School of Electrical Engineering Universiti Teknologi Malaysia
Physical Layer Security Mitigation Techniques in
Gigabit Passive Optical Networks (GPON): A Review Nadiatulhuda Zulkifli1*, Salim M. A. Al-Hinai1, Asrul Izam Azmi1, Muhammad Yusof Mohd Noor1, Arnidza Ramli1, Nik Noordini Nik Abd Malik1, Raja Zahilah2, Muhammad Al Farabi Muhammad Iqbal1, Sevia M Idrus1 1School of Electrical Engineering, UTM, 81310 Skudai, Johor, Malaysia 2School of Computing, UTM, 81310 Skudai, Johor, Malaysia *Corresponding author: nadiatulhuda@utm.my
ABSTRACT increased bandwidth for each user thus ensuring that
multiple data is transmitted through a single fiber, Passive Optical Network (PON) is a promising solution to however in TDM all of the users are assigned into one the last-mile problem in access networks. However, wavelength with different time slots. security is a very crucial aspect to be considered TDM-GPON operates through one wavelength especially in the current environments that are with different timeslots in upstream and downstream characterized by much larger data transport capacity. communication from multiple users over a single mode Moreover, securing the physical layer requires urgent optical fiber and vice versa. In downstream connection, attention as it will become more critical in future PON GPON uses a broadcast mechanism to send data that has much longer distance with the involvement of packets, and for upstream GPON uses TDMA more users. Thus, it is vulnerable to a variety of attacks, mechanism to transmit data packets. The downstream including denial of service (DoS) which jams a network, data rate ranges between 2.5 Gbps and upstream data eavesdropping and masquerade. DoS attack can take rates are between 1.25 Gbps. The single mode optical place when a continuous upstream signal is transmitted fiber that is connected from CO to the subscriber from Optical Network Unit (ONU) to Optical Line location has a splitter in between which splits the Terminal (OLT) with high enough power, causing the OLT optical power into separate N paths depending on the to receive the data with high bit error rate. Taking into number of subscribers in the system, the distance that account the importance of this issue, this paper aims to can be covered for this transmission through the optical review relevant development in the area of GPON fiber from OLT to ONU is 20 km. physical layer security. Eventough GPON typically provides a standard security procedure for authentication, data encryption Keywords: FTTS, PON, optical access networks and key establishment, it is still become the subject of security threat. This is mainly due to the broadcast communication nature between OLT to ONU and shared 1. INTRODUCTION medium between ONUs in their communication with OLT. In general, security aspects in GPON can be viewed Passive Optical Network (PON) is the infrastructure that from the different OSI communication layer. However, is used for Fiber-To-The home, building, and distribution this paper focuses on the review of relevant works in the points such as office, premises and for wireless physical layer security of GPON. communication [1]. It refers to the fact that every The rest of the paper is outlined as follows. component between the transmitter and the receiver Section 2 discusses briefly issues in PON security. Next, between CO and subscriber does not involve any active Section 3 focuses on the related work in the area. elements, which means the optical splitters that are Finally, the paper is concluded in Section 4. used to route data does not need any electrical power. PON uses TDM and wavelength division multiplexing (WDM) for full duplex connection. In WDM every user is assigned to a dedicated wavelength, which enables 2. SECURITY ISSUES IN GPON as illustrated in Figure 2.1 [3]. Furthermore, the attacker can exploit any reflection signal from the ODN splitter The data in this network is vulnerable to penetration. to eavesdrop the data of victim ONU [5]. Therefore, Nevertheless, the most observed security threat is the malicious in the upstream channel is difficult to identify fact that all end devices (ONUs) can receive the traffic due to passive nature elements in the optical network. which is broadcasted in the downstream direction. All ONUs receive the broadcasting communication message before data encryption and captures the secret keys in setup stages. Furthermore, the secret encryption keys sent as plain texts according to the ITU-T G.984 standard. Therefore, the malicious can decrypt the information if they observed the secret keys [2]. On the other hand, any access network is exposed to various intrusions, due to the intended or unintended