Professional Documents
Culture Documents
Steganographic Communication Via Spread Optical
Steganographic Communication Via Spread Optical
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
1
Abstract—We are witnessing a rising concern over communica- networks can be readily collected by tapping into fiber-optic
tion security and privacy. Conventional cryptography techniques cables with off-the-shelf fiber hacking devices [1], [2]. Such
encrypt data into unreadable codes, but still expose the existence vulnerability is shared among optical links (e.g., operated by
of communications through metadata information (e.g., packet
timing and size). In contrast, we propose a steganographic com- Internet service providers) carrying the phone and Internet traf-
munication scheme adopting a novel combination of the intrinsic fic [3], private networks (e.g., data centers) inter-connected by
optical noise and a unique signal spreading technique to hide the optical networking technologies [4], and the Internet backbone
existence of optical communications, i.e., optical steganography. (e.g., undersea fiber-optic cables) that shuttle communications
We experimentally implement a prototype steganographic com- between continents and servers [5], [6].
munication system, which requires zero cover-signal overhead
to enable a stealth communication channel over the existing As a result, optical networks rely heavily on cryptography
communication infrastructure. Both the frequency and time to encode data with difficult-to-compute ciphers to prevent
domain characterizations of our prototype implementation verify access by potential adversaries. Cryptography, while keeping
the feasibility of our approach. We also demonstrate the first data (computationally) confidential, does not hide the encoded
practical steganographic communication that provides reliable messages themselves. Eavesdroppers know that a message is
communication performances between real computers at the
application layer (200-300 Mbps file transfer rate and 25-30 being delivered, and may eventually crack the encryption and
Mbps Internet data rate) over long-distance optic-fibers (25-50 uncover the message provided that enough storage and com-
km). Additional bit-error-rate measurements illustrate negligible puting resources are available. Therefore, network surveillance
channel interference between the public and stealth communica- activities are fueling urgent concerns over data privacy in com-
tions (less than 1 dB power penalty). We further quantitatively munications, especially under the revelation of the Tempora
demonstrate that the eavesdropper’s chance of matching system
parameters to effectively recover the stealth signal is 2−10 program buffering data for three days and metadata for thirty
by random guessing, and that the eavesdropper’s ability of days [7], and the Marina program storing vast amounts of
detecting the stealth signal hidden in the transmission channel metadata up to one year [8]. To make matters even worse, the
is strictly limited close to a random guess. Our steganographic metadata information that cannot be protected by cryptography
communication scheme provides an attractive foundation for (e.g., packet timing and size) may otherwise be used for
mitigating eavesdropping at the link-level, thus paving the way
for future privacy-enhancing technologies using the physical layer malicious activities such as traffic analysis attacks [9]–[12],
characteristics of communication links. and website/device fingerprinting attacks [13]–[17].
The research community has investigated many information
Index Terms—Communication security and privacy, optical
fiber communications, optical steganography. hiding technologies to mitigate signal interception and data
eavesdropping, including the spread spectrum radio (for wire-
less communications) [18]–[20], anonymous communication
I. I NTRODUCTION systems (to hide user identities) [21]–[23], and digital water-
UR communications are dominated by optical networks, marking techniques (for authentication purpose) [24]–[27]. As
O in which data is encoded onto light to transmit infor-
mation. Unfortunately, information transmitted through optical
far as communication concealment is concerned, an important
sub-discipline of information hiding is steganography where
the secret information embedded within the publicly known
Manuscript received May 31, 2018, revised August 08, 2018, accepted cover-medium can be extracted by no one but the intended
September 12, 2018. This work is supported by the National Science Foun- recipient [28]. Major breakthroughs have been made in digital
dation under the grant ECCS-1642962.
P. Y. Ma, P. Mittal, P. R. Prucnal are with Department of Electri- steganography where secret data can be hidden within pixels,
cal Engineering, Princeton University, Princeton, NJ 08544 USA, (e-mail: sound samples, as well as text messages [29]–[31], and net-
yechim@princeton.edu; pmittal@princeton.edu; prucnal@princeton.edu). work steganography where secret information can be placed in
B. Wu, B. J. Shastri, A. N. Tait were with Department of Electrical
Engineering, Princeton University, Princeton, NJ 08544 USA. B. Wu is now the header of a TCP/IP datagram [32]–[34]. However, these
with Department of Electrical and Computer Engineering, Rowan University, techniques are mainly limited by their low throughput and
Glassboro, NJ 08028 USA, (email: wub@rowan.edu). B. J. Shastri is now considerable cover-medium overhead [35].
with Department of Physics, Engineering Physics and Astronomy, Queen’s
University, Kingston, ON K7L 3N6 Canada, (email: shastri@ieee.org). A. In the context of optical communications, optical steganog-
N. Tait is now with National Institute of Standards and Technology (NIST), raphy was proposed as a form of analog steganography to
Boulder, CO 80305 USA, (email: atait@ieee.org). enable steganographic communications over optical transmis-
Copyright (c) 2015 IEEE. Personal use of this material is permitted.
