As if technological development were happening in fast motion, one revolution is currently chasing the next. Digitalisation, comprehensive networking and cloud transformation have not yet been fully completed, but the first AI-based applications are already appearing in our everyday lives - and give us an idea of the far-reaching consequences this technology will have. In comparison, another revolution is much less in the spotlight, although it could have a similarly major impact: the development of powerful quantum computers. With their new type of machine computing, these devices will soon outperform conventional computers in many areas.

These areas include solving mathematical problems that serve as the basis for conventional cryptography. This means the end for many common encryption methods. However, new, quantum computer-resistant post-quantum cryptography (PQC) methods are already in the starting blocks, are being evaluated internationally and are already being used in high-security environments in Germany. In fact, there is an acute need today: although today's quantum computers are not yet a threat to conventional encryption methods, anyone interested in sensitive data without authorisation can record and store it today in order to decrypt it in a few years' time using advanced quantum computers. This approach is called “store now, decrypt later”. As classified information in particular is intended to remain confidential for decades in many cases, this is a serious threat.

Spooky action at a distance

A completely different approach to PQC is taken in the research field of quantum communication. Like the quantum computer, it is based on quantum physics, which, among other things, deals with the world of the very smallest particles and describes the sometimes confusing and sometimes bizarre behaviour of atoms and subatomic particles. For example, two or more particles can be ‘entangled’ with each other, i.e. behave as an interconnected system, even if they are far apart. If one of their initially undetermined properties is measured, they only spontaneously assume one of several possible values during this measurement. This is nothing unusual in the quantum world. The crucial point is that several entangled particles spontaneously assume a correlated value during the measurement, even though, according to our everyday experience, there should be no connection between them - after all, they are separated by a distance of many kilometres. Incidentally, in the early days of quantum physics, Albert Einstein doubted the reality of entanglement and called it a ‘spooky action at a distance’. In the decades that followed, however, it was proven that it actually exists.

In quantum computers, entanglement is used to connect the qubits - the fundamental computing units based on quantum mechanical states. In quantum communication, on the other hand, the effect can be used to exchange random but identical symmetrical key material between two points, classically known as Alice and Bob. The devices that realise this quantum communication are also known as QKD devices. In the future, VPN gateways, for example, could read the key material exchanged using QKD and use it as additional protection.

The key material is typically exchanged between the QKD devices by means of a dedicated fibre optic connection through which entangled photon pairs are sent. Both devices measure a specific property of each photon. This gives Alice a completely random sequence of zeros and ones. The trick is that Bob receives exactly the same random sequence of values due to the entanglement. This means that they both have an identical sequence of zeros and ones that can be used as a key and that no one but them knows: firstly because it is completely random, and secondly because any attempted eavesdropping would disrupt the correlation between the particles. This, in turn, would be noticed by Alice and Bob. QKD is therefore a fascinating way of regularly exchanging new, random key material between two points or QKD devices.

Practical challenges

Can the problems surrounding the threat posed by quantum computers be solved by QKD alone? Not yet, because a whole series of challenges currently arise in practice:

• QKD devices must confirm each other's identity before exchanging keys. This process itself must be resistant to quantum computers and must therefore be carried out using PQC or a pairwise pre-distributed key.
• The range of QKD is currently very limited. It is currently around 100 kilometres per optical fibre. Although so-called quantum repeaters are being discussed to reliably increase the range, this technology is still in the development phase.
• To increase the range even now, experiments are being conducted with so-called QKD networks. These are created by linking several QKD paths, via which the key material is then routed. The problem is that by linking QKD routes, the security property of entanglement is lost, meaning that the keys do not guarantee end-to-end security.
• The rate of exchanged keys fluctuates, for example, with vibrations or temperature changes in the glass fibre.
• The security of current QKD protocols and practical implementations has not yet been proven.
• It will not be possible to secure connections to mobile devices such as laptops or telephones using QKD for the time being. Nevertheless, these must also be protected against the threat posed by quantum computers.

For these and similar reasons, the German Federal Office for Information Security (BSI) described the security of QKD as insufficient in a position paper published in January 2024. Instead of QKD, the BSI favours hybrid security using a combination of PQC and classic asymmetric cryptography or, alternatively, PQC and symmetric keys.

"At secunet, we share these concerns," says Friedrich Altheide, who is an expert on future security architectures at secunet. "It is therefore good that there are alternatives for the additional protection of VPNs, some of which are already available today. For example, we have been offering the option of securing VPNs with symmetric group keys (Closed User Groups - CUG) in addition to classic asymmetric cryptography for many years. Nevertheless, we are interested in whether QKD could be considered as an additional security measure in the future. That is why we have been participating in the MuQuaNet project  together with our long-standing research partner, Ilmenau University of Technology, since 2021."

