**4. Resource allocation in QKD over SDONs**

### **4.1 Wavelength allocation**

Since three types of channels (i.e., QChs, PChs, and DChs) are coexisting in a single fiber with WDM technique, wavelength allocation for these three types of channels becomes an essential issue. The total number of wavelengths for QChs, PChs, and DChs should conform to existing WDM networks, e.g., 40 wavelengths (with 100 GHz channel spacing) or 80 wavelengths (with 50 GHz channel spacing). Given the DCh is usually located at C-band (1530–1565 nm) in existing WDM networks, some previous studies have demonstrated QKD at O-band (1260–1360 nm) [29, 30] to achieve strong isolation from data transmission. Nevertheless, the faint quantum signals may suffer from more losses at O-band compared with C-band, which will limit the transmission distance and rate. Therefore, the three types of channels can be placed at C-band to achieve better quantum-signal transmission performance, as illustrated in **Figure 5**.

In particular, the physical layer impairments (e.g., Raman scattering and fourwave-mixing effects) induced by PCh and DCh may have negative impacts on the QCh transmission performance. Raman scattering effects can be effectively reduced by placing the QCh at high frequency [31], thereby the wavelength reserved as QCh starts from 1530 nm. Besides, four-wave-mixing effects can be reduced by allocating 200 GHz guard band between QCh and other classical channels (i.e., PChs and DChs) [17]. Moreover, appropriate channel isolation and stable QKD operation can be achieved by using multistage band-stop filtering technique [32]. The PCh that transmits classical signals for key sifting and distillation as introduced in the principle of point-to-point QKD can share the same wavelengths with DCh or utilize the dedicated wavelengths at fiber C-band. The latter can be selected to ensure one-to-one relationship between the PCh and QCh, although the wavelength resources for data transmission may be degraded. This is because allocating dedicated wavelengths for QCh and PCh is essential in a stable scenario. The intermediate nodes with trusted repeaters and erbium-doped fiber amplifiers (EDFAs) can be deployed for QCh and PCh/DCh, respectively, to extend quantum and classical signal transmission distance, in which EDFA bypass scheme [30, 33] can be utilized

### **Figure 5.**

*Wavelength allocation for the three types of channels (i.e., QChs, PChs, and DChs) over the C-band in a single fiber.*

**17**

considered.

**4.3 Secret key allocation**

*Quantum Key Distribution (QKD) over Software-Defined Optical Networks*

from the EDFA's amplified spontaneous emission (ASE).

algorithm [35]) under the worst scenario in QKD over SDONs.

demands, this solution can provision more security level types.

for quantum and classical signal coexistence in a single fiber to suppress the noise

Given the finite wavelength resources in a single fiber and the high cost of establishing QChs and PChs, each wavelength for QCh/PCh is segmented into multiple time slots according to optical time division multiplexing (OTDM) technique [34]. Hence, each time slot can be utilized to establish a QCh/PCh for improving resource utilization. We assume that the secret keys provisioned for a service request with specific security demand are exchanged between the source and destination nodes within a fixed time *t*, thereby each QCh/PCh occupies a time slot. On the basis of the principle of point-to-point QKD described above, *t* consists of channel estimation and calibration time, qubit exchange time, key sifting time, and key distillation time. In particular, the scattering and loss may impact the secret key rate between two nodes, which will lead to different number of secret keys shared between different node pairs within *t* in QKD over SDONs. In the network model, to fix *t* with a realistic and simplified manner, the size of *t* can be set as the secret key exchange time for a fixed key size (e.g., 128, 192, and 256 bit while using AES encryption

Additionally, to prevent attacks for enhancing the data encryption security, the secret keys provisioned for each service request with specific security demand can be updated in a period *T*. The parameter, *T*, is the period after which the secret key must be changed between two nodes. The security level increases while decreasing the value of *T*. This is because the secret keys provisioned for a service request with specific security demand are updated more frequently, thereby increasing the difficulty of cracking the encryption key by a third party [36]. Accordingly, considering the key-updating period, time-slot allocation for QCh/PCh becomes a new topic to be studied. Also, routing, wavelength, and time-slot allocation (RWTA) strategy for establishing the three types of channels (i.e., QChs, PChs, and DChs) needs to be

For instance, **Figure 6** illustrates two security level configuration solutions, in which the parameter, *t*, is the secret key exchange time between the source and destination nodes for each service request with specific security demand, and the parameter, *T*, is the key-updating period (*t* < *T*, which guarantees that the secret keys can be exchanged within a period). In solution 1, we fix *T* for all the QCh/PCh wavelengths and each service request with specific security demand has the same security level value of *T*. Note that the QCh/PCh wavelengths are the wavelengths in WDM optical networks that are reserved as QCh/PCh. The solution 1 can only provide one security level, which may limit the flexibility of security demands of service requests. However, service requests triggered from numerous security-hungry applications may have different security demands with different security levels. Hence, each QCh wavelength has a flexible *T* values in solution 2, thereby different security levels can be provisioned. For different service requests with security

Data encryption algorithms need to be considered for CChs and DChs while performing secret key allocation. One-time pad (OTP) encryption algorithm was invented to achieve information-theoretic security, in which the secret key size should be as long as the data size [26]. Hence, OTP encryption algorithm requires much execution time/storage to perform data encryption, which is difficult to be

*DOI: http://dx.doi.org/10.5772/intechopen.80450*

**4.2 Time-slot allocation**

for quantum and classical signal coexistence in a single fiber to suppress the noise from the EDFA's amplified spontaneous emission (ASE).
