1. A
Seminar Report
On
Secure Communication Over Fiber Optic Networks
Submitted By
Fiona Rozario
Under the Guidance of
Dr. Anup Vibhute
Semester I
Year 2015- 16
Department of Electronics and Telecommunication Engineering
Dr. D Y Patil Educational Enterprises Charitable Trust’s
Dr. D Y Patil School of Engineering & Technology
Dr. D Y Patil Knowledge City, Charholi (Bk.), Via. Lohgaon, Pune – 412 105
2. Dr. D Y Patil School of Engineering & Technology
DEPARTMENT OF ELECTRONICS & TELECOMMUNICATION
YEAR: 2015-2016
CERTIFICATE
This is to certify that Seminar-I report entitled
Secure Communication Over Fiber Optic Networks
By
Fiona Rozario
is a bonafied work carried on by her in partial fulfillment of the requirement for the award of
Degree of Master of Engineering in Electronics & Telecommunication (Communication
Networks) of Savitribai Phule Pune University.
Date:
Place: Pune
Dr. Anup Vibhute Prof. Mukund G. Wani
Guide H.O.D.
(E & TC Department) (E & TC Department)
3. ACKNOWLEDGEMENT
I would like to express my gratitude towards my Guide, Dr. Anup Vibhute for being a source of
encouragement and also being a critic yet appreciable reviewer during the course of the seminar.
I would also like to thank our M.E. coordinator, Prof. S. R. Patil, our H.O.D., Prof. Wani and our
respected Principal, Dr. Ashok Kasnale for their consistent encouragement during the course of
the seminar.
Finally, I take this opportunity to thank one and all who have extended, directly or indirectly, all
possible help in the successfully completion of the seminar.
Fiona Rozario
ME5206
4. INDEX
Chapter Contents Page No.
1 Introduction 1
2 Literature Review 2
3 Optical Networks and Security Issues 4
3.1 What is an optical network? 4
3.1.1 Principle of working of optical fibers 5
3.1.2 Fiber optic communication system 5
3.2 Security issues in optical networks 6
3.2.1 Security issues in network transmission 6
3.2.2 Security issues in optical amplifiers 7
3.2.3 Security issues in optical cross-connects 8
3.3 Security in optical networks 9
4 Encryption Systems 10
4.1 What is encryption? 10
4.2 Types of encryption algorithms 10
5 Optical Encryption Schemes 11
5.1 Optical CDMA (OCDMA) 12
5.1.1 Confidentiality analysis of OCDMA systems 13
5.2 Quantum cryptography 14
5.3 Chaos based encryption 17
5.4 Optical steganography 18
6 Conclusion 20
References 21
5. Chapter 1
INTRODUCTION
Optical networks form the backbone of the Internet and are an integral constituent of the physical
layer of these networks. Since the physical layer forms the bottom layer in the open systems
interconnection (OSI) model, the performance and security of the physical layer and especially
optical networks have a critical influence on the six layers above it. The security approach in upper
layers is limited by both, the processing speed of electronic devices and the capacity availability in
the optical network. Fundamental improvements can be achieved for the entire network by
increasing the optical network’s performance in terms of channel capacity, data rate, and
processing speed. Furthermore, the security of the optical network has an impact on the security of
the entire communication system. It is inherently risky to build a security system on top of a
physical infrastructure that is vulnerable to attacks. Hence defending the optical network against
attacks benefits the security of the upper layer.
The actual implementation of a threat or an attack may vary from network to network, owing to the
vast variety of optical networks. However, in spite of these many different modalities, the attacks
on optical networks can be broadly classified as:
• attack where an adversary tries to listen in on communications (confidentiality),
• attack where an unauthorized entity tries to communicate (authentication),
• attack where an entity alters or manipulates communication (integrity),
• attack where an adversary tries to subvert the successful delivery of communications
(availability), and
• privacy risks associated with an adversary observing the existence of communications
(privacy and traffic analysis).
