Within the scope of the DISCRETION project the KMS was showcased in a tech-demo to NATO and member state representatives. The demo consisted of multiple interacting components with the KMS as one central element interfacing with most of them. The focus of the demo was to highlight two secure communication use-cases in a military environment: 1. QKD for Secure Image Sharing, 2. QKD-Enabled Encrypted Video Session.
The tech-demo took place in the context of the REPMUS 2024 experimentation exercise organized and hosted by the Portuguese Navy, NATO and Faculty of Engineering – University of Porto. The two use-cases were:
- QKD for Secure Image Sharing: QKD-generated keys were used with Software-Defined Radios (SDRs) during a live mission to securely transmit an image between radios, demonstrating real-time secure data exchange.
- QKD-Enabled Encrypted Video Session: The QKD keys were also applied in a secure video session, where state-of-the-art encryption machines ensured that the video feed remained protected from any unauthorized access.
For this the innovative concepts outlined by the AIT team in the paper Key Management Systems for Large-Scale Quantum Key Distribution Networks were successfully showcased. The keys were transferred to the KMS using an innovative push mode designed of the ETSI GS QKD 004 standard, which enabled the QKD layer to send the keys to the KMS as soon as they were ready, no need for local key management at the QKD layer. This interface proved to be robust and keys were transferred to the KMS continuously.
Another aspect outlined in the paper was the SDN integration of an KMS. A full SDN solution according to ETSI GS QKD 015 consisting of an SDN Agent by the project partners Universidad Politécnica de Madrid (UPM) and an SDN Controller by Nextworks monitored the network and selected the key relay path using the KMS interface.
The KMS performed key synchronization, resizing and reserving of keys throughout the demo ensuring database consistencies and correct allocation and removal of keys.
The keys were served through an ETSI GS QKD 004 interface to two different types of applications, one is a Software Defined Radio (SDR) application, that finally feeds the keys to radios, that can transmit data through the radio band, see use-case 1. The second application using the same interface uses the keys to feed a cipher machine to encrypt network traffic, that then can carry any data, such as for example a video feed, see use-case 2. This shows the use-case of QKD on two different layers, use-case 1 uses them directly in the application layer, use-case 2 encrypts data on a transport level.
See official linked in post.