US-12621133-B2 - System and method for quantum-secure microgrids

Abstract

A quantum-key distributed (QKD)-enabled communication architecture it devises for networked microgrids (NMGs). A real-time QKD-enabled NMGs testbed built in an RTDS environment, and a novel two-level key pool sharing (TLKPS) strategy it designs to improve the system resilience against cyberattacks. In the QKD-based microgrid testbed design there is used a real-time power system simulator, i.e., RTDS, including the QKD modeling, hardware connection, communication network design, and QKD integration. By integrating QKD features into a real-time microgrid simulator, this testbed offers a flexible and programmable testing environment for evaluating the performance of QKD-enabled microgrids under a variety of scenarios.

Inventors

• Peng Zhang
• Zefan Tang
• Walter KRAWEC

Assignees

• THE RESEARCH FOUNDATION FOR THE STATE UNIVERSITY OF NEW YORK
• UNIVERSITY OF CONNECTICUT

Dates

Publication Date

20260505

Application Date

20220719

Claims (20)

1. 1 . A communications system for a plurality of microgrids comprising: a first microgrid and a second microgrid, the first and second microgrids providing power to a load, a quantum channel connecting the first and second microgrids, the quantum channel adapted for distributing quantum generated keys between the first microgrid and second microgrid; one or more key pools associated with the first and second microgrids for storing quantum generated keys; a controller associated with a microgrid, the controller configured for determining a number of key bits in one key pool and comparing said number of key bits against a pre-determined threshold; and upon determining a number of key bits is below the pre-determined threshold, sharing a certain number of key bits from another key pool.
2. 2 . The communications system as claimed in claim 1 , wherein the microgrid controller receives data messages from different loads; the controller, in response, sending control signals to one or more local controllers associated with a microgrid, a local controller responsive to a control signal to dynamically regulate an output power sent to the load.
3. 3 . The communications system as claimed in claim 2 , wherein said controller implements a two-level key pool sharing (TLKPS) scheme to ensure a sufficient number of key bits is in a key pool for communication of said control signals, said two-level key pool sharing scheme comprising a first level key pool sharing scheme and a second level key pool sharing scheme implemented when the first level of TLKPS fails.
4. 4 . The communications system as claimed in claim 3 , wherein in the first level key pool sharing scheme, a first key pool provides keys associated with communications between a first microgrid and a third microgrid and a second key pool provides keys associated with communications between a second microgrid and said third microgrid, and a controller determining whether a number of key pool bits at said first key pool and said second key pool both exceed a first predetermined threshold of key bits by a predetermined number, and when a number of key pool bits at said first key pool and said second key pool are determined to both exceed said first predetermined threshold of key bits by the predetermined number, then sharing, by the first key pool and second key pool, the predetermined number of bits above said predetermined threshold to a third key pool associated with said third microgrid.
5. 5 . The communications system as claimed in claim 4 , wherein the third microgrid is configured intermediate a first microgrid and a second microgrid, the third key pool configured to distribute keys between the first microgrid and second microgrid, wherein said sharing, by the first key pool and second key pool, the predetermined number of bits above said predetermined threshold comprises: a respective microgrid controller at said third microgrid and said first microgrid both extracting a respective string of bits of said predetermined number from said first key pool, and said third microgrid and said second microgrid both extracting the same number of bits from the second key pool, and said third microgrid applying an XOR logic function to the respective extracted two bit strings, and sends the result bit string to the second microgrid controller, the second microgrid controller then applying an XOR logic function to the result bit string with the bit string extracted previously from the second key pool such that an obtained result obtained at the second microgrid is the same as the bit string extracted by the first microgrid from the first key pool, wherein a string of bits is securely transferred from the first key pool and second key pool to the third key pool.
6. 6 . The communications system as claimed in claim 3 , wherein in the second level key pool sharing scheme, a key pool inside the first microgrid or a key pool inside the second microgrid shares the predetermined number of bits above said predetermined threshold.
7. 7 . The communications system as claimed in claim 6 , wherein said sharing, by the first key pool or second key pool, the predetermined number of bits above said predetermined threshold comprises: the controller sharing a number of key pool bits from said first key pool inside the first microgrid when the number of bits at said first key pool is greater than a number of key pool bits at said second key pool inside the second microgrid.