The purpose of this report is to explore and compare the various security and encryption methods
available for optical networks, namely, fiber-based methods, optical key distribution, optical
steganography, and optical chaos-based communication.
6. Chapter 2
LITERATURE REVIEW
2. Encryption techniques in optical networks
The various encryption techniques in photonics can be broadly classified as following:
1. Optical CDMA
2. Quantum cryptography
3. Chaos based encryption
4. Optical steganography
2.1 Optical CDMA
In optical CDMA, multiple users are provided with orthogonal codes and the users can
share the same channel to transmit data simultaneously. This works similar to the CDMA
systems used by mobile users. In an optical CDMA network, multiple users have their
multiplexed codes overlapped. Hence, unless an eavesdropper has knowledge of the code
being used by a particular user, the user’s pulses cannot be recovered from the multiplexed
stream of pulses.
However, for a point-to-point link with only one pair of transmitters and receivers, the data
security may be vulnerable to attack. To secure point-to-point links, Wang et al. propose a
method to divide the original data stream into multiple data streams and then generate
multiplexed signals. The experiment results indicate that the system is robust against
various types of attack models [9].
2.2 Quantum cryptography
Quantum cryptography is not an algorithm to encrypt and decrypt data. Rather it is a
technique of using photons to generate a cryptographic key and transmit it to a receiver
using a suitable communication channel. The security provided by quantum key
distribution is high as it can also indicate the presence of an eavesdropper trying to receive
information about the key.
However, the transmission and detection of a single photon of light make this method
difficult to realize practically. Also, noise and attenuation in the fiber limit the transmission
range and data rate. Scheuer et al. use a large fiber laser to exchange the key so that each
user can compare the received signal with his or her own key to obtain the key generated
by the other user. Compared to quantum key distribution, this system allows longer ranges
and a higher key-establishing rate [9].
7. 2.3 Chaos based encryption
Chaos based encryption is a hardware based encryption technique. A random chaotic
waveform is generated at the transmitter end by a deterministic system. This chaos is used
to mask the confidential data. Only a receiver that has knowledge of how the chaos was
produced can reproduce the chaos to cancel it and retrieve the signal.
Besides providing confidentiality to the network, chaos-based communications also brings
a high level of robustness to data transmission. By spreading the narrowband signal into a
wideband signal, chaos-based communication can both create desired jamming and avoid
malicious jamming [9].
2.4 Optical steganography
In the basic approach to steganography, a short optical pulse is stretched temporally
through chromatic dispersion to give it a spectral width wider than the channel spectrum.
This merges the signal in the background noise of the public channel. With the right
dispersion compensation at the receiver, the stealth signal can be retrieved.
In addition to protecting the privacy of data transmission, a hidden channel in the public
network can also be applied to other security techniques for countering other possible
threats. For example, the stealth channel can be used to transmit information having a high
security level requirement, such as the key distribution for the encrypted public channel.
8. Chapter 3
Optical Networks and Security Issues
3.1 What is an optical network?
An optical network is a type of data communication network built with optical fiber
technology. It utilizes optical fiber cables as the primary communication medium for
converting data and passing data as light pulses between sender and receiver nodes.
A flexible transparent fiber of extremely pure glass or plastic, generally between 10 and
200 microns in diameter, through which light can be transmitted by successive internal
reflections, commonly used in telecommunications. An optical fiber consists of a core
through which light is transmitted and an outer surface called cladding.
Fig. 1 Optical Fiber
Through its use of light as a transmission medium, an optical network is one of the fastest
communication networks. It works by using an optical transmitter device to convert an
electrical signal received from a network node into light pulses, which are than placed on a
fiber optic cable for transport to a receiving device.
Unlike copper based networks, the light pulses of an optical network may be transported
quite a distance until the pulses are regenerated through an optical repeater device. After a
signal is delivered to a destination network, it is converted into an electrical signal through
an optical receiver device and sent to a recipient node.
