Security in Optical Networks

THREATS / ATTACKS & PREVENTION TECHNIQUES

Abstract
As the numerous networks around the globe are facing demands for increasing bandwidth
and diminishing fiber availability, so the various network providers all over are moving
towards the crucial technology in the network technology which is known as the optical
network. Optical networks are defined as the high capacity telecommunications networks
based on the optical technologies and the components that provide routing , grooming and
restoration at the wavelength level as well as the numerous wavelength services. Optical
networks are basically based on the technology of the optical layer in the transport part of
the network prospective which provides higher capacity as well as reduced cost for a large
number of day to day applications such as Internet, video and multimedia as well as various
digital applications. As the physical layer of an optical network is prone to numerous attacks
which can be of the form of physical attacks, jamming , eavesdropping and many more, so
the issue of security in the optical networks is an important topic for the research . Due to
these problems affecting the optical networks in one way or another , the issue of security
in optical networks is really important to focus on. So, in this paper I will discuss the
numerous threats that can appear in the optical networks as well as the techniques that are
existing for the security purposes in the optical networks which include jamming,
interception, eavesdropping as well as the various physical attacks which affect the optical
layer of the optical networks.

Introduction
Network management is an important component of the communications system as it is
responsible for the assurance of the secure and continuous functioning of any network. A
network management implementation must be capable enough to handle the fault,
performance, security as well as the important features required for proper handling of the
network. As a result of this transparent All Optical Networks ( AON’s) are becoming really
popular because of their ability to reduce cost as well as power consumption , based on the
less use of transponders in the NGI’s or the Next Generation Internet Infrastructure. In order
to assure the reliability and security of the All Optical Networks ( AON’s), number of issues
have to be tackled which include physical as well as the information security which are

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 1
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

essential for the proper functioning of the network[1,2]. Physical Security is essential as it
prevents unauthorized acces to the network resources. In order to have proper functioning
of the network which includes the proper work of all the optical as well as photonic devices
in the network, a network should have the ability to detect the failures which occur in it.
Basically we have three types of the network security control measures which are :

(a) Prevention
(b) Detection
(c) Reaction

With the help of the prevention schemes or techniques we can tackle numerous problems
which occur due to network design , component design and many more. The various
schemes that are existing already which is the network monitoring scheme which further
uses the optoelectronic conversion at the switching nodes[1]. This is but not sufficient
enough in order to provide the security assurances for the different optical networks that
require assistance from various kinds of faults as well as numerous attacks. As the physical
layer impairment is the major reason behind the attacks, also it results in the inability of the
physical layer to prevent itself from the physical attacks such as jamming, interception ,
eavesdropping and many more.

So as a result of all of this, an intelligent strategy is required thereby which has all the
features such as performance monitoring, fault detection, localization as well as isolation.
There should also be a strategy setup in the networks which can provide uninterrupted
service as a part of the counter service. In order to protect the optical networks, few
techniques have been proposed which include optical steganography and optical
encryption[1,2]. With the use of optical encryption, we can encrypt the signals with low
latency as we as high speeds, without using the emission of radio frequency signature.
Whereas , optical steganography provides an additional layer of privacy by hiding the data
transmission under the public transmission channel.

So, in this paper I will focus on the different cases where the attacks aim at the number of
physical layer impairments thereby resulting in the disruption and degradation of the
network as a whole. So in this paper I will consider different types of attacks as well as the

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 2
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

preventive measure that can be taken in order to protect the physical layer of the network
and also the optical network as a whole.

