Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
Real Time Securing of All-Optical Networks Against Security Attacks at the Physical Level

Real Time Securing of All-Optical Networks Against Security Attacks at the Physical Level

Ratings: (0)|Views: 1 |Likes:
Published by AIRCC - IJNSA
Real Time Securing of All-Optical Networks Against Security Attacks at the Physical Level
Real Time Securing of All-Optical Networks Against Security Attacks at the Physical Level

More info:

Published by: AIRCC - IJNSA on Aug 14, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/14/2013

pdf

text

original

 
International Journalof Network Security & Its Applications (IJNSA), Vol.5, No.4, July2013DOI : 10.5121/ijnsa.2013.540101
R
EAL
T
IME
S
ECURING OF
A
LL
-O
PTICAL
N
ETWORKS
A
GAINST
S
ECURITY
A
TTACKS AT THE
P
HYSICAL
L
EVEL
Fahmida Rahman
1
andMohammed Arozullah
2
Department of Electrical Engineeringand Computer Science,The Catholic University of America, Washington, D.C. 20064, USA
1
2
 ABSTRACT 
This paper deals with protecting all-optical networks (AON) from security attacks at the physical level. It  firstly presents an overall high level protocol for establishment, management and on-the-fly restoration of optimal secure lightpaths established by applying constraint-based open shortest path first (OSPF) sourcerouting using proposed security databases of components. Secondly it presents a protocol for using fiber diversity between adjacent nodes to protect against attacks on fiber links. Thirdly it presents analyticalmodels of propagation of security attacks on optical amplifiers and switches. Thesemodels are then used todevelop security envelopes around these components, to calculate security indices and on-the-fly real-timerestoration of components in case of an attack. Fourthly it presents simulation results for evaluation of the performance ofthese on-the-fly restoration schemes. These on-the-fly restoration schemes eliminate need  for tearing down of attacked lightpaths and prevent consequent loss of large amount of data.
 K 
 EYWORDS
 All-Optical Network Security,erbium-doped fiber amplifier (EDFA) gain adjustment,Optical Switchcrosstalk 
1.I
NTRODUCTIONAND
B
ACKGROUND
All-optical networksdifferfrom other optical networksin the sense thatAONs consistof mainlyoptical components, providedata transparencyand do not useanyoptical-to-electronicconversion throughout the network. Suchspecialfeatures provide higher bandwidths and greaterdata rates inAON thaninelectro-opticalnetworks.However these characteristics also providegreater security risks in these networks.Although AONsmay suffer from the attacks typicallyperformed in traditional electronic and electro-optic networks, security issues in AONsaresignificantly different from thoseof the traditional networks. Due todata transparency, high datarates oflight-paths,lack of regeneration,unique characteristics ofhigh crosstalk and crossmodulation in optical devices,attacks in AONsspread quickly through links attached to anattacked node without detection.This resultsin loss or compromise of large amount of dataandmay lead todisablingofportions of a network.This is not the case in electronic or opto-electronic networks where regeneration prevents propagation ofattacks [1].Therefore, attack detection and network restoration in AON is different fromthose inelectro-optic or electronicnetworksand deserves special consideration and solution.
 
