Toward Designing a Quantum Key Distribution Network Simulation Model

. As research in quantum key distribution network technologies grows larger and more complex, the need for highly accurate and scalable simulation technologies becomes important to assess the practical feasibility and foresee diﬃculties in the practical implementation of theoretical achievements. In this paper, we described the design of simpliﬁed simulation environment of the quantum key distribution network with multiple links and nodes. In such simulation environment, we analyzed several routing protocols in terms of the number of sent routing packets, goodput and Packet Delivery Ratio of data traﬃc ﬂow using NS-3 simulator.


Introduction
Quantum Key Distribution (QKD), based on the laws of physics rather than the computational complexity of mathematical problems, provides an Information Theoretically Secure (ITS) way of establishing symmetrical binary keys between two geographically distant users.The keys are secure from eavesdropping during transmission and QKD ensures that any third party's knowledge of the key is reduced to the level of guessing.Due to the specificity of QKD link which requires optical and Internet connection between the network nodes, it is very costly to deploy a complete testbed containing multiple network hosts and links to validate and verify a certain network protocol or a specific network algorithm.The network simulators in these circumstances save a lot of money and time in accomplishing this task.

State of the Art
A simulation environment offers the creation of complex network topologies, a high degree of control and repeatable experiments, which in turn allows researchers to conduct exactly the same experiments and confirm their results.Unlike for conventional networks, there are few software applications dealing with QKD.Quantum Cryptography Protocol Simulator [1] developed using C/C++ architecture is able to analyze the Quantum Bit Error Rate (QBER) and eavesdropper influence on the performances of the quantum channel when BB84 or B92 QKD protocol is used.A similar application is reported in [2].Object-oriented simulation for QKD protocols was reported in [3] while an eventby-event simulation model and polarizer as simulated component for QKD protocols with the presence of eavesdropper and misalignment measurement as scenarios were reported in [4].A simulation framework for QKD protocols using OptiSystem was reported in [5], and a modeling framework designed to support the development and performance analysis of practically oriented QKD system representations was reported in [6].Yet all of these applications deal only with optical channel performance or QKD protocols and disregard the public channel and the entirety of the protocol stack above the quantum channel.To the best of our knowledge, applications for simulating QKD networks with multiple nodes and links are not available.There-fore, in this paper, we describe the design of simplified simulation environment of QKD network with multiple links and nodes.In such simulation environment, we analyze several routing protocols in terms of the number of sent routing packets, goodput and Packet Delivery Ratio of data traffic flow.
The rest of the paper is organized as follows: Section 3.
provides the basis of the QKD and describes the hop-by-hop communication approach used in QKD network.The simulation setup is presented in Section 4. , while in Section 5.
we provide an evaluation of obtained result and discuss the broader aspects of our approach.Section 6. concludes this study and outlines the future work.

