PHYSICAL LAYER SECURITY OF OPTICAL NETWORKS

Abstract

The physical layer of an optical network may be attacked in numerous ways, such as by jamming, assaults on the physical infrastructure,

eavesdropping, and interception. As the requirement for network capacity develops, the physical layer of the optical network must be kept secure. In this overview article, specialists look at security problems in optical networks and discuss a variety of novel approaches to defending optical networks. In the first section of this study, researchers discuss a variety of security issues that might harm the optical layer of an optical network. These weaknesses include jamming, physical infrastructure assaults, eavesdropping, and interception. Enhanced optical network security has gained a lot of interest in the sectors described above. Real-time signal processing is essential in order to apply security measures at the physical layer without slowing down the pace of optical communications. The key advantages of optical processing for optical layer security include rapid reaction, wide-band operation, resilience to electromagnetic fields, compact size, and low latency. In the second part of this research, we look into optical steganography, optical encryption, optical code-division multiple access (CDMA) secrecy, self-healing, survivable optical rings, anti-jamming, and optical CDMA confidentiality.

I. Introduction

Introduction Optical communication systems are employed in many different fields, including business, the military, and personal communication. Optical networks are unusual in that their data speeds are greater than 40 GB/s, and this figure will only increase as time goes on. Physical layer security measures have to function in real time, which is not achievable with standard electronic computing. Side-channel assaults are less likely to emerge in optical communication networks because optical components don’t leave electromagnetic traces. With optical encryption, communications may be encrypted fast and with minimum latency (at speeds not attainable with standard electrical implementations) (at rates not possible with conventional electrical implementations). In addition to data encryption, optical steganography may be used to obscure the flow of data over an open transmission channel.

II. Threats and defenses in optical networks at the optical layer

There are many different forms of optical networks, from local area networks to the backbone networks of the Internet. Each network may tackle a particular threat type in a different manner. Researchers investigate the optical layer to examine whether there are any threats to privacy, availability, authentication, and secrecy (Skorin-Kapov, 2016).

A. Confidentiality

Even though optical networks don’t have an electromagnetic signature, an attacker may nonetheless listen in on them by physically tapping into the optical fiber or by pretending as a lawful subscriber and listening to residual crosstalk from an adjacent channel. It is not hard to tap an optical cable that is out in the open and has no physical protection. For example, the protective coating and cladding of an optical fiber may be peeled away to allow a small quantity of light to escape (Rahouma, 2021). A component of the optical signal that is required may be collected by inserting a second fiber near where light is exiting the first wire. In reality, this is a tricky approach to tapping an optical connection since you can only retrieve a tiny fraction of the optical signal without getting noticed. The eavesdropper’s signal-to-noise ratio must be exceedingly low for the signal loss to be unnoticeable (Zhang et al., 2016).

B. Authentication

For authentication, researchers and the individuals who will utilize the information must agree on a precise technique to code and decode the information. The structure of the code is used to figure out who the user is. In a physical optical connection, an optical signal can reach any destination if it has the right wavelength (in a wavelength-division-multiplexing (WDM) network) or temporal synchronization (in a time-division-multiplexing (TDM) network). An OCDMA coding/decoding system uses a specific OCDMA code that both the sender and the person the message is meant for agree on as a way to verify the message. Without the code, unauthorized users can’t figure out what the OCDMA signal says when there is other OCDMA traffic around. In other words, OCDMA codes not only allow for multiple access, but they also allow two users to prove who they are (Fok et al., 2011).

C. Privacy

Steganography could make communication networks more private by hiding messages so that only the sender and the person to whom they are sent know about a transfer. Optical steganography makes it possible to send data over a secret channel called a “stealth channel” that can be hidden while “public channels” are in use. For this to work, the data rate on the stealth channel must be higher than on the public channel. This could be useful for applications that need more privacy than what a low-bitrate, high-priority channel can offer. Figure 1 shows the idea behind optical steganography (Etemad et al., 2007).

 It uses a dispersive optical element with high group-velocity dispersion (GVD) to make a series of short light pulses that are spread out in time (stealth pulse). In contrast to the high-dispersion component, which makes each wavelength component move at a different speed, short optical pulses have a naturally wide spectrum width. With a high GVD, the peak amplitudes of stealth pulses are brought down to a level below the noise in the system, such as the noise that is made by optical amplifiers when they are turned up. If there is also a public signal, the stretched stealth pulses may be hidden by both the background noise of the network and the public signal, as shown in the middle figure of Fig. 1. Figure 1’s bottom figure shows that the stealth signal can have a wide range and blend in with background noise, or it can have a narrow range and work alongside the public channel. The goal is to make sure that the stealth signal can’t be found by its spectrum (Rothe et al., 2020).

Figure 1 shows, at the top, an example of a schematic for optical steganography that makes use of group velocity dispersion. (a) a measured temporal profile of the stealth channel before it spreads, and (b) a measured temporal profile of the stealth channel after it has spread. In the middle is a graphic showing the measured public signal eye (a) without a stealth signal, and (b) with a stealth signal. Bottom: Spectral masking of the stealth transmission (a) spectrum without stealth transmission; (b) spectrum with the stealth signal present; and (c) spectrum of the stealth signal on its own (Fok et al., 2011).