attacks [2]. Furthermore, the ONUs can send the data outside of their pre-assigned time-slots due to the shortage of functionality. Besides that, if a malicious ONU does not follow the procedures of the OLT’s directive and assigns frames outside its located time- slots, the upstream collisions may occur with the other ONUs frame. The effect of frame collision will degrade Figure 2.1 Scenario denial of service attack [3] the service regarding an increased Frame Error Rate (FER) and transmission throughput degradation too. At that time, the malicious ONU could exploit bandwidth 3. REVIEW ON RELATED WORKS sharing mechanisms to obtain an inequitable amount of bandwidth [3]. PON’s security is considered as one of the most The physical layer of PON is vulnerable to a variety significant matters that needs urgent attention as it can type of attacks; jamming, eavesdropping and an lead to higher risk more in future PON that has longer interception. Intercepting optical fiber is not difficult if much distance and involve more subscribers. The the fiber itself is exposed and without physical previous study reviews security attack in a splitter in preservation. For example, tapping the fiber by both upstream and downstream communications. removing off the protective material, such as optical However, few prior works in the literature review fiber cladding so that will allow for a small portion of the address the signal injection attack. A part of these light to escape out from optical fiber [4]. Intercepting studies focus on security weaknesses and threats in the the adjacent channel through crosstalk is another physical layer. method of eavesdropping to occupy impersonating of Malina, et al. malicious can access the splitter in the clients. These types of attack happen in wavelength- the upstream communication channel and split the division-multiplexing (WDM) networks, due to different signal from ONU [2]. Furthermore, The OLT broadcast channels used for different subscribers. Nevertheless, the data in the downstream communication channel to channels demultiplexers do not have ideal channel all ONUs; which give a chance to ONU users to read the isolator, which leads to a little amount of power leakage message. On the other hand, an adversary can intercept from those channels. Thus, give a chance for the command and PLOAM messages which carry a eavesdroppers to intercept [4]. secret key and try to decrypt message because OLT Furthermore, in the current PON implementation, transmits the command in the last state with the frame security requirements such as authentication and and the secret key three times as plain text. The authors encryption are optional and, in the downstream proposed a novel key establishment protocol and data communication from OLT to ONU, the secret encryption encryption used between the ONU unit and the OLT. key is sent as sent as plain texts according to the ITU-T The proposed key establishment protects against G.984 standard [2]. Meanwhile, the upstream eavesdroppers, impersonating and replay attack. communication link from ONU to OLT is not encrypted, Furthermore, the protocol protects against forgery and and it is vulnerable to a variety of attacks, including modification attacks, online and offline dictionary denial of service (DoS) which jams a network, attack as well as against weak password leakage. eavesdropping and masquerade that is also known as Harald and Schupke reported that intrusion by reply attack. Moreover, DoS attack can take place when malicious ONU such as signal injection attack leads to a continuously transmitting upstream signal with high jamming and reduce network accessibility [6]. enough power at an Optical Network Unit (ONU) is Moreover, DoS attack can take place when a injected to block all other ONUs from getting their data continuously transmitting upstream signals with high enough power at an Optical Network Unit to block all communication to block other ONUs from other ONUs from getting their data. They proposed an getting their data. automatic method permit to disconnect the user from - Masquerade or spoofing attack (replay the network. Figure 3.1 illustrates two different attack): A malicious ONU intercepts, and technologies for the optical switches. In Figure 3.1(a), decrypts the data of other ONUs and it's the data wavelength and an invocation wavelength can easy to steal the identity of the victimized process through the CWDM filter. After that, when ONU to camouflage and behave as the operators identify the malicious, they will send an victimized ONU. invocation signal, and absorptive dye becomes opaque and thus can shut down the port. In Figure 3.1(b), a The paper also reviewed different