KaaS: Key as a Service over Quantum Key Distribution Integrated Optical Networks

In the Internet Age, optical networks are vulnerable to numerous cyberattacks, and conventional key distribution methods suffer from the increased computational power. QKD can distribute information-theoretically secure secret keys between two parties based on the principles of quantum mechanics. Integrating QKD into optical networks can leverage existing fiber infrastructures with wavelength division multiplexing for the practical deployment of secret keys, and accordingly employ the secret keys for optical-layer security enhancement. Then, how to efficiently deploy and employ secret keys over QKD-integrated optical networks are emerging as two challenges. This article proposes a framework of key as a service (KaaS, i.e., providing secret keys as a service in a timely and accurate manner to satisfy the security requirements) to jointly overcome these two challenges. To enable the typical functions (i.e., secret-key deployment and employment) in KaaS, two secret-key virtualization steps, that is, key pool (KP) assembly and virtual key pool (VKP) assembly, are introduced. Also, we illustrate a new QKD-integrated optical network architecture from a holistic view, where the control layer is implemented by software defined networking for efficient network management. A time-shared KP assembly strategy and an on-demand VKP assembly strategy are presented for KaaS implementation. The success probabilities of KP assembly and VKP assembly are defined to evaluate the benefits of KaaS for efficiently deploying and employing secret keys as well as for security enhancement over QKD-integrated optical networks.