IEEE COMMUNICATIONS LETTERS, VOL. 15, NO.

1, JANUARY 2011

Photonic CDMA Systems with Security Physical Layers

Ajung Kim

AbstractCryptographic schemes based on classical information transmission and physical entities are addressed. This scheme provides ways to detect the extent of eavesdropping and does not entirely rely on computational complexity. Its implementations in photonic code division multiple access (CDMA) systems are suggested and secure key distributions under multiplexing environments are examined. Index TermsCode division multiple access, intermodulation noise, cryptography.

I. I NTRODUCTION

S conventional cryptography has been threatened by the development of quantum computing with the ability of massive parallelism, demands for new cryptography have been increasing. Quantum cryptography[1], which is not based on computational complexity, also has difculties in long haul system applications since signal amplication is impossible. In this paper, protocols for secure key distribution based on physical entities in the presence of noise are suggested. In section II, principles and implementations of the protocols are suggested especially with optical CDMA techniques. Its performance is evaluated in terms of mutual information, error rates, and other system parameters. In section III, detecting test factors as criteria to estimate the degree of eavesdropping are suggested and an analysis is carried out. Section IV offers concluding remarks. II. S YSTEM M ODELING AND A NALYSIS With characteristics of spread spectrum and asynchronous and independent transmission, optical CDMA is considered a promising candidate for implementing this cryptosystem in multi-access systems. The spread spectrum signal, which is modulated by phase, is transmitted onto a wider bandwidth carrier. The received signal is mixed with a synchronized replica of the conjugate spreading function, which reconstructs the signal from the matched transmitter to its original bandwidth, while the unwanted signals from the other transmitters will spread further and little of the interfering signal will be passed by the unmatched detecting lter. Figure 1(a) shows the topology of a time-spreading optical CDMA system. The spread spectrum signals and spreading function can be combined with interferometers by signicantly greater than the coherence time of the light source . The delay can be achieved by an unbalanced Mach-Zehnder Interferometer (MZI), and multiple access can be achieved by

Fig. 1. Photonic CDMA systems: (a) for key distribution and (b) for message encryption and decryption.

allocating to the -th encoding MZI a unique relative delay, , with the delay differences between channels, , exceeding the source coherence time , such that > , and > for all = . The small, additional delay of either 0 or 1/20 is generated by a phase shifter in the encoder giving = 0 or to modulate the binary signal, where 0 is the center frequency of the light source. Each decoding MZI has its path difference matched to its corresponding encoding MZI and recovers the signal by coherence interference. The details of the noise in a MZI depend on the imbalance between the two arms. The phaseinduced noise from two MZIs is uncorrelated if the interferometers have signicantly different imbalance on the scale of the coherent time, which is the case in our cryptosystems. The main noise source in nearly balanced systems is the interference from unwanted transmitters. Due to the square law operation of the photo detector, the optical method suffers from additional intermodulation terms, which cause a beat noise from unmatched transmitters. Generally, intermodulation noise limits the performance of the multiple access system, but such noise can be utilized in key agreement in the proposed cryptosystems. Suppose Alice sends to Bob signals susceptible to system noise. An eavesdropper, Eve, might try to detect each bit of the signals with optimal decision region divisions, whereas Bob makes detection decisions at a higher threshold and discards the unreliable bits falling in the erroneous region below the threshold. Bob then tells Alice via a public channel which bits were accepted as a key string without telling the

Manuscript received June 15, 2010. The associate editor coordinating the review of this letter and approving it for publication was C.-K. Wu. This work was supported by the National Research Foundation (NRFD00392). A. Kim is with the Dept. of Elec. Eng. and Info. Tech., Sejong University, Seoul 143-747, Korea (e-mail: [email protected]). Digital Object Identier 10.1109/LCOMM.2011.01.101022

c 1089-7798/11$25.00 2011 IEEE

IEEE COMMUNICATIONS LETTERS, VOL. 15, NO. 1, JANUARY 2011

Fig. 2. Error rates for Eve and Bob as a function of N for various threshold values. RIN = -100 dB/Hz and =1 GHz.