D. Availability

Experts say that optical networks can be attacked in many different ways, including through physical infrastructure attacks and signal jamming. Any setting can cause a service to be denied. Even though denial of service may not always lead to the theft of information, it can lead to the loss of network resources (like bandwidth), the disruption of many users, and large financial losses for the network operator. A damaged optical fibre could be done on purpose or by accident. For example, construction workers digging around a buried fiber optic cable could accidentally cut it, or an attacker could just cut a part of the fibre that isn’t covered. No matter what the goal is, optical networks are often built with redundant channels to help them fix problems quickly and keep service from going down. Self-healing ring topologies make sure that both service availability and survivability are met. Commonly used in the infrastructure of local and metropolitan area networks for telecommunications. Guaranteed to fix broken connections in 60 milliseconds or less (Zhang et al., 2016).

III. Optical Layer Security: Confidentiality
A. Optical Encryption

In an encrypted system, an eavesdropper can’t figure out what the data is from the ciphertext if they don’t have the encryption key. So, encryption is a good way to protect signals and keep networks private. A lot of money has been spent on developing optical structures so that encryption operations can be done quickly in the optical domain. Part of the reason for this work is that optical processing can work at data rates that are many times faster than those of electrical components. Also, optical components are less likely to have side channels than electrical ones because they don’t give off any electromagnetic emissions that can be seen. Several researchers have looked into optical XOR logic, for example, as a way to start making optical encryption methods (Fok et al., 2011). The result is that the optical XOR gates don’t leave any electromagnetic traces that a spy could use to track them. Cross-polarization and cross-gain modulation in a semiconductor optical amplifier, four-wave mixing for phase- and polarization-modulated signals, cross-phase modulation in interferometric-based optical devices, and pump depletion with sum and difference frequency generation in a periodically poled lithium niobate (PPLN) waveguide have all been proposed and shown to work as optical XOR gates. Figure 2 shows that an optical encryption system can use a variety of XOR gates to do encryption at the transmitter and decryption at the receiver (Yousefi et al., 2020).

Figure 2: This figure shows how the parts of an all-optical encryption system are put together. Quantum key distribution is what QDK stands for (Fok et al., 2011).

B. Coherent OCDMA technique

As explained in Section II, the type of OCDMA codes that are used affects how secret the system is. OCDMA codes are often put into two groups: those that make sense and those that don’t. Spectral-phase encoding (SPE) is a well-known coherent OCDMA technique. It shifts the phase of many coherent spectral components in different ways. The decoder at the receiver does conjugate phase shifts to bring all of the spectral components into phase and make an autocorrelation peak for data reception. Incoherent OCDMA, direct detection, and intensity modulation are used to build the system. Researchers focus on wavelength-hopping time-spreading (WHTS), which is a common two-dimensional OCDMA method, because its code is flexible and it works better than other schemes. Along with the OCDMA codes, the way data is modulated also makes the system secret. The energy levels of bits “1” and “0” change, and a photodetector can pick up on these changes even without a decoder. This shows that on-off keying (OOK) can be broken. To get around this problem, both coherent and incoherent OCDMA codes can use two-code-keying modulation, which uses two different codes for bits “1” and “0” to make the energy levels of all bits the same (Prucnal et al., 2009).

IV. Authentication of the optical layer

Even though little research has been done on authentication at the physical layer of an optical network, the unique coding features of OCDMA codes show a lot of promise for improving authentication in optical networks. In the case of a SPE code, for example, the receiver may only pick up the signal if the whole set of phase coding information is changed. This means that each chip’s phase must be encoded and decoded correctly. Figure 8 shows the eye diagrams of a scrambled Hadamard code that have been sent. The code is broken using very precise phase chips, which leads to the open-eyed figure in Figure 8. (a). Figure 3 shows that even if only one of the eight phase chips is missing, the descrambled eye diagram is completely closed (b). The above example shows how researchers could use the fact that each OCDMA code is unique to find out who the intended users are. They don’t have the code to get signals from authorised users, so they can’t. More research is being done to make authentication better.

Figure 3: This figure shows experimental eye diagrams of decoded and unscrambled Hadamard codes. Using the right decoder or a decoder that is only partly right (Fok et al., 2011).

V. Optical layer Security: Availability

A. Ring of Resistance For high survivability and service availability, self-healing ring designs are a good alternative to other topologies. As explained in Section IV, OCDMA’s large code cardinality not only makes brute-force channel finding harder, but it also improves service availability while using less bandwidth. Because of this, it has been suggested to build a two-way OCDMA ring network with an OCDMA-based backup channel. With a high cardinality, you can build a resilient ring network that doesn’t need extra capacity or a backup route in case a link fails. Traditional backup methods have to permanently set aside all or part of their bandwidth. If there is no breakdown, the bandwidth that could be used is wasted. Soft blocking is what makes incoherent OCDMA networks stand out. Soft blocking is the ability to change or remove the number of transmissions happening at the same time without changing how the hardware is set up. Unlike WDM and TDM, it is not limited by the number of wavelengths or time slots.