However, permission to use this material for any other purposes must be sion channels that can be publicly accessed by eavesdroppers
obtained from the IEEE by sending a request to pubs-permissions@ieee.org. [36]. These initial schemes, using either conventional long-
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
2
distance fiber spools [37]–[39], or chirped fiber Bragg gratings of preceding cases where the stealth channel operation
(CFBG) [40]–[42], spread the stealth signal in the time domain may easily affect the transmission channel power by
to reduce its power level below the noise floor. In order to introducing the public channel ASE noise into the stealth
cover the existence of the low power stealth signal in the channel without having the stealth channel itself generate
frequency domain, additional high power public (cover) signal the optical carrier.
has to co-exist at the same channel bandwidth, which not • We demonstrate the first practical steganographic com-
only restricts their practical usage in real optical networks munication between real computers that exercises the
where bandwidth resources are limited, but also requires very full network stack over long-distance (25-50 km) fiber-
delicate channel separation techniques to limit the mutual optic cables (Section IV). The data rate for the secret
influence between channels. Moreover, the addition of the users at the application layer reaches 200-300 Mbps for
stealth channel may easily expose itself by changing the local file transfer and 25-30 Mbps for Internet browsing.
transmission channel power level since the stealth channel was As opposed to prior works that delivered only pseudo-
created by a separate laser source. random bit sequence (PRBS), we are the first to show
Recently, another optical steganography scheme established a physical-layer approach that is fully compatible with
a stealth communication channel using the widely existing upper-layer hierarchy and is ready for direct deployment
amplified spontaneous emission (ASE) noise as the optical to today’s communication networks. Moreover, the bit-
carrier [43]–[45]. While embedding data in the ASE noise error-rate (BER) measurements where the public and
enables the stealth signal to better emulate the noise behavior, stealth channels impose less than 1 dB power penalty
this approach required phase modulation and Mach-Zehnder upon each other illustrates negligible mutual influence
interferometer (MZI) to prevent information leakage in the between channels (i.e., achieving independent channel
time domain (leveraging the optical path difference of MZI operations).
as an one-dimensional key). Unfortunately, their sensitivity • We quantitatively analyze the eavesdropper’s difficulties
to temperature and mechanical vibrations led to extremely to recover the stealth signal by finding the system pa-
unstable data transmission (as acknowledged by authors in rameters used to generate the stealth signal, i.e., the
[43]). Furthermore, the chance of exposing the stealth channel ASE noise bandwidth used to carry the stealth data
still persists since the stealth channel used a separate erbium- and the CFBG dispersion parameter used to spread the
doped fiber amplifier (EDFA) as the ASE noise source. data-carrying ASE noise (Section V). Our conservative
In this paper, we extend our preliminary work [46] and sum- analysis considers a semi-infinite two-dimensional key
marize our contributions to optical steganography as follows: space where the chance for the eavesdropper to effectively
• We propose an optical steganography paradigm, in which match both of these two system parameters (to obtain
(a) data is carried by part of the innate noise of an a recovered stealth signal whose signal-to-noise ratio
optical communication channel, i.e., ASE noise, and (b) (SNR) is above 1) is 2−10 by random guessing.
the data-carrying ASE noise is stretched temporally by • We quantitatively evaluate the steganographic commu-
a unique signal spreading function performed by CFBG nication security against an eavesdropper who aims to
(Section II). In contrast to prior works utilizing either detect any stealth signal being transmitted by statistically
signal spreading [36]–[42] or optical noise [43]–[45] analyzing the transmission channel signal (Section VI).
alone, the novel combination of them allows us to not We are the first to follow the formal information-theoretic
only transmit the data-carrying ASE noise in a noise- treatment of steganography by analytically demonstrat-
like form, but also minimize its difference against the ing our steganographic communication system to be -
part of ASE noise not carrying data to the point where secure (approaching perfect indistinguishability given a
they become virtually indistinguishable (see proof in sufficiently large signal spreading or data rate). We further
subsequent sections). The fact that our scheme exploits employ support vector machines (SVMs) to empirically
the ubiquitous channel noise instead of a dedicated public demonstrate the eavesdropper’s ability to distinguish the
signal enables the steganographic communication with stealth signal hidden in the transmission channel is close
zero cover-signal overhead. to a random guess.
• We experimentally implement a prototype steganographic
communication system where a stealth channel for secret
users can be established using the existing communica-
tion infrastructure for public users, and perform system II. S TEGANOGRAPHIC C OMMUNICATION A PPROACH
characterizations in both the frequency and time do-
mains to validate the feasibility of our approach (Section Our steganographic communication system considers a pair
III). Our implementation (a) provides flexible channel of sender and recipient (e.g., real computers) connected by a
selections by lifting the restriction that the pubic and fiber-optic link (i.e., a transmission channel). In conventional
stealth channels have to stay on the same bandwidth optical communications, the sender’s transmitter and the recip-
(as in [36]–[42]), (b) supports stable data-carrying ASE ient’s receiver are mainly responsible for data modulation and
noise transmission by replacing environment-sensitive demodulation (see Appendix A for analytic discussions); our
setup (adopted in [43]–[45]) with simpler direct detec- approach augments these functionalities to perform stegano-
tion scheme, (c) overcomes the security vulnerability graphic encoding and decoding on the stealth data.