TYPES OF ATTACKS
There are a number of optical networks that are a kind of backbone of the internet which
include local area networks to the optical networks. So, the threats that can attack these
types of networks can vary from one network to another. Therefore the attacks that can be
done on a network can be characterized by the following kinds such as[1,4]:

(a) Eaves Dropping

(b) Traffic Analysis
(c) Data Delay
(d) Service Denial
(e) Spoofing
(f) Quality Of Service Degradation
1. EavesDropping : There are various approaches by which an attacker can eavesdrop an
optical system . The first approach can be a kind of tapping or physical tapping into the
optical fiber[1]. The second approach can be the listening of the residual crosstalk from
an adjoining channel while impersonating a legal subscriber. Also it is possible to capture
a little amount of the optical signal by tapping. There also arises a possibility that the
fiber can be tapped by the cracking of the shielding material because of which a small
fraction of the light escapes from the optical fiber and by placing the second fiber
directly adjacent to the place from where the light escapes from the first fiber and hence
the desired optical signal can be captured[3,5]. Another possible way of eavesdropping
can be listening of the residual adjoining crosstalk while imitating one of the subscribers.
This way is possible mainly in the WDM Networks or the Wavelength Division
Multiplexing Networks in which numerous wavelengths are used by a number of
subscribers and a desired signal is dropped at the desired destination with the use of
the wavelength de-multiplexer[3,4]. But there is a small amount of leakage or the
optical power leakage from the adjacent channels which means that there is a possibility
of inter channel crosstalk as the wavelength de-multiplexers do not carry a perfect
channel isolation.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 3
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

2. Confidentiality : Basically physical tapping of an optical signal is not an easy task. But
tapping an optical fiber is easy if the fiber itself is exposed without any kind of
protection. Also if the protection material as well as the cladding is removed from the
optical fiber , then it can cause breakage .
3. Jamming : The physical damage occurring on an optical network can be on purpose or
accidental as well. So, what this causes is the rejection of service due to the jamming
attacks in the system as a whole. Due to the denying of the service, it can further result
in the stealing of the information and it may further lead to loss of the various network
resources and also various economic losses to the network provider. So, this all is
basically the net result of the jamming attacks on a network.

ATTACK USING SELF AVOIDANCE

Self Avoidance , the term can also be defined as the self healing feature of the optical
network. There are numerous assaults that can happen over and over at the physical layer
of the optical system[2,3]. It can debase the execution of the system. For such issues we can
outline a repairing toward oneself methods so that the system itself can manage the issue
on the off chance that it happens again later on.

CONCEPT OF SELF ORGANIZATION

Self Organizing toward oneself is carried out to make the optical system work adroitly on
the off chance that a comparative assault happens at the physical layer over and over. The
optical system ought to be sufficiently competent to selfheal the issues under specific
conditions so that the execution of the system is not influenced, for instance in the event of
bundle transmission there are different courses that can be chosen[1,2]. Be that as it may as
opposed to utilizing first fit highway one ought to favour multi-way directing (MPR) because
of numerous focal points.

It has the fundamental highlight of determining the discord of parcels, blames and assaults
with the assistance of the substitute .In this process no human intercession is needed by the
optical system. The system ought to have a nitty gritty learning of the sub parts and ought to
overhaul itself when there is any change in the system topology. A managed machine

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 4
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

learning methodology ought to be followed with a specific end goal to backing the idea of
relationship toward oneself.

Working of Self Organising Network :

Basically a self organising network comprises of two stages . First is the observing stage In
this stage the network tries to observe the worst quality state of the network. Then a
relationship is studied between the channel quality and the network state the concept of
observing is very important for improving the way of the adaptation by learning cycle[3,4].
There is clear relationship between the observation stage and the learning stage. The
observed data is used in the next learning classifier. On the contrary the learning classifier is
used in the next learning stage. Hence this forms a cycle of observing and learning. The time
taken in the observation stage is equal to time required to collect the relevant data for
learning stage. Concept of data representation and distribution is of utmost importance
while collecting the data.

Figure : Shows the Alternate Learning & Observing Cycle

Design And Implementation

MPR , also known as the Multi-Protocol Routing is a well known protocol used in the case of
the optical network. MPR alluded to as Multi-way steering is one of the critical directing
convention utilized as a part of the optical system[3,4]. The bundle transmission starting
with one hub then onto the next happens with the assistance of the yield connection table
having numerous yield join choices. These yield join choices are orchestrated by allocating
need.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 5
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

Firstly we make a forward table with the assistance of the k-most brief ways taking into
account least jump steering. On the off chance that there is any contention between the
bundles, then the best arrangement is to check the need[1]. The yield connection having the
best need is decided to send one bundle and the other is sent through the yield connection
having the second need.

