计算机工程 ›› 2018, Vol. 44 ›› Issue (12): 13-17.doi: 10.19678/j.issn.1000-3428.0051966

所属专题: 量子信息技术专题

• 量子信息技术专题 • 上一篇    下一篇

基于QS-KMS的VPN增强电网通信安全方案

唐鹏毅1,李国春2,余刚1,钟军3,张英华3,薛路3,赵子岩2, 闫龙川2,陈智雨2,卢昌斌1,罗斌1,高松1,刘建宏1,3   

  1. 1.科大国盾量子技术股份有限公司,合肥 230088; 2.国网电力信息通信有限公司,北京 100761; 3.北京国盾量子信息技术有限公司,北京 100193
  • 收稿日期:2018-06-29 出版日期:2018-12-15 发布日期:2018-12-15
  • 作者简介:唐鹏毅(1988—),男,博士,主研方向为量子信息技术、信息安全技术;李国春、余刚,高级工程师;钟军、张英华,博士;薛路,硕士;赵子岩,博士;闫龙川,硕士;陈智雨,博士;卢昌斌、罗斌、高松,硕士;刘建宏(通信作者),博士。
  • 基金项目:

    北京市科技计划课题“电力通信量子密钥抗干扰传输技术研究”(Z171100001217002)

VPN Enhanced Power Grid Communication Security Scheme Based on QS-KMS

TANG Pengyi 1,LI Guochun 2,YU Gang 1,ZHONG Jun 3,ZHANG Yinghua 3,XUE Lu 3,ZHAO Ziyan 2, YAN Longchuan 2,CHEN Zhiyu 2,LU Changbin 1,LUO Bin 1,GAO Song 1,LIU Jianhong 1,3   

  1. 1.QuantumCTek Co.,Ltd.,Hefei 230088,China; 2.State Grid Information and Telecommunication Co.,Ltd., Beijing 100761,China; 3.QuantumCTek(Beijing) Co.,Ltd.,Beijing 100193,China
  • Received:2018-06-29 Online:2018-12-15 Published:2018-12-15

摘要:

在未来量子计算时代,构筑虚拟专用网络(VPN)安全的认证和密钥交换环节将存在安全隐患。为此,建立基于量子安全密钥管理服务(QS-KMS)的VPN增强安全架构,实现基于量子密码的量子安全解决方案。使用全局统一的后台QS-KMS服务为IPSec VPN提供认证和会话密钥,以进行VPN业务与物理层量子设备的解耦合。针对电力架空光缆工作状况复杂、存在强环境干扰等现状,应用量子QS-KMS密钥池动态密钥管理技术与后量子密码技术使密钥池持续拥有充足密钥,以保障VPN稳定运行。在此基础上,实现电力通信网络中有效量子安全VPN服务。测试结果表明,该方法能够满足电网控制通信的需求。

关键词: 量子安全密钥管理服务, 虚拟专用网络, 量子密钥分发, 密钥池, 动态密钥分配, 后量子密码

Abstract:

In the future quantum computing era,there will be security risks in the authentication and key exchange links of constructing Virtual Private Network(VPN).Therefore,a VPN enhanced security architecture based on Quantum Secure Key Management Service(QS-KMS) is established to implement quantum security solutions based on quantum cryptography.A global unified backend QS-KMS service is used to provide authentication and session key for IPSec VPN to decouple VPN services from physical layer quantum devices.In view of the complex working conditions and strong environmental interference of power overhead fiber optic cables,the QS-KMS key pool dynamic key management technology and post-quantum cryptography technology are applied to keep the key pool sufficient to ensure the stable operation of VPN.On this basis,the effective quantum security VPN service in the power communication network is realized.Test results show that this method can meet the needs of power grid control communication.

Key words: Quantum Secure Key Management Service(QS-KMS), Virtual Private Network(VPN), Quantum Key Distribution(QKD), key pool, dynamic key distribution, post-quantum cryptography

中图分类号: