Multi-tenant provisioning over software defined networking enabled metropolitan area quantum key distribution networks

Quantum key distribution (QKD) has potential to provide long-term security for communications across the Internet. As security-hungry applications dramatically rise nowadays, a growing number of QKD networks are promising to be deployed in the immediate future. Nevertheless, a high-security-demand institution (e.g., a bank) needs to pay a high price to deploy its dedicated QKD network, while a cost-effective way of overcoming this challenge is to make multiple tenants share a QKD network. Each tenant represents a high-security-demand institution and can obtain secret keys on demand from the QKD network infrastructure for security purposes. Hence, how to achieve efficient and flexible multi-tenant provisioning over a QKD network becomes a crucial problem. This work introduces software defined networking (SDN) to address this problem. We experimentally demonstrate multi-tenant provisioning (including tenant establishment, adjustment, and deletion) over SDN-enabled metropolitan area QKD networks. A SDN-enabled metropolitan area QKD network architecture is introduced. We present a workflow, protocol extensions, and an on-demand secret-key resource allocation strategy for multi-tenant provisioning, which are all demonstrated by establishing an experimental testbed in the lab. Experimental results verify the effectiveness and flexibility of our SDN-based approaches for multi-tenant provisioning over metropolitan area QKD networks. Moreover, we conduct the simulation and discover the ways of improving the success probability of multi-tenant provisioning over metropolitan area QKD networks.