Professional Documents
Culture Documents
Template IAT 2020 Mostar 111
Template IAT 2020 Mostar 111
Abstract: The growth of internet traffic over the past decade has been constant.
The projections are that this growth will continue. Using a smart wireless device,
we communicate, entertain, socialize and manage, for example, electrical
appliances in the home. The transmission of all this data involves an enormous
increase in internet traffic. The question is which medium can solve the problem
of large amounts of data and long-distance data transmission. Optical fiber as a
medium and AON (All Optical Networks) have the highest transmission capacity.
Optical networks are the solution to the problem of the amount and distance of
data transmission. Within AON, data are transmitted over distances of several
thousand kilometers from source to destination in optical domain. All signal
transmission and switching are performed in the light optical domain. AON at the
optical level are vulnerable at the physical level of network in terms of security.
This paper addresses the issue of AON security at the physical level, with types of
attacks and types of protection against tapping and passive data analysis at the
physical level of ON.
1. Introduction
Optical fibers as the transmission medium and AON optical networks, have the
highest data transmission capacity. Optical networks are the solution to the
problem of broadband transmission media. Initially, ON represented practical
connecting routes between distant concentration points of TCN
(Telecommunications Networks). With the development of optical network
components, AON have evolved in terms of increasing transmission distance and
channel capacity. Currently available commercial AON operate at a transmission
speed of 400 Gb/s per wavelength, with multiple Tb/s per fiber [1]. The AON
signal transmission distances are several thousand kilometers, the transmission of
the entire signals is performing in the light optical domain.
Such, AON in the literature are also called transparent networks. Optical-level
switching AON are vulnerable at the physical level in terms of security. The first
level of AON security defense, as with all other TK networks, begins at the logical
level of the network model [2]. However, it is a roof level of protection, and a
basic physical level must be ensured to build security throughout the system. This
paper addresses the issue of AON security at the physical level.
The concept of security is a state of mind. The first line of security for
telecommunication networks is built on the logical network layer of the TCP IP
Network Reference Model (Transmission Control Protocol / Internet Protocol).
However, building secure top-level of network without the security of the
underlying physical layer does not make the system reliable.
Current industry standards focus on data theft attacks from higher-level TCP IP
network models. Attacks on the physical level of AON have been neglected in
some way. The sophistication of the equipment needed to carry out a specific
attack has left even professionals in the optical communications field convinced
that AON are safe on a physical level.
However, eavesdropping devices were discovered on Deutsche Telekom's main
fiber optic links in 2000. Then, illegal eavesdropping devices were also discovered
on Verizon's optical network near Frankfurt Airport in 2003. Subsequently, a
number of eavesdropping in Europe were recorded are growing [4]. So AON,
which transmit high-speed signals in the light domain, are vulnerable to attacks in
the domain of the physical layer of the network.
An attack on the security of an AON network is defined by any action that aims to
impair the confidentiality, integrity and availability of data transmission functions
in the light domain [5].
Attacks on the security of physical layer AON can be divided into several ways.
The first division of the attack is by threat to the basic premises of information
security:
2. Integrity: In this case, the attacker tries to modify the actual data
being transmitted
3. Accessibility: In this case the attacker tries to obstruct the access
of the authorized subjects to the data.
The second way of classification is simpler, the attacks are divided according to
the damage they cause:
The simplest method for tapping is an insider attack. The attacker regularly
subscribes - logs into AON, and then eavesdrops on listening signals from his
adjacent communication channels through special equipment. Another type of
insider attacks that eavesdropping performed on switch ports or DWDM nodes
that are designed to analyze and control traffic. These kinds of attacks are very
difficult to detect because they leave no trace and analyze the data passively.
Other methods of tapping require physical contact with an AON optical fiber
through which light signals are transmitted. In order to make physical contact with
the optical fiber in the cable, it is necessary to remove all levels of protection of
the fiber in cable: the sheath of the optical cable, the secondary protective carbon
fibers, the protective tubes, and finally the polymer protection on the fiber itself.
In practice, this is not a simple process.
4
When access is made to the optical fiber, then fiber could be bent enough to
compromise internal reflection. Compromising internal reflection cause decuple
some percentage of the primary mode of the transmitted light signal. So, Fiber
bending is done so that a smaller percentage of the light signal leaves - leaks from
the fiber optic core. A minimum percentage of the signal is taken for
eavesdropping to make it difficult to detect the loss of optical signal budget on the
receiving side. That is, in order for the regular receiver to detect the attack as hard
as possible. Figure 1 shows the basic schematic of the wiretap as well as the
detection using the OTDR (Optical Time Domain Reflectometer) [6]. The light
emitted due to bending from the optical fiber using prisms is directed to the optical
fiber of the tapping device and then to the opto/electronic convector, after which
the data obtained is analyzed.
