Security in Optical Networks
Security in Optical Networks
Abstract
As the numerous networks around the globe are facing demands for increasing bandwidth
and diminishing fiber availability, so the various network providers all over are moving
towards the crucial technology in the network technology which is known as the optical
network. Optical networks are defined as the high capacity telecommunications networks
based on the optical technologies and the components that provide routing , grooming and
restoration at the wavelength level as well as the numerous wavelength services. Optical
networks are basically based on the technology of the optical layer in the transport part of
the network prospective which provides higher capacity as well as reduced cost for a large
number of day to day applications such as Internet, video and multimedia as well as various
digital applications. As the physical layer of an optical network is prone to numerous attacks
which can be of the form of physical attacks, jamming , eavesdropping and many more, so
the issue of security in the optical networks is an important topic for the research . Due to
these problems affecting the optical networks in one way or another , the issue of security
in optical networks is really important to focus on. So, in this paper I will discuss the
numerous threats that can appear in the optical networks as well as the techniques that are
existing for the security purposes in the optical networks which include jamming,
interception, eavesdropping as well as the various physical attacks which affect the optical
layer of the optical networks.
Introduction
Network management is an important component of the communications system as it is
responsible for the assurance of the secure and continuous functioning of any network. A
network management implementation must be capable enough to handle the fault,
performance, security as well as the important features required for proper handling of the
network. As a result of this transparent All Optical Networks ( AON’s) are becoming really
popular because of their ability to reduce cost as well as power consumption , based on the
less use of transponders in the NGI’s or the Next Generation Internet Infrastructure. In order
to assure the reliability and security of the All Optical Networks ( AON’s), number of issues
have to be tackled which include physical as well as the information security which are
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 1
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
essential for the proper functioning of the network[1,2]. Physical Security is essential as it
prevents unauthorized acces to the network resources. In order to have proper functioning
of the network which includes the proper work of all the optical as well as photonic devices
in the network, a network should have the ability to detect the failures which occur in it.
Basically we have three types of the network security control measures which are :
(a) Prevention
(b) Detection
(c) Reaction
With the help of the prevention schemes or techniques we can tackle numerous problems
which occur due to network design , component design and many more. The various
schemes that are existing already which is the network monitoring scheme which further
uses the optoelectronic conversion at the switching nodes[1]. This is but not sufficient
enough in order to provide the security assurances for the different optical networks that
require assistance from various kinds of faults as well as numerous attacks. As the physical
layer impairment is the major reason behind the attacks, also it results in the inability of the
physical layer to prevent itself from the physical attacks such as jamming, interception ,
eavesdropping and many more.
So as a result of all of this, an intelligent strategy is required thereby which has all the
features such as performance monitoring, fault detection, localization as well as isolation.
There should also be a strategy setup in the networks which can provide uninterrupted
service as a part of the counter service. In order to protect the optical networks, few
techniques have been proposed which include optical steganography and optical
encryption[1,2]. With the use of optical encryption, we can encrypt the signals with low
latency as we as high speeds, without using the emission of radio frequency signature.
Whereas , optical steganography provides an additional layer of privacy by hiding the data
transmission under the public transmission channel.
So, in this paper I will focus on the different cases where the attacks aim at the number of
physical layer impairments thereby resulting in the disruption and degradation of the
network as a whole. So in this paper I will consider different types of attacks as well as the
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 2
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
preventive measure that can be taken in order to protect the physical layer of the network
and also the optical network as a whole.
TYPES OF ATTACKS
There are a number of optical networks that are a kind of backbone of the internet which
include local area networks to the optical networks. So, the threats that can attack these
types of networks can vary from one network to another. Therefore the attacks that can be
done on a network can be characterized by the following kinds such as[1,4]:
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 3
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
2. Confidentiality : Basically physical tapping of an optical signal is not an easy task. But
tapping an optical fiber is easy if the fiber itself is exposed without any kind of
protection. Also if the protection material as well as the cladding is removed from the
optical fiber , then it can cause breakage .