Moreover, an optical network is less prone to external inference and attenuation and can
achieve substantially higher bandwidth speeds than copper networks.
9. 3.1.1 Principle of working of optical fibers
Optical fibers work on the principal of total internal reflection of light – when a ray of light
travelling from an optically denser medium to an optically rarer medium is incident on the
surface of separation of the media at an angle that is greater than the critical angle of the
pair of media, then the ray of light undergoes complete reflection back into the denser
medium instead of undergoing refraction.
Fig. 2 Total internal reflection
Hence, a ray of light travelling in an optical fiber undergoes total internal reflection in the
core (which is of a higher refractive index than the cladding).
Fig. 3 Total internal reflection in an optical fiber
3.1.2 Fiber optic communication system
When the input data, in the form of electrical signals, is given to the transmitter circuitry, it
converts them into light signal with the help of a light source. This source is of LED whose
amplitude, frequency and phases must remain stable and free from fluctuation in order to
have efficient transmission. The light beam from the source is carried by a fiber optic cable
to the destination circuitry, wherein the information is converted back to the electrical
signal by a receiver circuit.
The receiver circuit consists of a photo detector along with an appropriate electronic
circuit, which is capable of measuring magnitude, frequency and phase of the optic field.
This type of communication uses the wavelengths near to the infrared band that are just
above the visible range. Both LED and Laser can be used as light sources based on the
application.
10. Fig. 4 Block diagram of fiber optic communication system
There are three main basic elements of fiber optic communication system. They are
• Compact Light Source
• Low loss Optical Fiber
• Photo Detector
Accessories like connectors, switches, couplers, multiplexing devices, amplifiers and
splices are also essential elements in this communication system.
3.2 Security issues in optical networks
Network attacks can be categorized as [2]:
• Service disruptions, which prevent communication or degrade QoS
• Tapping, which compromises privacy by providing unauthorized access to the data
Attacks on optical networks may be aimed at:
• Network transmission
• Optical amplifiers
• Optical cross connects
3.2.1 Security issues in network transmission
There are various fiber optic tapping or eavesdropping methods, but most fall into the
following categories [1]:
a) Hooking into the ports: The attacker directly hooks the tapping device into one of
the ports of the optical amplifiers or repeaters. These devices provide the easiest
point of attack. However, hooking into a port is impractical if the critical points of
the network are physically well secured.
b) Splice methods: An optical fiber is spliced and an appropriate instrument is inserted
to allow the signal to transit to the attacker. Since there is a brief interruption of
data, this attack is detectable. However, if the downtime is short, the system
attributes the disturbance to a network glitch and allows data transmission to
continue.
11. c) Splitter coupler method: By bending the fiber to a certain radius that can
compromise total internal reflection, a small amount of light is made to leak out.
This does not break the fiber nor cause any disturbance in the data transmission.
The amount of light lost is less than 1%, which is sufficient to recreate the original
electrical signal. However, use of the modern bend-insensitive fibers renders this
attack futile.
d) Rayleigh tapping: Due to non-uniform density of core particles, Rayleigh scattering
takes place in the core, which scatters the light in all directions. Some of this light
refracts out of the fiber and is susceptible to be captured if an attacker is aware of
this phenomenon. The attacker needs to place a focusing device (like a lens) near
the fiber and focus the light onto a separate segment of fiber for analysis.
3.2.2 Security issues in optical amplifiers
The basic principle of amplification is through stimulated emission of radiation by atoms in
the presence of an optical (electromagnetic) signal. The gain medium receives energy
through a process called pumping, which raises some electrons into excited quantum states.
This is accompanied by absorption of photons from the incident electromagnetic field. The
transition of those electrons back into lower energy state is accompanied by emission of
photons of the same frequency, direction of propagation, phase and polarization as
the incident photons. Once the number of electrons in one excited state exceeds their
number in some lower-energy state, population inversion is achieved and the amount of
stimulated emission due to light that passes through is larger than the amount of absorption.