8. 8 . The communications system as claimed in claim 7 , wherein said microgrid controller is further configured for: sharing, by the first key pool or second key pool, the predetermined number of bits when a number of key bits for communications between first and second microgrid are below the predetermined threshold, the controller extracting a string of bits from the key pool inside the first microgrid string and using extracted string as a plaintext, encrypted by the controller associated with said first microgrid via a key extracted from a third key pool associated with communications between said first microgrid and second microgrid and sent to a controller associated with said second microgrid; the controller associated with said second microgrid using the same key from the third key pool to decrypt the received message and obtain the bit string, wherein the bit string is transferred from the first key pool for sharing with the third key pool.
9. 9 . A quantum key distribution system for networked microgrids comprising: one or more microgrids, each microgrid providing a supply of power to loads and obtaining measurements from different loads associated with use of a microgrid; a controller associated with a microgrid and employing control signals associated with communications among the one or more microgrids and between the microgrid and a local controller associated with said microgrid; at least one key pool associated with one or more of said microgrids, the microgrid using quantum generated keys associated with key bits supplied from each of the at least one key pool for communications among said one or more microgrids and between the microgrid and its associated local controller, a key consumption speed associated with a rate of said communications among the one or more microgrids, wherein the controller at the microgrid is configured to transmit measurements at the microgrid as real-time messages from the microgrid to its associated local controller using a quantum generated key supplied from the key pool; and the controller at a microgrid employing a two level key pool sharing strategy to ensure there are enough key bits in each key pool.
10. 10 . The quantum key distribution system as claimed in claim 9 , wherein said two level key pool sharing strategy ensures a sufficient number of key bits is in the key pool for handling said real-time messaging.
11. 11 . The quantum key distribution system as claimed in claim 9 , further comprising: a software-defined network (SDN) of switches configured to interface with said one or more microgrids and associated controllers; and an application running at a computing system associated with said software-defined network of switches, said application providing one or more software defined functionalities for said real-time messaging.
12. 12 . The quantum key distribution system as claimed in claim 11 , wherein a SDN defined functionality comprises: a dynamic routing function for controlling, at an SDN switch, a flow of data at a route dependent upon a detection of a communication link failure or a rate of packets communicated in the communication link is above a threshold.
13. 13 . The quantum key distribution system as claimed in claim 11 , wherein a SDN defined functionality comprises: a rate limitation function that controls a rate of packets for communication along a link based on a ratio of key generation speed and key consumption speed.
14. 14 . The quantum key distribution system as claimed in claim 11 , wherein a SDN defined functionality comprises implementation of a firewall function at an SDN switch for one or more of: blocking a traffic outside of a local network, only allowing packets transmitted from certain areas, or provide separate the data paths depending upon a type of data transmission.
15. 15 . The quantum key distribution system as claimed in claim 14 , further comprising: an SDN controller for managing said network of switches, said SDN controller collecting information from each of the one or more microgrids and providing routing of messages to mitigate denial of service attacks based on information of key pools each microgrid possesses and the microgrid's availability to share key bits.
16. 16 . The quantum key distribution system as claimed in claim 15 , wherein said SDN controller employs an event-triggered communication scheme for reducing a communications bandwidth, wherein a first event is a bit-sharing request received at the SDN controller from any microgrid controller; and a second event is a request clearance after a key pool bit sharing is completed.
17. 17 . The quantum key distribution system as claimed in claim 16 , wherein said SDN controller communicates with a controller associated with each one or more microgrid to collect key pool information associated with each microgrid; and based on said collected key pool information, updates one or more look-up tables, said one or more lookup tables accessed when an event is detected based on a request from a microgrid controller received at the SDN controller.
18. 18 . The quantum key distribution system as claimed in claim 17 , wherein said lookup tables store information about each microgrid, said information comprising: local addresses of controllers and neighboring microgrid controllers that have key pools, binary bits established inside a microgrid and between two microgrids, said binary bits indicating whether a key pool is willing to share bits for other key pools or not.
