19-05-2012, 01:13 PM
Optical Layer Security in Fiber-Optic Networks
[attachment=22446]
INTRODUCTION
OPTICAL communication systems have foundwidespread
adoption in a variety of applications, ranging from personal
to commercial to military communications. Due to the
dramatic increase in network usage and the increased accessibility
of optical networks, it is important that communications
crossing these networks are properly secured. As with any other
type of network, the first line for securing communications starts
with employing cryptographic protocols at higher layers of the
protocol stack. However, building security on top of an insecure
foundation is a risky practice, and for this reason it is desirable
to make certain that the physical layer of an optical system
Confidentiality
Although optical networks do not emit an electromagnetic
signature, an attacker can eavesdrop on an optical system using
a variety of approaches, including physically tapping into the
optical fiber [14], or by listening to the residual crosstalk from
an adjacent channel while impersonating a legitimate subscriber
[15]. Tapping optical fiber is not difficult if the fiber itself is exposed
and without physical protection. For example, fiber can
be tapped by peeling off the protective material and cladding of
the fiber, so that a small portion of the light escapes from the
optical fiber. By placing a second fiber directly adjacent to the
place where light escapes from the first fiber, it is possible to
capture a small amount of the desired optical signal.
Authentication
Authentication requires the use of a unique coding/decoding
scheme between the desired users. The coding scheme forms
an identity for the user. In the physical optical link, an optical
signal travels freely in the network and can reach any destination
as long as it has the correct wavelength (for a WDM network),
or a correct temporal synchronization (for a time-division-multiplexing
(TDM) network). With an OCDMA coding/decoding
scheme, a certain level of authentication can be achieved by
using a unique OCDMA code that is agreed upon by the sender
and designated recipient. Without knowledge of that code, an
unauthorized user cannot decode the OCDMA signal in the
presence of other OCDMA traffic. In other words, in addition to
providing multiaccess capability, OCDMA codes also provide
a means for authentication between two users.
Availability
Optical networks are susceptible to a variety of attacks on
their physical infrastructure as well as signal jamming attacks
[18]. The net result in either case can be a denial of service.
Although denial of service does not necessarily result in the theft
of information, it can translate into loss of network resources
(such as bandwidth), impact many users, and could result in
significant fiscal losses to the network provider.
[attachment=22446]
INTRODUCTION
OPTICAL communication systems have foundwidespread
adoption in a variety of applications, ranging from personal
to commercial to military communications. Due to the
dramatic increase in network usage and the increased accessibility
of optical networks, it is important that communications
crossing these networks are properly secured. As with any other
type of network, the first line for securing communications starts
with employing cryptographic protocols at higher layers of the
protocol stack. However, building security on top of an insecure
foundation is a risky practice, and for this reason it is desirable
to make certain that the physical layer of an optical system
Confidentiality
Although optical networks do not emit an electromagnetic
signature, an attacker can eavesdrop on an optical system using
a variety of approaches, including physically tapping into the
optical fiber [14], or by listening to the residual crosstalk from
an adjacent channel while impersonating a legitimate subscriber
[15]. Tapping optical fiber is not difficult if the fiber itself is exposed
and without physical protection. For example, fiber can
be tapped by peeling off the protective material and cladding of
the fiber, so that a small portion of the light escapes from the
optical fiber. By placing a second fiber directly adjacent to the
place where light escapes from the first fiber, it is possible to
capture a small amount of the desired optical signal.
Authentication
Authentication requires the use of a unique coding/decoding
scheme between the desired users. The coding scheme forms
an identity for the user. In the physical optical link, an optical
signal travels freely in the network and can reach any destination
as long as it has the correct wavelength (for a WDM network),
or a correct temporal synchronization (for a time-division-multiplexing
(TDM) network). With an OCDMA coding/decoding
scheme, a certain level of authentication can be achieved by
using a unique OCDMA code that is agreed upon by the sender
and designated recipient. Without knowledge of that code, an
unauthorized user cannot decode the OCDMA signal in the
presence of other OCDMA traffic. In other words, in addition to
providing multiaccess capability, OCDMA codes also provide
a means for authentication between two users.
Availability
Optical networks are susceptible to a variety of attacks on
their physical infrastructure as well as signal jamming attacks
[18]. The net result in either case can be a denial of service.
Although denial of service does not necessarily result in the theft
of information, it can translate into loss of network resources
(such as bandwidth), impact many users, and could result in
significant fiscal losses to the network provider.