Hence, the light is amplified.
Due to the fact that the distribution of excited electrons is not uniform at various energy
levels within the amplifier’s passband, the gain of an EDFA depends on the wavelength of
the incoming signals, with a peak around 1532 nm. Each of the signals is granted photons
proportionally to its power level, which can lead to a gain competition.
This can be used to create an out-of-band
jamming attack. The attacker injects a powerful
signal on a wavelength different from those of
other, legitimate signals, but still within the
passband of the amplifier. The amplifier,
unable to distinguish between the attack signal
and legitimate data signals, will provide gain to
each signal indiscriminately. This means that
the stronger, attacking signal will be provided
with higher gain than weaker, legitimate
signals, robbing them of power. Thereby, the
QoS level on the legitimate signals will deteriorate,
potentially leading to service denial [2].
Fig. 5 Out-of-band jamming
12. 3.2.3 Security issues in optical cross-connects
Optical cross-connects (OXC) are wavelength selective and may also be referred to as
wavelength routing switches (WRS). The main hazard in their functioning is crosstalk.
There are two types of crosstalk [2]:
• out-of-band; occurs among adjacent lightpaths at different wavelengths, and
• in-band; occurs among lightpaths at the same wavelength
Out-of-band crosstalk usually occurs in optical fibers, especially under high power
conditions or long distances. It can also arise inside OXCs due to non-ideal demultiplexing,
where one channel is selected and the others are not perfectly rejected. Optical switches
may also produce out-of-band crosstalk due to imperfect isolation of different output ports.
In-band crosstalk occurs because switch ports are not perfectly isolated from each other.
Hence components of different signals transmitted on the same wavelength leak and
interfere with each other. This means that each channel that crosses through an optical
switch mixes with leakage from signals on the same wavelength.
Fig. 6 Out-of-band and In-band crosstalk in optical demultiplexers
In-band cross talk is more serious than out-of-band crosstalk. For example, if there are
unused ports at the output of a switch to which a tapper gains access, they can analyze
traffic and gain information carried at other signals on the same wavelength.
If an attacker injects a high-
powered signal, its components
will leak onto adjacent channels
on the same wavelength. This will
deteriorate the signal quality of
the transmission on those signals,
as shown in Fig. 7. Jamming
attacks exploiting in-band
crosstalk in switches have some of
the highest damage capabilities
among all attacks [2].
Fig. 7 Jamming attack
13. 3.3 Security in optical networks
Security in optical networks can be classified as:
• Physical security: ensures minimum privacy of data and QoS
• Semantic security – protects meaning of the data even if the attacker has already
reached it. This deals with cryptography.
14. Chapter 4
Encryption Systems
4.1 What is encryption?
Encryption is mathematically altering data (plaintext) in a consistent manner to form an
unintelligible ciphertext. Encryption is a reversible process and relies on a secret key to
encrypt plaintext to ciphertext and vice versa.
Fig. 8 Encryption and decryption
4.2 Types of encryption algorithms:
There are two types of encryption algorithms:
• Symmetric algorithms
• Asymmetric algorithms
Symmetric encryption schemes or Private encryptions schemes use a key (any text,
numbers, etc.) to encrypt data, and the same key is used to decrypt that data. The smallest
change in the secret key will fail to decrypt an encrypted message. For example, text that is
encrypted using AES encryption with key Infosec will fail to decrypt another cipher text
which was encrypted using key INFOSEC.
Asymmetric encryption schemes or Public encryption schemes use two sets of keys.
One key is called a public key and other is called a private key. A public key is used to
encrypt data whereas a private key is used to decrypt that data. Similar to symmetric
cryptography, the smallest change in any of the two keys will make them useless to get the
original data. A benefit of asymmetric cryptography is that you can share the public key
with the whole world so that they can use it to send you encrypted data. And the private
key is stored safely with the owner and is used for decryption. One disadvantage of this
type of cryptography is that if your private key is lost or leaked then you will have to
generate a new pair of public and private keys.