It is finished with the assistance of the steering calculations that aides in updation of the
sending tables in light of the issues or issues the system may endure. Optical memory and
wavelength transformation are the two essential variables that must be considered for
discord determination system[2]. System comprises of certain arrangement of wavelengths
that are show on the connection. It is obligatory to upgrade the system as per the
wavelength utilization .

Here MPR goes about as a principle operators for guard component to the flaws that
happen in the system on auspicious premise and developing the system data on convenient
premise. The hubs are educated about the current wavelength state and this empowers the
MPR to make a self-composed system if any issue happens, BER(Bit Error Rate) checking of
each hub is carried out in optical system. BER checking is carried out at the collector's end. It
helps in tuning the channel of the each approaching wavelength.

Thus we can conclude that MPR plays a very crucial role in the important process of self
organising.

Techniques For Optical Layer Security

Basically we have three major objectives that can be used or are basically used for the sake
of optical layer security which are as follows :

1. Maintaining the privacy of the communications.

2. Decreasing the chances of the detection.
3. Assuring the confidentiality of the communication link or the network as a whole.

As discussed above or in the previous pages, the categories of threats can be summarized as
follows :

1. Authentication

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 6
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

2. Confidentiality
3. Availability
4. Privacy Issues & Traffic Analysis

But in order to protect the physical layer from the threats there a whole bunch of
techniques available which are explained as follows:

Encryption:
Encryption is a very useful technique which helps in securing a signal and also increases the
confidentiality of the network in the physical layer. The information can't be acquired from
the figure message by a busybody, without learning of the encryption key[1,3]. There has
been significant push to create architectures for actualizing encryption works in the optical
area, to end up perfect with high information rates of optical systems . In thought to the
fiber-optical transmission channel, optical encryption likewise gets advantages from not
making an electromagnetic mark. This gives imperviousness to electromagnetic-based
assaults.

No helpful data can be acquired by the spies regardless of the possibility that they acquire a
little parcel of sign by taking advantage of the optical fiber or listening to a deposit adjoining
channel, without the learning of the encryption key[1]. The capacity of optical transforming
to work at information rates is far more noteworthy than that of electronic segments gives a
motivation to such sort of works. The optical segments posture less side-channel hazard
than their electrical partners in light of the fact that they don't have electromagnetic
outflows that are discernible from a separation.

For a case, optical XOR rationale has been researched by a few analysts as a beginning stage
for building optical encryption calculations[2,3]. The optical XOR entryways which were
acquired did not have electromagnetic marks that can be seen by a busybody . Different
systems have been proposed and exhibited utilizing Optical XOR entryways, including four-
wave blending for stage regulated and polarization.

XOR logic is an essential initiating point for constructing optical layer encryption since, in
cryptography, joining XOR with feedback is essential in producing long key streams from
smaller keys or for processing registers used in the process of enciphering[2,3]. XOR,

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 7
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

feedback, and feed-forward capabilities are required for the implementations of block
ciphers. Converting these building blocks into the optical domain and using them in
collaboration can result into a high-speed, electromagnetic wave-immune, all-optical means
for encryption. Noise accumulation and the propagation of undesirable logic levels may
cause problem for optical systems.

Figure : 2 : Shows Architecture For An All Optical Encryption

An optical encryption system consists of encryption at the transmitter and decryption at the
receiver, as shown in figure above . The key and data are secured in an area which is out of
the reach of the eavesdropper. With the help of a different coding scheme such as OCDMA,
the signal can be pre-encoded[2,3,4]. The signal and key are then introduced into the optical
encryption block consisting of an optical XOR gate. The signal is decoded optically and
decrypted using the key, at the receiver side.

