Research On Key Distribution Schemes And Applications In QKD Networks

In the digital era,the use and transmission of information are closely related to our daily lives.Currently,various information security issues emerge endlessly,and threats to the information of individuals and institutions are becoming increasingly common and serious.Therefore,how to ensure information security is increasingly receiving widespread attention from academia and industry.With the development of quantum information technology,the improvement of computational power brought by quantum computers and the quantum superiority have posed a huge threat to some classical cryptographic systems based on mathematical puzzles.As an effective tool to address the potential threats of quantum computing,quantum key distribution utilizes quantum mechanical properties,including quantum No-cloning theorem,superposition state,and Heisenberg uncertainty principle,to achieve theoretically unconditional and secure sharing of keys between communication parties.To meet more extensive and longdistance needs of quantum keys,quantum key distribution networks have emerged and gradually developed in recent years.Quantum key distribution networks interconnect nodes across a wide range through classical and quantum channels,enabling key distribution and sharing between any node.However,there are currently some issues in quantum key distribution and applications,including security issues caused by untrusted relay nodes during end-to-end key distribution,routing schemes lacking differentiated demand awareness,and effective integration of quantum keys with classical network applications.To solve the three problems mentioned above in the distribution and application of quantum keys,this dissertation proposes corresponding solutions:1.To address the impact of insecure relay nodes on the security of key distribution in networks,this dissertation proposes a segment-based multipath key distribution method in partially-trusted relay quantum key distribution networks.This method utilizes the location information of trusted relay nodes to evenly distribute the risk of key leakage to each segment of the path in a segmented distribution manner,thereby improving the security of end-to-end key distribution.In the segmented distribution method,this study also proposes a flexible key reconstruction scheme,which adjusts the key reconstruction method according to the security requirements of the request for the key,while meeting the security requirements and improving the key distribution efficiency as much as possible.Simulation experiments show that this method can effectively improve the security and efficiency of the distribution process compared to traditional multipath key distribution methods.2.Aiming at the lack of differential demand-aware routing problem in key distribution,this dissertation proposes a demand-aware routing scheme in quantum key distribution networks.This routing scheme starts from the differentiated requirements of requests for keys and formulates corresponding path costs and routing strategies for different types of requests while satisfying the requirements.According to the link characteristics of quantum key distribution networks,the complementary role of the key pool on the link is considered in the routing process,which satisfies more requests.Simulation experiments show that this scheme improves the request service rate and reduces resource consumption during distribution compared to existing request-oriented routing schemes.3.Aiming at the integration of quantum keys and classical network applications,this dissertation proposes an IPSec protocol design that integrates quantum keys.This design implements a quantum key interface for key management,synchronization,and provisioning.Based on this,quantum keys are used to enhance the security of key exchange and authentication in the original IPSec protocol.A dynamic quantum key derivation mechanism is also implemented to protect data transmission in classic networks by continuously updating encryption and integrity protection keys in the security association.We also build a virtual network environment to deploy the proposed design and test its functionality and performance.The results show that this design can effectively run and improve the security of the original protocol.