15. Chapter 5
Optical Encryption Schemes
Encryption protects data transmission by encrypting the original data into cipher text.
Without knowing the key for the encryption process, the eavesdropper cannot recover the
data. Compared with electronic circuits, optical processing and transmission devices have
lower latency and higher speed [9]. Fiber-based devices do not generate an electromagnetic
signature and hence the signal in the fiber neither radiates an electromagnetic signal nor is
it jammed by external electromagnetic interference. Although, compared to electronic
encryption, optical encryption has limited functionality; it still plays an important role in
areas that require both strong security and fast processing speed.
Fig. 9 Schematic diagram for optical encryption
The optical XOR logic has been investigated and studies by many researchers as a starting
point to optical encryption. The XOR logic is an important starting point for building
optical layer encryption since, in cryptography, combining XOR with feedback is essential
in generating long key streams from smaller keys. The implementations of block ciphers
require XOR, feedback, and feed-forward capabilities. Translating these building blocks
into the optical domain and using them together can provide a high-speed, electromagnetic
wave-immune encryption. However, practical optical implementations of the above
building blocks face many challenges. Notably, optical systems are susceptible to noise
accumulation and the propagation of undesirable logic levels.
As mentioned earlier, optical encryption schemes can be categorized as:
1. Optical CDMA
2. Quantum cryptography
3. Chaos based encryption
4. Optical steganography
16. 5.1 Optical CDMA (OCDMA)
OCDMA draws its analogy from the wireless spread spectrum CDMA systems. Where
CDMA employed frequency domain spreading/despreading, OCDMA employs time
domain spreading/despreading. An optical short pulse is spread over a one-bit duration T
by encoding. The decoding time-despreads the signal, reconstructing the signal if the codes
between the encoder and decoder match [3]. The signal remains spread over T if the codes
do not match.
Fig. 10 Principle of OCDMA system
In a typical OCDMA system, each data stream is encoded with a specific code and it can be
decoded only with the corresponding decoder. Since it is a multiple access system, many
codes (orthogonal to each other) can exist in the transmission channel, which overlap in
time and optical spectrum. Hence, without a priori knowledge of the codes, a given signal
cannot be detected.
OCDMA codes are divided into two groups [4]:
• Coherent OCDMA codes: employs specific phase pattern to create codes in the spectral
domain or the temporal domain. One such scheme is the spectral-phase encoding (SPE)
scheme. A mode-locked laser (MLL) is used as the optical source, which generates very
short repeating optical pulses. In the spectral domain, the optical pulses are represented
by a series of coherent spectral components. After passing through a SPE encoder,
different spectral components experience different phase shifts, forming a SPE code
pattern. At the receiver, the SPE decoder performs conjugation of phase shift to each
spectral component, so that all the spectral components become in-phase again and an
ACP is generated. In the multiple-access channel as shown in Fig. 11, other SPE codes
after the desired decoder will result in cross-correlation peaks, or the MAI, which will
not interfere with the ACP when the SPE codes in the multiple-access channel are
orthogonal. Time gating can be used to isolate the ACP from the MAI. A common
orthogonal SPE code set is Hadamard code, which is represented by a Hadamard matrix
HN, as shown in Fig. 11.
17. Fig. 11 SPE system and Hadamard-8 matrix
• Incoherent OCDMA code: implements the encoding through intensity modulation in
the temporal domain and/or the wavelength domain. A wavelength-hopping time
spreading (WHTS) system is an incoherent OCDMA system. WHTS codes use
incoherent optic pulses (chip pulses) at different wavelengths and assign them to
different time slots in one bit interval. To receive the desired code, a decoder is used to
align all the WHTS code’s chip pulses into one chip interval, to generate an auto-
correlation peak (ACP) as shown below.