Fundamentals of Quantum Key Distribution
QKD networks differ from the traditional communication network in several aspects.One of the main differences is reflected in the implementation of the network link.A QKD link employs two distinct communication channels between the parties: the quantum channel, which is used for transmission of quantum key material encoded in certain photon properties such as polarization or phase, and the public channel, which is used for verification of exchanged key material and transmission of encrypted data (Fig. 1).A quantum channel is always a point-to-point connection between exactly two nodes [7] while public channel can be realized as any conventional connection which may include arbitrary number of intermediate devices [8].A second important feature of the QKD network is reflected in the limited length of the links and maximal transfer rate.Namely, due to absorption and scattering of polarized photons [9], [10], [11] and [12]], the quantum channel can be realized by a direct optical fiber or free line of sight only for a certain distance.An equally important feature of the link is the amount of key material that can be established in a unit of time and this amount may vary due to humidity, temperature, the stability of devices, global radiation, pressure, dust, sunshine duration or other factors [7] and [13].
However, it mostly depends on the length of the link and it is often referred to as the key generation rate or simply key rate.
The maximum length of the link and the key rate are usually used to evaluate the QKD system.A chronological look at previously deployed QKD networks reveals a rapid improvement in the development of quantum equipment: QKD systems implemented in 2002 in the DARPA BBN QKD network were able to achieve a key rate of approximate 400 bps over 10 km [14]; In 2007 in SECOQC, the maximal key rate was 3.1 kbps over 33 km [15], while the solutions presented in 2009 in Tokyo achieved a key rate of 304 kbps over 45 km [16].
Although key rate results of up to 1 Mbps have been reported [17], [18] and [19], such solutions are limited to very short distances.Therefore, for current systems, the distance at which a QKD link is possible is roughly limited to 100 km in optical fibers, while the stable key rate is currently restricted to a few tens or hundreds of kbps depending on the distance [11] and [13].
Due to the limited key rate, links are organized in the following way: both endpoints of the corresponding link have key storages with limited capacity which are gradually filled with the new key material, which is subsequently used for the encryption/decryption of data flow and QKD devices constantly generate keys at their maximum key rate until the key storages are filled [20].The type of used encryption algorithm and the amount of network traffic to be encrypted determines the speed of emptying the key storage, often referred as key consumption rate, while the key rate of the link determines the key charging rate [7], [14] and [21].If there is no enough key material in the storage, encryption of data flow cannot be performed [22] and the link can be characterized as "currently unavailable".To provide Information-Theoretically Secure (ITS) communication, in the public channel the key tends to be applied with a One-Time Pad (OTP) cipher, which requires the length of the key to be the same as the length of the message that is to be encrypted.However, if the ratio between the charging and consumption rates is not appropriate [23] and [24], OTP cannot be used due to the lack of key material, and using less secure algorithms that do not require too much material such as Advanced Encryption Standard (AES) becomes inevitable [25].
QKD networks also differ from the conventional networks in terms of network organization.Although there are theoretical and pioneering results in the field of quantum repeaters and quantum relays [26], [27] and [28], in practice they remain unachievable with current technology [11] and [29].Therefore, the communication within network usually takes place in a hop-byhop [30] or in a key relay manner [14] and [31].Both methods rely on the assumption that all nodes along the path between the sender and receiver must be fully trusted [22] and [32].However, this restriction can be overcome when multiple path-based communication or Quantum Network Coding [33] is used.

Routing in QKD Networks
Due to the specificity of QKD networks, the two requirements for the selection of routing protocol are emphasized: • Since the communication is usually performed on hop-by-hop basis, it is necessary to minimize the number of links by choosing the shortest path due to key material consumption [7].
• Given that the main objective of QKD is to provide ITS communication, routing packet needs to be either encrypted and authenticated or at least authenticated [7].This entails that the number of routing packets in the network needs to be minimized.

Simulation Setup
To test the performances of various routing protocols in QKD network, we set up a network simulation of 6 fixed nodes forming the topology shown in Fig. 2 which was simulated in Network Simulator 3 (NS-3) of version DCE 1.8 [34].As noted above, if there is sufficient key material to encrypt the data traffic that flows over the QKD link, the link is seen as "available".Otherwise, the QKD link is noted as "currently unavailable".To simulate such behaviour of QKD link, we used the propagation delay of the point-to-point connection between the nodes.At each point-to-point link, the "virtual buffer" with initial amount of key material is installed.The buffers are referred as "virtual" because they do not perform real encryption of data flow nor they use real key material.Virtual buffers only measure the traffic and reduce its value by the packet payload length.In this way, virtual buffers imitate the OTP cipher from the point of the key material consumption.When the key material is depleted, that is, when the link is marked as "currently unavailable", the propagation delay of the point-to-point link is increased to value of 100 seconds stopping any kind of communication.Otherwise, the propagation delay is set to 2 ms, which is the default value of point-to-point connection in case when the QKD link is seen as "available".The buffers are constantly charged with new key material of constant rate, which means the simulated QKD link can switch from the "available" to "currently unavailable" state and vice versa.
The reason for this simulation setup is a simple imitation of the availability of QKD link.Using of other means, such as the shutdown of network interface will result in informing the routing protocol which would automatically broadcast this information.The described simulation setup provides a simple imitation of QKD network, and allows us to test various routing protocols in a very simple way.