Figure 1. a) Basic fiber tapping metod [7], b) OTDR detection of band tapping.
Tapping
Type of attack Characteristic of attack
attack
Insider attacks on service ports
Insider attacks
or system monitoring ports.
The most common form of
attack. Equipment for this type
Bend tapping of attack is inexpensive and
commercially available, but it is
easy to detection.
It requires extremely precise
Evanescent tapping fiber processing, the more
difficult it is to detect.
Requires extremely accurate
Raleigh Scatter tapping
equipment, it is undetectable.
Addressing security issues during AON design is the best and most effective
method of protecting AON. The original ON security was only ensured by
encoding the data when transmitting it. However, this protection has proved to be
insufficient so that encoding and encryption are now used to protect the three
basic security postulates. The basic problem-solving protocol at the physical level
is the detection of the problem, after which the problem is specifically located and
protection is performed from the detected attack. Finally, make reconstruction or
restoration system.
In order to detect a problem that is not a physical break in the AON network,
there must be certain methods. Locating and detecting attacks are performed by
methods of statistical analysis and comparison of AON status across different
periods. Deviation in the power level, deviation in the spectrum of transmitted
signals, increase of BER (Bit Eror Rate) indicate changes in the parameters of the
AON communication channel. If these changes are not announced and planned
then arises suspicion - activates the alarm for intentional unauthorized access to
resources AON. So any changes to the system are recorded and a statistical
analysis is made indicating the anomalies that need to be addressed. Trial
measurements - a pilot signal, then monitoring measurements with OTDR also
indicate system anomalies that alarm a possible attack on AON security.
Until the first physical level attacks were detected, the protection of AON
security in the domain of transmission of light signals was done through their
encoding. The encoding was done more because of the efficient use of the
waveband, but it was also considered to provide a sufficient level of protection
due to the technical complexity of the coding system. However, after the detection
of the attack at the physical level, additional encryption protection is installed and
7
Slika 12. a) OCDMA sistem kodiranja, b) Zaštitni ruta realizovana na OCDMA modelu [6].
The advantage of OCDMA encoding is its large cardinal number and soft
blocking. Soft blocking denotes adaptability to the needs of communication
channels. Soft blocking implies that the addition or subtraction of simultaneous
transmissions in the AON access nodes can be done without further modifications
to the hardware. The soft blocking feature gives more scalability to OCDMA than
WDM or TDM technologies. OCDMA on the same fiber count as WDM or TDM
has much higher spectral efficiency. The soft blocking feature can be used to form
protective routes. If the security routes are formed at the physical level then for
protection option 1: N we have N standby protection routes that are activated if the
work route interrupts. In the case of the 1 + N protection option, N protection
routes are provided that run in parallel, the first being the primary route, and if it
cancels its role, the next route takes over. This type of protection is designed only
for very important golden users. Using the advantages of OCDMA on the same
route in the same transmission band, transmission links with different transmission
rates can be formed. This feature allows it to perform protection with a fast-
primary communication link and with a slow security link. If the high-speed
channel interrupts the complete data transmission, the router is routed to the slow
protection channel. Disrupting a fast link does not cause a service interruption but
results in a partial decline in QoS quality.
Another way to protect AON against tapping is encryption. AON physical layer
data privacy protection could be done by encrypting the original content. By
encryption definition, encrypted data cannot be translated by an attacker into the
original message without a unique key. Compared to electrical encryption,
encryption in the light domain has less wait time for data processing - lower
latency and higher speed. In addition, encryption, as a process, does not produce
additional lateral electromagnetic waves that could serve an attacker to discover a
9
The encryption data and orthogonally polarized keys are propagated via a 3 dB
lossy capler, then amplified via an EDFA (Erbium Doped Fiber Amplifaer)
amplifier and fed to the BI-NLF in which the FWM signal encryption effect
occurs. The undesirable effect is that additional bi-polarized signals are obtained
in Bi-NLF. These additional lateral signals are filtered with BPF [23]. On the
receiving side, a reverse process takes place, wavelength reconversion, decoding
and decryption are done. The result of encryption of the OCDM sequence by band
interleaving is given in Figure 14.
4. Conclusion
The large amount of data they transmit makes AON a permanent target for attacks
and a potential network security issue. Protection on the logical part of the
network is in constant development and implementation. However, protection on
logical level is roof top protection that is not complete without protection at the
11
physical level of the optical network. This paper deals with the main weaknesses
of optical networks in the domain of security at the physical level. In this gives
work reviews the types of eavesdropping attacks that attackers can perform, as
well as potential attack sites. A description of the damage they cause is also given
for all attacks. The second part deals with countermeasures, ie types of protection
against various attacks. In addition, the encryption and encryption on the physical
layer of optical networks were processed. There is no complete security of the
physical layer of optical networks. Security is built and improved primarily by
increasing the loyalty of the technical network operational staff of optical
networks, the full implementation of existing surveillance and protection systems,
and the constant development of new security methods.