Older optical multiplexing systems like WDM and TDM are not as scalable and don’t use the spectrum as well as OCDMA. OCDMA may offer many more optical channels than WDM, even though both use the same number of wavelengths. Instead, as the number of transmissions goes up, the network’s performance keeps getting worse. Also, incoherent OCDMA lets different types of data share the same link. In order to improve network service quality, two pathways in the ring may transport data at different rates. High priority traffic use the main lane, whereas research traffic utilises the “backup” channel. OCDMA’s soft blocking capability allows traffic aggregation with little effect on performance. In the case of a connection breakdown, then, more bandwidth or a backup route are not necessary. During normal operation, both connections may be used. Each node in the researcherst and east connections may add and remove signals, as shown in Figure 4.

Figure 4: This figure depicts a bidirectional two-fiber OCDMA ring network (Etemad et al., 2007).

B. Anti-jamming

On passive networks, any access point may inject a powerful optical signal upstream to create a denial of service (such rings, buses, and stars). In the worst-case scenario, the strong optical signal might overpower the optical receiver, prohibiting the user from receiving any data. Due to optical fiber’s broadband capability, optical communications may be carried in a jammed channel by totally shifting the optical signal wavelength outside the blocked waveband. Consequently, anti-jamming may be implemented, and the communication channel can be restored. Figure 5 depicts the anti-interference concept. As illustrated on the left side of Figure 5, prior to jamming, signals are sent in the middle waveband.

Figure 5: Diagram of waveband up- or down-conversion as an anti-jamming technique (Fok et al., 2011).

VI. Principle of optical layer security:Privacy

Steganography may enhance signal privacy by concealing the stealth signal inside background noise and public transmission. Steganography adds a layer of protection to the signal’s secrecy, but it does not guarantee it. Wu et al. initially proposed the concept of optical steganography, and their theoretical analysis of the performance of the stealth channel. Experiment findings indicate that optical steganography is well suited for a variety of public channels. Examples include transmitting a stealth signal encoded using SPE over a RZ-OOK public channel, a stealth signal encoded with NRZ-OOK over another WHTS public channel, and a stealth signal encoded with WHTS over yet another WHTS public channel. Optical steganography is especially helpful in passive optical networks, because signals are not filtered nor digitally regenerated at nodes (e.g., FIOS) (Etemad et al., 2007).

Previous research has shown that it is challenging to identify the presence of a stealth signal in the presence of public signals by analysing the temporal or spectral characteristics of the transmitted signals. If the opponent believes there is a hidden signal, they may use a variety of strategies to determine whether or not they can discover it. Utilizing an adjustable dispersion-compensating device is an appropriate method for detecting a buried signal. Once the opponent detects a clue of the stealth signal, he need just change the signal’s dispersion to recover it in full. Under such assaults, the confidentiality of the stealth communication cannot be guaranteed. In response to this possible risk, Wang et al. suggested enhancing the privacy of stealth transmission by adding temporal phase modulation to the stretched stealth signal prior to broadcasting it over the network. After adding a temporal phase mask to the spread stealth signal, as seen in Figure 6, some portions of the spread pulse undergo phase changes. In addition to the matched dispersion correction, the matching phase recovery at the receiver, as seen in Figure 6, is necessary to recover the stealth pulses.

Figure 6: This figure demonstrates a temporal phase modulation strategy for distributed stealth pulses that enhances the confidentiality of stealth transmission (Fok et al., 2011).

Conclusion

In this study, researchers investigate the vulnerability of optical networks to a variety of security issues that may manifest in the optical layer of a network. In addition, they present an overview of a variety of optical methods for mitigating the aforementioned security issues. Optical technology permits the processing of data in real time, hence enhancing the security of optical networks. In this study, researchers evaluated optical encryption as a method for enhancing secrecy at line speeds while presenting less of a threat from side channels than electrical encryption. Experimentally, a variety of optical XOR gates with and without feedback have been constructed. These approaches provide the generation of long key streams from short key streams or the processing of registers utilized by Vernam cyphers to encrypt data, hence enabling safe optical encryption. Due to the vast bandwidth of fiber optics, anti-jamming may be achieved using optical frequency conversion, allowing signals to be transmitted outside of the jamming band and boosting network availability. As a result of the large spectrum of optical pulses, optical steganography is easily implemented utilizing either compact fiber Bragg gratings or temporal stretching based on group velocity dispersion in fibers. A phase mask may be utilized to increase the stealth signal’s security even more. Steganography adds a layer of protection to the signal’s secrecy, but it does not guarantee it. Researchers also suggest using orthogonal coding for obscurity and resilient optical ring design with OCDMA coding to boost the optical network’s availability and privacy. The unique coding scheme used by OCDMA enables signal validation. According to the specialists, additional study will be conducted on this issue.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top