Fig. 3. Data rate per use as a function of a relative threshold. RIN = -100 dB/Hz and =1 GHz.

values of his bits. Therefore, Eve has a higher error rate and, moreover, a measured bit stream that is uncorrelated with Bobs, because the noise of Eves device is uncorrelated with Bobs. In analysis of the performance in a binary signal system with phase reverse keying (PRK) and a coherent measurement, Alice sends signals 1 () = () and 0 () = () where () = 2/ (2 ), , and 0 are bit energy, pulse duration, and carrier frequency, respectively. The optimal detector measures = ()() where the received signal is a vector sum of the transmitted signal and system noise in a signal state space, () = () + () and () is the dominant system noise such as intermodulation noise. Provided all transmissions are at the same optical frequency and occupy the bandwidth B, these intermodulation terms occupy a bandwidth of approximately 2B. The receiver bandwidth B is set to twice the message bandwidth B for the use of coded mark inversion (CMI) line code to check incorrect polarity. As the intermodulation noise is dominantly inuential in this system, the signal-to-noise-ratio(SNR),, at the output of the balanced detector can be calculated by 8 (16 2 6 1) (1)

Figure 2 shows the error rates for Eve and Bob as a function of N for various values of = 1/2 , 3 1/2 .R is -100 dB/Hz and =1 GHz. Bob determines a value of to make considerably small. Bobs next step is to discard data below the threshold value. Then, the data rate per use for key distribution for N channels is calculated as eq. (3) and plotted in Fig. 3. A high threshold value induces a low error rate for Bob and a signal with a low SNR introduces a high error rate for Eve. The penalty for a high threshold value that conrms a high security level is a reduced data rate. [ > E] 1 [ ( 1)] 2 2 (3) [1 1 ( (1 ))] [ < E] 2 2 In the susceptible cryptosystem designed to make P sufciently large, Eve cannot effectively eavesdrop with an intercept/resend scheme without signicantly increasing P . Moreover, as device noise n and n are uncorrelated with each other, the measurement results are uncorrelated as well so Eve cannot perform effective eavesdropping with a correlator. In addition, Eves attempt to split the signal into several samples or to amplify the signal is futile as splitting or amplifying reduces the SNR only to nullify the advantage of eavesdropping on several samples or strong signals. Eves erroneous decisions and retransmissions introduce errors in Bobs bit string. To detect the presence of eavesdropping, Bob sets up a tolerable value for his error rate in the region, below which error correction is available and thus the transmission is considered safe. Then, Bobs error rate when the eavesdropping exists, P , is increased, from which Bob can tell the presence of Eve. To suppress P below F, Eve may attempt to eavesdrop only on a fraction of Alices string. It is expressed as below in P =P P = [ 1 ( ) [ ( 1)] 4 2 2 (4) 1 + 2 {1 1 ( )} [ (1 + )]] 2 2 2 III. S YSTEM D ESIGN As one of criteria in cryptosystems, partial information between Eve and Alice, which are to be hashed out at privacy

where N denotes the number of receivers, and RIN is the relative intensity noise of the source represented by RIN = 2 0 / 2 with a signal power and power spectral density 0 and /2 = (4 2 )1 . For the transmitted bits, Eve makes a decision according to the maximum a posteriori (MAP) decision rule; the signal is 1 if r > 0, and 0 if r < 0. On the other hand, Bob measures each bit at a threshold t with the following decision rule: the signal is 1 if r > t , and 0 if r < t . Then, Bobs error probability without eavesdropping in the optical multiple access system under the Gaussian approximation of intermodulation noise is obtained as 1 (2) ( + 1)) ( 2 2 2 2 where () = e .

KIM: PHOTONIC CDMA SYSTEMS WITH SECURITY PHYSICAL LAYERS

amplication [2], can be obtained as = [1 + 2 + (1 )2 (1 )] (5)

