25-07-2012, 03:24 PM
Optical Layer Security in Fiber-Optic Networks
optical layer security.pdf (Size: 1.52 MB / Downloads: 97)
Abstract
The physical layer of an optical network is vulnerable
to a variety of attacks, including jamming, physical infrastructure
attacks, eavesdropping, and interception. As the demand for network
capacity grows dramatically, the issue of securing the physical
layer of optical network cannot be overlooked. In this survey
paper, we discuss the security threats in an optical network as well
as present several existing optical techniques to improve the security.
In the first part of this paper, we discuss various types of
security threats that could appear in the optical layer of an optical
network, including jamming, physical infrastructure attacks,
eavesdropping, and interception. Intensive research has focused
on improving optical network security, in the above specific areas.
Real-time processing of the optical signal is essential in order to
integrate security functionality at the physical layer while not undermining
the true value of optical communications, which is its
speed.
INTRODUCTION
Due to the dramatic increase in network usage and the increased accessibility of optical networks, it is important that communications
crossing these networks are properly secured. As with any other
type of network, the first line for securing communications starts
with employing cryptographic protocols at higher layers of the
protocol stack. However, building security on top of an insecure
foundation is a risky practice, and for this reason it is desirable
to make certain that the physical layer of an optical system
(which we shall refer to as the optical layer in this paper) ismade
secure against threats that might target .
THREATS AND DEFENSES IN OPTICAL NETWORKS AT THE
OPTICAL LAYER
There are many types of optical networks, ranging from local
area networks to optical networks that form the backbone of the
Internet. For each of these networks, the actual implementation
of a particular type of threatmay vary. However, in spite of these
many different modalities, the threat categories can loosely be
categorized as threats where an adversary tries to listen in on
communications (confidentiality), where an unauthorized entity
tries to communicate (authentication), where an entity alters
or manipulates communication (integrity), where an adversary
tries to subvert the successful delivery of communications
(availability), and privacy risks associated with an adversary observing
the existence of communications (privacy and traffic
analysis). In the remainder of this section, we quickly survey
confidentiality, authentication, privacy, and availability threats
and solutions at the optical layer.
OPTICAL LAYER SECURITY: CONFIDENTIALITY
Optical Encryption
In encryption, the data cannot be recovered from the ciphertext
by an eavesdropper without knowledge of the encryption
key. Thismakes encryption an effectiveway of securing a signal
and enhancing the confidentiality of a network. There has been
considerable effort to develop optical architectures for implementing
fast encryption functions in the optical domain. One
motivation for such work is that optical processing can operate
at data rates far in excess of what is capable with electronic
components. Further, optical components do not have electromagnetic
emissions that are observable from a distance, and
hence pose less side-channel risk than their electrical counterparts.
As an example, the investigation of optical XOR logic
has been carried out by several researchers as a starting point
for building optical encryption algorithms. The resulting optical
XOR gates do not have electromagnetic signatures that can
be monitored by an eavesdropper. Optical XOR gates have been
proposed and demonstrated using various techniques.
OPTICAL LAYER SECURITY: AVAILABILITY
Survivable Ring
To provide high survivability and ensure service availability,
self-healing ring architectures are a good candidate compared
to other architectures [19]. As discussed in Section IV, the large
code cardinality of OCDMA not only increases the difficulty in
channel-detection by brute-force, it also enhances service availability
while minimizing the use of bandwidth. Thus, the use
of an OCDMA-based backup channel to implement a bandwidth-
efficient bidirectional OCDMA ring network has been
proposed [13]. With large cardinality, a survivable ring network
can be built such that there is no need to reserve separate
bandwidth or a separate path for link failure. Conventional
backup paths require the permanent reservation of all or part
of their bandwidth. The reserved bandwidth is wasted unless
failure occurs.One unique characteristic of incoherent OCDMA
networks is “soft blocking” [1].
PRINCIPLE OF OPTICAL LAYER SECURITY: PRIVACY
Steganography is one way to improve the privacy of a signal
by hiding the stealth signal underneath the public transmission
and noise level. Although steganography does not completely
ensure signal privacy, it does provide it with an additional layer
of protection. Optical steganography was first proposed by
Wu et al. [2] and the performance of the stealth channel was
theoretically analyzed. [54], [55]. Experimental investigations
of optical steganography illustrate that optical steganography
has good compatibility with various types of public channels.
Examples include transmitted SPE encoded stealth signal in an
RZ-OOK public channel [56], RZ-OOK stealth signal under
a NRZ-OOK public channel [57], WHTS encoded OCDMA
stealth signal through another WHTS public channel [58], and
RZ-OOK stealth signal transmission through a NRZ-DPSK
public channel [59]. Optical steganography is particularly suitable
where the signals are not filtered or digitally regenerated
at nodes, which is the case of many of today’s passive optical
networks (e.g., FIOS).
SUMMARY AND DISCUSSION
In this survey paper, we discuss the vulnerability of optical
networks towards various types of security threats that
could appear in the optical layer of a network, and present an
overview of various optical techniques for defending against
the corresponding security threats. With the use of optical techniques,
real-time signal processing is realized to improve the
security of optical networks. In this paper, we discussed optical
encryption to enhance confidentiality at line rates, while posing
less side-channel risk than its electrical counterparts. Various
types of optical XOR gates with and without feedback have been
built experimentally. These techniques enable the generation
of long key streams from smaller keys or for processing registers
used in the process of encipherment by Vernam ciphers
to enable a secure optical encryption.
optical layer security.pdf (Size: 1.52 MB / Downloads: 97)
Abstract
The physical layer of an optical network is vulnerable
to a variety of attacks, including jamming, physical infrastructure
attacks, eavesdropping, and interception. As the demand for network
capacity grows dramatically, the issue of securing the physical
layer of optical network cannot be overlooked. In this survey
paper, we discuss the security threats in an optical network as well
as present several existing optical techniques to improve the security.
