Proceedings of LCRG Colloquium 2019

Lightwave Communication Research Group

School of Electrical Engineering
Universiti Teknologi Malaysia

Physical Layer Security Mitigation Techniques in

Gigabit Passive Optical Networks (GPON): A Review
Nadiatulhuda Zulkifli1*, Salim M. A. Al-Hinai1, Asrul Izam Azmi1, Muhammad Yusof
Mohd Noor1, Arnidza Ramli1, Nik Noordini Nik Abd Malik1, Raja Zahilah2,
Muhammad Al Farabi Muhammad Iqbal1, Sevia M Idrus1
1School of Electrical Engineering, UTM, 81310 Skudai, Johor, Malaysia
2School of Computing, UTM, 81310 Skudai, Johor, Malaysia
*Corresponding author: nadiatulhuda@utm.my

ABSTRACT increased bandwidth for each user thus ensuring that

Passive Optical Network (PON) is a promising solution to
the last-mile problem in access networks. However,
security is a very crucial aspect to be considered
especially in the current environments that are
characterized by much larger data transport capacity.
Moreover, securing the physical layer requires urgent
attention as it will become more critical in future PON
that has much longer distance with the involvement of
more users. Thus, it is vulnerable to a variety of attacks,
including denial of service (DoS) which jams a network,
eavesdropping and masquerade. DoS attack can take
place when a continuous upstream signal is transmitted
from Optical Network Unit (ONU) to Optical Line
Terminal (OLT) with high enough power, causing the OLT
to receive the data with high bit error rate. Taking into
account the importance of this issue, this paper aims to
review relevant development in the area of GPON
physical layer security.
Keywords: FTTS, PON, optical access networks
1. INTRODUCTION
Passive Optical Network (PON) is the infrastructure that
is used for Fiber-To-The home, building, and distribution
points such as office, premises and for wireless
communication [1]. It refers to the fact that every
component between the transmitter and the receiver
between CO and subscriber does not involve any active
elements, which means the optical splitters that are
used to route data does not need any electrical power.
PON uses TDM and wavelength division multiplexing
(WDM) for full duplex connection. In WDM every user is
assigned to a dedicated wavelength, which enables
multiple data is transmitted through a single fiber,
however in TDM all of the users are assigned into one
wavelength with different time slots.
TDM-GPON operates through one wavelength
with different timeslots in upstream and downstream
communication from multiple users over a single mode
optical fiber and vice versa. In downstream connection,
GPON uses a broadcast mechanism to send data
packets, and for upstream GPON uses TDMA
mechanism to transmit data packets. The downstream
data rate ranges between 2.5 Gbps and upstream data
rates are between 1.25 Gbps. The single mode optical
fiber that is connected from CO to the subscriber
location has a splitter in between which splits the
optical power into separate N paths depending on the
number of subscribers in the system, the distance that
can be covered for this transmission through the optical
fiber from OLT to ONU is 20 km.
Eventough GPON typically provides a standard
security procedure for authentication, data encryption
and key establishment, it is still become the subject of
security threat. This is mainly due to the broadcast
communication nature between OLT to ONU and shared
medium between ONUs in their communication with
OLT. In general, security aspects in GPON can be viewed
from the different OSI communication layer. However,
this paper focuses on the review of relevant works in the
physical layer security of GPON.
The rest of the paper is outlined as follows.
Section 2 discusses briefly issues in PON security. Next,
Section 3 focuses on the related work in the area.
Finally, the paper is concluded in Section 4.
 2. SECURITY ISSUES IN GPON
The data in this network is vulnerable to penetration.
Nevertheless, the most observed security threat is the
fact that all end devices (ONUs) can receive the traffic
which is broadcasted in the downstream direction. All
ONUs receive the broadcasting communication
message before data encryption and captures the secret
keys in setup stages. Furthermore, the secret encryption
keys sent as plain texts according to the ITU-T G.984
standard. Therefore, the malicious can decrypt the
information if they observed the secret keys [2].
On the other hand, any access network is exposed
to various intrusions, due to the intended or unintended
attacks [2]. Furthermore, the ONUs can send the data
outside of their pre-assigned time-slots due to the
shortage of functionality. Besides that, if a malicious
ONU does not follow the procedures of the OLT’s
directive and assigns frames outside its located time-
slots, the upstream collisions may occur with the other
ONUs frame. The effect of frame collision will degrade
the service regarding an increased Frame Error Rate
(FER) and transmission throughput degradation too. At
that time, the malicious ONU could exploit bandwidth
sharing mechanisms to obtain an inequitable amount of
bandwidth [3].
The physical layer of PON is vulnerable to a variety
type of attacks; jamming, eavesdropping and an
interception. Intercepting optical fiber is not difficult if