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
3
Public Public
Splitter Combiner
At the transmitter, the public user employs an intensity
Data In Modulator
modulator (IM) to modulate public data onto the optical carrier
Stealth Stealth Transmission
generated by a laser diode (LD) (whose central wavelength is
Stretcher
Data In Modulator Channel at 1550 nm). EDFA1 amplifies this public signal and generates
its background ASE noise. CFBG1 (whose dispersion is 4.1
Public Public ns/nm and whose bandwidth is 0.9 nm wide centered at 1530
Demodulator Splitter
Data Out nm) reflects part of the public channel ASE noise to the stealth
Electrical
channel, while letting the rest of the ASE noise plus the public
Stealth Stealth Optical
Data Out Demodulator
Compressor signal go through to the coupler. EDFA2 amplifies the ASE
noise entering the stealth channel for intensity modulating
Fig. 1. Schematic illustration of the steganographic communication system. stealth data onto it. CFBG2 has the same bandwidth, disper-
sion parameter, and orientation as CFBG1, thus performing
signal spreading to the data-carrying ASE noise. EDFA3 tunes
A. Approach Overview
the stealth channel power to the coupler, which combines the
We propose spread optical noise, a novel combination of the stealth channel with the public channel in the transmission
intrinsic optical channel noise and a unique signal spreading channel. EDFA4 in the transmission channel is used to enable
technique, to enable the steganographic communication. signal transmission over long-distance optic-fibers.
Fig. 1 shows the schematic illustration of the proposed At the receiver, CFBG3 shares the same bandwidth and
steganographic communication system. On one hand, the dispersion parameter as CFBG1 and CFBG2, but is placed in
public channel (Public Data In → Public Data Out) only the opposite orientation against the other two. Upon receiving
performs simple data modulation and demodulation. On the the transmission channel signal, therefore, CFBG3 separates
other hand, a splitter is used at the transmitter to separate the stealth signal (output from the port3 of circulator3) from
part of the public channel background ASE noise into the the public signal plus the pure ASE noise (going through
stealth channel (Stealth Data In → Stealth Data Out). The CFBG3), and compensates the signal spreading for the data-
stealth signal is generated by modulating the stealth data onto carrying ASE noise simultaneously. The transmitter requires
this particular ASE noise, and temporally stretching the data- two CFBGs because we need an ASE noise bandwidth selec-
carrying ASE noise by CFBG based on its dispersion effect tion before stealth data modulation, while the signal spreading
(see Appendix B for detailed descriptions). We put the stealth cannot be performed without a data-carrying ASE noise.
signal back to the transmission channel by a combiner. Upon EDFA5 amplifies the relatively weak data-carrying ASE noise,
receiving the transmission channel signal, another splitter can and a photo-detector (PD) is used to demodulate the public and
be used to filter out the same ASE noise for the stealth channel, stealth data, respectively.
and a compressor will recover the data-carrying ASE noise
for the stealth demodulator. The successful reconstruction of
the stealth signal at the receiver, therefore, depends on if the B. System Characterizations
spread data-carrying ASE noise can be well separated from We then adopt both the frequency and time domain char-
the ASE noise not carrying data and compressed in the exact acterizations to verify our prototype implementation achieves
opposite way it was spread before. the desired steganographic communication purpose.
Fig. 3 shows the spectrum analysis of the steganographic
B. System Parameters communication system. Fig. 3(i) shows the spectrum before
There are two critical system parameters (i.e., the key) channel separation, which corresponds to a public channel
associated with this spread optical noise approach: peak at 1550 nm with the pure ASE noise background. Fig.
• ASE noise bandwidth used to carry the stealth data: We 3(ii) is the public channel spectrum after the ASE noise around
adopt the ubiquitous ASE noise in the optical channel, but 1530 nm being filtered out by CFBG1 as the stealth channel
only use part of the ASE noise to carry the stealth data. optical carrier. Fig. 3(iii) is the stealth channel spectrum,
The stealth channel ASE noise bandwidth can be any exhibiting a power surge around 1530 nm that matches its
interval within the total ASE noise spectral band (selected absence in Fig. 3(ii). Fig. 3(iii) has a weak ASE noise
by CFBG bandwidth in our scheme). background because this spectrum is taken after EDFA3. Fig.
• CFBG dispersion parameter used to spread the data- 3(iv) is the transmission channel spectrum after coupling both
carrying ASE noise: We adopt CFBG as the stretching the public and stealth channels, which looks as if the stealth
element that determines how much signal spreading is channel does not exist. This is achieved by coordinating
applied to the data-carrying ASE noise, and its dispersion EDFA2 and EDFA3 to balance the optical power entering and
parameter can literally take any value ranging from zero leaving the stealth channel, so that the stealth channel will not
to infinity. be exposed in the frequency domain.
Fig. 4 presents the eye diagram measurements of the
III. S YSTEM I MPLEMENTATION & C HARACTERIZATIONS
steganographic communication system. Fig. 4(I) is the public
A. System Implementation signal at the transmitter, and Fig. 4(IV) is the stealth signal
Fig. 2 illustrates the experimental setup of the prototype before being spread by CFBG2. The stealth signal after being
steganographic communication system. spread by CFBG2, as shown in Fig. 4(V), only contributes
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
4
Fig. 2. Experimental setup of the steganographic communication system. Labels (i)-(iv), (I)-(VI) correspond to those in Fig. 3 and Fig. 4.
