Applications of Quantum Key Distribution to security protocols

Every year, researches and achievements on quantum computing are making more feasible a future where quantum networks and computers will be an important part of any informative systems. Today building a quantum computer is still a challenging task, then investing in these devices is still out of the scope of many businesses. Anyway, even their possible existence bring cybersecurity engineers to ask themselves how high is the threat that they represent for current security protocols. Indeed, quantum computers can crack cryptographic algorithms way faster than standard ones. There are two main proposed solutions: to exploit new versions of modern protocols, enhancing their security properties, called post-quantum security; or to leverage quantum computing, using the Quantum Key Distribution (QKD) protocol. The first objective was to integrate this latter protocol as-a-service (QKDaaS) in a distributed infrastructure. Indeed, today most of the business is migrating to this kind of informative system, which allow them to obtain resources efficiently and on-demand. These systems, though, present new vulnerabilities and challenges to who wants to design their security. This work shows how the QKD protocol can be correctly integrated into OpenStack, which is an open-source cloud computing infrastructure, to offer a new option to enhance this kind of infrastructure security properties. The integration has been conducted due to the use of a Quantum Key Server: a software stack designed by the ETSI community, able to manage the key exchange with no prior knowledge of the underlying devices used. In particular, I exploited a Quantum Key Server that was already developed by the TORSEC group. This solution has been validated by integrating the Quantum Key Server into modern security protocols, such as the Internet Key Exchange (IKE) protocol and the Transport Layer Security (TLS) protocol. TLS integration has been realized both exploiting Stunnel, an automatic tool, leveraging OpenSSL, able to easily offer TLS security to an application not providing it out of the box; both adapting WolfSSL, an opensource toolkit implementing TLS protocol, to let it interact correctly with the Quantum Key Server. These two scenarios allowed me to test and validate the integration considering both modes that TLS offer to exploit pre-shared keys. IKE integration, instead, has been performed modifying LibreSwan, a piece of software offering tools to set up Virtual Private Networks, that was chosen since it provides the implementation of a protocol extension designed just to use quantum keys. Tests have been conducted considering a scenario where two Quantum Key Servers are hosted on two Openstack sites. Through several functional and performance tests, it has been proven that the solution is fully operational and compliant with related IETF standards. Moreover, the overhead introduced into the process is null, with exception of the setup phase where applications establishing the secure channel must exchange messages among themselves and their respective Quantum Key Servers. Finally, the integration itself has proven that QKD can be combined with modern security protocols, and deployed in cloud infrastructures, with a minimal effort requested by administrators.