Your search keyword '"Diego R. Lopez"' showing total 3 results

1. Quantum cryptography networks in support of path verification in service function chains

Author

Alejandro Aguado, Juan P. Brito, Antonio Pastor, Diego R. Lopez, Vicente Martin, Andreas Poppe, Victor Lopez, and Momtchil Peev

Subjects

Metropolitan area network, Quantum network, Computer Networks and Communications, Computer science, Network packet, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Cryptographic protocol, Quantum key distribution, Networking hardware, 020210 optoelectronics & photonics, Quantum cryptography, 0202 electrical engineering, electronic engineering, information engineering, business, Computer network, Private network

Abstract

Quantum key distribution (QKD) is a physical technology that enables the secure generation of bit streams (keys) in two separated locations. This technology is designed to provide a solution for very secure (quantum-safe) key agreement, which is nowadays at risk due to advances in quantum computing. The recent demonstration of a QKD network in the metropolitan area of Madrid shows how these networks can be deployed in current production infrastructure by following existing networking paradigms, such as software-defined networking. In particular, a three-node QKD network is implemented on the metropolitan area network using existing infrastructure and coexisting with other data and control services. On the other hand, telecommunication networks are drastically changing the way services are architectured. Users of the operator’s infrastructure are moving from traditional connectivity services (e.g., virtual private networks) to a set of interconnected network functions, either physical or virtual, in the shape of service function chaining (SFC). However, SFC users do not have a method to validate that the traffic flow is appropriately forwarded across the nodes in the network, a situation that may lead to very critical security breaches (e.g., a security node or a firewall in the chain that is bypassed). This work presents a method for validating ordered proof-of-transit (OPoT) on top of the Madrid Quantum Network. We first provide a general description of the QKD network deployed in Madrid. Then, we describe an existing security protocol for PoT in packet networks, analyzing its issues and vulnerabilities. Finally, this work presents a protocol for alleviating the security breach found in this work and for providing OPoT in SFC. Finally, an example of the real implementation is shown, where nodes being part of the OPoT scheme are provisioned with QKD-derived keys.

Published

2020

2. Virtual Network Function Deployment and Service Automation to Provide End-to-End Quantum Encryption

Author

Diego R. Lopez, Momtchil Peev, Jesus Martinez-Mateo, Vicente Martin, Alejandro Aguado, and Victor Lopez

Subjects

Computer Networks and Communications, business.industry, Network security, computer.internet_protocol, Computer science, 02 engineering and technology, Quantum key distribution, 01 natural sciences, Networking hardware, 010309 optics, Network management, 020210 optoelectronics & photonics, Quantum cryptography, IPsec, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, business, Software-defined networking, computer, Virtual network, Computer network

Abstract

The nature of network services has drastically changed in recent years. New demands require new capabilities, forcing the infrastructure to dynamically adapt to new scenarios. Novel network paradigms, such as softwaredefined networking (SDN) and network functions virtualization, have appeared to provide flexibility for network management and services. The reliance on software and commoditized hardware of these new paradigms introduces new security threats and, consequently, one of the most desired capabilities is a strengthened security layer when connecting remote premises. On the other hand, traditional cryptographic protocols are based on computational complexity assumptions. They rely on certain mathematical problems (e.g., integer factorization, discrete logarithms, or elliptic curves) that cannot be efficiently solved using conventional computing. This general assumption is being revisited because of quantum computing. The creation of a quantum computer would put these protocols at risk and force a general overhaul of network security. Quantum key distribution (QKD) is a novel technique for providing synchronized sources of symmetric keys between two separated domains. Its security is based on the fundamental laws of quantum physics, which makes it impossible to copy the quantum states exchanged between both endpoints. Therefore, if implemented properly, QKD generates highly secure keys, immune to any algorithmic cryptanalysis. This work proposes a node design to provide QKD-enhanced security in end-to-end services and analyze the control plane requirements for service provisioning in transport networks. We define and demonstrate the necessary workflows and protocol extensions in different SDN scenarios, integrating the proposed solution into a virtual router providing QKD-enhanced IPsec sessions.

Published

2018

3. Hybrid Conventional and Quantum Security for Software Defined and Virtualized Networks

Author

Momtchil Peev, Achim Autenrieth, Jesus Martinez-Mateo, Victor Lopez, Thomas Szyrkowiec, Diego R. Lopez, Vicente Martin, and Alejandro Aguado

Subjects

Computer Networks and Communications, business.industry, Computer science, Secure Shell, Distributed computing, Cloud computing, 02 engineering and technology, Quantum key distribution, Cryptographic protocol, Encryption, 01 natural sciences, Networking hardware, 010309 optics, 020210 optoelectronics & photonics, Symmetric-key algorithm, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, business, Software-defined networking, Computer network

Abstract

Today's networks are quickly evolving toward more dynamic and flexible infrastructures and architectures. This software-based evolution has seen its peak with the development of the software-defined networking (SDN) and network functions virtualization (NFV) paradigms. These new concepts allow operators to automate the setup of services, thus reducing costs in deploying and operating the required infrastructure. On the other hand, these novel paradigms expose new vulnerabilities, as critical information travels through the infrastructure fromcentral offices, down to remote data centers and network devices. Quantum key distribution (QKD) is a state-of-the-art technology that can be seen as a source of symmetric keys in two separated domains. It is immune to any algorithmic cryptanalysis and is thus suitable for long-term security. This technology is based on the laws of physics, which forbids us from copying the quantum states exchanged between two endpoints from which a secret key can be extracted. Thus, even though it has some limitations, a correct implementation can deliver keys of the highest security. In this paper, we propose the integration of QKDsystems with well-known protocols and methodologies to secure the network’s control plane in an SDN and NFV environment. Furthermore, we experimentally demonstrate a workflow where QKD keys are used together with classically generated keys to encrypt communications between cloud and SDN platforms for setting up a service via secure shell, while showcasing the applicability to other cryptographic protocols.

Published

2017