Optical Layer Security in Fiber-Optic Networks

- I V Surendra Varun Kumar

Topics
• Introduction • Threats • Optical Layer Security (Defenses)

4 May 2012

M.Tech, CSE-PESIT

2

Introduction
• Optical Communication system has variety of applications. • Ranging form Personal - commercial - military. • Due to dramatic increase in network speed and usage, there is a dramatic increase in vulnerability. •Securing the physical layer of optical network has become difficult job. • Building security on top of an insecure foundation is a risky practice. • Accomplishing real-time security processing at optical layer is a technically challenging problem.

4 May 2012

M.Tech, CSE-PESIT

3

Threats
• Optical networks ranging from local area to backbone of the Internet. • For each the actual implementation of particular threat varies. • Loosely the Threats are categorized as: 1. Confidentiality 2. Authentication 3. Privacy 4. Availability

4 May 2012

M.Tech, CSE-PESIT

4

Threats
Confidentiality • Adversary tries to listen in on communication. • Optical Networks do not emit electromagnetic signature, even attacker eavesdrop on a optical system. ─ physical tapping ─ listening to residual crosstalk

4 May 2012

M.Tech, CSE-PESIT

5

Threats
1.Confidentiality Physical Tapping • Tapping optical fiber is not difficult if the fiber itself is exposed. • small amount of light escapes from the optical fiber. • Directly placing the second fiber adjacent to the place where light escapes can capture a small amount of desired optical signal. • In practice tapping an optical fiber is not a easy task. • eavesdropper must operate at a very low signal to noise ratio. • A special procedure is required to peel-off the protective material and cladding from the fiber, else causes breakage.

4 May 2012

M.Tech, CSE-PESIT

6

Threats
1.Confidentiality listening to residual crosstalk • The other way of eavesdropping is to listen to the residual adjacent crosstalk while impersonating one of the subscribers. • This is possible in wavelength-division-multiplexing (WDM) networks. • This occur due to wavelength demultiplexers do not have perfect channel isolation, resulting to small amount of optical power leakage from adjacent channels. • This method require special optical equipment to extract weak optical signal from the crosstalk.

4 May 2012

M.Tech, CSE-PESIT

7

Threats
2.Authentication • An unauthorized entity tries to communicate. • It requires the use of a unique coding/decoding scheme between the desired users. • In physical optical link, an optical signal travels freely in the network and reach destination as long as it has correct wavelength (for WDM Networks). 3.Privacy & Traffic Analysis • Adversary observing the existence of communication. •Apart from the sender and intended receiver, no one else is aware of the existence of the transmission.

4 May 2012

M.Tech, CSE-PESIT

8

Threats
4.Availability • when an adversary tries to subvert the successful delivery of communications. • Optical networks are susceptible to a variety of attacks on physical infrastructure as well as signal jamming attacks. • This results in denial of service. • It doesn’t result in theft of information, but translates loss into loss of network resources (bandwidth). • Impact many users, result in significant fiscal losses to network providers. • Physical damage (breakage) results in unavailability.

4 May 2012

M.Tech, CSE-PESIT

9

Optical Layer Security (Defenses)
1.Confidentiality • Encryption is an effective way to secure a signal and enhance the confidentiality of a network. • To be compatible with high data rates, there is a need to develop architecture for implementing encryption in optical network.  Optical code-division multiple access (OCDMA) is another way of providing confidentiality.  This property for OCDMA has originated from the encoding/decoding process and multiplexing properties.  Here signal is encoded with a specific code which can only be detected by a corresponding decoder.

4 May 2012

M.Tech, CSE-PESIT

10

Optical Layer Security (Defenses)
2.Authentication • With OCDMA coding/decoding scheme authentication can be achieved by using a unique OCDMA code. • This is done upon agreement of sender and receiver. • An unauthorized user cant decode the OCDMA signal in presence of other OCDMA. • It also provides multi-access capability. • It provide mean of authentication between two users. • Sender encode the data with a unique code which represents the sender’s identity. • Data encoded by other encoders are treated as unauthenticated data, and automatically blocked. (miss match between encoder and decoder)

4 May 2012

M.Tech, CSE-PESIT

11

Optical Layer Security (Defenses)
3.Privacy • Steganography enables the transmission of a secret data channel in optical network called “stealth channel” . • This is hidden in the presence of “public channels”. • The data rate will be lower than the public channel. • Mostly used in application that work in low bit-rate, and high priority with additional confidentiality. • Here we have series of short optical pulses that are stretched using a dispersive optical element with high group-velocity dispersion (GVD).

4 May 2012

M.Tech, CSE-PESIT

12

Optical Layer Security (Defenses)
Top: Schematic illustration of optical steganography using group velocity dispersion. Insets: (a) measured temporal profile of stealth channel before spreading; (b) measured temporal profile of temporally spread stealth channel. Middle: the measured public signal eye diagram (a) without stealth signal, and (b) with stealth signal. Bottom: Spectral masking of the stealth transmission (a) spectrum without stealth transmission, (b) spectrum with the stealth signal present, and (c) spectrum of the stealth signal alone.

4 May 2012

M.Tech, CSE-PESIT

13

Optical Layer Security (Defenses)
4.Availability • Redundant paths are layed for self-healing. • Redundant paths ensures both survivability and service availability. • Telecommunication infrastructure is implemented in such a way that it can recover (failure) with in 60ms or less.

Two-fiber bidirectional OCDMA ring network
4 May 2012 M.Tech, CSE-PESIT

14

THANKS

4 May 2012

M.Tech, CSE-PESIT

15

Sign up to vote on this title
UsefulNot useful