(i)
(ii)
Intensity (dBm)
(iii)
Fig. 4. Eye diagrams of (I) the public signal at the transmitter, (II) the
transmission channel signal, (III) the public signal at the receiver, (IV) the
stealth signal before signal spreading at the transmitter, (V) the stealth signal
(iv) after signal spreading at the transmitter, (VI) the stealth signal after dispersion
compensation at the receiver.
Wavelength (nm)
our steganographic link is unidirectional for proof-of-concept
Fig. 3. Wavelength spectrum of (i) the public channel plus the pure ASE noise purpose. Bidirectional steganographic communication can be
background before CFBG1, (ii) the public channel plus the ASE noise with achieved by replicating the same system implementation in the
the stealth channel taken out after CFBG1, (iii) the stealth channel plus the
pure ASE noise added after EDFA3, (iv) the public channel plus the stealth
reverse direction. We share the Wireless Internet Connection
channel and the pure ASE noise in the transmission channel after coupler. on the laptop with the Local Area Connection it has with
the steganographic communication system. In this case, the
desktop has its only connection with the outside world through
to the noise of the transmission channel signal in Fig. 4(II). the steganographic communication link with the laptop.
In that case, the transmission channel signal appears for the
eavesdropper to contain only the public signal while in fact B. Data Rate Measurements
the stealth signal is embedded as part of its noise. Fig. 4(III)
and 4(VI) suggest both the public and stealth signals are well- Since the stealth channel ASE noise has a bandwidth of
received at the receiver. 115.3 GHz, Gbps data can be easily handled at the physical
layer of our system (e.g., eye diagrams in Fig. 4 are measured
with 3 Gbps PRBS). For the sake of actual deployment
IV. C OMMUNICATION P ERFORMANCE
between real computers, we are more concerned with the data
A. System Configurations rate at the application layer (i.e., the upstream data rate from
We further test the communication performance of our desktop to laptop). We first measure the data rate when locally
steganographic communication system (physically shown in transferring a large file (size of 3.09 GB) from the desktop to
Fig. 5). We connect the IM-PD pair to two media converters the laptop, and there exists an 1000 Mbps electrical I/O speed
(MCs), which interface the steganographic communication bottleneck at the network interface card (of both computers).
system with two computers through Ethernet cables. We place We then measure the data rate when browsing the Internet
a desktop (2.8 GHz Intel Pentium 4 CPU) at the transmit- at the desktop, and there exists an 100 Mbps electrical I/O
ter, and a laptop (2.9 GHz Intel Core i7-3520M CPU) at speed bottleneck at the wireless network interface card (of the
the receiver. The two computers can switch between two laptop). We summarize the communication performance of the
channels by connecting the MCs with the IM/PD pair in public and stealth channels in Table I.
different channels. There is a back-to-back connection between As for the public channel, it has 363.5 Mbps local transfer
these two MCs to complete the communication loop since rate and 50.20 Mbps Internet upload rate, which sets a
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
5
1 Desktop 10 EDFA3
1 2 MC 11 Coupler
12
3 LD (Public) 12 25 km Fiber Spools×2
4 IM (Public) 13 EDFA4
18 13
10 7 4 2 5 EDFA1 14 Circulator3 + CFBG3
15 3
8 5 6 Circulator1 + CFBG1 15 EDFA5
17
16 6 7 EDFA2 16 PD
14 9
8 IM (Stealth) 17 MC
11 9 Circulator2 + CFBG2 18 Laptop
TABLE I
C OMMUNICATION P ERFORMANCE OF T HE S TEGANOGRAPHIC
C OMMUNICATION S YSTEM
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
6
power distribution, which in turn affect the gain distribution (a) (b)
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
7
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
8
(a) (b)
(a) (b)
Fig. 10. Sample probability distribution of (a) the transmission channel signal
containing the spread pure ASE noise, and (b) the transmission channel signal
Fig. 9. The relative entropy, total variation distance, and maximum of containing the data-carrying ASE noise.
logarithm of R-N derivative versus (a) the dispersion parameter, (b) the bit
width. The (half of 1/e-intensity) bit width in (a) is 1 ns; the dispersion
parameter in (b) is 4.1 ns/nm.
In a 0-secure steganographic communication system, p00d (I)
and p00n (I) share the same probability distribution so that the
• Relative entropy (known as Kullback-Leibler divergence): eavesdropper cannot distinguish whether there is a stegano-
Z ∞
p00 (I) graphic communication occurring in the transmission channel.
D(p00d (I)||p00n (I)) = p00d (I)log 00d dI We present the graphical relationship of the relative entropy,
−∞ pn (I)
σ 00 σ 002 + (µ00 − µ00 )2 total variation distance, and maximum of logarithm of R-N
1
= log n00 + d d n
− . (1) derivative versus the dispersion parameter and (half of 1/e-
σd 2σn002 2 intensity) bit width in Fig. 9. As we increase the dispersion
• Total variation distance (L1 norm): parameter or decrease the bit width (which is equivalent to
1 higher bit rate), all these three curves (representing stealth sig-
VT (p00d (I), p00n (I)) = ||p00d (I) − p00n (I)||1 nal distinguishability) reduce to 0. Given the same dispersion
Z ∞2 h (I − µ00 )2 i parameter (or bit width), the maximum of logarithm of R-N
1 1 d
= √ 00 exp − derivative is larger than the relative entropy and total variation
2 2π −∞ σd 2σd002
h (I − µ00 )2 i distance. Therefore, the steganographic communication system
1 n is -secure if setting
− 00 exp − dI. (2)
σn 2σn002 σ 00 h (I − µ00 )2 (I − µ00n )2 i
= max ln n00 exp − d
+ (6)
• Logarithm of Radon-Nikodym (R-N) derivative:
σd 2σd002 2σn002
,
I
dp00 (I) p00 (I)
ln 00d
= ln 00d
and approaches the 0-secure scenario if we are able to (a)
dpn (I) pn (I)
apply a sufficiently large signal spreading to the data-carrying
σ 00 h (I − µ00 )2 (I − µ00n )2 i ASE noise, or (b) transmit the stealth data at a sufficiently
= ln n00 exp − d
+ . (3)
σd 2σd002 2σn002 high rate (see Appendix D for proof).