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4,July20132
The threeprimary AON components thatare vulnerable to security attacksareopticalamplifiers,fibersand optical switches. These optical components are specifically prone to gain competitionand crosstalk respectively. Crosstalkcausessignalin one channelto leak into unintended channelsproducinginterference toother optical signals passing through theAON. Optical switchesandother similar components exhibit high crosstalk due to non-ideal demultiplexing and spaceswitching.Coherent crosstalk in wavelength routers, for instance within wavelength selectiveswitches for WDM systems, can allow an illegitimate user on a particular channel on one fiber(i.e., attacker)to jamanother user on the same wavelength on a differentfiber, which is known as
in-band jamming attack 
.Thus an in-band jammer who injects a signal on a single wavelength intoa link using high power transmitter can destroy many signals on that wavelengthsince channelsof the same wavelength from different fibersshare the same switching plane.An attacker,aperson internal to the network oranexternal remote person,candisrupt the operation of anoptical node byexploitingthesecross-talk characteristics ofswitches byinjecting a very highpower attack signal through the wavelength selective switch[2].A second type of attack, knownas
gain competitionattack 
, exploits gaincompetition propertyof optical amplifiers.If anattackerinjectsa strong signal at a wavelength outside the communication band, but within the passbandof theamplifierthenthe gains of the legitimatesignals may be reduced considerably.The attack canwork becausetheamplifier cannot distinguishbetweenattack signalsand legitimate signalsandprovidesgain to each signal indiscriminatelyin proportion to its strengthfrom a finite supplyof gain. As a result the legitimate signalsbecome weaker and weaker.The gain competitionattack, also known as
out-of-band jamming attack 
,can resultin denial of service tolegitimateusers. In some instances, it may be possible to deny service to manyusers from a legitimatenetwork access point via the gaincompetition attack [2].To foil the in-band and out-of-band jamming attacksin AON, some preventive countermeasureshave beenproposed in [1], [2], [3],[4], [5], [6], [7], [8],[9]and [10]which are primarily focusedon detection and attack localization, i.e., reactive approach.Three types of preventivecountermeasure categories are primarily focused in [1]:1) incorporating band limiting filters tothwart signals outside certain band to prevent out-of-band gain competition and reducingvulnerabilitiesintrinsic to hardware, 2) providing anti-jamming transmission schemes such asCDMA or TDMA that are hardened for anti-jamming and anti-tapping measures and 3) protocolsand architecture designs adapted to AONs, such as avoiding compromised link for sensitivecommunications.Although [1] mentions some suggestions for preventive measure,thesesuggested preventive countermeasures are not implemented as a secured systemand therefore,there is no in-depth discussion about how to implement these ideas, whatchallenges may arisethrough adoption of such security measures and how much security they may provide toAONs.The concept of attack awarenetwork planning hasalsobeen proposed in[11],[12],[13]and [14].In [11], the propagation of high-power jammingattack is stopped by using powerequalizers in different nodes, which suggestsplacing the optical attenuators within opticalcomponents.This paperdeals with incorporating security inAONsusingbothproactiveprevention techniquesand reactiveon-the-fly restorationtechniques.Establishmentand restorationof secured lightpathsareperformed using three major steps as shown in Figure1:generation andmanagement of component security databaseat source nodes, establishment of secured lightpath, andpartialrestoration of lightpathin case of anattack. First,securityindices representing securityrisfactorsofcomponentsare calculated andsecuritydatabasesarecreatedfortheAON infrastructure.
 
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4,July20133
Thesesecurity databases providea basis forestablishing the secured lightpath. Second,initiallyaconstraint based routing algorithm,usingthe security databases,computesthe most securedlightpath fromasource toa destination passing throughthe most secure components of the AON.Fiber diversity betweenadjacent nodes on a secure lightpathis used toprovide redundantlightpath toprotect against attacks on fibers.Third, on-the-fly approach of partial restoration isadopted to restore the lightpath when attack happens in the components. The partial restorationiseffected by providing security envelopes around vulnerablecomponents. The on-the-flyrestoration of lightpathsensuresminimum loss of data and avoidsthe need for tearing down theattacked lightpath and establishing a new one.The later process maybetime consuming andundesirable in many circumstances.The proposed restoration methods involveusingadditional devices to provide the securityenvelopes. This may entail additional expenses. Thus the use of such devicesin allthenodes maynot be economically feasible.However, it is important tonotethat unchecked attacks mayspread through a considerable part of a network and cause loss of large amount of data. The costof losing large amount of data and tearing down and reestablishing a lightpath may beconsiderable too. In any case the use of additional devices for restorationshould be minimizedandthese should be placed in selective nodes only.Reference [11] presents a method forselectingsuch placements. The results in [11] can be usedforproper placement ofsecurityenvelopesproposed in this paper.The rest of the paper is organized as follows.Section 2 presentsoverallhigh level protocols forsecurity hardening of AON,generation,management and updatingof component securitydatabasesat source nodes, constraint based secure lightpath calculation, and attack monitoringand restoration of attacked components. Section 3 discussesdetails ofanalytical modeling,security index calculation andsetting up andoperation of security envelopes for on-the
 – 
flyrestoration of attacked componentsoptical amplifiers and optical switches. It also presentsprotocol forprotection against attacks on fibers by using fiber diversity between adjacent nodeson a lightpath.Section 4 discusses conclusionof the paper.
2.O
VERALL
P
ROTOCOL FOR
S
ECURITY
H
ARDENING OF
AON
AGAINSTATTACKS AT THE PHYSICAL LEVEL
The secured AON in ourproject integrates AON architecture, management, control and lightpathestablishment. The secured AON is based on redundancy, rerouting, security status of components and constraint based source routing. As explained earlier, attacks in AON producehigh crosstalk and gain robbing in the components such as optical switch and optical amplifier.These attack-related characteristics arestudied in depth to detect whether optical components areunder attack. We maintain a history of attacks of the components of AON networks in adatabase. During the lightpath computation, the database comprising history of attacks isconsidered to generate a possible attack free route for the lightpath. Next, the optical data is senton the redundant path of computed lightpath. During lightpath travel, if any component of theroute is under attack, then an on-the-fly partial restoration is performed to continue the transfer of optical data instead of tearing the lightpath. In our study, we assumed the following assumptionsfor our proposed AON system: at least two parallel fibers between each and every adjacent nodesare available to provide redundant route, source nodes are capable of performing constraint basedrouting decisions, and each intermediate node is capable of implementing the routing decision

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->