where = F/P from eq. (4). Large will increase Eves information at the cost of being easily detected by the increased Bobs error rate. Thus, Eves mutual information with Alice and Bob must be signicantly reduced to the level not high enough to succeed in obtaining the right key string with a plain-text attack. Although mutual information is one of criteria in cryptosystems, it has only asymptotic signicance for noisy systems. Thus we would not design the system based on mutual information, but on constraints for a given tolerable P . Bob should take a threshold value in consideration of the number of channels and the tradeoff between P and the data rate. In practice, since a reconciliation procedure such as parity checks is required to eliminate possible errors in the users key string, P is to be set with this overhead cost in mind. Though it seems in eq. (3) that the increase in N increases R, it also increases the error rate, P . Thus, for a given tolerable value of P , must be adjusted to a higher value for a larger N. Since the increase in N has not only a favorable effect on R by multiplexing transmissions, but also an adverse effect by increasing beat noise. In general, the adverse effect is dominant as N increases, which makes the overall data rate decrease. For the threshold value 2 producing P =2.5102 in a 2 channel system, the threshold value that generates the same P in a 4 channel system is obtained as 4 32 , and the corresponding overall data rate is decreased to 4 0.62 . But, even after overhead costs such as reconciliation are taken into account, the resulting rate for key distribution may still compare favorably to the well-known public key methods based on computational complexity. The proposed protocol is not unconditionally secure, as an eavesdropper can take technological advantages by suppressing device noise and enhancing SNR levels. It is the case in quantum cryptosystems using more than one photon in a pulse per mode. But Eves resent bits in the middle of line induce inconsistency between the premeasured Bobs error rate without eavesdropping and with eavesdropping. This thus imposes constraints on Eve. Analysis shows that security deterioration by such attacks is not severe and the proposed scheme provides more efcient key distribution at a higher data rate than other quantum cryptosystems. The coherent modulation for key distribution can also be employed for the encryption purpose, depicted in Fig. 1(b). The encryption schemes other than encoding with a phase modulator the cipher text include enciphering the plain text with a consecutive phase shifter or a polarization shifter, such as a Pockels cell or a half wavelength retarder, in A, and deciphering with a matched phase shifter or a synchronized analyzer in B. Such a combinational scheme is resilient to an eavesdropper and thus renders the cipher-text-only attack futile. One of eavesdropping strategies on phase shifting systems

is to observe the peak power change of power spectrum of signals transmitted through a lter[3]. But with the proposed scheme using the polarization shift, the peak power level of power spectrum over the transmission line is scrambled or at times canceled so that the transmitted cipher text is hardly tractable. Another encrypting method employs tunable lters FA/FB, the frequency of which is selected by the key. The ltered modes of pulses with a short duration are then encoded and the undrained rest modes are dumped over the transmission line in a feedforward fashion not only to scramble the encoded message but also to impose the accumulated noise on the transmitted signal. Since the noise variations superimposed from the broadband signals will eventually dominate and make the modied signal have no correlation with the message. This renders a known-plain-text attack in cryptanalysis impotent. In reuse of the coherent multiplexed systems for the encrypted message transmission, for transmission at a data rate of 1Gbps and balanced detection, the number of channels multiplexed is estimated to be 5 for a BER of 109 ). A source with a broad spectral width is desirable for enhancing the data rate. The enhanced security level with the proposed system using highly overlapping codes that render cryptanalysis difcult makes time spreading code division multiple access more desirable than wavelength division multiple access. With the features of spectrum spread and reconstruction, it is immune to interceptions in the middle of transmission lines. The data rate can be enhanced up to the level where it can be competitive with WDMA by reducing the channel coding with coherent interference encoding and inverse decoding and by using short pulses and fast optical detectors. IV. C ONCLUSION We proposed and analyzed a security protocol applicable to photonic CDMA systems. The proposed scheme for key agreement establishes a security layer in a physical layer and provides ways to detect the extent of eavesdropping by increase in the legitimate receivers error rate in the key string. The implementation is easier and requires simpler processing at error correction and private amplication. Actual rates may compare favorably to quantum cryptosystems or other methods based on computational complexity [4]. The proposed concepts are applicable in a broad range of multiple access systems where the uncorrelated noise model is essentially valid and devise a new way of attaining security in a physical layer. R EFERENCES
[1] N. Lutkenhaus and A. J. Shields, Focus on quantum cryptography: theory and practice, New J. Phys, vol. 11. art. no. 45005, 2009. [2] C. H. Bennett et al., Experimental quantum cryptography, J. of Cryptology, vol. 5, pp. 3-28, 1992. [3] W. Wells et al., Secure communications by optical homodyne, IEEE J. Sel. Areas Commun., vol. 11, pp. 770-777, 1993. [4] A. Cho, Cryptography, Science, vol. 322, pp. 32-33, 2008.