Quite a lot of areas of network security have already been addressed, based on optical
signal processing, including all optical logic for encryption and optical steganography. Four-
wave mixing (FWM) in a 35-cm highly nonlinear bismuth-oxide fiber (Bi-NLF) has been the
basis for the demonstration of optical encryption of a WDM signal in a compact and low
latency fashion. FWM-based encryption believes on the polarization-sensitivity of FWM[1] .
The input data and encryption key are both polarization modulated. If both the key and data
are of the same polarization, only then FWM will occur. Figure 2 shows an example of the
input data, encryption key, and the encrypted output.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 8
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

Figure : 3: Demodulated Data

Figure : 4: Demodulated Encryption Key

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 9
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

Figure : 5: Output i.e Encrypted Output

So, a four wave mixing encryption scheme was used in order to encrypt the optical CDMA
signals.

OCDMA : Optical Code Division Multiple Access

OCDMA is another powerful tool which is used to provide optical layer security. The main
confidentiality that an OCDMA can offers starts from the process of encoding / decoding as
well as the useful multiplexing properties that it has[1]. Strictly, in an OCDMA system, each
data stream is encoded with a specific code which can only be accessed with the analogous
decoder.

Furthermore, in a multiple-access system, a plurality of CDMA codes can concurrently be

present in the transmission channel which overlaps both in time and optical spectrum. Thus,
it becomes hard to discover a given code covered by other codes without any prior
knowledge of the codes[1,2]. Optical coding introduces an additional layer of protection
from eavesdropping, although it does not provide confidentiality that it is as strong as
optical encryption.

The experimental unit of the interleaved waveband switching optical encryption scheme is
shown in Figure3. The two pumps used for FWM are the two orthogonally polarized optical
encryption keys (KEY and KEY#), while the probe used is a binary data (DATA)[3]. The binary
sequences of KEY and KEY# are same except the polarization representations that are
orthogonal. This can be accomplished by putting an orthogonal CW light into the
polarization modulator. The encryption keys and the data are joined and amplified by an
erbium doped fiber amplifier.

The combined signal is then introduced to a 35-cm Bi-NLF that has a nonlinear coefficient of
1100 W-1km-1 in the vicinity of 1550 nm. These results in the attainment of the XOR
operation at the FWM output with DATA and KEY at the input, while a NXOR output is
obtained from the FWM of DATA and KEY#[1,2]. To achieve interleaved waveband switching
modulation, the KEY and KEY# are accustomed to have a small wavelength difference, such
that the FWM outputs resulting from the interaction with KEY and KEY# are spectrally

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 10
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

interleaved. By obtaining the newly produced wavelength components from FWM, an

encrypted output based on interleaved waveband switching is obtained.

Figure : 6 : Shows the Experimental Setup for the Interleaved Waveband Switching Optical
Encryption Scheme.

The security is increased by the FWM encryption scheme which is extended to encrypt
OCDMA signals, using interleaved waveband switching modulation[1]. On contrary to the
amplitude modulation, in which the intensity alters with each bit change, two spectrally
interleaved wavebands with the same intensity are used to represent the bit 0 and bit 1 of
the cipher text. Since, there is no intensity variation during the bit change, it is more
complicated for the eavesdropper to identify the content of the cipher text,. Fig. 6 shows
the experimental results.

OCDMA Confidentiality
The OCDMA Confidentiality is basically dependent on the OCDMA codes for the major
part[1]. Also , the OCDMA codes can be further subdivivded into two major parts or groups
which are described as follows :

1. Coherent OCDMA Codes

2. In-Coherent / Incoherent Codes

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 11
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

An example of a typical coherent OCDMA scheme is spectral-phase encoding (SPE), which

applies different phase shifts to multiple coherent spectral components[1]. At the receiver,
the decoder conducts the conjugate phase shifts in order to make all the spectral
components in-phase, forming an autocorrelation peak for data reception. Incoherent
OCDMA applies the system during intensity modulation and direct detection.

From various incoherent OCDMA schemes, we concentrate on a typical two-dimensional

OCDMA scheme, wavelength-hopping time-spreading (WHTS), because of its code flexibility
and better code performance as compared to the other schemes [2]. The data modulation
format also contributes to the system’s confidentiality, apart from the OCDMA codes
utilized. Since the energy levels of bit“1” and “0” are different in On–off keying (OOK) and
can be easily distinguished using a photo detector even without a decoder, it has been
proved to be vulnerable to eavesdropping.

In order to conquer this problem, both coherent and incoherent OCDMA codes can accept
two-code-keying modulation, which uses two different codes to represent bit “1” and “0,”
respectively, to make the energy levels equal for all bits. M-ary modulation can further
enhance the system’s privacy performance by increasing the number M[3]. This is for the
reason that each of the M codes signifies bit of information, which can be kept secret to the
opponent when it becomes large. Experiments have been done broadly on the
confidentiality performance of both SPE codes and WHTS codes.

First, it has been revealed that it is easy for the eavesdropper to detect the signal
information, when there is only a single user on the channel (no matter if OOK or two-code
keying is used)[1]. Hence, the OCDMA system has its confidentiality benefit in multiple
access channels when multiple codes exist simultaneously in the communication channel. In
a multiuser system, SPE codes present a tougher fight to attacks than WHTS codes, because
the complete set of phase coding information needs to be compromised to effectively
detect the code.

For example, an auto-correlation peak will still not be created, if a decoder is used to detect
an SPE code with eight phase chips, even when seven phase chips are set correctly.This is
because coherent noise, which will prevent the production of a clear autocorrelation peak

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 12
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

at the receiver if not all the spectral components are in phase at the receiver[2]. On the
other hand, when using SPE codes, all the codes have to be strictly orthogonal in order to
avoid the creation of coherent noise at the system and results in performance degradation.
As a result, SPE codes have a limited cardinality, making it easier for the attacker to find the
orthogonal code set in use.

On the contrary, as long as the autocorrelation peak-to-cross-correlation peak ratio is kept

above certain detection threshold, WHTS codes do not have to be strictly orthogonal. Thus,
WHTS codes have larger code cardinality than SPE codes and provide more code selection
anonymity[3,4]. In order to conquer the SPE code cardinality inadequacy, Menendez et al.
proposed and demonstrated code translation to enlarge the code cardinality. By translating
a normal SPE code set, the Hadamard code, which is represented by a Hadamard matrix , a
new orthogonal code set can be obtained by a matrix multiplication.

STEGANOGRAPHY
Steganography is a useful tool which helps to hide the messages therby increasing the
privacy content of the communications systems. It hides it in such a way that apart from the
sender and intended recipient, no one else is aware of the existence of the communication.
In optical interactions, optical steganography enables the transmission of a secret data
channel called the “stealth channel”[1,3]. This channel can be hidden in the presence of
“public channels”. In order to attain this, the data rate of the stealth channel must be
inferior to that of the public channel.

This may turn out to be adequate in applications where a low bit-rate, high priority channel
requires additional confidentiality compared to the public channels [13].The principle of
optical steganography relies upon the production of a series of short optical pulses (stealth
pulses) which are temporally stretched using a dispersive optical element with high group-
velocity dispersion (GVD), as shown in Fig.5.

Short optical pulses have a wide spectral width intrinsically; whereas the high-dispersion
element causes each wavelength component to transmit at different speeds. To reduce the
peak amplitudes to a level below the system noise, the stealth pulses are stretched
sufficiently using high GVD, such as amplified spontaneous noise generated by optical

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 13
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

amplifiers[1,3]. The stretched stealth pulses can be hidden under both the ambient noise in
the network and the public signal, if a public signal is also present, as shown in the middle
figure in Fig. 5.

