proto-kms

module

v0.0.0-...-f9f117d Latest Latest Go to latest Published: Sep 6, 2023 License: BSD-3-Clause

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

code.fbi.h-da.de/danet/proto-kms

Links

Open Source Insights

README ¶

Proto KMS

This is a prototypically Key Management System (KMS) for Quantum Key Distribution Networks (QKDN).

It uses, by now, an emulation of a quantum link to exchange random numbers between neighboring quantum network elements.

Note well This is not intended to be used in production environments, neither in networks that can be reached by everybody, nor in other uncontrolled settings.

Acknowledgements

This prototypically Key Management System (KMS) has been developed in the DemoQuanDT project ("Quantenschlüsselaustausch im deutschen Telekommunikationsnetz für höhere IT-Sicherheit", engl. quantum key exchange in the german telecommunications network for higher IT security).

The DemoQuanDT project is funded by the german ministry of education and research (BMBF).

Implementation of the Quantum Layer

Pseudo Random Number Generator (PRNG) based Emulation

Overview

The generation of random numbers is done via the golang's crypto/rand pseudo random number generator (PRNG). The sending quantum network element takes the generated random numbers and sends them by means of an UDP datagram to the receiving quantum network element. The receiver can take these random numbers and hand them over to the KMS for further processing.

The quantum network element is integrated with the proto-kms, in case of this PRNG-based emulation.

The KMS receives an amount or random numbers from the quantum layer, whereas the actual amount will vary over time.

Generation of Random Numbers

As mentioned above, golang's crypto/rand pseudo random number generator (PRNG).

First, rand is used to generate the amount of random numbers numRandsand then uses this to generate the actual random numbers (stored in b). This is done in func (qlemuprng *QuantumlayerEmuPRNG) GenerateRandomNumbers() (randNums []byte)

numRands, randError := rand.Int(rand.Reader, big.NewInt(1000)
b := make([]byte, numRands.Uint64())
_, randError = rand.Read(b)

Quantum Layer Links: Peers

A quantum layer link peer is the communication partner on a point-to-point link. One has to generate a new peer in the quantum layer in order to communicate with the peer.

Interfaces to the proto-kms

Interface to the Quantum Layer

This interface is solely a go API within the proto-kms.

Inter-KMS Communication

This interface is required for the communication between the peering KMS in order to coordinate their actions for key selection and key forwardwing path configuration. This is in interkmsproto.

ETSI-Interfaces

There are basically two ETSI interfaces, i.e.,

ETSI QKD GS 14 for retrieval of keys by an external entity from the kms
ETSI QKD GS 15 for the configuration of the key forwarding process and peers of the kms

However, at this point of this, both interfaces are lumped together in one gRPC interface kmsetsiproto.

Encryption Key Retrieval Interface

SDN Controller (ETSI GS QKD 15)

Interactions (AKA Flowcharts)

sequenceDiagram
QKDNC->>KMS1: ETSIGetQuantumInterfaces()
loop 
    KMS1->>KMS1: range es.handlingEkms.QuantumElements
end
KMS1-->>QKDNC: List QuantumInterfaces
QKDNC->>KMS1: ETSIAddKMSPeer(KMS2)
KMS1-->>QKDNC: KMSPeer added
KMS1->>KMS2: InterComCapabilities()
KMS2->>KMS1: InterComCapabilitiesReply
QKDNC->>KMS1: AddSession() NOTIMPLYET
KMS1->>KMS2: InterComKeyTransportSessionHandling()
KMS2->>KMS1: InterComKeyTransportSessionHandlingReply
KMS1-->>QKDNC: SessionReply NOTIMPLYET

Directories ¶

Path	Synopsis
api
gen/proto/go/kmsetsi
gen/proto/go/kmsintercom
kms
quantumlayer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL