Title: Optical network security attacks by

tapping and encrypting optical signals

Maslo Anis1, Nermin Sarajlić2, Mujo Hodžić3, Aljo Mujčić4

1
Faculty of Electrical Engineering Tuzla
2
Faculty of Electrical Engineering Tuzla
3
Zenica University Polytechnic Faculty
4
Faculty of Electrical Engineering Tuzla

Abstract: The growth of internet traffic over the past decade has been constant. The
projections are that this growth will continue. Using a smart wireless device, we
communicate, entertain, socialize and manage, for example, electrical appliances in
the home. The transmission of all this data involves an enormous increase in internet
traffic. The question is which medium can solve the problem of large amounts of
data and long-distance data transmission. Optical fiber as a medium and All Optical
Networks (AON) have the highest transmission capacity. Optical networks are the
solution to the problem of the amount and distance of data transmission. Within
AON, data are transmitted over distances of several thousand kilometers from
source to destination in optical domain. All signal transmission and switching are
performed in the light optical domain. AON at the optical level are vulnerable at the
physical level of network in terms of security. This paper addresses the issue of
AON security at the physical level, with types of attacks and types of protection
against tapping and passive data analysis at the physical level of ON.

Keywords: ON physical layer network security, optical fiber tapping

(eavesdropping), encoding and encryption of optical light signals

1. Introduction

Optical fibers as the transmission medium and AON optical networks, have the
highest data transmission capacity. Optical networks are the solution to the problem
of broadband transmission media. Initially, ON represented practical connecting
routes between distant concentration points of Telecommunications Networks TCN
(TCN). With the development of optical network components, AON have evolved
in terms of increasing transmission distance and channel capacity. Currently
2

available commercial AON operate at a transmission speed of 400 Gb/s per

wavelength, with multiple Tb/s per fiber. The AON signal transmission distances
are several thousand kilometers, the transmission of the entire signals is performing
in the light optical domain.
Such, AON in the literature are also called transparent networks. Optical-level
switching AON are vulnerable at the physical level in terms of security. The first
level of AON security defense, as with all other TK networks, begins at the logical
level of the network model [1]. However, it is a roof level of protection, and a basic
physical level must be ensured to build security throughout the system. This paper
addresses the issue of AON security at the physical level.

2. Types of attacks on the physical layer of optical networks

The concept of security is a state of mind. The first line of security for
telecommunication networks is built on the logical network layer of the
Transmission Control Protocol / Internet Protocol Network Reference Model
(TCP/IP). However, building secure top-level of network without the security of the
underlying physical layer does not make the system reliable.
Current industry standards focus on data theft attacks from higher-level TCP IP
network models. Attacks on the physical level of AON have been neglected in some
way. The sophistication of the equipment needed to carry out a specific attack has
left even professionals in the optical communications field convinced that AON are
safe on a physical level.
However, eavesdropping devices were discovered on Deutsche Telekom's main
fiber optic links in 2000. Then, illegal eavesdropping devices were also discovered
on Verizon's optical network near Frankfurt Airport in 2003. Subsequently, a
number of eavesdropping in Europe were recorded are growing [2]. AON, which
transmit high-speed signals in the light domain, are vulnerable to attacks in the
domain of the physical layer of the network.
An attack on the security of an AON network is defined by any action that aims to
impair the confidentiality, integrity and availability of data transmission functions
in the light domain [3]. Physical-level attacks have not been reported in the Western
Balkan countries. Larger telecom operators have dozens of distributed denial-of-
service (DDoS) attacks per day that are handled by automated security algorithms.
The growth of internet traffic is a few percent lower than the growth of the Internet
in the European Community [4].

Attacks on the security of physical layer AON can be divided into several ways.
The first division of the attack is by threat to the basic premises of information
security [1]:
 3

1. Confidentiality: In this case, an effort is made to eavesdrop on the

content of the communication
2. Integrity: In this case, the attacker tries to modify the actual data being
transmitted
3. Accessibility: In this case the attacker tries to obstruct the access of the
authorized subjects to the data.