Fig. 12 2D – WHTS system
In a multiple access channel, each WHTS code is transmitted simultaneously with other
codes. The presence of codes that do not match with the decoder appears as cross-
correlation peaks and causes multiple-access interference (MAI) after decoding. MAI can
be minimized if all the WHTS codes in the multiple access channels are orthogonal.
5.1.1 Confidentiality analysis of OCDMA systems
WHTS system: WHTS codes employ incoherent chip pulses to constitute the codes and
hence each chip pulse of a WHTS code already carries all the data information. Since the
chip pulses of WHTS codes do not exactly overlap in the temporal domain, it is possible
18. for an adversary to isolate each chip pulse of the desired WHTS code and intercept the data
[5]. By isolating a single chip pulse of the code, the adversary can obtain the data
information by detecting it with a photodetector. This is illustrated in the figure below.
Fig. 13 Detecting the data by WHTS codes in a multi-user channel without a decoder
SPE system: The approach that compromises the WHTS system cannot be used in SPE
systems due to the coherence. The adversary will have to find the entire phase code pattern
of the user to be able to intercept the data [5]. For example, for an SPE code with eight
phase chips, even if seven phase chips are set correctly and auto-correlation peak is not
generated. This is because all the spectral components are still not in phase. A brute-force
attack is remains the only option that can compromise the system. The number of codes
being used is limited to N since the codes need to be orthogonal. Hence the maximum
number of tries that an adversary needs in a brute force attack is N.
Single-user or multi-user OCDMA system cannot guarantee the security of the transmitted
data. Additional measures are required based on the above systems to improve the
confidentiality performance.
5.2 Quantum cryptography
The problem with symmetric cryptography is that the same key is used to both encrypt and
decrypt the messages. If for some reason that key is leaked to some third party, then it can
be used to decrypt communication between two trusted devices or persons. In the worst
case, the communication can be intercepted and altered. Another major problem with this
type of cryptography is how to decide which key to use and how to share between trusted
devices or persons.
In public key cryptography, most keys are at least 128-bit keys which are considered to be
very strong. An attacker can easily get hold of the public key because it is shared by the
user. But to generate a private key for that public key involves huge amounts of
calculations with permutations and combinations. At present a supercomputer is what you
need to crack a PKC and many years to complete it. But it will become pretty much
possible with the advances in technology.
19. Quantum cryptography deals with secure key distribution. It uses photons to send a key.
The key is ransmitted at a lower rate than the data but at a higher security level. The key
information is coded into the quantum states of a photon. A photon is the smallest particle
of light.
It has three types of spins:
1. Horizontal
2. Vertical
3. Diagonal (Right and Left)
Polarization can be used to polarize (pass through a filter) a photon so that it has a
particular spin, vertical or horizontal or diagonal. Polarization of a photon is performed
using polarization filters. According to Heisenberg’s Uncertainty Principle, it is impossible
to measure together the speed and position of a particle with highest accuracy, and its state
will change when measured. In other words, if an eavesdropper intercepts the transmitted
photons and passes it through its polarizer, if it is wrong it will make the receiver get the
wrong photon. Hence the interception of communication will get detected.
It means that if a photon is polarized using say X filter (Diagonal Polarization), then to get
the original spin of the photon only X filter can be used. If a + filter (Rectilinear
Polarization) is used on the photon, then it will either be absorbed by the filter or the
polarized photon will be of different spin than the original photon. For example, a
horizontal spinning photon when passed through a wrong filter will lead to diagonal spin,
which is incorrect.
