The solution provides Quantum-resistant secure data communication channel, with capability of hosting variety of services hosted at AWS. The current solution is showcased with secure video conferencing using video server hosted at the AWS cloud. This one of the various services which can be secured and made resistant to quantum computers hacking. The data services will be like data storage solutions, messaging services, video conferencing and others, hosted at the AWS.
The POC of this solution focuses on providing video conferencing service to the different clients located at the enterprise data center with the video server hosted at AWS, such that the video call is end-to-end quantum secure.
The solution utilizes Quantum Key Distribution (QKD) technology to generate and distribute secure keys between two locations. Two ARMOS QKD devices, hosted at the QNU labs office premises, form a pair to distribute quantum keys (Kq) over a 50 KM (extendable to 150 KM) optical fiber link. This setup simulates two geographically separated locations: Bangalore (QKD Rx, also known as Bob) and Mysuru (QKD Tx, also known as Alice). The Bangalore location serves as the central hub and connects to a second Alice, a Digital Alice, located at the AWS Endpoint.
The QKD systems generate quantum keys based on the principles of physics, transmitting single photons in quantum states encoded with information bits using the Differential Phase Shift and Decoy (DPS + Decoy) protocol. Additionally, the hub generates Post-Quantum Cryptography (PQC) keys (Kpqc) when switching to Digital QKD (located at AWS).
The Key Relay mechanism uses One Time Pad (OTP) to relay the quantum keys to the AWS EC2 instance in Mumbai. The OTP operation involves an XOR of the Kq and Kpqc keys at Bob, which is then relayed to Digital Alice. Finally, Digital Alice XORs the received keys with Kpqc to retrieve the original Kq keys.
Now the QKD systems, between Bangalore and Mysuru, generate the Quantum keys based on the laws of physics, with transmission of Single Photons in quantum states, carrying information bits encoded using Differential Phase Shift and Decoy (DPS + Decoy) protocol.
Also the Hub when switching with Digital QKD (located at AWS), generates PQC keys Kpqc.
Subsequently using Key relay mechanism, through the One Time Pad (OTP), the Quantum keys are relayed to the AWS EC2 located at Mumbai.
OTP operation involves XOR of the Kq and the Kpqc keys at the Bob. This XOR keys is then relayed to the Digital Alice , which are then XORed back again using Kpqc to retrieve the Kq keys.
Thus at the end of this key relay/migration process symmetric Quantum keys are available at both Mysuru and AWS location.
These keys, once available at both the locations, are made available to the router and used by Q-Sheild client/server to create TLS based encrypted (AES-256 GCM) channel for secure data transmission.
This channel is end-to-end quantum resistant and will be used to secure various data services, in this case the Video conferencing.
To establish the video conferencing, the video server is located at the AWS endpoint behind the Q-Sheild server to which the PQC enabled Q-Sheild clients connect to establish secure channel. The encryption is based on the AES-256 GCM encryption.
These Q-Sheild clients now join the video conferencing using the web-based video call for end-to-end quantum resistant seamless video call.