The second way of classification is simpler, the attacks are divided according to
the damage they cause:

1) Threats aimed at eavesdropping and passive analysis of unauthorized

information
2) Threats aimed at disrupting service by intentionally interfering with proper
signal transmission.

2.1. Threats aimed at eavesdropping and passive analysis of

unauthorized information

The confidentiality of data transmission is mostly related to national military

systems. For military systems it is very important that the enemy does not know the
information transmitted by the AON. However, any data transfer requires the
protection of the privacy of the information. AON elements do not emit lateral
electromagnetic waves that are used to eavesdrop on copper communication
channels. For AON, attackers have developed various eavesdropping techniques [3]
that affect data confidentiality.

2.1.1 Tapping by insider attacks

The simplest method for tapping is an insider attack. The attacker regularly
subscribes - logs into AON, and then eavesdrops on listening signals from his
adjacent communication channels through special equipment. Another type of
insider attacks that eavesdropping performed on switch ports or Dense Wave
Divison Multiplexing (DWDM) nodes that are designed to analyze and control
traffic. These kinds of attacks are very difficult to detect because they leave no trace
and analyze the data passively.
Other methods of tapping require physical contact with an AON optical fiber
through which light signals are transmitted. In order to make physical contact with
the optical fiber in the cable, it is necessary to remove all levels of protection of the
fiber in cable: the sheath of the optical cable, the secondary protective carbon fibers,
the protective tubes, and finally the polymer protection on the fiber itself. In
practice, this is not a simple process.
4

2.1.2 Bend tapping

When access is made to the optical fiber, then fiber could be bent enough to
compromise internal reflection. Compromising internal reflection cause decuple
some percentage of the primary mode of the transmitted light signal. So, Fiber
bending is done so that a smaller percentage of the light signal leaves - leaks from
the fiber optic core. A minimum percentage of the signal is taken for eavesdropping
to make it difficult to detect the loss of optical signal budget on the receiving side.
That is, in order for the regular receiver to detect the attack as hard as possible.
Figure 1 shows the basic schematic of the wiretap as well as the detection using the
Optical Time Domain Reflectometer (OTDR) [5]. The light emitted due to bending
from the optical fiber using prisms is directed to the optical fiber of the tapping
device and then to the opto/electronic convector, after which the data obtained is
analyzed.

Figure 1. a) Basic fiber tapping metod, b) OTDR detection of band tapping [5].

However, a small percentage of the reduction in the budget of the transmitted

signal in practice can be detected, for example by using OTDR. Therefore, this
method of eavesdropping is relatively little used. In practice, eavesdropping devices
are commercially available and cost approximately 250Eur.

2.1.3 Evanescent tapping

Evanescent tapping is performed by diverting a small portion of the light into

another optical fiber without bending. The method consists in polishing the optical
fiber surface by removing a portion of the sheath. When these polished fibers are
physically connected, there is a crosstalk between them, that is, a "leakage" of the
basic mode of the legitimate signal into the attacker's fiber. The advantage of this
method is that it has no bending and is difficult to locate.
 5

2.1.4 Raleigh Scatter - tapping

Rayleigh scattering occurs due to change in material density optical fibers in

certain parts of the fiber due to not perfection processing. This property of optical
fibers can be used as an object of natural crosstalk that occurs in a fiber. In this case
of eavesdropping, the attacker uses a special device to detect the small amount of
light emitted by the fiber due to scattering. The device uses ball lenses located next
to a fiber that focus light into the attacker's receiving fiber through which it is
transmitted for further analysis and reading of data. Eavesdropping using Rayleigh
scattering is the most difficult to detect because it does not use a useful legitimate
signal budget. Table 1.1. an overview of the tapping attack was given.

Table 1.1. Overview tapping attack on a physical level AON.

Tapping
Type of attack Characteristic of attack
attack
Insider attacks on service ports
Insider attacks
or system monitoring ports.
The most common form of
attack. Equipment for this type
Bend tapping of attack is inexpensive and
commercially available, but it is
easy to detection.
It requires extremely precise
Evanescent tapping fiber processing, the more
difficult it is to detect.
Requires extremely accurate
Raleigh Scatter tapping
equipment, it is undetectable.