The below table shows output spin for used polarization:
Polarization Output Spin
Rectilinear Polarization (+) Horizontal Spin (–) Vertical Spin (|)
Diagonal Polarization (X) Left Diagonal Spin () Right Diagonal Spin (/)
The photons used in quantum cryptography are called as qubits and the ‘0’ and ‘1’ mapping
we decide to use for each polarization state is called a basis. The rectilinear and diagonal
basis are as shown in the table:
Spin
Horizontal Spin
(–)
Vertical Spin
(|)
Left Diagonal Spin
()
Right Diagonal Spin
(/)
Value 0 1 0 1
Suppose Alice applies polarizations on photons and gets the spin and keeps a note of it.
Every spin has a value associated with it. Hence the qbit sequence being sent to Bob is
110001001010. The transmission of these qubits takes place on a secure optical channel.
Bob is listening for incoming photons and randomly applies any polarization filter
(rectilinear or diagonal) and keeps a note of applied polarization, spin and the output value.
20. The probability that the correct polarization filter is applied so that the qbit is correctly
recovered is 0.5. If the qbit is correctly recovered with the correct polarization filter, the
output is 1 else it is 0.
Suppose Bob applies the polarization filters as shown below; then the qbit sequence
received by Bob is 011001101010.
Fig. 14 Quantum cryptography
Now when the transmission has completed, Alice and Bob communicate on a public
channel that need not be encrypted. Bob tells Alice the polarizations (not the spin or value)
he applied in the exact same sequence, and Alice only says YES/NO. In this
communication, Bob gets to know the wrong polarizations. After successful key
transmission and fixing of wrong polarization, encrypted data can be sent and decrypted
when received.
If a user is intercepting the communication between sender and receiver, then he too will
have to randomly apply polarization on the photons sent (like Bob). After polarization, he
will forward the photons to Bob. But it is impossible for the eavesdropper to guess all
polarizations correctly. Hence, the eavesdropper changes some of the qubits in trying to
intercept them. So when Bob and Alice validate the polarizations, and Bob fails to decrypt
the data, then the interception of communication will get detected.
Although the quantum channel provides a high security level to the key distribution, the
requirement of single photon transmission and detection leads to difficulty in practically
realizing the system. It demands separate channels linking the source with the many
destinations, which implies high cost [14][12]. The transmission range (max. 250 km) [14]
and data rate is limited by the noise and attenuation in the single photon transmission
channel [9][13]. Also, use of amplifiers is limited since this will change the polarization of
21. the qubits [11]. Jamming a transmission is very easy in quantum systems. Something as
simple as a paper clip inserted in a fiber will change the polarization state of the qubits and
lead to misinterpretation of data [14].
5.3 Chaos based encryption
Among the various approaches tried to assure privacy and security in optical networks,
chaos based encryption have a promising future. As chaos is a pseudo-random signal with
wide bandwidth and it is unpredictable for a long term, it can be used to securely hide the
confidential message [6]. It is a hardware-based technique at the physical layer.
Fig. 15 shows the operating principle of chaos-based optical communications. The
transmitter consists of an optical oscillator, which operates in the chaotic regime, producing
an optical carrier with a broad (GHz-wide) spectrum. Information is encoded on this
chaotic carrier using different techniques. Assuming a high complexity in signal carrier and
low message amplitude, it is practically impossible to extract this encoded information
using techniques like linear filtering, frequency-domain analysis etc. At the receiver side, a
second chaotic oscillator is used, ‘similar’ to that of the transmitter. This similarity refers to
structural, emission, and intrinsic parameters of the semiconductor laser, to the feedback
loop characteristics, and to the operating parameters.
Fig. 15 Chaos based optical communication system
At the receiver, part of the received message with the encoded information is injected into
the receiver. Assuming efficient synchronization of transmitter and receiver, the receiver
generates, at its output, a chaotic carrier almost identical to the injected carrier, but without
the encoded information. Therefore, subtracting this chaotic carrier from the incoming
chaotic signal, which includes the encoded information, reveals the transmitted
information.
