Optical Layer Security in Fiber-Optic Networks

- I V Surendra Varun Kumar

Topics
Introduction Threats Optical Layer Security (Defenses)

4 May 2012

M.Tech, CSE-PESIT

Introduction
Optical Communication system has variety of applications. Ranging form Personal - commercial - military. Due to dramatic increase in network speed and usage, there is a dramatic increase in vulnerability. Securing the physical layer of optical network has become difficult job. Building security on top of an insecure foundation is a risky practice. Accomplishing real-time security processing at optical layer is a technically challenging problem.

4 May 2012

M.Tech, CSE-PESIT

Threats
Optical networks ranging from local area to backbone of the Internet. For each the actual implementation of particular threat varies. Loosely the Threats are categorized as: 1. Confidentiality 2. Authentication 3. Privacy 4. Availability

4 May 2012

M.Tech, CSE-PESIT

Threats
Confidentiality Adversary tries to listen in on communication. Optical Networks do not emit electromagnetic signature, even attacker eavesdrop on a optical system. physical tapping listening to residual crosstalk

4 May 2012

M.Tech, CSE-PESIT

Threats
1.Confidentiality Physical Tapping Tapping optical fiber is not difficult if the fiber itself is exposed. small amount of light escapes from the optical fiber. Directly placing the second fiber adjacent to the place where light escapes can capture a small amount of desired optical signal. In practice tapping an optical fiber is not a easy task. eavesdropper must operate at a very low signal to noise ratio. A special procedure is required to peel-off the protective material and cladding from the fiber, else causes breakage.

4 May 2012

M.Tech, CSE-PESIT

Threats
1.Confidentiality listening to residual crosstalk The other way of eavesdropping is to listen to the residual adjacent crosstalk while impersonating one of the subscribers. This is possible in wavelength-division-multiplexing (WDM) networks. This occur due to wavelength demultiplexers do not have perfect channel isolation, resulting to small amount of optical power leakage from adjacent channels. This method require special optical equipment to extract weak optical signal from the crosstalk.

4 May 2012

M.Tech, CSE-PESIT

Threats
2.Authentication An unauthorized entity tries to communicate. It requires the use of a unique coding/decoding scheme between the desired users. In physical optical link, an optical signal travels freely in the network and reach destination as long as it has correct wavelength (for WDM Networks). 3.Privacy & Traffic Analysis Adversary observing the existence of communication. Apart from the sender and intended receiver, no one else is aware of the existence of the transmission.

4 May 2012

M.Tech, CSE-PESIT

Threats
4.Availability when an adversary tries to subvert the successful delivery of communications. Optical networks are susceptible to a variety of attacks on physical infrastructure as well as signal jamming attacks. This results in denial of service. It doesnt result in theft of information, but translates loss into loss of network resources (bandwidth). Impact many users, result in significant fiscal losses to network providers. Physical damage (breakage) results in unavailability.

4 May 2012

M.Tech, CSE-PESIT

Optical Layer Security (Defenses)

1.Confidentiality Encryption is an effective way to secure a signal and enhance the confidentiality of a network. To be compatible with high data rates, there is a need to develop architecture for implementing encryption in optical network. Optical code-division multiple access (OCDMA) is another way of providing confidentiality. This property for OCDMA has originated from the encoding/decoding process and multiplexing properties. Here signal is encoded with a specific code which can only be detected by a corresponding decoder.

4 May 2012

M.Tech, CSE-PESIT

10

Optical Layer Security (Defenses)

2.Authentication With OCDMA coding/decoding scheme authentication can be achieved by using a unique OCDMA code. This is done upon agreement of sender and receiver. An unauthorized user cant decode the OCDMA signal in presence of other OCDMA. It also provides multi-access capability. It provide mean of authentication between two users. Sender encode the data with a unique code which represents the senders identity. Data encoded by other encoders are treated as unauthenticated data, and automatically blocked. (miss match between encoder and decoder)

4 May 2012

M.Tech, CSE-PESIT

11

Optical Layer Security (Defenses)

3.Privacy Steganography enables the transmission of a secret data channel in optical network called stealth channel . This is hidden in the presence of public channels. The data rate will be lower than the public channel. Mostly used in application that work in low bit-rate, and high priority with additional confidentiality. Here we have series of short optical pulses that are stretched using a dispersive optical element with high group-velocity dispersion (GVD).

4 May 2012

M.Tech, CSE-PESIT

12

Optical Layer Security (Defenses)

Top: Schematic illustration of optical steganography using group velocity dispersion. Insets: (a) measured temporal profile of stealth channel before spreading; (b) measured temporal profile of temporally spread stealth channel. Middle: the measured public signal eye diagram (a) without stealth signal, and (b) with stealth signal. Bottom: Spectral masking of the stealth transmission (a) spectrum without stealth transmission, (b) spectrum with the stealth signal present, and (c) spectrum of the stealth signal alone.

4 May 2012

M.Tech, CSE-PESIT

13

Optical Layer Security (Defenses)

4.Availability Redundant paths are layed for self-healing. Redundant paths ensures both survivability and service availability. Telecommunication infrastructure is implemented in such a way that it can recover (failure) with in 60ms or less.

Two-fiber bidirectional OCDMA ring network

4 May 2012 M.Tech, CSE-PESIT

14

THANKS

4 May 2012

M.Tech, CSE-PESIT

15