EN | KR
Contact Us
Menu

Nation-wide Quantum Safe Key Distribution Network in South Korea

ID Quantique and SK Broadband deployed the world’s first country-wide quantum-safe network infrastructure, connecting 48 government departments over a single 800-km converged network. It is the largest and most sophisticated commercial-grade quantum communication network, allowing for:

  • Long term resiliency against “Harvest Now, Decrypt Later” (HNDL) attacks for government departments’ data across the network infrastructure
  • Cost-efficiency through simplified operation and management
  • Defense-in-depth with an unprecedented level of flexibility for the Quantum-Safe migration of the application layer
  • Service-based security for easy onboarding of additional users and for scaling the network security beyond “dark” optical fibers

Project overview

Requirements and challenges

Redundant network ensuring high availability

Integrated network compatible with existing SDN and systems

Ability to provide quantum-safe keys through two telecom operators

Bandwidth on demand to adapt to varying usage patterns

Scalable solution designed for future extension

Stakeholders


 


 


 

Preparing South Korea for the quantum age

In an era where the scale and nature of cyber threats are changing drastically with the onset of AI and Quantum computing, securing sensitive data is requiring a strategic approach and innovative remediation technologies. Recognizing the need for a quantum leap in cybersecurity, South Korea embarked on an ambitious project to build the first nation-wide Quantum Key Distribution (QKD) network.

The Korean government sought a long-term solution to safeguard sensitive information and communications among its key agencies, including the Ministry of Employment and Labor, the Ministry of Economy and Finance, the Ministry of Education, and various local governments.

A national backbone network was proposed to interconnect the individual networks of 48 government organizations, enhancing security and improving operational and budgetary efficiency. This backbone network would link multiple smaller networks, enabling organizations with different local area networks (LANs) or subnetworks to exchange data seamlessly.

The plan aimed to integrate each department’s separate networks into a unified convergence network for greater operational efficiency, with the additional key objective to use quantum technologies to guarantee the highest level of security and ensure long-term data communication security from day one.

A mutualized and interoperable QKD infrastructure, one of the key requirements, was implemented with redundancy built into nodes, lines, and equipment. SK Broadband manages the first 48-node network, focusing on cities and provinces, while a second telecom operator deployed a second mesh network connecting 21 nodes for central government buildings.

For the main requirements to be met, IDQ has developed and deployed the most advanced key management, configuration, and monitoring solutions. IDQ’s Clarion KX Platform offers end-to-end security and handles complex routing that enables any-to-any encryption service in real time.

Importantly, the Korean government required fully redundant service, bandwidth on demand, and 24/7 centralized monitoring. The overall solution had to comply with all national cybersecurity regulations.

Solution

The government selected SK Broadband and its partner ID Quantique for their unique capability to provide five key elements to achieve a successful deployment:

  1. An advanced QKD framework: a set of hardware and software solutions together with state-of-the-art interfaces, support for complex topologies and wide range industry integrations. A telecom-grade QKD platform is essential for supporting the intricate and expansive nation-wide network infrastructure required for the project, ensuring robust and reliable long-term security.
  2. A Quantum Key Management System (Clarion KX): delivers the highest end-to-end key service for encrypting data in transit, and provides for network segmentation, allowing different customers to control and manage the key service. It allows for integration with third-party QKD equipment and other key management systems, which is vital for maintaining secure and adaptable communication channels.
  3. Integration with Network Operation Centers: IDQ’s QMS can monitor and control dozens of QKD nodes in real-time, providing the ability to meet the high and demanding requirements of telecom operators’ Network Operations Centers (NOCs). The solution can cope with a sudden increase in traffic via software-defined networking (SDN) technology that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring. This ensures that the network operates smoothly and can quickly respond to any issues.
  4. Integration with certified crypto libraries: the capability to seamlessly integrate with 3rd party subsystems, including the Korean Government certified cryptographic libraries. This ensures that the network complies with national security standards and utilizes trusted encryption methods.
  5. Support for standard interfaces: the support for the standard interface ETSI QKD 014 and ETSI 020 allows for compatibility with standard encryptors and key management solutions, including those from Korean manufacturers. This interoperability is essential for creating a cohesive and versatile network that can work with a variety of encryption devices and across heterogenous telecom infrastructures.
QKD framework

