摘要
在未来量子计算时代,构筑虚拟专用网络(VPN)安全的认证和密钥交换环节将存在安全隐患。为此,建立基于量子安全密钥管理服务(QS-KMS)的VPN增强安全架构,实现基于量子密码的量子安全解决方案。使用全局统一的后台QS-KMS服务为IPSec VPN提供认证和会话密钥,以进行VPN业务与物理层量子设备的解耦合。针对电力架空光缆工作状况复杂、存在强环境干扰等现状,应用量子QS-KMS密钥池动态密钥管理技术与后量子密码技术使密钥池持续拥有充足密钥,以保障VPN稳定运行。在此基础上,实现电力通信网络中有效量子安全VPN服务。测试结果表明,该方法能够满足电网控制通信的需求。
In the future quantum computing era,there will be security risks in the authentication and key exchange links of constructing Virtual Private Network(VPN).Therefore,a VPN enhanced security architecture based on Quantum Secure Key Management Service(QS-KMS)is established to implement quantum security solutions based on quantum cryptography.A global unified backend QS-KMS service is used to provide authentication and session key for IPSec VPN to decouple VPN services from physical layer quantum devices.In view of the complex working conditions and strong environmental interference of power overhead fiber optic cables,the QS-KMS key pool dynamic key management technology and post-quantum cryptography technology are applied to keep the key pool sufficient to ensure the stable operation of VPN.On this basis,the effective quantum security VPN service in the power communication network is realized.Test results show that this method can meet the needs of power grid control communication.
作者
唐鹏毅
李国春
余刚
钟军
张英华
薛路
赵子岩
闫龙川
陈智雨
卢昌斌
罗斌
高松
刘建宏
TANG Pengyi;LI Guochun;YU Gang;ZHONG Jun;ZHANG Yinghua;XUE Lu;ZHAO Ziyan;YAN Longchuan;CHEN Zhiyu;LU Changbin;LUO Bin;GAO Song;LIU Jianhong(QuantumCTek Co.,Ltd.,Hefei 230088,China;State Grid Information and Telecommunication Co.,Ltd., Beijing 100761,China;QuantumCTek(Beijing)Co.,Ltd.,Beijing 100193,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2018年第12期13-17,共5页
Computer Engineering
基金
北京市科技计划课题"电力通信量子密钥抗干扰传输技术研究"(Z171100001217002)
关键词
量子安全密钥管理服务
虚拟专用网络
量子密钥分发
密钥池
动态密钥分配
后量子密码
Quantum Secure Key Management Service(QS-KMS)
Virtual Private Network(VPN)
Quantum Key Distribution(QKD)
key pool
dynamic key distribution
post-quantum cryptography