the fiber itself is exposed and without physical
preservation. For example, tapping the fiber by
removing off the protective material, such as optical
fiber cladding so that will allow for a small portion of the
light to escape out from optical fiber [4]. Intercepting
the adjacent channel through crosstalk is another
method of eavesdropping to occupy impersonating of
the clients. These types of attack happen in wavelength-
division-multiplexing (WDM) networks, due to different
channels used for different subscribers. Nevertheless,
channels demultiplexers do not have ideal channel
isolator, which leads to a little amount of power leakage
from those channels. Thus, give a chance for
eavesdroppers to intercept [4].
Furthermore, in the current PON implementation,
security requirements such as authentication and
encryption are optional and, in the downstream
communication from OLT to ONU, the secret encryption
key is sent as sent as plain texts according to the ITU-T
G.984 standard [2]. Meanwhile, the upstream
communication link from ONU to OLT is not encrypted,
and it is vulnerable to a variety of attacks, including
denial of service (DoS) which jams a network,
eavesdropping and masquerade that is also known as
reply attack. Moreover, DoS attack can take place when
a continuously transmitting upstream signal with high
enough power at an Optical Network Unit (ONU) is
injected to block all other ONUs from getting their data
as illustrated in Figure 2.1 [3]. Furthermore, the attacker
can exploit any reflection signal from the ODN splitter
to eavesdrop the data of victim ONU [5]. Therefore,
malicious in the upstream channel is difficult to identify
due to passive nature elements in the optical network.
Figure 2.1 Scenario denial of service attack [3]
3. REVIEW ON RELATED WORKS
PON’s security is considered as one of the most
significant matters that needs urgent attention as it can
lead to higher risk more in future PON that has longer
much distance and involve more subscribers. The
previous study reviews security attack in a splitter in
both upstream and downstream communications.
However, few prior works in the literature review
address the signal injection attack. A part of these
studies focus on security weaknesses and threats in the
physical layer.
Malina, et al. malicious can access the splitter in
the upstream communication channel and split the
signal from ONU [2]. Furthermore, The OLT broadcast
the data in the downstream communication channel to
all ONUs; which give a chance to ONU users to read the
message. On the other hand, an adversary can intercept
the command and PLOAM messages which carry a
secret key and try to decrypt message because OLT
transmits the command in the last state with the frame
and the secret key three times as plain text. The authors
proposed a novel key establishment protocol and data
encryption used between the ONU unit and the OLT.
The proposed key establishment protects against
eavesdroppers, impersonating and replay attack.
Furthermore, the protocol protects against forgery and
modification attacks, online and offline dictionary
attack as well as against weak password leakage.
Harald and Schupke reported that intrusion by
malicious ONU such as signal injection attack leads to
jamming and reduce network accessibility [6].
Moreover, DoS attack can take place when a
continuously transmitting upstream signals with high
enough power at an Optical Network Unit to block all
other ONUs from getting their data. They proposed an
automatic method permit to disconnect the user from
the network. Figure 3.1 illustrates two different
technologies for the optical switches. In Figure 3.1(a),
the data wavelength and an invocation wavelength can
process through the CWDM filter. After that, when
operators identify the malicious, they will send an
invocation signal, and absorptive dye becomes opaque
and thus can shut down the port. In Figure 3.1(b), a
portion of the signal is tapped off and passes to a
photodiode (PD) to produce a voltage, and that applies
to the Mach-Zehnder Modulator (MZM) to switch the
fiber optically off.
Figure 3.1 Technologies for the optical switch [6]
Sanda Drakulic, et al. explained that the malicious
can gain more bandwidth by sharing the upstream
transmission link [3]. Furthermore, when ONU malicious
transmit the data outside of their pre-assigned time-
slots, "the collisions may occur with the frames of other
well-behaving ONUs" and will influence transmission
Control Protocol (TCP) in term of increasing (BER). In this
paper, investigations clarify how such a degradation
attack can affect the throughput of Transmission
Control Protocol connections (TCP) initiated between
the servers and ONUs. In this paper, they proposed an
algorithm that mitigates the influence degradation
attacks, just by adding to the packets of the malicious
ONU more delay to magnitude the Round Trip Time
(RTT) and getting back the fairness of bandwidth
assignment.
L.G. Kazovsky, et al. reported that the generation
of TDM-PON network is vulnerable due to sharing the
physical broadcasting medium between all ONUs in the
downstream communication link [7]. The weakness and
vulnerability of the current TDM-PON is summarized as
follows:
- Eavesdropping: A malicious ONU can
intercept the reflected signal from the
splitter and read the data that sent to any
other ONUs.
- Denial of service (DoS) attack: A malicious
ONU sends continuously signal with a high
enough power in the upstream
communication to block other ONUs from
getting their data.
- Masquerade or spoofing attack (replay
attack): A malicious ONU intercepts, and
decrypts the data of other ONUs and it's
easy to steal the identity of the victimized
ONU to camouflage and behave as the
victimized ONU.
The paper also reviewed different techniques to
monitor TDM-PON and minimized the hazard of attack
through the network monitoring devices such as Optical
Time domain Reflectometer (OTDR), loopback
modulation in ONU by adding a unique signature for the
ONUs traffic, Optical power monitoring, active Optical
switch and Passive fuse.
Pawel Laka and Lukasz proposed a method of
hidden data transmission in optical networks [8],
through aggregation of the public signal with stealth
channel as illustrated in Figure 3.2. It is depended on
direct spread spectrum method where the weight of
spreading code should be around 25% which mean that
if the total code length was 100%, then it had 25 ones
and 75 zeros. The functionality of hidden data has been
successfully achieved. In the end, they recommended
increasing the number of spreading code to achieve a
high throughput of hidden information.
Figure 3.2 Diagram of optical steganography
technique [8]
Zhenxing Wang, et al. proposed the use of optical
code division multiple access techniques (OCDMA) to
maintain the transmitted data from eavesdroppers [9].
Besides that, they introduced the application of physical
encoding to the optical network. Furthermore, they
represented various optical approaches to be
implemented in physical encoding such as M-ary which
is used instead of two code key modulations (OOK),
dynamic code scrambling represented instead of using
the static code to keep the code changing sequentially
and last approach optical code transformation.
 Wang and Prucnal reported that optical network Table 3.1 Related Works on GPON Security
is vulnerable to a variety of attacks such as jamming, Ref Titles Details
physical infrastructure attacks, eavesdropping and Point of Reported that, PON is exposed to a
interception [4]. They proposed a different approach to Pawel attacks variety of attacks such as jamming,
Laka and eavesdropping, and information
maintain optical network represented in optical XOR Lukasz, interception.
gate, OCDMA and Steganography. They successfully 2015 [8] Proposed Proposed a novel method of hidden
achieve the concept of an optical XOR enhanced by Solution data transmission of the physical layer
encryption. The research approved that; steganography in the optical networks based on direct
spread spectrum code length.
does not fulfil the purpose of signal privacy without
Point of Reported that the secret key
improving by temporal phase modulation onto the Lukas attack encryption sent as plain texts according
stretched stealth signal before transmitting. The Malina, to the ITU-T G.984 in downstream
studying confirmed that OCDMA increases the et al., communication.
2015 [2] Proposed Proposed a novel key establishment
authentication, confidentiality, and availability of the
Solution protocol and data encryption runs
optical access network through survivable and between the ONU unit and the OLT.
orthogonal coding and optical ring architecture. Point of Reported that the OOK modulation had
Zhenxing attack been proved to be vulnerable to
David and Kazovsky focused on security issues in Wang, et various attack and eavesdropping.
al.,2012 Proposed Proposed OCDMA technique to
TDM-PON which include denial of service attacks, [9] Solution maintain the transmitted data from
eavesdropping, and masquerading [5]. The results eavesdroppers and introduced the
found are consistent to the results that obtained in the application of physical encoding in the
paper [7]. They approved that the malicious ONU can optical network.
Sanda et Point of Reported that ONU spiteful could
intercept the upstream data from the Victim ONU al, 2012 attack transmit the information outside of
through the reflected signal that occur in the ODN as [3] their pre-assigned time-slots, the
shown in Figure 3.3 below. collisions may occur with the Error
frames.
Proposed Proposed an algorithm that overcomes
Solution the impact of degradation attacks, just
by adding at the OLT an additional
delay to the packet’s frame of malicious
ONU.
Point of Reported that the attacker could send
L.G. attack an in-band frequency similar to original
Kazovsky data frequency that can block some or
et the whole ONU
al.,2011 Proposed Review countermeasure techniques
[7] Solution 1- Optical power monitoring sub-
systems.
2-Passive fuse (carbon-coated TeO2) to
expel troubling users.
Point of Reported that the optical network is
attack vulnerable to a variety of the attacks
Wang such as jamming, physical
infrastructure attacks, eavesdropping,
and
and an interception
Prucnal,
Figure 3.3 Approach of reflected signal setup [7] 2011. Proposed Proposed a different approach to
[4] Solution maintaining optical network
represented in optical XOR gate,
OCDMA and Steganography

