optic fiber

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of optic fiber



Optical Layer Security in Fiber-Optic NetworksMable P. Fok, Member, IEEE, Zhexing Wang, Student Member, IEEE, Yanhua Deng, Student Member, IEEE, and Paul R. Prucnal, Fellow, IEEE

AbstractThe physical layer of an optical network is vulnerable to a variety of attacks, including jamming, physical infrastructure attacks, eavesdropping, and interception. As the demand for network capacity grows dramatically, the issue of securing the physical layer of optical network cannot be overlooked. In this survey paper, we discuss the security threats in an optical network as well as present several existing optical techniques to improve the security. In the rst part of this paper, we discuss various types of security threats that could appear in the optical layer of an optical network, including jamming, physical infrastructure attacks, eavesdropping, and interception. Intensive research has focused on improving optical network security, in the above specic areas. Real-time processing of the optical signal is essential in order to integrate security functionality at the physical layer while not undermining the true value of optical communications, which is its speed. Optical layer security benets from the unique properties of optical processinginstantaneous response, broadband operation, electromagnetic immunity, compactness, and low latency. In the second part of this paper, various defenses against the security threats outlined in this paper are discussed, including optical encryption, optical code-division multiple access (CDMA) condentiality, self-healing survivable optical rings, anti-jamming, and optical steganography. Index TermsFiber-optics network, optical layer security, optical signal processing, physical layer security.

I. INTRODUCTION PTICAL communication systems have found widespread adoption in a variety of applications, ranging from personal to commercial to military communications. Due to the dramatic increase in network usage and the increased accessibility of optical networks, it is important that communications crossing these networks are properly secured. As with any other type of network, the rst line for securing communications starts with employing cryptographic protocols at higher layers of the protocol stack. However, building security on top of an insecure foundation is a risky practice, and for this reason it is desirable to make certain that the physical layer of an optical system (which we shall refer to as the optical layer in this paper) is made secure against threats that might target the lowest layer of an


Manuscript received October 13, 2010; revised January 18, 2011; accepted March 31, 2011. Date of publication April 11, 2011; date of current version August 17, 2011. This work was supported in part by the U.S. Defense Advance Research Projects Agency under Grant MDA972-03-1-0006 and in part by SSC Pacic Grant N66001-07-1-2010. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Wade Trappe. The authors are with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08544 USA (e-mail: mfok@princeton.edu; zhenxing@princeton.edu; ydeng@princeton.edu; prucnal@princeton.edu). Color versions of one or more of the gures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identier 10.1109/TIFS.2011.2141990

optical network. In particular, as with other network types, the physical layer of an optical network is vulnerable to a variety of attacks, including jamming, physical infrastructure attacks, eavesdropping, and interception [1]. Further, optical networks are unique in that the data rates that they currently experience exceed 40 Gb/s, and this gure is only going to increase with time. This presents a unique challenge for achieving security, as security mechanisms at the physical layer must be able to operate at real-time, which is not possible at these line rates using conventional electronic computing. To overcome this challenge, the inherently high speed and parallelism of optical signal processing must be leveraged to perform security processing of optical signals in real time. Although accomplishing real-time security processing at the optical layer is a very technically challenging problem, the rewards can be quite signicant: rst, securing the optical layer will augment security procedures employed at the higher layers of the protocol stack, leading to a system that is overall more secure; and, unlike their electronic counterparts, optical communication systems have less risk of side-channel attacks, as optical devices do not generate electromagnetic signatures and are hence inherently less vulnerable to electromagnetic-based side-channel eavesdropping. By employing optical signal processing, the optical communications community has explored several avenues for securing optical networks at the optical layer [2][4]. Some examples of specic research directions include devising all-optical logic for encryption [5][6], optical steganography [7][10], and optical survivable networks [11][13]. Optical encryption allows signals to be encrypted with low latency and high speed (at rates not possible with conventional electrical implementations), without the emission of a radio-frequency signature. Optical steganography provides an additional layer of privacy that can supplement data encryption by hiding the very existence of data transmission underneath the public transmission channel. The purpose of this paper is to provide a survey of several areas of optical layer security and how the associated security objectives are being accomplished through optical signal processing. We will begin in Section II by providing an overview of the threats that may be faced in an optical network at the optical layer. Although there are numerous security aspects that can be examined, in this paper we shall restrict our detailed discussions to three separate security objectives: supporting the condentiality of communications, protecting the privacy of communications (or low-probability of detection), and assuring the availability of a communication link/network. Hence, in Sections III and IV, we examine techniques for condentiality and authentication, respectively. In Section V, we examine methods for assuring the availability of communications, while in Section VI we examine optical methods to hide the presence of communications. Throughout our discussion, we provide examples and

1556-6013/$26.00 2011 IEEE



results from experimental efforts that validate the concepts of securing optical networks at the physical layer. II. THREATS AND DEFENSES IN OPTICAL NETWORKS AT THE OPTICAL LAYER There are many types of optical networks, ranging from local area networks to optical networks that form the backbone of the Internet. For each of these networks, the actual implementation of a particular type of threat may vary. However, in spite of these many different modalities, the threat categories can loosely be categorized as threats where an adversary tries to listen in on communications (condentiality), where an unauthorized entity tries to communicate (authentication), where an entity alters or manipulates communication (integrity), where an adversary tries to subvert the successful delivery of communications (availability), and privacy risks associated with an adversary observing the existence of communications (privacy and trafc analysis). In the remainder of this section, we quickly survey condentiality, authentication, privacy, and availability threats and solutions at the optical layer. A. Condentiality Although optical networks do not emit an electromagnetic signature, an attacker can eavesdrop on an optical system using a variety of approaches, including physically tapping into the optical ber [14], or by listening to the residual crosstalk from an adjacent channel while impersonating a legitimate subscriber [15]. Tapping optical ber is not difcult if the ber itself is exposed and without physical protection. For example, ber can be tapped by peeling off the protective material and cladding of the ber, so that a small portion of the light escapes from the optical ber. By placing a second ber directly adjacent to the place where light escapes from the rst ber, it is possible to capture a small amount of the desired optical signal. In practice, tapping an optical ber this way is not easy because only a very small amount of signal can be tapped without noticing that too much power has been removed from the optical signal. For the reduction in signal power to not be noticeable, the eavesdropper must operate at a very low signal-to-noise ratio. Also, the procedure requires peeling protective material and cladding from the ber, which can easily cause breakage. In reality, most the optical bers in communications systems are bundled together and will have multiple layers of protective materials and cabling. Therefore, physically tapping an optical ber is not a simple task. Another way of eavesdropping is to listen to the residual adjacent channel crosstalk while impersonating one of the subscribers. This is possible in wavelength-division-multiplexing (WDM) networks, in which different wavelengths are used by different subscribers, and a desired signal is dropped at its destination using a wavelength demultiplexer. However, wavelength demultiplexers do not have perfect channel isolation, resulting in a small amount of optical power leakage from adjacent channels (interchannel crosstalk). Thus, eavesdroppers can listen to the leakage from the adjacent channel to obtain the residue signal. This approach requires special optical devices and measurement equ