QKD Network Routing Minimises Attack Impact Using Key Caching and Optimisation

Quantum Key Distribution (QKD) promises secure communication, but remains vulnerable to disruptions from physical attacks that can interrupt key exchange, posing a significant challenge to its widespread adoption. Mengyao Li, Qiaolun Zhang, and Zongshuai Yang, all from Politecnico di Milano, with colleagues including Raouf Boutaba from the University of Waterloo, now address this weakness by focusing on minimising the potential impact of such attacks. The team introduces a new metric, the Maximum Number of Affected Requests, to precisely measure the worst-case damage from a single attack, and investigates a novel approach to routing and wavelength assignment that minimises the ‘attack radius’ within the network. By incorporating key caching and modelling different network architectures, including optical bypass and trusted relays, their method demonstrably enhances network resilience and offers adaptable, dynamic control, significantly outperforming existing approaches in both performance and scalability.

MaxNAR Metric Quantifies QKD Network Resilience

Researchers have developed a new approach to enhance the resilience of quantum key distribution (QKD) networks against deliberate attacks, addressing a critical gap in the practicality of this secure communication technology. While QKD promises unbreakable encryption based on the laws of physics, existing networks are vulnerable to disruptions caused by physical-layer attacks, such as high-power jamming that interferes with quantum signals. This work introduces a method for routing and assigning wavelengths in QKD networks designed to minimize the impact of such attacks, moving beyond theoretical security to address real-world vulnerabilities. The team focused on quantifying the potential damage from a single attack, introducing a metric called maxNAR, representing the maximum number of affected requests for secure keys.

This metric considers the unique characteristics of QKD systems, including how keys are cached and forwarded, and how wavelengths are shared across the network. By minimizing maxNAR, the system aims to limit the spread of disruption caused by a compromised link, ensuring continued secure communication even under attack. The approach leverages three key technologies: Quantum Key Pools (QKPs) which store pre-distributed keys, Trusted Relays (TR) for forwarding keys over longer distances, and Optical Bypass (OB) for direct key delivery between nodes. The researchers developed a sophisticated routing system that intelligently combines these technologies, adapting to the fluctuating availability of keys within the QKPs.

Simulations demonstrate a significant improvement in network resilience compared to existing methods, effectively limiting the spread of disruption from a single point of failure. Notably, the system can be tuned to prioritize either Trusted Relays or Optical Bypass, offering flexibility and control in diverse network scenarios. This adaptability is crucial, as different network architectures and operating conditions may favour one approach over the other. The team’s work moves beyond simply generating secure keys to actively protecting the key distribution process itself, addressing a key concern raised by institutions evaluating the practicality of QKD for critical infrastructure. The team formulated a new problem, Routing and Wavelength Assignment with Minimal Attack Radius (RWA-MAR), and developed a practical solution using a Tabu search heuristic to minimise the impact of these attacks. The approach incorporates key caching within Key Pools to improve resilience and optimise resource use within the network. Simulation results demonstrate that the developed heuristic outperforms existing methods by approximately 27% in terms of both maximum and average attack radius, indicating a significant improvement in network robustness. This work represents the first attempt to model and optimise the maximum number of affected requests (maxNAR) as a means of enhancing QKD network resilience, and acknowledges that further research is needed to explore scalability in larger, more complex networks. Future work could focus on adapting the approach to dynamic network environments and investigating the integration of additional security measures.