In the spectral domain, the stealth signal can either be submerged underneath the
background noise (if it has a wide spectrum), as shown in Fig. 5 in bottom figure, or it can
have the similar spectrum as the public channel. The main goal is to make the stealth signal
invisible in the spectral domain [3].The public channel is recovered using a conventional
optical receiver at the receiver side of the network. Performance degradation due to the
occurrence of the stealth signal is minimal because of its small amplitude[5]. The stealth
pulses need be recovered through matched GVD compensation to receive the stealth data.
As the public signal is strong and is assorted with the stealth signal, it has to be eliminated
from the received signal before the stealth signal can be detected.

Figure : 7: Shows Schematic illustration of optical steganography using group velocity

dispersion. Insets (a) Measured temporal profile of stealth channel before spreading. (b)
Measured temporal profile of temporally spread stealth channel.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 14
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

Data hiding in the temporal (amplitude) domain is attained by the above technique.
Moreover, there are two ways to hide the stealth channel in the spectral domain. The first
criteria utilizes optical spread spectrum, where the spectrum of the stealth channel is
expanded so that it has a much larger bandwidth than a public channel. Spread spectrum is
a classical steganographic technique which has been used widely in military radio
communications to hide signals[1,2]. By distributing the transmitted signal in the frequency
domain, a noise-like character with low power spectral density is depicted.
Thus, the spread spectrum signal becomes submerged below the background noise, making
it complex for an eavesdropper to observe without knowledge of the spreading function. In
a second spectral domain approach, we not only use spectral dispersal, but also share the
same spectral content with the public channel[2]. As both the stealth channel and the public
channel occupy the identical spectrum, the two signals become impossible to differentiate.
Collectively, these two approaches contribute in hiding the stealth channel in the spectral
domain.

SURVIVABLE RING
Self-healing ring architectures are preferred on other architectures as they ensure the
availability of the services and also provide high survivability[1]. The large code cardinality of
OCDMA minimizes the use of bandwidth by enhancing the availability of services but in
addition, it also increases the difficulty in channel-detection by brute-force. Thus, OCDMA
ring network has been proposed[2]. With large cardinality, a survivable ring network can be
made as this network does not require any reservation for separate bandwidth or a
separate path in case of link failure whereas other Conventional backup paths require the
permanent reservation of all or some part of their bandwidth.

Unless the failure occurs the bandwidth which is reserved is wasted[6] Soft blocking is
unique characteristic of incoherent OCDMA networks which means that without making any
changes in the existing hardware, we can add or remove the number of simultaneous
transmissions . WDM or TDM,[15,17] is strictly limited by the number of wavelengths or
time slots. Hence, OCDMA provides greater scalability and is more efficient (spectral) than
WDM or TDM. OCDMA also supports many more optical channels than WDM by using same
number of wavelength[3] .The performance decreases the increase in transmissions in the
network.

The other characteristics of incoherent are given below:

1. OCDMA allows heterogeneous data types to exist in same link.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 15
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

2. Two paths in its ring can carry data with different rate which in return increases the
quality of service in the network.
3. High priority traffic is carried by primary path whereas back up path carries low
priority traffic.
4. Traffic can be aggregated in OCDMA as they have soft blocking capability.
5. No separate bandwidth is required.
6. Every node can add and drop signals in both west and east links.

The quality of service can be maximized by putting the traffic with high data rates on one
link and low data rates on the other link.

Figure:8:Two-fibre bidirectional OCDMA ring network

ANTI JAMMING
Anti-jamming is a process in which optical signals in a jammed channel can be transmitted
completely by moving the optical signal wavelength out of the jammed waveband[1].
Passive networks (e.g., rings, buses, stars) are vulnerable to denial of service. It may be due

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 16
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

to some error or network issue, the strong optical signal can create errors at the receiver
side or even they can saturate the optical receiver which in result prevents the user from
receiving any information[1]. In such cases the communication channel can be established
again by achieving the anti-jamming.

The anti-jamming principle is illustrated in Figure : 9 below. Before jamming: The signals are
transmitting using the waveband in the middle[1]. On jamming: The whole signal can be
either up-converted or down-converted to the waveband that is available for use at that
particular wavelength.

Figure : 9 : Schematic illustration of anti-jamming through waveband up-conversion or

down-conversion.