Simulation Results
The parameters in Tab. 1 indicate the links C-E and D-E have the least amount of initial key material.
As tested routing protocols have no information about the status of virtual buffers, they need to choose between one of the two available paths: A-B-D-E-F or A-B-C-E-F.Yet, after a while, the usage of any of these paths results in a disruption of communication since the available key material is quickly consumed.Then, the routing protocol needs to choose an alternative route while the depleted link is charging.Further, when the used link is depleted again, the routing protocol switches to an alternate path and so on.
Routing protocols are broadly classified into proactive and reactive routing protocols.In a reactive routing protocol such as AODV, routing paths are searched only when needed, mainly by flooding the network.The discovery procedure terminates when either a route has been found, or no route is available after all route permutations have been checked.Conversely, the proactive routing protocol, such as DSDV, OLSR or OSPF, continuously evaluate routes to all reachable nodes and attempt to maintain consistent, up-to-date routing information, by exchanging periodically its routing tables (OLSR, DSDV) or exchanging network topology information (OSPF) [35].
AODV is an on-demand variation of distance vector reactive routing protocol which determines a route to a destination only when a route is required.Each node maintains a table with information referring to the first neighbor.This table is updated using periodic Hello messages that are locally broadcast messages utilized to indicate link availability.By default, AODV broadcast Hello messages each second and failure to receive Hello message in "allowed hello loss interval", which is set to 2 seconds by default, indicates a loss of connectivity to that neighbor.When a route for the desired destination is not available or when a routing table entry expires after a predetermined period, a route discovery request is flooded through the network.The obtained route is maintained as long as it needed by the source.
OSPF is a widely deployed link-state routing protocol which means that each router maintains a linkstate database describing the network topology.This database is updated using Link State Announcement (LSA) update information.From the link-state database, each router constructs a tree of shortest paths with itself as the root.By default, OSPF floods LSA each 30 minutes and it exchanges Hello packets to establish and maintain a neighbor relationship on each 10 seconds.If a node does not receive a Hello message from a neighbor within a "dead interval time", OSPF modifies its topology database to indicate that the neighbor is unavailable.This fixed time interval specifies the time that OSPF waits before declaring the neighbor node to be unavailable.By default, it is set to four times the default hello interval, which is 40 seconds in case of point-to-point networks.
OLSR is based on a proactive link-state approach, which makes it very similar to OSPF.It uses Hello and Topology Control (TC) routing messages to discover and disseminate link-state information through the network.OLSR reduces the control traffic overhead by using Multipoint Relays (MPR), which is the key idea behind OLSR.The MPR node is a node's one hop neighbor which has been chosen to forward packets.Instead of pure flooding of the network, packets are forwarded by node's MPRs.This delimits the net-work overhead, thus being more efficient than pure link state routing protocols.By default, OLSR node sends Hello messages each 2 seconds while TC messages are exchanged each 5 seconds.The holding time is usually three times the Hello message period.Therefore, a link breakage is detected after 6 seconds in the worst case.
DSDV is the most popular proactive routing protocol based on the distributed Bellman-Ford algorithm.In DSDV, each node maintains two tables.One of them is the permanent routing table in which all of the possible destinations within the network, the address of next hop and the total number of hops to reach the destination are listed.Each node is in charge to periodically broadcast its routing table to its neighbor nodes by using periodic update packets based on periodic route update interval which is set to 15 seconds by default.After receiving of the update packet, the neighbor node updates its routing table by incrementing the number of hops by one and forwards the packet further in the network.The process is repeated until all the nodes in the network receive a copy of the update packet with a corresponding value.To avoid the formation of routing loops, entries in the routing table are marked with a sequence number.In addition to regular periodic updates, DSDV uses triggered updates when the network topology suddenly changes.The main purpose of these updates is to advertise the information that has changed since the last periodic update.However, if a periodic and triggered update occurs in a short period of time, the values may be merged and the only periodic update will be performed.To limit the propagation of unstable information, the transmission of triggered updates is delayed using settling time which is recorded in the second DSDV table for each destination node.By default, settling time is set to 5 seconds [35].
Table 2 presents the obtained values based on the number of sent routing data.Packet Delivery Ratio (PDR) which is calculated as the ratio of received and sent application packets, is used to assess the effectiveness of the routing protocol within the specified simulation environment.Table 2 shows that AODV reactive routing protocol sends the largest number of routing packets and has the same PDR as OSPF routing protocol.However, AODV floods route request and hello Tab.2: Comparison of the obtained values.
The number of routing packets and Packet Delivery Ratio (PDR) which is calculated as the ratio of received and sent application packets is used to assess the effectiveness of the routing protocol.messages which result in a fast reduction of available key material.This is evident from Fig. 3 where it is shown that in last 60 seconds of the simulation there is no AODV traffic due to lack of available key material.

