Authors: Paul James, Stephan Laschet, Sebastian Ramacher, Luca Torresetti
URL: https://doi.org/10.1145/3600160.3605050

The Key Management System (KMS) is an important component in scaling up from link-to-link key generation to large key distribution networks. In this work we provide an overview of a KMS in the context of Quantum Key Distribution Networks (QKDN) and give a thorough summary of the functionality of a KMS in such an application. Beyond classical QKDNs, we discuss Post Quantum Cryptography (PQC) hybridization techniques at the KMS level. These methods add an additional layer of security against quantum computer driven attacks. We also discuss selected topics regarding the development, deployment and operation of components for such security infrastructure. In addition, relevant standards in the realm of Quantum Key Distribution (QKD) are outlined and analyzed. As some of the necessary interfaces have not been standardized, namely the interface between two KMS instances and the interface between the KMS and the Software Defined Network (SDN) Agent, we propose APIs for these two cases. The design of the interface between the KMS and QKD modules is discussed and, considering their resource constraints, a push mode for the ETSI GS QKD 004 standard is proposed. Finally, implementation details of a prototype KMS are outlined and trade-offs are discussed.