Formal information-theoretic models of steganography have Our analytic results above show that given certain con-
adopted both the relative entropy [47], [52], and total variation ditions, the unique combination of the ASE noise and the
distance [53], [54] to provide an average distinguishability for signal spreading performed by CFBG enables the pure ASE
two probability distributions since Eq. (1) and (2) take every noise containing the spread data-carrying ASE noise to be
point on the probability distribution into considerations. We indistinguishable from the pure ASE noise containing the
further embrace the logarithm of R-N derivative to characterize spread pure ASE noise. We further extend our analysis to a
the distinguishability for two probability distributions from multi-bit scenario in Appendix E to demonstrate the stegano-
a differential privacy perspective [55], i.e., we may consider graphic communication system is -secure on average against
the worst privacy loss for the stealth signal by setting I to an eavesdropper who observes the probability distribution of
such value that results in the maximum of Eq. (3). Note that more than a single bit.
our work directly quantifies the eavesdropper’s detectability
of the steganographic communication as opposed to parallel D. Experimental Validation
works that quantified the stealth transmission capacity given Next, we will experimentally validate the stealth signal
eavesdropper’s certain detectability of the steganographic com- indistinguishability through machine learning techniques op-
munication [53], [56]. erating on real data collected from the experimental setup.
The steganographic communication system is said to be - To emulate the eavesdropper who attempts to estimate
secure provided that some small satisfying [47] the transmission channel signal probability distribution, we
dp00 (I)
employ a Tektronix DSA8300 oscilloscope (containing a 20
D(p00d (I)||p00n (I)) ≤ , VT (p00d (I), p00n (I)) ≤ , ln 00d ≤ .
dpn (I) GHz sampling unit) to sample the eavesdropped transmission
(4) channel signal. The “histogram” feature on the oscilloscope is
= 0 corresponds to the special case where the steganographic used to estimate the sampled signal probability distribution.
communication system is said to be 0-secure if We collect 90 samples of the transmission channel signal
dp00 (I) containing the spread pure ASE noise (Fig. 10(a)) and 90
D(p00d (I)||p00n (I)) = 0, VT (p00d (I), p00n (I)) = 0, ln 00d = 0.
dpn (I) samples of the transmission channel signal containing the
(5) spread data-carrying ASE noise (Fig. 10(b)).
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
9
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
10
When using a photo-detector (PD) to convert the optical side, reflects back the signal over a selected bandwidth (called
signal to the electric signal: the CFBG bandwidth), and outputs the signal not within
the selected bandwidth on the other side. Such a bandwidth
Poptical = Ielectric /R = AIelectric , (8) selection function is useful for spreading the reflected signal
2
Pelectric = RL Ielectric 2
= BIelectric , (9) because the CFBG reflects different frequency components
within its bandwidth at different times, which is equivalent
where R is the responsivity of the PD, RL is the load to introducing a huge amount of time delay among frequency
resistance of the PD, Poptical is the optical signal power, components. Being only 20 cm in length, the CFBG can
Pelectric is the electric signal power, and Ielectric is the electric achieve the same dispersion effect as an optical fiber hundreds
signal intensity. When it comes to receiving the data-carrying of kilometers long [60]. Placing two CFBGs with the same
ASE noise, the electric signal will behave in such a way that bandwidth and dispersion parameter in the opposite orienta-
Ielectric = 2RSsp ∆ν = C∆ν (10) tions makes a perfect pair of signal stretcher and compressor.
Mathematically speaking, the dispersion effect is illus-
where Ssp is the spectral density of the ASE noise, and ∆ν trated in the signal temporally spread by a broadening factor
is the ASE noise bandwidth. Meanwhile, several types of (BF ) [61]: r
electric noise will be induced, among which the following 2
three dominate [57], [58]: BF = 1 + 2 D∆λ/τ (14)
2
σthermal = 4kB T Fn ∆f /RL = E, (11) where D (in the unit of ns/nm) is the dispersion parameter of
2
CFBG, ∆λ (in the unit of nm) is the ASE noise bandwidth
σbeating = 4R2 Ssp
2
∆f ∆ν = F ∆ν, (12) used to carry the stealth data, and τ (in the unit of ns) is
2
σshot = 4qRSsp ∆f ∆ν = G∆ν = HIelectric , (13) half of 1/e-intensity bit width before signal spreading. While
all these three parameters contribute to the dispersion effect,
where kB is Boltzmann constant, T is the room temperature, we tend to keep ∆λ a small part of the overall transmission
Fn is amplification ratio of the electric amplifier in PD, ∆f channel ASE noise bandwidth in this work, and τ is subject
is the electric bandwidth of the PD, and q is the electron to the electrical I/O speed of user’s network interface card.
