KEY MANAGEMENT OF QUANTUM GENERATED KEYS IN IPSEC

Andreas Neppach, Christian Pfaffel-Janser, Ilse Wimberger, Thomas Loruenser, Michael Meyenburg, Alexander Szekely, Johannes Wolkerstorfer

Abstract

This paper presents a key management approach for quantum generated keys and its integration into the IPsec/IKE protocol. The solution is used in a security gateway that integrates quantum key distribution (QKD) and IPsec as a system-on-chip solution. The QKD acquisition module and the IPsec part of this prototype are implemented in hardware to provide a high level of integration as well as high encryption throughput. To make use of these fast encryption capabilities, a flexible key management approach is necessary to provide keys just in time. Thus, the presented key management approach focuses on an efficient key update mechanism and minimizes the communication overhead. Furthermore, the presented approach is a first step to integrate QKD solutions into real-world commercial applications using standardized interfaces.

References

  1. Bennett, C. H. and Brassard, G. (1984). Quantum Cryptography: Public Key Distribution and Coin Tossing. In Proceedings of International Conference on Computers, Systems and Signal Processing.
  2. Brassard, G. and Salvail, L. (1994). Secret key reconciliation by public discussion. Lecture Notes in Computer Science, 765:410-423.
  3. D. Maughan, M. Schertler, M. S. and Turner, J. (1998). Rfc 2408: Internet security association and key management protocol (isakmp).
  4. Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654.
  5. Frankel, S. and Herbert, H. (2003). RFC 3566: The AESXCBC-MAC-96 Algorithm and Its Use With IPsec. RFC 3566 (Proposed Standard).
  6. Hoffman, P. (2005). RFC 4308: Cryptographic Suites for IPsec. RFC 4308 (Proposed Standard).
  7. Kaufman, C. (2005). RFC 4306: Internet Key Exchange (IKEv2) Protocol. RFC 4306 (Proposed Standard).
  8. Kent, S. (2005). RFC 4303: IP Encapsulating Security Payload (ESP). RFC 4303 (Proposed Standard).
  9. LorĂ¼nser, T., Querasser, E., Matyus, T., Peev, M., , Wolkerstorfer, J., Hutter, M., Szekely, A., , Wimberger, I., Pfaffel-Janser, C., and Neppach, A. (2008). Security Processor with Quantum Key Distribution.
  10. Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (1997). Handbook of Applied Cryptography. Series on Discrete Mathematics and its Applications. CRC Press. ISBN 0-8493-8523-7.
  11. National Institute of Standards and Technology (NIST) (2001). FIPS-197: Advanced Encryption Standard.
  12. Shoup, V. (1996). On fast and provably secure message authentication based on universal hashing. Lecture Notes in Computer Science, 1109:313-328.
Download


Paper Citation


in Harvard Style

Neppach A., Pfaffel-Janser C., Wimberger I., Loruenser T., Meyenburg M., Szekely A. and Wolkerstorfer J. (2008). KEY MANAGEMENT OF QUANTUM GENERATED KEYS IN IPSEC . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 177-183. DOI: 10.5220/0001926601770183


in Bibtex Style

@conference{secrypt08,
author={Andreas Neppach and Christian Pfaffel-Janser and Ilse Wimberger and Thomas Loruenser and Michael Meyenburg and Alexander Szekely and Johannes Wolkerstorfer},
title={KEY MANAGEMENT OF QUANTUM GENERATED KEYS IN IPSEC},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={177-183},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001926601770183},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - KEY MANAGEMENT OF QUANTUM GENERATED KEYS IN IPSEC
SN - 978-989-8111-59-3
AU - Neppach A.
AU - Pfaffel-Janser C.
AU - Wimberger I.
AU - Loruenser T.
AU - Meyenburg M.
AU - Szekely A.
AU - Wolkerstorfer J.
PY - 2008
SP - 177
EP - 183
DO - 10.5220/0001926601770183