TECHNIQUES FOR TAPING ATTACKS:

Power Detection Methods:
It is a technique to detect the tapping by detecting the loss of power. In the FSK (frequency
shift keying) modulation is constrained with small modulation index[2,3]. The detection can
be performed by only the one in which the signal has dropped sufficiently large amount of
power which in return is noticed by an attack detection system.

b) Optical Spectral Analysis Methods (OSA)

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 17
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

OSAs will only be enabled if the eavesdropping leads to a disruption of the tapped signal
which means drop in channel power or a change in spectrum which is greater than that of
the result acquired in normal operating conditions[1,4]. OSAs may be able to detect tapping
by observing changes on the tapping channel. The OSA can be useful in detecting changes in
the tapping channel only when the communications are easily identifiable[2]. It is difficult to
compare the outputs of several OSAs with the possible tapping of one channel by another

Pilot Tone Methods

In current systems, Pilot Tone Methods cannot provide protection against eavesdropping.
The pilot tones are detected only for the communications which are expected to be
received. If there is major loss in the signal of the communication channel, in that case the
pilot tone on the tapped channel will not be affected. For pilot tones, eavesdropping which
occurs through crosstalk.

Optical Time Domain Reflectometry Methods (OTDR)

The OTDR will detect discontinuities or losses in the communication channel (fibre) due to
the usage of a portion of the signal for eavesdropping. It can be used to detect in-line
eavesdropping[2]. To detect the eavesdropper present in the network, the traces of OTDR
signals has to be detected. These signals may carry communications which are tapped from
other fibres.

CONCLUSION & FUTURE WORK

In this paper, I tried to discuss the susceptibility of the optical networks towards various
kinds of security threats which may or may not affect the security aspect of the optical layer
of the network. Also, I discussed a basic overview of the numerous techniques that can be
used to protect an optical network against the various security threats or issues. . Security is
considered as one of the primary factor in case of data transmission from one source to
another. Therefore it has been observed on timely basis that in order to enhance the
security of the optical network we can use many techniques. This also helps in increasing
the effectiveness of the network. To protect the network from vulnerable attacks not only
increase the performance of the network but also helps in easy network management of a
optical network. The concept of self-organization is also of great importance for an
intelligent optical network.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 18
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

For the future work part, I would like to build an optical network which has the abiity to
detect the threats or attacks and can itself choose a wayout to deal with the best possible
wayout to minimize the effects of it in the optical network. Also as the major issue in any
optical network is security , so more emphasis would be given on that issue so as to
minimize the risk factor of the network as a whole and also providing effecinet functioning
to the customers or the persons using it.

REFERENCES
[1] Mable P. Fok, Member, IEEE, Zhexing Wang, Student Member, IEEE, Yanhua Deng,

Student Member, IEEE, and Paul R. Prucnal, Fellow, IEEE,”Optical Layer Security in Fiber-
Optic Networks” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6,
NO. 3, SEPTEMBER 2011.

[2] Jae-Seung Yeom1, Ozan Tonguz1, and Gerardo Casta˜n´on2, “Security in All-Optical

Networks: Self-Organization and Attack Avoidance” Department of Electrical and

Computer Engineering 1Carnegie Mellon University1-4244-0353-7/07/ ©2007 IEEE.

[3] Mable P. Fok, Member, IEEE, Zhexing Wang, Student Member, IEEE, Yanhua Deng,
Student Member, IEEE, and Paul R. Prucnal, Fellow, IEEE,”Optical Layer Security in Fiber-
Optic Networks” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6,
NO. 3, SEPTEMBER 2011.

[4] Keith Shaneman & Dr. Stuart Gray,” OPTICAL NETWORK SECURITY: TECHNICAL
ANALYSIS OF FIBER TAPPING MECHANISMS AND METHODS FOR DETECTION &
PREVENTION” MILCOM 2004-IEEE Military Communications Conference.