3. Jamming : The physical damage occurring on an optical network can be on purpose or
accidental as well. So, what this causes is the rejection of service due to the jamming
attacks in the system as a whole. Due to the denying of the service, it can further result
in the stealing of the information and it may further lead to loss of the various network
resources and also various economic losses to the network provider. So, this all is
basically the net result of the jamming attacks on a network.
It has the fundamental highlight of determining the discord of parcels, blames and assaults
with the assistance of the substitute .In this process no human intercession is needed by the
optical system. The system ought to have a nitty gritty learning of the sub parts and ought to
overhaul itself when there is any change in the system topology. A managed machine
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 4
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
learning methodology ought to be followed with a specific end goal to backing the idea of
relationship toward oneself.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 5
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
Firstly we make a forward table with the assistance of the k-most brief ways taking into
account least jump steering. On the off chance that there is any contention between the
bundles, then the best arrangement is to check the need[1]. The yield connection having the
best need is decided to send one bundle and the other is sent through the yield connection
having the second need.
It is finished with the assistance of the steering calculations that aides in updation of the
sending tables in light of the issues or issues the system may endure. Optical memory and
wavelength transformation are the two essential variables that must be considered for
discord determination system[2]. System comprises of certain arrangement of wavelengths
that are show on the connection. It is obligatory to upgrade the system as per the
wavelength utilization .
Here MPR goes about as a principle operators for guard component to the flaws that
happen in the system on auspicious premise and developing the system data on convenient
premise. The hubs are educated about the current wavelength state and this empowers the
MPR to make a self-composed system if any issue happens, BER(Bit Error Rate) checking of
each hub is carried out in optical system. BER checking is carried out at the collector's end. It
helps in tuning the channel of the each approaching wavelength.
Thus we can conclude that MPR plays a very crucial role in the important process of self
organising.
As discussed above or in the previous pages, the categories of threats can be summarized as
follows :
1. Authentication
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 6
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
2. Confidentiality
3. Availability
4. Privacy Issues & Traffic Analysis
But in order to protect the physical layer from the threats there a whole bunch of
techniques available which are explained as follows:
Encryption:
Encryption is a very useful technique which helps in securing a signal and also increases the
confidentiality of the network in the physical layer. The information can't be acquired from
the figure message by a busybody, without learning of the encryption key[1,3]. There has
been significant push to create architectures for actualizing encryption works in the optical
area, to end up perfect with high information rates of optical systems . In thought to the
fiber-optical transmission channel, optical encryption likewise gets advantages from not
making an electromagnetic mark. This gives imperviousness to electromagnetic-based
assaults.
No helpful data can be acquired by the spies regardless of the possibility that they acquire a
little parcel of sign by taking advantage of the optical fiber or listening to a deposit adjoining
channel, without the learning of the encryption key[1]. The capacity of optical transforming
to work at information rates is far more noteworthy than that of electronic segments gives a
motivation to such sort of works. The optical segments posture less side-channel hazard
than their electrical partners in light of the fact that they don't have electromagnetic
outflows that are discernible from a separation.
For a case, optical XOR rationale has been researched by a few analysts as a beginning stage
for building optical encryption calculations[2,3]. The optical XOR entryways which were
acquired did not have electromagnetic marks that can be seen by a busybody . Different
systems have been proposed and exhibited utilizing Optical XOR entryways, including four-
wave blending for stage regulated and polarization.
XOR logic is an essential initiating point for constructing optical layer encryption since, in
cryptography, joining XOR with feedback is essential in producing long key streams from
smaller keys or for processing registers used in the process of enciphering[2,3]. XOR,
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 7
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
feedback, and feed-forward capabilities are required for the implementations of block
ciphers. Converting these building blocks into the optical domain and using them in
collaboration can result into a high-speed, electromagnetic wave-immune, all-optical means
for encryption. Noise accumulation and the propagation of undesirable logic levels may
cause problem for optical systems.
An optical encryption system consists of encryption at the transmitter and decryption at the
receiver, as shown in figure above . The key and data are secured in an area which is out of
the reach of the eavesdropper. With the help of a different coding scheme such as OCDMA,
the signal can be pre-encoded[2,3,4]. The signal and key are then introduced into the optical
encryption block consisting of an optical XOR gate. The signal is decoded optically and
decrypted using the key, at the receiver side.