2
charge. The thermal noise σthermal accounts for the random Note that the total signal energy remains the same even after
2
thermal activities within a PD, the beating noise σbeating being temporally spread. Hence, we have the product
originates from the interference of two signals at slightly
different frequencies within the ASE noise bandwidth, and Pelectric × (BF · τ ) = constant. (15)
2
the shot noise σshot results from the random generation of
Combining Eq. (9), (14), (15), we have
electrons within a PD whose strength is proportional to the √
electric signal intensity Ielectric . These three types of electric Ispread = Iinitial / BF (16)
noise generated at the PD ought not to be confused with the
optical ASE noise existing in fiber-optic cables. that relates the electric signal intensity after signal spreading
Ispread to that before signal spreading Iinitial as a function
A PPENDIX B of BF .
D ISPERSION E FFECT /C HIRPED F IBER B RAGG G RATING
The signal transmitted in optical communications typically A PPENDIX C
consists of multiple frequency components (within the sig- S TEALTH S IGNAL R ECOVERY E FFECTIVENESS
nal bandwidth). In an optical media, the transmission speed SN Rtarget is the stealth signal SNR achieved by the legiti-
of each frequency component inherently differs from each mate receiver in recovering the stealth signal after successfully
other and leads to a temporal spreading of the signal after matching ∆νCF BG and DCF BG . The signal and noise terms
transmitting over a certain fiber distance. This phenomenon can both be written following Eq. (9), (10), (11), (12), (13)
is called dispersion effect, which can be characterized by with the only modification that ∆ν is replaced with ∆νCF BG :
the dispersion parameter D (in the unit of ns/nm). From the
perspective of a reliable signal transmission, the dispersion BC 2 ∆νCF
2
BG
SN Rtarget = . (17)
effect should be minimized and needs to be compensated E + (F + G)∆νCF BG
before data demodulation. However, the dispersion effect can SN Rrecovered is the recovered signal SNR achieved by the
also be used to obscure the intensity modulated signals by eavesdropper, i.e., ∆νCF BG and DCF BG are to be matched
lowering the signal power level close to or even below the by ∆νeav and Deav . The noise term can be directly modified
noise floor, which serves as an enabler for the steganographic as
communication. Pnoise = E + (F + G)∆νeav (18)
Instead of using the natural dispersion effect resulting from
transmitting signals over a long-distance fiber, we intentionally while the signal term requires more thoughts. First, ∆νeav
introduce a stronger dispersion effect to the data-carrying can be either larger or smaller than ∆νCF BG . Second, only
ASE noise using a device called chirped fiber Bragg grating the part of ∆νeav that falls within ∆νCF BG contributes to
(CFBG) [59]. The CFBG inputs the optical signal on one the signal. Therefore, we define a new bandwidth parameter,
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
11
∆νOverlap , to represent the overlapping bandwidth between It is worth mentioning that (a) µn is the noise floor of the
∆νeav and ∆νCF BG . We may now express the signal term as pure ASE noise while µd depends on the modulating signal
power; (b) σn2 and σd2 are differed by the shot noise σshot 2
Psignal = BC 2 ∆νOverlap
2
, (19)
that is proportional to the optical power of the received signal
0 6 ∆νOverlap 6 min{∆νeav , ∆νCF BG }. (20) (recall Eq. (8), (13)):
when DCF BG < Deav < 2DCF BG ; The probability distribution of the spread data-carrying ASE
1 noise is
DRR = r (24) 1 h (I − µ0 )2 i
p0d (I) = √ d
i2
exp − (32)
h
1 + (−DCF BG + Deav )∆λCF BG /τ 2πσd0 2σd02
when Deav > 2DCF BG . In the above equations, ∆λOverlap is where µ0d and σd02 are the corresponding post-spreading mean
the overlapping spectral width (in the unit of nm), ∆λCF BG and variance:
is the target CFBG spectral width (in the unit of nm). √
Therefore, we may eventually write down the stealth signal µ0d = µd / BF , (33)
recovery effectiveness as
SN Rrecovered 2
∆νOverlap /(C1 + C2 ∆νeav ) σd02 = E + F ∆ν + Hµ0d . (34)
= 2 DRR
SN Rtarget ∆νCF BG /(C1 + C2 ∆νCF BG )
(25) We may then write the probability distribution of the pure
where C1 = E and C2 = F + G. The above result is valid for ASE noise containing the spread pure ASE noise as
the case where there is stealth data being transmitted. When h (I − µ00 )2 i
1
there is no stealth data, the stealth signal power is equal to p00n (I) = √ exp − n
(35)
zero, leading to SN Rtarget = 0 and SN Rrecovered = 0 no 2πσn00 2σn002
matter what ∆νeav and Deav are selected by the eavesdropper.
where µ00n = µn +µ0n and σn002 = σn2 +σn02 are the corresponding
A PPENDIX D mean and variance. Similarly, the probability distribution of
S TEALTH S IGNAL P ROBABILITY D ISTRIBUTIONS the pure ASE noise containing the spread data-carrying ASE
noise is
The pure ASE noise can be statistically described as a Gaus-
sian distribution pn (I) with mean µn and variance σn2 [49] : 1 h (I − µ00 )2 i
p00d (I) = √ exp − d
(36)
1 h (I − µ )2 i
n
2πσd00 2σd002
pn (I) = √ exp − . (26)
2πσn 2σn2
where µ00d = µn +µ0d and σd002 = σn2 +σd02 are the corresponding
As the stealth data (either bit 0 or bit 1) is modulated onto the mean and variance.