In the first part of this paper, we discuss various types of
security threats that could appear in the optical layer of an optical
network, including jamming, physical infrastructure attacks,
eavesdropping, and interception. Intensive research has focused
on improving optical network security, in the above specific areas.
Real-time processing of the optical signal is essential in order to
integrate security functionality at the physical layer while not undermining
the true value of optical communications, which is its
speed.
INTRODUCTION
Due to the dramatic increase in network usage and the increased accessibility of optical networks, it is important that communications
crossing these networks are properly secured. As with any other
type of network, the first line for securing communications starts
with employing cryptographic protocols at higher layers of the
protocol stack. However, building security on top of an insecure
foundation is a risky practice, and for this reason it is desirable
to make certain that the physical layer of an optical system
(which we shall refer to as the optical layer in this paper) ismade
secure against threats that might target .
THREATS AND DEFENSES IN OPTICAL NETWORKS AT THE
OPTICAL LAYER
There are many types of optical networks, ranging from local
area networks to optical networks that form the backbone of the
Internet. For each of these networks, the actual implementation
of a particular type of threatmay vary. However, in spite of these
many different modalities, the threat categories can loosely be
categorized as threats where an adversary tries to listen in on
communications (confidentiality), where an unauthorized entity
tries to communicate (authentication), where an entity alters
or manipulates communication (integrity), where an adversary
tries to subvert the successful delivery of communications
(availability), and privacy risks associated with an adversary observing
the existence of communications (privacy and traffic
analysis). In the remainder of this section, we quickly survey
confidentiality, authentication, privacy, and availability threats
and solutions at the optical layer.
OPTICAL LAYER SECURITY: CONFIDENTIALITY
Optical Encryption
In encryption, the data cannot be recovered from the ciphertext
by an eavesdropper without knowledge of the encryption
key. Thismakes encryption an effectiveway of securing a signal
and enhancing the confidentiality of a network. There has been
considerable effort to develop optical architectures for implementing
fast encryption functions in the optical domain. One
motivation for such work is that optical processing can operate
at data rates far in excess of what is capable with electronic
components. Further, optical components do not have electromagnetic
emissions that are observable from a distance, and
hence pose less side-channel risk than their electrical counterparts.
As an example, the investigation of optical XOR logic
has been carried out by several researchers as a starting point
for building optical encryption algorithms. The resulting optical
XOR gates do not have electromagnetic signatures that can
be monitored by an eavesdropper. Optical XOR gates have been
proposed and demonstrated using various techniques.
OPTICAL LAYER SECURITY: AVAILABILITY
Survivable Ring
To provide high survivability and ensure service availability,
self-healing ring architectures are a good candidate compared
to other architectures [19]. As discussed in Section IV, the large
code cardinality of OCDMA not only increases the difficulty in
channel-detection by brute-force, it also enhances service availability
while minimizing the use of bandwidth. Thus, the use
of an OCDMA-based backup channel to implement a bandwidth-
efficient bidirectional OCDMA ring network has been
proposed [13]. With large cardinality, a survivable ring network
can be built such that there is no need to reserve separate
bandwidth or a separate path for link failure. Conventional
backup paths require the permanent reservation of all or part
of their bandwidth. The reserved bandwidth is wasted unless
failure occurs.One unique characteristic of incoherent OCDMA
networks is “soft blocking” [1].
PRINCIPLE OF OPTICAL LAYER SECURITY: PRIVACY
Steganography is one way to improve the privacy of a signal
by hiding the stealth signal underneath the public transmission
and noise level. Although steganography does not completely
ensure signal privacy, it does provide it with an additional layer
of protection. Optical steganography was first proposed by
Wu et al. [2] and the performance of the stealth channel was
theoretically analyzed. [54], [55]. Experimental investigations
of optical steganography illustrate that optical steganography
has good compatibility with various types of public channels.
Examples include transmitted SPE encoded stealth signal in an
RZ-OOK public channel [56], RZ-OOK stealth signal under
a NRZ-OOK public channel [57], WHTS encoded OCDMA
stealth signal through another WHTS public channel [58], and
RZ-OOK stealth signal transmission through a NRZ-DPSK
public channel [59]. Optical steganography is particularly suitable
where the signals are not filtered or digitally regenerated
at nodes, which is the case of many of today’s passive optical
networks (e.g., FIOS).
SUMMARY AND DISCUSSION
In this survey paper, we discuss the vulnerability of optical
networks towards various types of security threats that
could appear in the optical layer of a network, and present an
overview of various optical techniques for defending against
the corresponding security threats. With the use of optical techniques,
real-time signal processing is realized to improve the
security of optical networks. In this paper, we discussed optical
encryption to enhance confidentiality at line rates, while posing
less side-channel risk than its electrical counterparts. Various
types of optical XOR gates with and without feedback have been
built experimentally. These techniques enable the generation
of long key streams from smaller keys or for processing registers
used in the process of encipherment by Vernam ciphers
to enable a secure optical encryption.