Quite a lot of areas of network security have already been addressed, based on optical
signal processing, including all optical logic for encryption and optical steganography. Four-
wave mixing (FWM) in a 35-cm highly nonlinear bismuth-oxide fiber (Bi-NLF) has been the
basis for the demonstration of optical encryption of a WDM signal in a compact and low
latency fashion. FWM-based encryption believes on the polarization-sensitivity of FWM[1] .
The input data and encryption key are both polarization modulated. If both the key and data
are of the same polarization, only then FWM will occur. Figure 2 shows an example of the
input data, encryption key, and the encrypted output.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 8
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 9
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
So, a four wave mixing encryption scheme was used in order to encrypt the optical CDMA
signals.
The experimental unit of the interleaved waveband switching optical encryption scheme is
shown in Figure3. The two pumps used for FWM are the two orthogonally polarized optical
encryption keys (KEY and KEY#), while the probe used is a binary data (DATA)[3]. The binary
sequences of KEY and KEY# are same except the polarization representations that are
orthogonal. This can be accomplished by putting an orthogonal CW light into the
polarization modulator. The encryption keys and the data are joined and amplified by an
erbium doped fiber amplifier.
The combined signal is then introduced to a 35-cm Bi-NLF that has a nonlinear coefficient of
1100 W-1km-1 in the vicinity of 1550 nm. These results in the attainment of the XOR
operation at the FWM output with DATA and KEY at the input, while a NXOR output is
obtained from the FWM of DATA and KEY#[1,2]. To achieve interleaved waveband switching
modulation, the KEY and KEY# are accustomed to have a small wavelength difference, such
that the FWM outputs resulting from the interaction with KEY and KEY# are spectrally
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 10
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
Figure : 6 : Shows the Experimental Setup for the Interleaved Waveband Switching Optical
Encryption Scheme.
The security is increased by the FWM encryption scheme which is extended to encrypt
OCDMA signals, using interleaved waveband switching modulation[1]. On contrary to the
amplitude modulation, in which the intensity alters with each bit change, two spectrally
interleaved wavebands with the same intensity are used to represent the bit 0 and bit 1 of
the cipher text. Since, there is no intensity variation during the bit change, it is more
complicated for the eavesdropper to identify the content of the cipher text,. Fig. 6 shows
the experimental results.
OCDMA Confidentiality
The OCDMA Confidentiality is basically dependent on the OCDMA codes for the major
part[1]. Also , the OCDMA codes can be further subdivivded into two major parts or groups
which are described as follows :
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 11
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
In order to conquer this problem, both coherent and incoherent OCDMA codes can accept
two-code-keying modulation, which uses two different codes to represent bit “1” and “0,”
respectively, to make the energy levels equal for all bits. M-ary modulation can further
enhance the system’s privacy performance by increasing the number M[3]. This is for the
reason that each of the M codes signifies bit of information, which can be kept secret to the
opponent when it becomes large. Experiments have been done broadly on the
confidentiality performance of both SPE codes and WHTS codes.
First, it has been revealed that it is easy for the eavesdropper to detect the signal
information, when there is only a single user on the channel (no matter if OOK or two-code
keying is used)[1]. Hence, the OCDMA system has its confidentiality benefit in multiple
access channels when multiple codes exist simultaneously in the communication channel. In
a multiuser system, SPE codes present a tougher fight to attacks than WHTS codes, because
the complete set of phase coding information needs to be compromised to effectively
detect the code.
For example, an auto-correlation peak will still not be created, if a decoder is used to detect
an SPE code with eight phase chips, even when seven phase chips are set correctly.This is
because coherent noise, which will prevent the production of a clear autocorrelation peak
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 12
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
at the receiver if not all the spectral components are in phase at the receiver[2]. On the
other hand, when using SPE codes, all the codes have to be strictly orthogonal in order to
avoid the creation of coherent noise at the system and results in performance degradation.
As a result, SPE codes have a limited cardinality, making it easier for the attacker to find the
orthogonal code set in use.
