Skip to content

Monitoring and Physical-Layer Attack Mitigation in SDN-Controlled Quantum Key Distribution Networks

Research output: Contribution to journalArticle

Original languageEnglish
Article number2
Pages (from-to)A209-A218
Number of pages10
JournalIEEE/OSA Journal of Optical Communications and Networking
Issue number2
Early online date17 Jan 2019
DateAccepted/In press - 3 Dec 2018
DateE-pub ahead of print - 17 Jan 2019
DatePublished (current) - 2019


Quantum Key Distribution (QKD) has been identified as a secure method for providing symmetric keys between two parties based on the fundamental laws of quantum physics, making impossible for a third party to copy the quantum states exchanged without being detected by the sender (Alice) and receiver (BoB) and without altering the original states. However, when QKD is applied in a deployed optical network, physical layer intrusions may occur in the optical links by injecting harmful signals directly into the optical fibre. This can have a detrimental effect on the key distribution and eventually lead to its disruption. On the other hand, network architectures with software defined networking (SDN) benefit from a homogeneous and unified control plane that can seamlessly control a QKD enabled optical network end-to-end. There is no need for a separate QKD control, a separate control for each segment of an optical network and an orchestrator to coordinate between these parts. Furthermore, SDN allows customised and application tailored control and algorithm provisioning, such as QKD aware optical path computation, to be deployed in the network, independent of the underlying infrastructure. Therefore, in this manuscript, we investigate the integration of the application, SDN and QKD infrastructure layers and confirm capability for flexible supervision and uninterrupted key service provisioning in the event of link level attacks. An experimental demonstrator is used, for the first time, to verify the architecture proposed, considering real-time monitoring of quantum parameters and fiber-optic link intruders to emulate real-world conditions. Furthermore, attacks on a standard single-mode fiber (via a 3dB coupler) and a multicore fiber (via an adjacent core) are undertaken to explore different connectivity between QKD units. Results show an additional attacker identification and switching time of less than 60ms for the link cases investigated, being negligible compared to the total (re)-initialization time of 14 minutes of the QKD units.

    Research areas

  • Link failure mitigation, Multicore fiber, Quantum key distribution, Software-defined networking

Download statistics

No data available



  • Full-text PDF (accepted author manuscript)

    Rights statement: This is the author accepted manuscript (AAM). The final published version (version of record) is available online via OSA at Please refer to any applicable terms of use of the publisher.

    Accepted author manuscript, 1 MB, PDF document


View research connections

Related faculties, schools or groups