Experimental network in Munich

Under the name MuQuaNet, a quantum communication network for research and evaluation purposes is currently being created in the greater Munich area. The project is being driven by the University of the German Armed Forces in Munich (UniBw M); secunet is one of the industrial partners. With its ten nodes, MuQuaNet is one of the largest QKD test tracks planned in Germany, allowing the network character of the new technology to be focussed on and investigated. The network combines terrestrial fibre optic cables with free-radiating communication paths.

As part of the project, secunet and Ilmenau University of Technology (TU Ilmenau) are focussing on the additional protection of VPNs - through QKD, but also through other methods. This has resulted in three exciting approaches: The IKE proxy concept, the Business Trip Key Exchange (BTKE), and the use of Multipath Key Reinforcement (MKR). These concepts can also be combined.

The IKE Proxy concept (Figure 1) takes the already available option of additionally securing a VPN with a CUG key one step further. IKE or ‘Internet Key Exchange’ is a widely used protocol for establishing the IPsec security relationships of a VPN. Using IKE packets, two VPN participants authenticate each other and negotiate a common symmetric session key.

Both the IKE Proxy and the current CUG mechanism share the idea of encrypting the IKE packets themselves before sending them via unsecured networks. This creates a so-called second line of defence, which must first be broken by an attacker. To further strengthen this in the future, the IKE Proxy can be used not just with a single CUG key as before, but with several different key sources. One of these sources could be QKD, for example. An attacker would have to compromise all of the key sources used, otherwise they would not be able to successfully intercept the connection - even in the future.

Business Trip Key Exchange (BTKE)

But where do the keys come from if QKD is only likely to be used for individual VPN connections due to its restrictions? One option for this initially seems very out of date: people act as key couriers and physically travel between all VPN locations to manually distribute new keys. On closer inspection, the approach does not seem so far-fetched: after all, business trips usually take place regularly between different locations of an organisation, and this fact can be exploited without the active involvement of the travellers. The idea: Secured mobile VPN participants - such as a SINA Workstation - receive fresh key material from a VPN gateway when they are in its secured network. If the mobile VPN participants recognise that they are in the secure network of another VPN gateway - as in the case of a business trip - they hand over the key material they have taken with them to the gateway. This key material is then used by the IKE proxy. “The Business Trip Key Exchange is a particularly simple way to additionally secure a VPN in a fully automated manner when travelling on business,” says Friedrich Altheide.

Multipath Key Reinforcement (MKR)

So far, so good. However, with BTKE, just as with manual key exchanges or QKD, you have to live with the fact that key material can only be exchanged irregularly or only between individual VPN participants. How can a comprehensive, regular, automated and secure key exchange be achieved?
The answer comes from the world of sensor networks and is called Multipath Key Reinforcement (MKR). The basic concept of MKR may seem confusing at first, as symmetric keys are exchanged via the network, which in turn is secured by MKR. However, this is precisely what creates the additional security.

To exchange a symmetric key between two points Alice (A) and Bob (B), Alice chooses random paths to Bob, as shown in Figure 2. For each of these paths, Alice generates random key material (mⁱ) and sends it to Bob via the chosen path. After the exchange, Alice and Bob combine the exchanged key material and obtain a single symmetric key. This can then be used by the IKE proxy to additionally secure the connection between Alice and Bob.

For an attacker to successfully intercept an MKR exchange, they must successfully intercept all paths used in an MKR exchange. If the attacker is unable to read even a single key in the exchange, as shown in the figure with m⁵, they cannot reconstruct the exchanged MKR key and the connection remains secure. The more frequently MKR is carried out - several times a day or even several times an hour - the greater the security. “MKR really comes into its own when it is combined with Business Trip Key Exchange through the IKE Proxy and, where available in the future, QKD,” says Altheide.

Future-proofing the VPN

Despite its weaknesses, the fascinating technology of QKD can contribute to the secure VPN of the future - but only as one of several pillars. „Our joint work with TU Ilmenau and UniBw as part of MuQuaNet already shows that a mosaic of innovative security technologies can lead to the goal: In this way, we will be able to secure VPNs against quantum attackers in the future, even beyond the security requirements of the BSI, ” summarises Altheide. “Incidentally, we won't have to make any compromises in terms of the speed, scalability, high availability or robustness of our VPN solutions - that's also certainly good news.”