3. Types of protection against tappig attack at the physical

level network

AON's main feature is to ensure high-speed data transmission. Operators

during exploitation AON face the new challenges of maintaining a system which is
significantly different from the challenges to existing copper networks. The primary
objective of maintaining network security is to provide the information triad:
reliability / integrity / availability. A block diagram of network security at the
physical level is given in Figure 2. Network resistance may be impaired by system
errors (component failure, etc.) or illegal attack. In both cases, the steps to solve the
problem are the same.
6

Figure 2. Structure of mechanisms protection to Network survivability. [6].

Addressing security issues during AON design is the best and most effective
method of protecting AON. The original ON security was only ensured by encoding
the data when transmitting it. However, this protection has proved to be insufficient
so that encoding and encryption are now used to protect the three basic security
postulates. The basic problem-solving protocol at the physical level is the detection
of the problem, after which the problem is specifically located and protection is
performed from the detected attack. Finally, make reconstruction or restoration
system.
In order to detect a problem that is not a physical break in the AON network,
there must be certain methods. Locating and detecting attacks are performed by
methods of statistical analysis and comparison of AON status across different
periods. Deviation in the power level, deviation in the spectrum of transmitted
signals, increase of Bit Eror Rate (BER) indicate changes in the parameters of the
AON communication channel. If these changes are not announced and planned then
arises suspicion - activates the alarm for intentional unauthorized access to
resources AON. Any changes to the system are recorded and a statistical analysis is
made indicating the anomalies that need to be addressed. Trial measurements - a
pilot signal, then monitoring measurements with OTDR also indicate system
anomalies that alarm a possible attack on AON security.

3.1.1. Attack protection by encryption and encodnig

Until the first physical level attacks were detected, the protection of AON
security in the domain of transmission of light signals was done through their
encoding. The encoding was done more because of the efficient use of the
waveband, but it was also considered to provide a sufficient level of protection due
to the technical complexity of the coding system. However, after the detection of
the attack at the physical level, additional encryption protection is installed and
 7

also performed. Eavesdropping violates the principle of data confidentiality.

3.1.2. OCDMA encoding in AON

Optical Code-Division Multiple-Access (OCDMA) is the most used code in

AON [3,7]. The confidentiality provided by OCDMA is based on the
encoding/decoding process with the use of coding keys. Each AON user is assigned
a unique key, which is used to encode and decode the messages the user sends or
receives. This in admission implies that from the optical fiber, which is a free
medium transmitted by WDM or Time Division Multiplexing (TDM), the specific
data user decoder can take and read the data that has been exclusively designed for
him. Other data cannot be decoded correctly by the decoder and discarded. Thus,
before each send, the user's decoder encodes the data with its unique key and sends
the encoded data to the destination. On the receiving side, data is taken from a multi-
access channel (optical fiber, access node) and, based on the correct exchanged
keys, the receiving decoder accurately decodes the sent data. If another
eavesdropper picks up data from a multi-access channel, it will not be able to read
it correctly without having a correct decoding key. This means that encoding
provides some degree of authentication in AON.
OCDMs are divided into coherent and non-coherent codes. A typical coherent
OCDMA is realized by spectral phase encoding of SPE (Spectral Phase Encoding).
SPE coding applies different phase shifts for multiple coherent spectral
components. On the receiving side, the reverse process of spectral return of coherent
components to the phase is performed. An example of a typical incoherent OCDMA
encoding is WHTS (Wavelenght Hopping and Time Spreading) is given
schematically. Figure 3. The main disadvantage of OCDMA encoding is the feature
that when only one signal is encoded and transmitted the attacker by tapping can
perform simple detection and decoding of the data based on the change in signal
intensity. To avoid such situations, an M-ary modulation has been developed that
breaks every 0 or 1 into M symbols, thereby averaging the signal peaks and hiding
the symbol transition.
8

Figure 3. a) OCDMA encoding scheme, b) Protection route realised in OCDMA models [6].