19. 19 . The quantum key distribution system as claimed in claim 9 , further comprising: a quantum network layer comprising quantum nodes and connecting quantum links, and a quantum node employing an inter-node quantum entanglement.
20. 20 . The quantum key distribution system as claimed in claim 19 , wherein a quantum node employs a quantum repeater, a quantum repeater being memoryless or memory-enhanced.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Application Nos. 63/223,751 filed on Jul. 20, 2021 and 63/325,210 filed on Mar. 30, 2022, the entirety of each of which is incorporated by reference. STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT This invention was made with government support under ECCS-2018492 and OIA-2040599 awarded by National Science Foundation. The government has certain rights to this invention. FIELD The present application relates generally to a system and method for secure communications and more specifically systems and methods for quantum-secure microgrids and quantum network—based microgrid operations. BACKGROUND Securing data transmission in microgrid is critical for maintaining normal grid operations and achieving desirable benefit, e.g., fast recovery during a main grid blackout, improved system reliability and resilience, and economic power supply to customers. Existing methods on this topic largely rely on cryptographic systems such as the Advanced Encryption Standard (AES), the One-Time Pad (OTP), and similar methods. The security of AES, OPT, and other symmetric-key cryptographic systems relies on classical public key system which are vulnerable to attacks from quantum computers. Classical public key systems used in networked microgrids (NMGs) to distribute keys for two communicating parties are secured based on the assumed limits on an adversary's power, i.e., the mathematical problems such as the discrete logarithm problem [1] or the factoring problem [2] cannot be efficiently solved even by the fastest modern computers with any existing algorithms. This mathematical assumption however can be broken by attacks from quantum computers, as quantum computing promises to efficiently solve mathematical problems. Although today's quantum computers are still noisy and their advent on a degree powerful enough to break current cryptographic systems is perhaps still decades away, their sudden appearance will leave microgrid organizers little time to adapt. A potent solution to tackle this quantum-era challenge is to use the quantum key distribution (QKD). QKD provides information-theoretic security through the laws of physics. Those laws have been fairly heavily tested and provide a more solid foundation than computational assumptions. Different protocols have been proposed to implement QKD including the well-known BB84, decoy-state, six-state, Ekert91, and BBM92. However, while QKD has been extensively analyzed and widely applied in areas such as computer networks, online banking, ATM transactions, e-voting systems, and portable applications, the microgrid community is unfortunately largely silent on the topic of developing quantum-secure networked microgrids (NMGs). In the context of quantum secure NMGs, the existing QKD systems however cannot be directly applied. With multiple data transmission channels existing in NMGs, it is unclear how the QKD's performance will be in the system. A real-time QKD-enabled NMGs simulation testbed for evaluating the performance of the system is significantly needed but does not yet exist. Furthermore, the key generation speed in a QKD system is affected by various factors such as the distance between two communicating parties and the noise, which can be either natural or caused by an adversary, on quantum optic equipment. A large distance or a strong attack on the QKD equipment can unfortunately reduce the speed, detrimentally causing keys to be exhausted. A proper strategy is therefore needed to improve the cyberattack resilience for the system. SUMMARY Accordingly, disclosed are systems, methods and computer program products for a QKD-based communication architecture for NMGs. In one aspect there is provided a practical decoy-state protocol utilized to implement QKD. In a further aspect there is provided a QKD-integrated quantum-secure NMGs testbed in an RTDS environment, including the hardware connection, communication network design, and QKD integration. Further to this aspect, there is provided, a novel two-level key pool sharing (TLKPS) strategy to improve the system's cyberattack resilience. Extensive tests are implemented on the testbed. Test results validate the effectiveness of the presented strategy, and provide insightful resources for building quantum-secure NMGs. In a further aspect, systems and methods described herein address the cyber-resilience of QKD-based microgrids by leveraging software defined networking (SDN). In accordance with a first aspect of the invention, there is provided a communications system for a plurality of microgrids. The system comprises: a first microgrid and a second microgrid, the first and second microgrids providing power to a load, a quantum channel connecting the first and second microgrids, the quantum channel adapted for distributing quantum generated keys between the first microgrid and second microgrid; one or more key pools associa