David Point of Focused on security issues in TDM-PON

and attack which include denial of service attacks,
Kazovsky, eavesdropping, and masquerading
2007 Proposed Approved that the malicious ONU can
[5] Solution intercept the upstream data from the
Victim ONU through the reflected
signal from the ODN
Point of Reported that intrusion by malicious
Harald et attack ONU such as signal injection attack lead
al., 2006 to jamming and reduce network
[6] accessibility
The Proposed an automatic method permit
Solution to disconnect the client from the
network through the techniques of
absorptive dye filter and CWDM Mach-
Zehnder filter
 5. CONCLUSIONS
GPON is a great technology used to provide a
comprehensive service for a different application of
FTTX where a large number of subscribers desire to have
more bandwidth due to the features of this technology
with lower network cost service and maintenance. This
paper summarized several previous related works on
security weaknesses which is relevant to the GPON.
Apart from that, proposed solutions to overcome these
weaknesses were also provided.
6. ACKNOWLEDGMENTS
The authors would like to acknowledge the
financial support received from the Ministry of Higher
Education (MOHE) and Universiti Teknologi Malaysia
(UTM) through Fundamental Research Grant through
vote no. 5F086 and UTM Industry/International Grant
with vote no.4B385.
7. REFERENCES
[1] M. Chardy, M. C. Costa, A. Faye, and M. Trampont,
"Optimizing splitter and fiber location in a
multilevel optical FTTH network," European
Journal of Operational Research, vol. 222, no. 3, pp.
430-440, 2012.
[2] L. Malina, P. Munster, J. Hajny and T. Horvath,
"Towards secure Gigabit Passive Optical Networks:
Signal propagation based key establishment,"
2015 12th International Joint Conference on e-
Business and Telecommunications (ICETE), Colmar,
2015, pp. 349-354.
[3] S. Drakulic, M. Tornatore and G. Verticale,
"Degradation attacks on Passive Optical
Networks," 2012 16th International Conference on
Optical Network Design and Modelling (ONDM),
Colchester, 2012, pp. 1-6.
[4] M. P. Fok, Z. Wang, Y. Deng and P. R. Prucnal,
"Optical Layer Security in Fiber-Optic Networks," in
IEEE Transactions on Information Forensics and
Security, vol. 6, no. 3, pp. 725-736, Sept. 2011.
[5] D. Gutierrez, J. Cho and L. G. Kazovsky, "TDM-PON
Security Issues: Upstream Encryption is
Needed," OFC/NFOEC 2007 - 2007 Conference on
Optical Fiber Communication and the National
Fiber Optic Engineers Conference, Anaheim, CA,
2007, pp. 1-3.
[6] H. Rohde and D. A. Schupke, “Securing Passive
Optical Networks Against Signal Injection Attacks,”
Optical Network Design and Modeling Lecture
Notes in Computer Science, pp. 96–100,2006.
[7] addressing reach extension and security
weaknesses," in IET Optoelectronics, vol. 5, no. 4,
pp. 133-143, August 2011.
[8] P. Laka and L. Maksymiuk, “Steganographic
transmission in optical networks with the use of
direct spread spectrum technique,” Security and
Communication Networks, vol. 9, no. 8, pp. 771–
780, 2015.
[9] Zhenxing Wang and Mable P Paul R. Prucnal,
“Physical Encoding in Optical Layer Security,”
Princeton University, Princeton, NJ, 08544, USA,
2012.