STEGANOGRAPHY
Steganography is a useful tool which helps to hide the messages therby increasing the
privacy content of the communications systems. It hides it in such a way that apart from the
sender and intended recipient, no one else is aware of the existence of the communication.
In optical interactions, optical steganography enables the transmission of a secret data
channel called the “stealth channel”[1,3]. This channel can be hidden in the presence of
“public channels”. In order to attain this, the data rate of the stealth channel must be
inferior to that of the public channel.
This may turn out to be adequate in applications where a low bit-rate, high priority channel
requires additional confidentiality compared to the public channels [13].The principle of
optical steganography relies upon the production of a series of short optical pulses (stealth
pulses) which are temporally stretched using a dispersive optical element with high group-
velocity dispersion (GVD), as shown in Fig.5.
Short optical pulses have a wide spectral width intrinsically; whereas the high-dispersion
element causes each wavelength component to transmit at different speeds. To reduce the
peak amplitudes to a level below the system noise, the stealth pulses are stretched
sufficiently using high GVD, such as amplified spontaneous noise generated by optical
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 13
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
amplifiers[1,3]. The stretched stealth pulses can be hidden under both the ambient noise in
the network and the public signal, if a public signal is also present, as shown in the middle
figure in Fig. 5.
In the spectral domain, the stealth signal can either be submerged underneath the
background noise (if it has a wide spectrum), as shown in Fig. 5 in bottom figure, or it can
have the similar spectrum as the public channel. The main goal is to make the stealth signal
invisible in the spectral domain [3].The public channel is recovered using a conventional
optical receiver at the receiver side of the network. Performance degradation due to the
occurrence of the stealth signal is minimal because of its small amplitude[5]. The stealth
pulses need be recovered through matched GVD compensation to receive the stealth data.
As the public signal is strong and is assorted with the stealth signal, it has to be eliminated
from the received signal before the stealth signal can be detected.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 14
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
Data hiding in the temporal (amplitude) domain is attained by the above technique.
Moreover, there are two ways to hide the stealth channel in the spectral domain. The first
criteria utilizes optical spread spectrum, where the spectrum of the stealth channel is
expanded so that it has a much larger bandwidth than a public channel. Spread spectrum is
a classical steganographic technique which has been used widely in military radio
communications to hide signals[1,2]. By distributing the transmitted signal in the frequency
domain, a noise-like character with low power spectral density is depicted.
Thus, the spread spectrum signal becomes submerged below the background noise, making
it complex for an eavesdropper to observe without knowledge of the spreading function. In
a second spectral domain approach, we not only use spectral dispersal, but also share the
same spectral content with the public channel[2]. As both the stealth channel and the public
channel occupy the identical spectrum, the two signals become impossible to differentiate.
Collectively, these two approaches contribute in hiding the stealth channel in the spectral
domain.
SURVIVABLE RING
Self-healing ring architectures are preferred on other architectures as they ensure the
availability of the services and also provide high survivability[1]. The large code cardinality of
OCDMA minimizes the use of bandwidth by enhancing the availability of services but in
addition, it also increases the difficulty in channel-detection by brute-force. Thus, OCDMA
ring network has been proposed[2]. With large cardinality, a survivable ring network can be
made as this network does not require any reservation for separate bandwidth or a
separate path in case of link failure whereas other Conventional backup paths require the
permanent reservation of all or some part of their bandwidth.
Unless the failure occurs the bandwidth which is reserved is wasted[6] Soft blocking is
unique characteristic of incoherent OCDMA networks which means that without making any
changes in the existing hardware, we can add or remove the number of simultaneous
transmissions . WDM or TDM,[15,17] is strictly limited by the number of wavelengths or
time slots. Hence, OCDMA provides greater scalability and is more efficient (spectral) than
WDM or TDM. OCDMA also supports many more optical channels than WDM by using same
number of wavelength[3] .The performance decreases the increase in transmissions in the
network.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 15
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
2. Two paths in its ring can carry data with different rate which in return increases the
quality of service in the network.
3. High priority traffic is carried by primary path whereas back up path carries low
priority traffic.
4. Traffic can be aggregated in OCDMA as they have soft blocking capability.
5. No separate bandwidth is required.
6. Every node can add and drop signals in both west and east links.
The quality of service can be maximized by putting the traffic with high data rates on one
link and low data rates on the other link.
