The advent of quantum computing will pose great challenges to the current communication systems, requiring essential changes in the establishment of security associations in traditional architectures. In this context, the multi-technological and heterogeneous nature of 5G networks makes it a challenging scenario for the introduction of quantum communications. Specifically, 5G networks support the unification of non-3GPP access technologies (i.e. Wi-Fi), which are secured through the IPsec protocol suite and the Non-3GPP Interworking Function (N3IWF) entity. These mechanisms leverage traditional public key cryptography and Diffie-Hellman key exchange mechanisms, which should be updated to quantum-safe standards. Therefore, in this paper we present the design and development of a Quantum Key Distribution (QKD) based non-3GPP access mechanism for 5G networks, integrating QKD keys with IPsec tunnel establishment. Besides, we also demonstrate the feasibility of the system by experimental validation in a testbed with commercial QKD equipment and an open-source 5G core implementation. Results show that the time required to complete the authentication and IPsec security association establishment is 4.62% faster than traditional cryptography PSK-based systems and 5.17% faster than the certificate-based system, while ensuring Information-Theoretic Security (ITS) of the QKD systems.

翻译：量子计算的出现将对现有通信系统带来巨大挑战，要求传统架构中安全关联的建立进行根本性变革。在此背景下，5G网络多技术异构的特性使其成为引入量子通信的复杂场景。具体而言，5G网络支持非3GPP接入技术（如Wi-Fi）的融合，这类接入通过IPsec协议套件与非3GPP互通功能（N3IWF）实体进行安全保护。这些机制依赖传统公钥密码学及Diffie-Hellman密钥交换机制，亟需更新至量子安全标准。为此，本文提出并实现了基于量子密钥分发（QKD）的5G非3GPP接入机制，将QKD密钥与IPsec隧道建立相集成。此外，我们通过实验验证了该系统的可行性，测试平台采用商用QKD设备与开源5G核心网实现。结果表明，与传统基于预共享密钥（PSK）的密码系统相比，认证与IPsec安全关联建立所需时间提升4.62%，较基于证书的系统提升5.17%，同时保障了QKD系统的信息论安全性（ITS）。