POST-QUANTUM SECURE MEDIA ACCESS CONTROL SECURITY (MACSEC) PRE-SHARED KEY AUTO-REFRESH

Abstract

Techniques for utilizing post-quantum pre-shared key (PPK) identifiers (PPK_ID) to determine control association key(s) (CAK(s)) and/or secure association key(s) (SAK(s)) utilized in MACsec sessions are described herein. A key server (KS) and a non-key server (NKS) may advertise capabilities indicating an ability to utilize PPKs as CAKs and/or SAKs in MACsec sessions. The KS may leverage a quantum key distribution (QKD) service to determine a PPK_ID and a PPK, which may be utilized as a CAK for a MACsec session with the NKS. The PPK_ID may be transmitted to the NKS, where the NKS may retrieve the PPK from the QKD, and a new group connectivity association may be established using the PPK as the CAK. In some examples, the KS may be configured to refresh the PPK as the CAK for instantiating subsequent MACsec sessions. Additionally, the KS may be configured to distribute a SAK in a similar manner.

CPC Classifications