IDQ’s QKD framework

IDQ’s QKD software

This is one of the world’s largest QKD network, comprising 27 QKD pairs or links, three rings, and one daisy chain connection to connect geographically distant rings. The network includes 10 trusted relays, which operate on the QKD layer. This layer involves dark fiber connectivity between QKD boxes, facilitating key exchange across different network segments. To ensure various customers can control their own security configuration and service, the solution provides three segregated Q-KMS instances that leverage the security of the QKD layer. These software platform instances exchange keys between each other via standard interfaces implemented in three gateways.

Clarion KX: enabling end-to-end quantum-safe communication

To enable a scalable and feature-rich quantum-safe service beyond a native point-to-point topology, the solution leverages IDQ’s Clarion KX platform as its key management layer (the Key Service layer graphic below). This software layer allows for any encryptor within the network to request key exchanges with any other encryptor, regardless of their locations. Clarion KX is embedded in each QKD appliance, and its most fundamental purpose is to orchestrate and synchronize keys between any two points on the network in real-time.

Due to the different security requirements of several customer groups, the solution provides for three separate key management systems that are segregated from each other. This setup allows each customer to manage their own key routing and key buffering configuration, as well as to control the access to the key. Key buffering is a core feature of Clarion KX, allowing for continuous generation of keys that are securely stored and ready for delivery on demand. In the event of a disruption, such as an optical line cut, the buffered keys are available for intelligent rerouting to their required destination – another core feature of IDQ’s industry-leading Q-KMS platform.

Such multi-tenancy enables multiple security profiles of customers leveraging the same QKD infrastructure. As a result, IDQ can operate three isolated key-exchange services across the same infrastructure, serving two telecom operators and providing keys at 17 different locations to several dozens of government agencies.

The final graphic shows the data centers where 16 encryption points can establish 127 different secured links between each other.

South Korea nationwide QKD network

Results

At the end of June 2022, all the QKD systems have been installed. In most of the areas of the country, the government agencies are able to use end-to-end quantum cryptography services, with 24/7 real-time monitoring and control through QMS tools.

This is now the largest quantum cryptography network outside of China with a total length of 800 km.

The future plan is to extend the network to more agencies.

Bringing a differentiated business proposal was decisive. Applying next-generation network technologies such as T-SDN and quantum cryptography while making the network’s security future-proof, easy to manage and highly integrated with the current infrastructure has made the difference. SK Broadband is proud to consolidate its status of number 1 QKD network operator in South Korea.

Mr. J.H Jung, PM & account manager of the project at SK Broadband

Future challenges and opportunities

Network expansion

The journey towards a fully operational nation-wide QKD network continues with plans for further expansion. Future phases will extend the network reach to more consumers, ultimately creating a comprehensive shield for the nation’s digital communications.

One of the key aspects of this expansion is the ability to extend the network without requiring any reconfiguration of the existing infrastructure, such as bringing the QKD backbone to the southeastern part of the country. Furthermore, the network will ensure smooth interoperability with additional vendors, maintaining flexibility and integration capabilities.

Compliance with QSDN standards, specifically ETSI018 and ETSI015, is also a crucial objective to guarantee robust security measures.

Quantum-as-a-Service

Additionally, the project aims to leverage the “Quantum-as-a-Service (QaaS)” concept for the SK Broadband lease line team, providing end-to-end security solutions and enabling future commercial deployments on an ‘as-a-Service’ basis to the business clients. This approach ensures scalable and secure communication services tailored to meet the evolving needs of various sectors on their journey to resilience against Quantum Threat.

SK Telecom launches the first subscription-based Quantum-Safe-as-a-Service offering

The collaboration between ID Quantique and SK Broadband in constructing South Korea’s nation-wide QKD network has marked a significant milestone in the realm of cybersecurity. After China, it has been the second state-orchestrated real-world quantum cryptography deployment at a national level: it is a strong cybersecurity posture statement and a great mark of trust for ID Quantique. As cyber threats evolve, South Korea’s pioneering efforts in QKD will serve as a model for building resilient and future-proof security frameworks globally.

Home
HomeShop Online