References
[1] Uvod u optičke mreže, Digital Broadcasting and Broadband Technlogies (Master Studies)
Erasmuss Projecet No.561688-EPP-1-2015-1-XK-EPPKA2-CBHE-JP
[2] Stamatios V. Kartalopoulos, Next Generation Intelligent Optical Networks, Springer 2008.
[3] Godišnji izvještaj o razvoju BiH 2018, Državna Direkcija za planiranje ekonomskog
razvoja BiH 2019.
[4] K. Manousakis, G. Ellinas, Attack-aware planning of transparent optical networks, Optical
Switching and Networking (2015), http://dx.doi.org/10.1016/j.osn.2015.03.005i
[5] Mable P. Fok, Zhexing Wang, Yanhua Deng, , and Paul R. Prucnal, Optical Layer
Security in Fiber-Optic Networks, IEEE Transactions on information forensics and security,
Vol. 6, No. 3 1556-6013, Septembar 2011.
[6] Josua S.White, Adam W. Pilbeam, An analaysis of Coupling Attack in High Speed Fiber
Optic Networks, Enable Photonic Tecnologies for Defense 2011. SPIE DOI:
10.1117/12883550
[7] Fiber-Tapping Detection with the ONMSI Optical Network Monitoring System, © 2015
Viavi Solutions Inc. Product specifications and descriptions fiber-tapping-an-fop-nse-ae
30176152 900 0415
[8] Nina Skorin-Kapov, Marija Furdek, Szilard Zsigmond, and Lena Wosinska, Physical-Layer
Security in Evolving Optical Networks, IEEE Communications Magazine • August 2016
[9] Marija Furdek and Nina Skorin-Kapov, Physical-Layer Attacks in Transparent Optical
Networks, Intechopen, DOI: 10.5772/29836, march 2012
[10] A. Teixeira, at - all, Security Issues in Optical Networks Physical Layer, ICTON 2008 978-
1-4244-2626-3/08/$25.00 ©2008 IEEE
[11] Nina Skorin-Kapov, Jiajia Chen, and Lena Wosinska, A New Approach to Optical
Networks Security: Attack-Aware Routing and Wavelength Assignment, IEEE/ACM
TRANSACTIONS ON NETWORKING, VOL. 18, NO. 3, JUNE 2010
[12] R. Rejeb, M.S. Leeson, R.J. Green, Multiple attack localization and identification in all-
optical networks, Optical Switching and Networking 3 (2006) 41–49
[13] Y. Xiao, et al., Polar coded optical OFDM system with chaotic encryption for physical-
layer security, Optics Communications (2018),
https://doi.org/10.1016/j.optcom.2018.10.015
12
[14] Xuelin Yang, Chaotic Signal Scrambling for Physical Layer Security in OFDM-PON, 978-
1-4673-7880-2/15/$31.00 ©2015 IEEE
[15] Ayushi Sharma, Varun Kumar Kakar, Security Performance and Enhancement of Physical
Layer in Optical- CDMA With Multicode Keying Encryption, Conference Paper (PDF
Available) · November 2017 DOI: 10.1109/ICETCCT.2017.8280295
[16] Mable P. Fok* and Paul R. Prucnal, All-optical encryption based on interleaved waveband
switching modulation for optical network security, Optical Society of America 0146-
9592/09/091315-3 2009
[17] Paul R. Prucnal, Mable P. Fok, Yanhua Deng, and Zhenxing Wang, Physical layer security
in fiber-optic networks using optical signal processing, SPIE-OSA-IEEE/ Vol. 7632
76321M-1
[18] Haoshuo Chen and A.M.J. (Ton) Koonen, Spatial Division Multiplexing, Springer
International Publishing Switzerland 2017, Fibre Optic Communication,Springer Series in
Optical Sciences 161, DOI 10.1007/978-3-319-42367-8_1
[19] Ivan B. Djordjevic and Xiaole Sun, Spatial Modes-Based Physical-Layer Security, 978-1-
5090-1467-5/16/$31.00 ©2016 IEEE
[20] Kyle Guan, Peter J. Winzer, Emina Soljanin, Information-Theoretic Security in Space-
Division Multiplexed Fiber Optic Networks, 978-1-55752-950-3/12/$31.00 ©2012 Optical
Society of America