techniques to portion of the signal is tapped off and passes to a monitor TDM-PON and minimized the hazard of attack photodiode (PD) to produce a voltage, and that applies through the network monitoring devices such as Optical to the Mach-Zehnder Modulator (MZM) to switch the Time domain Reflectometer (OTDR), loopback fiber optically off. modulation in ONU by adding a unique signature for the ONUs traffic, Optical power monitoring, active Optical switch and Passive fuse. Pawel Laka and Lukasz proposed a method of hidden data transmission in optical networks [8], through aggregation of the public signal with stealth channel as illustrated in Figure 3.2. It is depended on direct spread spectrum method where the weight of spreading code should be around 25% which mean that if the total code length was 100%, then it had 25 ones and 75 zeros. The functionality of hidden data has been successfully achieved. In the end, they recommended Figure 3.1 Technologies for the optical switch [6] increasing the number of spreading code to achieve a high throughput of hidden information. Sanda Drakulic, et al. explained that the malicious can gain more bandwidth by sharing the upstream transmission link [3]. Furthermore, when ONU malicious transmit the data outside of their pre-assigned time- slots, "the collisions may occur with the frames of other well-behaving ONUs" and will influence transmission Control Protocol (TCP) in term of increasing (BER). In this paper, investigations clarify how such a degradation attack can affect the throughput of Transmission Control Protocol connections (TCP) initiated between the servers and ONUs. In this paper, they proposed an algorithm that mitigates the influence degradation attacks, just by adding to the packets of the malicious ONU more delay to magnitude the Round Trip Time (RTT) and getting back the fairness of bandwidth assignment. L.G. Kazovsky, et al. reported that the generation Figure 3.2 Diagram of optical steganography of TDM-PON network is vulnerable due to sharing the technique [8] physical broadcasting medium between all ONUs in the downstream communication link [7]. The weakness and Zhenxing Wang, et al. proposed the use of optical vulnerability of the current TDM-PON is summarized as code division multiple access techniques (OCDMA) to follows: maintain the transmitted data from eavesdroppers [9]. - Eavesdropping: A malicious ONU can Besides that, they introduced the application of physical intercept the reflected signal from the encoding to the optical network. Furthermore, they splitter and read the data that sent to any represented various optical approaches to be other ONUs. implemented in physical encoding such as M-ary which - Denial of service (DoS) attack: A malicious is used instead of two code key modulations (OOK), ONU sends continuously signal with a high dynamic code scrambling represented instead of using enough power in the upstream the static code to keep the code changing sequentially and last approach optical code transformation. Wang and Prucnal reported that optical network Table 3.1 Related Works on GPON Security is vulnerable to a variety of attacks such as jamming, Ref Titles Details physical infrastructure attacks, eavesdropping and Point of Reported that, PON is exposed to a interception [4]. They proposed a different approach to Pawel attacks variety of attacks such as jamming, Laka and eavesdropping, and information maintain optical network represented in optical XOR Lukasz, interception. gate, OCDMA and Steganography. They successfully 2015 [8] Proposed Proposed a novel method of hidden achieve the concept of an optical XOR enhanced by Solution data transmission of the physical layer encryption. The research approved that; steganography in the optical networks based on direct spread spectrum code length. does not fulfil the purpose of signal privacy without Point of Reported that the secret key improving by temporal phase modulation onto the Lukas attack encryption sent as plain texts according stretched stealth signal before transmitting. The Malina, to the ITU-T G.984 in downstream studying confirmed that OCDMA increases the et al., communication. 