The advantage of OCDMA encoding is its large cardinal number and soft
blocking. Soft blocking denotes adaptability to the needs of communication
channels. Soft blocking implies that the addition or subtraction of simultaneous
transmissions in the AON access nodes can be done without further modifications
to the hardware. The soft blocking feature gives more scalability to OCDMA than
WDM or TDM technologies. OCDMA on the same fiber count as WDM or TDM
has much higher spectral efficiency. The soft blocking feature can be used to form
protective routes. If the security routes are formed at the physical level then for
protection option 1: N we have N standby protection routes that are activated if the
work route interrupts. In the case of the 1 + N protection option, N protection routes
are provided that run in parallel, the first being the primary route, and if it cancels
its role, the next route takes over. This type of protection is designed only for very
important golden users. Since 2015, commercial AON solutions have been
available with Spatial Division Multiplexing (SDM) as a way of increasing capacity
and eavesdropping [8,9]. The type of protection that is designed and applied in
practice is conditioned by the cost of project realization [10]. Using the advantages
of OCDMA on the same route in the same transmission band, transmission links
with different transmission rates can be formed. This feature allows it to perform
protection with a fast-primary communication link and with a slow security link. If
the high-speed channel interrupts the complete data transmission, the router is
routed to the slow protection channel. Disrupting a fast link does not cause a service
interruption but results in a partial decline in QoS (Quality of Services) quality.

3.1.2. Protection against tapping by encription

Another way to protect AON against tapping is encryption. AON physical layer
data privacy protection could be done by encrypting the original content. By
encryption definition, encrypted data cannot be translated by an attacker into the
original message without a unique key. Compared to electrical encryption,
 9

encryption in the light domain has less wait time for data processing - lower latency
and higher speed. In addition, encryption, as a process, does not produce additional
lateral electromagnetic waves that could serve an attacker to discover a unique key
and compromise transmission confidentiality. Various methods have been
developed for cryptography at the AON physical layer.
The cited literature describes in detail the various cryptographic models in ON.
The most important encryption models are listed here.
The literature [11] describes a model of OFDM optical polarization encoding
with chaotic encryption based on chaotic encryption for physical-layer security.
The literature [12] provides an overview of cryptography at the physical level
using chaos theory with application to Orthogonal frequency division multiple
passive optical network (OFDM-PON).
The literature [13] provides a model for enhancing the security of AON
physical layer based on the use of Optical-CDMA With Multi-code Keying
Encryption and multi-code compliant coding (OCDMA).
An example of Optical Encryption with Interleaved Wavebad Switching will be
discussed below. This encryption model is based on Four Wave Mixing (FWM).
FWM is an inter-modulating property of an optical fiber whereby they interact with
each other between 3 wavelengths to produce a fourth wavelength. In the case of
interlaced wave encryption, the non-linear FWM effect occurs in a 35 cm long non-
linear Bismuth Oxide fiber (Bi-NLF). Waveguide encryption works with two FWM
pumps that generate the orthogonal keys KEY and KEY # [14]. On the transmitter
side, the data and orthogonally polarized keys are routed via Bi-NLF through the
capler and thus encoded by the formation of FWM Figures 4. The orthogonally
polarized keys KEY and KEY# are slightly frequency shifted so that they overlap
spectrally in the communication channel. This rendering of encrypted text makes it
difficult for an attacker to eavesdrop to read blocks of data based on a change in
signal intensity.

Figure 4. All-optical encryption with wavelength switching modulatuion: LD laser diode; PolM
polarization modulator; BPF optical bandpass filter [14].

The encryption data and orthogonally polarized keys are propagated via a 3 dB
lossy capler, then amplified via an Erbium Doped Fiber Amplifaer (EDFA)
amplifier and fed to the BI-NLF in which the FWM signal encryption effect occurs.
10

The undesirable effect is that additional bi-polarized signals are obtained in Bi-NLF.
These additional lateral signals are filtered with BPF [15]. On the receiving side, a
reverse process takes place, wavelength reconversion, decoding and decryption are
done. The result of encryption of the OCDM sequence by band interleaving is given
in Figure 5.