ASE noise (selected by CFBG1), the probability distribution One straightforward conclusion from the above equations is
of the data-carrying ASE is also a Gaussian distribution pd (I) as D → ∞ (or τ → 0), BF → ∞, and µ0d → µ0n , σd02 → σn02 ,
with mean µd and variance σd2 : and eventually µ00d → µ00n , σd002 → σn002 . In consequence, p0d (I)
1 h (I − µ )2 i
d moves closer to p0n (I) with a sufficiently large signal spreading
pd (I) = √ exp − . (27) or a sufficiently high data rate.
2πσd 2σd2
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
12
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JLT.2018.2872422, Journal of
Lightwave Technology
13
[18] R. A. Scholtz, “The origins of spread-spectrum communications,” IEEE [40] Z. Wang and P. R. Prucnal, “Optical steganography over a public
Transactions on Communications, vol. 30, pp. 822–854, 1982. dpsk channel with asynchronous detection,” IEEE Photonics Technology
[19] R. L. Pickholtz, D. L. Schilling, and L. B. Milstein, “Theory of Letters, vol. 1, no. 23, pp. 48–50, 2011.
spread-spectrum communications–a tutorial,” Communications, IEEE [41] Z. Gao, X. Wang, N. Kataoka, and N. Wada, “Stealth transmission of
Transactions on, vol. 30, no. 5, pp. 855–884, 1982. time-domain spectral phase encoded ocdma signal over wdm network,”
[20] A. J. Viterbi, “Spread spectrum communications: myths and realities,” Photonics Technology Letters, IEEE, vol. 22, no. 13, pp. 993–995, 2010.
IEEE Communications Magazine, vol. 40, no. 5, pp. 34–41, May 2002. [42] M. P. Fok and P. R. Prucnal, “Compact and low-latency scheme for
[21] D. L. Chaum, “Untraceable electronic mail, return addresses, and optical steganography using chirped fibre bragg gratings,” Electronics
digital pseudonyms,” Commun. ACM, vol. 24, no. 2, pp. 84–90, Feb. letters, vol. 45, no. 3, pp. 179–180, 2009.
1981. [Online]. Available: http://doi.acm.org/10.1145/358549.358563 [43] B. Wu, Z. Wang, Y. Tian, M. P. Fok, B. J. Shastri, D. R. Kanoff, and
[22] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The second- P. R. Prucnal, “Optical steganography based on amplified spontaneous
generation onion router,” in Proceedings of the 13th Conference on emission noise,” Optics express, vol. 21, no. 2, pp. 2065–2071, 2013.
USENIX Security Symposium - Volume 13, ser. SSYM’04. Berkeley, [44] B. Wu, Z. Wang, B. J. Shastri, M. P. Chang, N. A. Frost, and P. R.
CA, USA: USENIX Association, 2004, pp. 21–21. [Online]. Available: Prucnal, “Temporal phase mask encrypted optical steganography carried
http://dl.acm.org/citation.cfm?id=1251375.1251396 by amplified spontaneous emission noise,” Optics express, vol. 22, no. 1,
[23] J. Jrandom, “I2p anonymous network: Technical introduction,” pp. 954–961, 2014.
https://geti2p.net/en/docs/how/tech-intro, Retrieved on December 13, [45] B. Wu, A. N. Tait, M. P. Chang, and P. R. Prucnal, “Wdm optical
2010, from Anonymous Network. steganography based on amplified spontaneous emission noise,” Optics
[24] L. Boney, A. H. Tewfik, and K. N. Hamdy, “Digital watermarks for audio letters, vol. 39, no. 20, pp. 5925–5928, 2014.
signals,” in Multimedia Computing and Systems, 1996., Proceedings of [46] P. Y. Ma, B. Wu, B. J. Shastri, and P. R. Prucnal, “Optical steganography
the Third IEEE International Conference on, Jun 1996, pp. 473–480. communication using signal-carrying noise dispersion,” in 2016 IEEE
[25] C.-T. Hsu and J.-L. Wu, “Hidden digital watermarks in images,” Image Photonics Conference (IPC), Oct 2016, pp. 55–56.
Processing, IEEE Transactions on, vol. 8, no. 1, pp. 58–68, 1999. [47] C. Cachin, “An information-theoretic model for steganography,” Infor-
[26] R. G. van Schyndel, A. Z. Tirkel, and C. F. Osborne, “A digital mation and Computation, vol. 192, no. 1, pp. 41–56, 2004.
watermark,” in Image Processing, 1994. Proceedings. ICIP-94., IEEE [48] T. M. Cover and J. A. Thomas, Elements of information theory. John
International Conference, vol. 2, Nov 1994, pp. 86–90 vol.2. Wiley & Sons, 2012.
