propagating mixed (1-100 G and 16-10 G) channels was demonstrated in the same communications band without preventing adequate QKD operation. Switching capabilities, with the ability to use one transmitter with two receivers in different locations at a useful key generation rate (see above) were verified as well.

Conclusions
The Madrid SDQKDN network has demonstrated for the first time a full-scale integration of QKD technology in SDN environments in real-world production environments. It paves the way for future product-level implementations of SDQKDN as an emerging technology.