Figure 5. Temporal profiles: (a) XOR output, (b) NXOR output, (c) encrypted signal with
interleaved wavebandswitching modulation, and (d) encrypted signal after decoding. [14].

Encryption based on interleaved waveband switching modulation has the

advantage that the encryption key can be increased, thereby preventing the attacker
from decrypting the data he / she is tapping.
Cryptography is an essential segment of AON security, and as attackers are
constantly working to develop methods and tools for breaking down encryption and
encryption systems, so are researchers working to develop new encryption models.

4. Conclusion

The large amount of data they transmit makes AON a permanent target for attacks
and a potential network security issue. Protection on the logical part of the network
is in constant development and implementation. However, protection on logical
level is roof top protection that is not complete without protection at the physical
level of the optical network. This paper deals with the main weaknesses of optical
networks in the domain of security at the physical level. In this gives work reviews
the types of eavesdropping attacks that attackers can perform, as well as potential
attack sites. A description of the damage they cause is also given for all attacks. The
second part deals with countermeasures, ie types of protection against various
 11

attacks. In addition, the encryption and encryption on the physical layer of optical
networks were processed. There is no complete security of the physical layer of
optical networks. Security is built and improved primarily by increasing the loyalty
of the technical network operational staff of optical networks, the full
implementation of existing surveillance and protection systems, and the constant
development of new security methods.

References
[1] Stamatios V. Kartalopoulos, Next Generation Intelligent Optical Networks, Springer 2008.
[2] K. Manousakis, G. Ellinas, Attack-aware planning of transparent optical networks, Optical
Switching and Networking (2015), http://dx.doi.org/10.1016/j.osn.2015.03.005i
[3] Mable P. Fok, Zhexing Wang, Yanhua Deng, , and Paul R. Prucnal, Optical Layer Security
in Fiber-Optic Networks, IEEE Transactions on information forensics and security, Vol. 6,
No. 3 1556-6013, Septembar 2011.
[4] Godišnji izvještaj o razvoju BiH 2018, Državna Direkcija za planiranje ekonomskog razvoja
BiH 2019.
[5] Josua S.White, Adam W. Pilbeam, An analaysis of Coupling Attack in High Speed Fiber
Optic Networks, Enable Photonic Tecnologies for Defense 2011. SPIE DOI:
10.1117/12883550
[6] Fiber-Tapping Detection with the ONMSI Optical Network Monitoring System, © 2015
Viavi Solutions Inc. Product specifications and descriptions fiber-tapping-an-fop-nse-ae
30176152 900 0415
[7] Nina Skorin-Kapov, Marija Furdek, Szilard Zsigmond, and Lena Wosinska, Physical-Layer
Security in Evolving Optical Networks, IEEE Communications Magazine • August 2016
[8] Marija Furdek and Nina Skorin-Kapov, Physical-Layer Attacks in Transparent Optical
Networks, Intechopen, DOI: 10.5772/29836, march 2012
[9] A. Teixeira, at - all, Security Issues in Optical Networks Physical Layer, ICTON 2008 978-
1-4244-2626-3/08/$25.00 ©2008 IEEE
[10] R. Rejeb, M.S. Leeson, R.J. Green, Multiple attack localization and identification in all-
optical networks, Optical Switching and Networking 3 (2006) 41–49
[11] Y. Xiao, et al., Polar coded optical OFDM system with chaotic encryption for physical-layer
security, Optics Communications (2018), https://doi.org/10.1016/j.optcom.2018.10.015
[12] Xuelin Yang, Chaotic Signal Scrambling for Physical Layer Security in OFDM-PON, 978-
1-4673-7880-2/15/$31.00 ©2015 IEEE
[13] Ayushi Sharma, Varun Kumar Kakar, Security Performance and Enhancement of Physical
Layer in Optical- CDMA With Multicode Keying Encryption, Conference Paper (PDF
Available) · November 2017 DOI: 10.1109/ICETCCT.2017.8280295
[14] Mable P. Fok* and Paul R. Prucnal, All-optical encryption based on interleaved waveband
switching modulation for optical network security, Optical Society of America 0146-
9592/09/091315-3 2009