Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Quantum Key Distribution System integrated with IPSec

양자키분배와 IPSec을 결합한 네트워크 보안 장치 연구

  • 이은주 (한국과학기술정보연구원) ;
  • 손일권 (한국과학기술정보연구원) ;
  • 심규석 (한국과학기술정보연구원) ;
  • 이원혁 (한국과학기술정보연구원)
  • Received : 2021.04.02
  • Accepted : 2021.08.28
  • Published : 2021.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Most of the internet security protocols rely on classical algorithms based on the mathematical complexity of the integer factorization problem, which becomes vulnerable to a quantum computer. Recent progresses of quantum computing technologies have highlighted the need for applying quantum key distribution (QKD) on existing network protocols. We report the development and integration of a plug & play QKD device with a commercial IPSec device by replacing the session keys used in IPSec protocol with the quantum ones. We expect that this work paves the way for enhancing security of the star-type networks by implementing QKD with the end-to-end IP communication.

현존하는 대부분의 인터넷 보안 프로토콜은 소인수분해 문제의 수학적 복잡도에 기초한 고전적인 암호화 알고리즘에 의존하고 있으나, 이러한 고전 알고리즘은 양자 컴퓨터의 공격에 취약하다고 알려져 있다. 최근 양자 컴퓨팅 기술이 비약적으로 발전하면서 기존 통신의 물리 및 네트워크 계층 보안을 위해 양자키분배 기술을 적용하는 것이 국제적으로 필수적인 과제가 되고 있다. 본 연구에서는 성형 네트워크에 적용하기 위한 plug & play 방식의 양자키분배 장치를 제작하고, 생성된 양자키를 IPSec의 키 교환 과정에 이용함으로써 기존 IPSec 장치와 연동 실험한 결과를 보고하고자 한다.

Keywords

Acknowledgement

본 논문은 2021년도 한국과학기술정보연구원(KISTI)의 주요 사업 과제의 지원을 받아 연구되었음.

References

  1. Charles H. Bennett, Gilles Brassard, Theoretical Computer Science, Vol. 560, Part 1 (2014).
  2. Bennett, C. H. and G. Brassard, Sigact News 20(4), 78 (1989). https://doi.org/10.1145/74074.74087
  3. Muller, A., J. Breguet, and N. Gisin, Europhys. Lett. 23, 383 (1993). https://doi.org/10.1209/0295-5075/23/6/001
  4. Breguet, J., A. Muller, and N. Gisin, J. Mod. Opt. 41, 2405 (1994). https://doi.org/10.1080/09500349414552251
  5. C. H. Bennett, Phys. Rev. Lett. 68, 3121 (1992). https://doi.org/10.1103/PhysRevLett.68.3121
  6. Townsend, P., J.G. Rarity, and P. R. Tapster, Electron. Lett. 29, 634 (1993). https://doi.org/10.1049/el:19930424
  7. Townsend, P., J.G. Rarity, and P. R. Tapster, Electron. Lett. 29, 1291 (1993). https://doi.org/10.1049/el:19930862
  8. Townsend, P., Electron. Lett. 30, 809 (1994). https://doi.org/10.1049/el:19940558
  9. Hughes, R., G. G. Luther, G. L. Morgan, and C. Simmons, Lecture Notes in Computer Science 1109,329 (1996).
  10. Dusek, M., O. Haderka, M. Hendrych, and M. Myska, Phys. Rev. A 60, 149 (1999). https://doi.org/10.1103/PhysRevA.60.149
  11. Kimura, T., Y. Nambu, T. Hatanaka, A. Tomita, H. Kosaka, and K. Nakamura, Jpn. J. Appl. Phys. 43, L1217 (2004). https://doi.org/10.1143/JJAP.43.L1217
  12. Gobby, C., Z.L. Yuan, and A. J. Shields, Appl. Phys. Lett. 84, 3762 (2004). https://doi.org/10.1063/1.1738173
  13. Yuan, Z.L. and A. J. Shields, Opt. Exp. 13, 660 (2005). https://doi.org/10.1364/OPEX.13.000660
  14. Muller, A., T. Herzog, B. Huttner, W. Tittel, H. Zbinden, and N. Gisin, Applied Physics Letters 70, no. 7 (1997).
  15. Zbinden, H., J.-D. Gautier, N. Gisin, B. Huttner, A. Muller, and W. Tittel, Electron. Lett. 33, 586 (1997). https://doi.org/10.1049/el:19970427
  16. Ribordy, G., J.-D. Gautier, N. Gisin, O. Guinnard, and H. Zbinden, J. Mod. Opt. 47, 517 (2000). https://doi.org/10.1080/09500340008244057
  17. Bethune, D., and W. Risk, IEEE J. Quantum Electron. 36, 340 (2000). https://doi.org/10.1109/3.825881
  18. Nielsen, P. M., C. Schori, J.L. Sorensen, L. Salvail, I. Damgard, and E. Polzik, J. Mod. Opt. 48, 1921 (2001). https://doi.org/10.1080/09500340110069237
  19. Bourennane, M., F. Gibson, A. Karlsson, A. Hening, P. Jonsson, T. Tsegaye, D. Ljunggren, and E. Sundberg, Opt. Express 4, 383 (1999). https://doi.org/10.1364/OE.4.000383
  20. Stucki, D., N. Gisin, O. Guinnard, G. Ribordy and H. Zbinden, New J. Phys. 4, 41 (2002). https://doi.org/10.1088/1367-2630/4/1/341
  21. S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol," IETF RFC 2401 (1998).
  22. Ahmed Farouk, O. Tarawneh, Mohamed Elhoseny, J. Batle, Mosayeb Naseri, Aboul Ella Hassanien, and M. Abedl-Aty, "IPsec Multicast Architecture Based on Quantum Key Distribution, Quantum Secret Sharing and Measurement." In Quantum Computing : An Environment for Intelligent Large Scale Real Application, Springer International Publishing (2018).
  23. D. Harkins and D. Carrel, "The Internet Key Exchange," IETF RFC 2409 (1998).
  24. Marksteiner, Stefan & Maurhart, Oliver, A Protocol for Synchronizing Quantum-Derived Keys in IPsec and its Implementation. 10.13140/RG.2.1.4756.4001 (2015).
  25. W.-Y. Hwang, Phys. Rev. Lett. 91, 057901 (2003). https://doi.org/10.1103/PhysRevLett.91.057901
  26. Zhao, Y., B. Qi, X. Ma, H.-K. Lo, L. Qian, Phys. Rev. Lett. 96, 070502 (2006). https://doi.org/10.1103/PhysRevLett.96.070502