[5] Nina Skorin-Kapov, Member “A New Approach to Optical Networks Security:

Attack-Aware Routing and Wavelength Assignment” IEEE/ACM TRANSACTIONS ON
NETWORKING, VOL. 18, NO. 3, JUNE 2010.

[6] J. M. Castro, I. B. Djordjevic, and D. F. Geraghty, “Novel super structured Bragg

gratings for optical encryption,”IEEE J. Lightw.Technol., vol. 24, iss. 4, pp. 1875 – 1885,
April 2006.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 19
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

[7] M. P. Fok and P. R. Prucnal, “Low-latency nonlinear fiber-based approach for data
encryption and anti-jamming in optical network,” 2008 IEEE/LEOS Annual Meeting, ThG 3,
November 2008.

[8] Paul R. Prucnal, Mable P. Fok, Yanhua Deng, and Zhenxing Wang, “Physical layer
security in fiber-optic networks using optical signal processing” SPIE Vol. 7632, 76321M ©
2009 SPIE-OSA-IEEE • CCC code: 0277-786X/09

[9] 13. M. P. Fok and P. R. Prucnal, “All-Optical Encryption Based on Interleaved

Waveband Switching Modulation for Optical Network security,” Optics Letters, vol. 34, iss.
9, pp. 1315 – 1317, April 2009.

[10] A. Stok and E. H. Sargent, “The role of optical CDMA in access networks,”IEEE
Commun. Mag., vol. 40, no. 9, pp. 83–87, Sep. 2002.

[11] S. Etemad, A. Agarwal, T. Banwell, J. Jackel, R. Menendez, and P. Toliver, “OCDM-

based photonic layer ‘security’ scalable to 100 Gbits/s for existing WDM networks
[Invited],” J. Opt. Netw., vol. 6, pp. 948–967, 2007.

[12] T. H. Shake, “Security performance of optical CDMA against eavesdropping,” J.

Lightw. Technol., vol. 23, no. 2, pp. 655–670, Feb. 2005.

[13] R. C. Menendez, P. Toliver, S. Galli, A. Agarwal, J. Jackel, J. Young, S. Etemad, A.

Agarwal, and T. Banwell, “Network applications of cascaded passive code translation for
WDM-compatible spectrally phase-encoded optical CDMA,” J. Lightw. Technol., vol. 23, no.
10, pp. 3219–3231, Oct. 2005.

[14] M. P. Fok and P. R. Prucnal, “Polarization effect on optical XOR performancebased

on four wave mixing,” IEEE Photon. Technol. Lett., vol. 22, no. 15, pp. 1096–1098, Aug. 1,
2010.

[15] A. Bogoni, X.Wu, I. Fazal, and A. E.Willner, “160 Gb/s time-domain channel
extraction/insertion and all-optical logic operations exploiting a single PPLN waveguide,”
J. Lightw. Technol., vol. 27, no. 19, pp.4221–4227, Oct. 1, 2009

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 20
 Security in Optical Networks
THREATS / ATTACKS & PREVENTION TECHNIQUES

[16] Y. K. Huang, B. Wu, I. Glesk, E. E. Narimanov, T. Wang, and P. R. Prucnal, “Combining

cryptographic and steganographic security with self-wrapped optical code division
multiplexing techniques,”Electronics Letters, vol.43, iss. 25, pp. 1449 – 1451, Dec. 2007

[17] P. R. Prucnal, M. P. Fok, K. Kravtsov, and Z.Wang, “Optical steganography for data
hiding in optical networks,” presented at the 16th Int. Conf. Digital Signal Processing (DSP
2009), Santorini, Greece, Jul. 2009, Paper T3B.4.

[18] Y. Deng, Z. Wang, K. Kravtsov, J. Chang, C. Hartzell,M. P. Fok, and P. R. Prucnal,

“Demonstration and analysis of asynchronous and survivable optical CDMA ring
networks,” J. Opt. Commun. Netw., vol. 2, pp. 159–165, Apr. 2010.

Daman Saluja
e-mail: [email protected], Carleton University, Ottawa, Canada 21