[27] R. B. Wolfgang and E. J. Delp, “A watermark for digital images,” [49] P. A. Govind, “Fiber-optic communication systems,” John Wiley, New
in Image Processing, 1996. Proceedings., International Conference on, York, 2002.
vol. 3, Sep 1996, pp. 219–222 vol.3. [50] B. Wu, B. J. Shastri, and P. R. Prucnal, “System performance mea-
[28] R. J. Anderson and F. A. Petitcolas, “On the limits of steganography,” surement and analysis of optical steganography based on noise,” IEEE
IEEE Journal on selected areas in communications, vol. 16, no. 4, pp. Photonics Technology Letters, vol. 26, no. 19, pp. 1920–1923, 2014.
474–481, 1998. [51] P. Cuff and L. Yu, “Differential privacy as a mutual information
[29] W. Bender, D. Gruhl, N. Morimoto, and A. Lu, “Techniques for data constraint,” in Proceedings of the 2016 ACM SIGSAC Conference on
hiding,” IBM systems journal, vol. 35, no. 3.4, pp. 313–336, 1996. Computer and Communications Security. ACM, 2016, pp. 43–54.
[30] N. F. Johnson and S. Jajodia, “Exploring steganography: Seeing the [52] J. Hou and G. Kramer, “Effective secrecy: Reliability, confusion and
unseen,” Computer, vol. 31, no. 2, pp. 26–34, 1998. stealth,” in 2014 IEEE International Symposium on Information Theory,
[31] D. Artz, “Digital steganography: hiding data within data,” IEEE Internet June 2014, pp. 601–605.
computing, vol. 5, no. 3, pp. 75–80, 2001. [53] B. A. Bash, D. Goeckel, and D. Towsley, “Limits of reliable communica-
[32] K. Ahsan and D. Kundur, “Practical data hiding in tcp/ip,” in Proc. tion with low probability of detection on awgn channels,” IEEE Journal
Workshop on Multimedia Security at ACM Multimedia, vol. 2, no. 7, on Selected Areas in Communications, vol. 31, no. 9, pp. 1921–1930,
2002. September 2013.
[33] S. Cabuk, C. E. Brodley, and C. Shields, “Ip covert timing channels: [54] P. H. Che, M. Bakshi, and S. Jaggi, “Reliable deniable communication:
design and detection,” in Proceedings of the 11th ACM conference on Hiding messages in noise,” in 2013 IEEE International Symposium on
Computer and communications security. ACM, 2004, pp. 178–187. Information Theory, July 2013, pp. 2945–2949.
[34] S. J. Murdoch and S. Lewis, “Embedding covert channels into tcp/ip,” [55] C. Dwork and G. N. Rothblum, “Concentrated differential privacy,”
in International Workshop on Information Hiding. Springer, 2005, pp. arXiv preprint arXiv:1603.01887, 2016.
247–261. [56] B. A. Bash, D. Goeckel, and D. Towsley, “Square root law for commu-
[35] H. Wang and S. Wang, “Cyber warfare: steganography vs. steganalysis,” nication with low probability of detection on awgn channels,” in 2012
Communications of the ACM, vol. 47, no. 10, pp. 76–82, 2004. IEEE International Symposium on Information Theory Proceedings, July
[36] B. B. Wu and E. E. Narimanov, “A method for secure communications 2012, pp. 448–452.
over a public fiber-optical network,” Optics express, vol. 14, no. 9, pp. [57] N. A. Olsson, “Lightwave systems with optical amplifiers,” Lightwave
3738–3751, 2006. Technology, Journal of, vol. 7, no. 7, pp. 1071–1082, 1989.
[37] Y. Huang, B. Wu, I. Glesk, E. Narimanov, T. Wang, and P. Pruc- [58] R. Steele, G. Walker, and N. Walker, “Sensitivity of optically pream-
nal, “Combining cryptographic and steganographic security with self- plified receivers with optical filtering,” Photonics Technology Letters,
wrapped optical code division multiplexing techniques,” Electronics IEEE, vol. 3, no. 6, pp. 545–547, 1991.
Letters, vol. 43, no. 25, p. 1, 2007. [59] F. Ouellette, “Dispersion cancellation using linearly chirped bragg
[38] K. Kravtsov, B. Wu, I. Glysk, P. Prucnal, and E. Narimanov, “Stealth grating filters in optical waveguides,” Optics letters, vol. 12, no. 10,
transmission over a wdm network with detection based on an all-optical pp. 847–849, 1987.
thresholder,” in LEOS 2007-IEEE Lasers and Electro-Optics Society [60] P. Krug, T. Stephens, G. Yoffe, F. Ouellette, P. Hill, and G. Dhosi,
Annual Meeting Conference Proceedings, 2007. “Dispersion compensation over 270 km at 10 gbit/s using an offset-core
[39] X. Hong, D. Wang, L. Xu, and S. He, “Demonstration of optical chirped fibre bragg grating,” Electronics Letters, vol. 31, no. 13, pp.
steganography transmission using temporal phase coded optical signals 1091–1093, 1995.
with spectral notch filtering,” Optics express, vol. 18, no. 12, pp. 12 415– [61] D. Marcuse, “Pulse distortion in single-mode fibers. 3: Chirped pulses,”
12 420, 2010. Applied Optics, vol. 20, no. 20, pp. 3573–3579, 1981.
0733-8724 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.