**Abstract**

Optical network security is attracting increasing research interest. Currently, software-defined optical network (SDON) has been proposed to increase network intelligence (e.g., flexibility and programmability) which is gradually moving toward industrialization. However, a variety of new threats are emerging in SDONs. Data encryption is an effective way to secure communications in SDONs. However, classical key distribution methods based on the mathematical complexity will suffer from increasing computational power and attack algorithms in the near future. Noticeably, quantum key distribution (QKD) is now being considered as a secure mechanism to provision information-theoretically secure secret keys for data encryption, which is a potential technique to protect communications from security attacks in SDONs. This chapter introduces the basic principles and enabling technologies of QKD. Based on the QKD enabling technologies, an architecture of QKD over SDONs is presented. Resource allocation problem is elaborated in detail and is classified into wavelength allocation, time-slot allocation, and secret key allocation problems in QKD over SDONs. Some open issues and challenges such as survivability, cost optimization, and key on demand (KoD) for QKD over SDONs are discussed.

**Keywords:** optical network, SDON, security, QKD, architecture, resource allocation

## **1. Introduction**

As more than two billion kilometers of optical fibers deployed worldwide [1], optical networks have currently served as one of the most important underlying infrastructures. Large confidential data transferred daily over the Internet relies on the secrecy and reliability of data channels (DChs) in optical networks against several types of cyberattacks, e.g., physically tapping or listening to the residual crosstalk from an adjacent channel [2, 3]. With the evolution of network intelligence, software-defined networking (SDN) [4] is emerging and developing toward practical application, which is a promising technique to add flexibility and programmability in the optical layer. Hence, software-defined optical networking (SDON) is potential to become the next generation optical network architecture [5]. However, the control and configuration signaling messages transferred via the control channels (CChs) are also facing a variety of security attacks, e.g., anomaly attacks and intrusion attacks [6]. Therefore, two essential channels (i.e., DChs transferring sensitive data/services and CChs interchanging control/configuration messages) are vulnerable to cyberattacks in SDONs.

Data encryption is an effective way to enhance the security of SDONs. However, classical key distribution methods are based on the mathematical and computational complexities, which will suffer from increased computational power and developed quantum computing in the near future [7]. Quantum key distribution (QKD) is a promising technique to secure key exchange and protect communications from security attacks in SDONs [8]. It can achieve information-theoretic security based on the fundamentals of quantum physics, such as the Heisenberg uncertainty principle and quantum no-cloning theorem [9, 10]. Moreover, these fundamentals guarantee that the senders or receivers can detect the presence of any third party who is trying to obtain the secret keys. Optical fibers can be used in QKD systems to achieve good transmission performance of quantum signals. Nevertheless, the dark fibers utilized for QKD systems are inconvenient and expensive, while a potential solution is to use wavelength division multiplexing (WDM) technique for QKD integration in existing optical networks [11]. A lot of experiments and field trials have demonstrated the feasibility and practicability of integrating QKD into optical networks [12–18]. Therefore, based on above works, the objective of this chapter is to find how to deploy and employ QKD to enhance the security of SDONs.