ANTI JAMMING
Anti-jamming is a process in which optical signals in a jammed channel can be transmitted
completely by moving the optical signal wavelength out of the jammed waveband[1].
Passive networks (e.g., rings, buses, stars) are vulnerable to denial of service. It may be due
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 16
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
to some error or network issue, the strong optical signal can create errors at the receiver
side or even they can saturate the optical receiver which in result prevents the user from
receiving any information[1]. In such cases the communication channel can be established
again by achieving the anti-jamming.
The anti-jamming principle is illustrated in Figure : 9 below. Before jamming: The signals are
transmitting using the waveband in the middle[1]. On jamming: The whole signal can be
either up-converted or down-converted to the waveband that is available for use at that
particular wavelength.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 17
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
OSAs will only be enabled if the eavesdropping leads to a disruption of the tapped signal
which means drop in channel power or a change in spectrum which is greater than that of
the result acquired in normal operating conditions[1,4]. OSAs may be able to detect tapping
by observing changes on the tapping channel. The OSA can be useful in detecting changes in
the tapping channel only when the communications are easily identifiable[2]. It is difficult to
compare the outputs of several OSAs with the possible tapping of one channel by another
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 18
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
For the future work part, I would like to build an optical network which has the abiity to
detect the threats or attacks and can itself choose a wayout to deal with the best possible
wayout to minimize the effects of it in the optical network. Also as the major issue in any
optical network is security , so more emphasis would be given on that issue so as to
minimize the risk factor of the network as a whole and also providing effecinet functioning
to the customers or the persons using it.
REFERENCES
[1] Mable P. Fok, Member, IEEE, Zhexing Wang, Student Member, IEEE, Yanhua Deng,
Student Member, IEEE, and Paul R. Prucnal, Fellow, IEEE,”Optical Layer Security in Fiber-
Optic Networks” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6,
NO. 3, SEPTEMBER 2011.
[2] Jae-Seung Yeom1, Ozan Tonguz1, and Gerardo Casta˜n´on2, “Security in All-Optical
[3] Mable P. Fok, Member, IEEE, Zhexing Wang, Student Member, IEEE, Yanhua Deng,
Student Member, IEEE, and Paul R. Prucnal, Fellow, IEEE,”Optical Layer Security in Fiber-
Optic Networks” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6,
NO. 3, SEPTEMBER 2011.
[4] Keith Shaneman & Dr. Stuart Gray,” OPTICAL NETWORK SECURITY: TECHNICAL
ANALYSIS OF FIBER TAPPING MECHANISMS AND METHODS FOR DETECTION &
PREVENTION” MILCOM 2004-IEEE Military Communications Conference.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 19
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
[7] M. P. Fok and P. R. Prucnal, “Low-latency nonlinear fiber-based approach for data
encryption and anti-jamming in optical network,” 2008 IEEE/LEOS Annual Meeting, ThG 3,
November 2008.
[8] Paul R. Prucnal, Mable P. Fok, Yanhua Deng, and Zhenxing Wang, “Physical layer
security in fiber-optic networks using optical signal processing” SPIE Vol. 7632, 76321M ©
2009 SPIE-OSA-IEEE • CCC code: 0277-786X/09
[10] A. Stok and E. H. Sargent, “The role of optical CDMA in access networks,”IEEE
Commun. Mag., vol. 40, no. 9, pp. 83–87, Sep. 2002.
[15] A. Bogoni, X.Wu, I. Fazal, and A. E.Willner, “160 Gb/s time-domain channel
extraction/insertion and all-optical logic operations exploiting a single PPLN waveguide,”
J. Lightw. Technol., vol. 27, no. 19, pp.4221–4227, Oct. 1, 2009
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 20
Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES
[17] P. R. Prucnal, M. P. Fok, K. Kravtsov, and Z.Wang, “Optical steganography for data
hiding in optical networks,” presented at the 16th Int. Conf. Digital Signal Processing (DSP
2009), Santorini, Greece, Jul. 2009, Paper T3B.4.
Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 21