2015 [2] Proposed Proposed a novel key establishment authentication, confidentiality, and availability of the Solution protocol and data encryption runs optical access network through survivable and between the ONU unit and the OLT. orthogonal coding and optical ring architecture. Point of Reported that the OOK modulation had Zhenxing attack been proved to be vulnerable to David and Kazovsky focused on security issues in Wang, et various attack and eavesdropping. al.,2012 Proposed Proposed OCDMA technique to TDM-PON which include denial of service attacks, [9] Solution maintain the transmitted data from eavesdropping, and masquerading [5]. The results eavesdroppers and introduced the found are consistent to the results that obtained in the application of physical encoding in the paper [7]. They approved that the malicious ONU can optical network. Sanda et Point of Reported that ONU spiteful could intercept the upstream data from the Victim ONU al, 2012 attack transmit the information outside of through the reflected signal that occur in the ODN as [3] their pre-assigned time-slots, the shown in Figure 3.3 below. collisions may occur with the Error frames. Proposed Proposed an algorithm that overcomes Solution the impact of degradation attacks, just by adding at the OLT an additional delay to the packet’s frame of malicious ONU. Point of Reported that the attacker could send L.G. attack an in-band frequency similar to original Kazovsky data frequency that can block some or et the whole ONU al.,2011 Proposed Review countermeasure techniques [7] Solution 1- Optical power monitoring sub- systems. 2-Passive fuse (carbon-coated TeO2) to expel troubling users. Point of Reported that the optical network is attack vulnerable to a variety of the attacks Wang such as jamming, physical infrastructure attacks, eavesdropping, and and an interception Prucnal, Figure 3.3 Approach of reflected signal setup [7] 2011. Proposed Proposed a different approach to [4] Solution maintaining optical network represented in optical XOR gate, OCDMA and Steganography
David Point of Focused on security issues in TDM-PON
and attack which include denial of service attacks, Kazovsky, eavesdropping, and masquerading 2007 Proposed Approved that the malicious ONU can [5] Solution intercept the upstream data from the Victim ONU through the reflected signal from the ODN Point of Reported that intrusion by malicious Harald et attack ONU such as signal injection attack lead al., 2006 to jamming and reduce network [6] accessibility The Proposed an automatic method permit Solution to disconnect the client from the network through the techniques of absorptive dye filter and CWDM Mach- Zehnder filter 5. CONCLUSIONS 7. REFERENCES
GPON is a great technology used to provide a
[1] M. Chardy, M. C. Costa, A. Faye, and M. Trampont, comprehensive service for a different application of "Optimizing splitter and fiber location in a FTTX where a large number of subscribers desire to have multilevel optical FTTH network," European more bandwidth due to the features of this technology Journal of Operational Research, vol. 222, no. 3, pp. with lower network cost service and maintenance. This 430-440, 2012. paper summarized several previous related works on [2] L. Malina, P. Munster, J. Hajny and T. Horvath, security weaknesses which is relevant to the GPON. "Towards secure Gigabit Passive Optical Networks: Apart from that, proposed solutions to overcome these Signal propagation based key establishment," weaknesses were also provided. 2015 12th International Joint Conference on e- Business and Telecommunications (ICETE), Colmar, 6. ACKNOWLEDGMENTS 2015, pp. 349-354. [3] S. Drakulic, M. Tornatore and G. Verticale, The authors would like to acknowledge the "Degradation attacks on Passive Optical financial support received from the Ministry of Higher Networks," 2012 16th International Conference on Education (MOHE) and Universiti Teknologi Malaysia Optical Network Design and Modelling (ONDM), (UTM) through Fundamental Research Grant through Colchester, 2012, pp. 1-6. vote no. 5F086 and UTM Industry/International Grant [4] M. P. Fok, Z. Wang, Y. Deng and P. R. Prucnal, with vote no.4B385. "Optical Layer Security in Fiber-Optic Networks," in IEEE Transactions on Information Forensics and Security, vol. 6, no. 3, pp. 725-736, Sept. 2011. [5] D. Gutierrez, J. Cho and L. G. Kazovsky, "TDM-PON Security Issues: Upstream Encryption is Needed," OFC/NFOEC 2007 - 2007 Conference on Optical Fiber Communication and the National Fiber Optic Engineers Conference, Anaheim, CA, 2007, pp. 1-3. [6] H. Rohde and D. A. Schupke, “Securing Passive Optical Networks Against Signal Injection Attacks,” Optical Network Design and Modeling Lecture Notes in Computer Science, pp. 96–100,2006. [7] addressing reach extension and security weaknesses," in IET Optoelectronics, vol. 5, no. 4, pp. 133-143, August 2011. [8] P. Laka and L. Maksymiuk, “Steganographic transmission in optical networks with the use of direct spread spectrum technique,” Security and Communication Networks, vol. 9, no. 8, pp. 771– 780, 2015. [9] Zhenxing Wang and Mable P Paul R. Prucnal, “Physical Encoding in Optical Layer Security,” Princeton University, Princeton, NJ, 08544, USA, 2012.