Routing data Application data
OSPF sends Hello packets each 10 seconds and on 40 th second of the simulation, OSPF exchange the LSA information which is shown as a large peak of OSPF graph on Fig. 3. Due to the large value of "dead interval time", OSPF is not able to react quickly to the changes of the network topology which finally results in a low PDR.
On the other side, the small value of hello and dead interval allows OLSR to react quickly to the changes of a network topology which results in the highest PDR.OLSR floods Hello and TC packets each 2 and 4 seconds, respectively, which results in almost constant propagation of the routing packets.In addition, the flooding based on MPR reduces the consumption of scarce key material when compared to AODV.Although OLSR provides best results in the view of PDR, OLSR is based on constant flooding of the network which is contrary to the requirements specified in Subsection 3.1.
Finally, as shown in Fig. 3, distribution of DSDV packets is almost regular with the period of 15 seconds.DSDV sends the least number of packets and achieves better PDR then well-known OSPF.The results from Tab. 2 are shown in Fig. 4 from where it can be seen that AODV and OSPF have the same selection of paths which results in the same PDR.OLSR and DSDV alternately choose the available path which provides the better PDR.

Conclusion
In this paper, we presented a simple way to mimic QKD network.In such an environment, we tested several routing protocols with reference to the number of routing packets and Packet Delivery Ratio.It is important to stress that none of the simulated routing protocols has built-in mechanisms of congestion detection or QoS mechanisms.Although OSPF routing protocol was used in previously deployed QKD networks [20], [36] and [37], we have shown that DSDV provides better network performances since it provides better PDR with a smaller amount of routing information.On the other hand, AODV and OLSR seem not to be appropriate for QKD network due to the large amount of routing data that are flooded throughout the network.
The main contribution of this paper is the presentation of a simple way to mimic the behavior of QKD network and the performance analysis of the different routing protocols in such simulated environment.
Our future work will focus on developing dedicated simulation module which will allow a more detailed analysis of QKD network.

Fig. 1 :
Fig. 1: Overview of a QKD link between two QKD nodes which consist of an optical quantum channel (continuous red line) and a public/classical channel (dashed blue line).

Fig. 2 :
Fig. 2: Topology of simulated network in which data UDP flow of rate 160 kbps between nodes A and F is established.Nodes are connected with point-to-point links.

Fig. 4 :
Fig.4: Goodput of the UDP data flow between nodes A and F.

Table 1
presents the nodal model parameters including the key generation rate, charging key rate, packet size, and data traffic parameters.The parameters not given here were the default parameters of the NS-3 simulator.Parameter values of the simulation.