The message extraction is based on synchronization of transmitter and receiver. In the
context of chaos terminology, synchronization means that the irregular time evolution of
the chaotic emitter’s output in the optical power can be perfectly reproduced by the
receiver, provided that the emitter and receiver are identical. Even minor discrepancies
between the emitter and receiver oscillators can result in degraded synchronization.
22. There are three main methods of message encryption using optical chaotic communications
[6]:
1. Chaotic masking (CMS): The chaotic carrier is generated by the transmitter laser (TL).
The message is directly added with this carrier, as shown in Fig. 16 (a).
2. Chaotic shift keying (CSK): The message directly modulates the injection current of the
TL. Hence, the TL produces the chaotic carrier with message hidden in it. Fig. 16 (b)
illustrates CSK.
3. Chaotic modulation (CMO): The output power of TL is added with the message. Then
this mixed signal is sent back to the TL by a feedback loop as a modulation to generate
the chaotic carrier. Fig. 16 (c) illustrates CMO.
Fig. 16 Methods of message encryption using optical chaotic communications
(a) CMS, (b) CSK, (c) CMO
Studies and experiments show that - information can be transmitted at high bit rates using
deterministic chaos in a manner that is robust to perturbations and channel disturbances that
are unavoidable under real-world conditions, for distances on the order of 200km [10].
5.4 Optical steganography
Optical steganography aims at transmitting stealth signals in public fiber optic
communication channels without being detected. The basic principle of optical
steganography is to temporally stretch a stealth data pulse using chromatic dispersion. This
reduces the amplitudes to a very low level such that the stealth signal is not detected in the
system noise. At the receiver, using matched dispersion compensation the signal can be
retrieved.
However, this approach provides a weak security. If an eavesdropper suspects the presence
of a stealth signal, using a tunable dispersion compensation device, the privacy of the data
can be compromised.
A second approach with temporal phase modulation is proposed and analyzed in [7]. After
a temporal phase mask is applied on the stretched signal, different portions of the signal
undergo different phase shifts. Corresponding phase recovery along with dispersion
compensation is required at the receiver to recover the signal.
23. The spectra of the public signal and the combined signal have very insignificant differences
and are indistinguishable in real optic networks. The received stealth channel experiences
only <0.1dB performance degradation resulting from the temporal phase modulation,
compared with the approach without phase modulation [7].
Fig. 17 Temporal signal with and without phase mask encryption
Yet another approach to optical steganography has been explored in [8]. The amplified
spontaneous emission, ASE noise from EDFAs is used to provide security. The data signal
is added onto the ASE noise. Since ASE noise exists in optical networks, an eavesdropper
will not be able to distinguish between “signal with ASE” and “noise ASE”.
The BER curves of the stealth signal with and without the public channel are
indistinguishable [8]. The BER measurements of the public channel show that adding the
stealth channel only causes a 0.2 to 0.3 dBm power penalty.
Fig. 18 (a) Spectrum of channel with and without ASE, stealth signal (b) BER measurements
with and without stealth channel and AASE.
24. Chapter 6
Conclusion
The table below compares the various security techniques.
Technique Limitations Advantages
OCDMA Effected by dispersions in the
fiber; hence range of
transmission gets limited to
no longer than 100 km [3].
It is a multiple access system;
plurality of codes can exist in
the same channel.
Confidentiality is not as
strong as that provided by
data encryption.
Chaos based encryption Synchronization of receiver
and transmitter is critical to
proper functioning. It is very
difficult to get lasers of the
same parameters for
synchronization.
There is high level of
robustness at high bit rates
It can create jamming as well
as avoid jamming to a high
degree.
Quantum cryptography Use of amplifiers will change
the qubits. Hence the range of
transmission is limited.
This method can notify of
interception of data [12].
It needs a dedicated channel
of high quality for key
exchange between every pair
of sender and receiver. Hence
multiplexing is not possible.
Very vulnerable to jamming.
Optical steganography:
(a) Temporal stretching of
pulse
Data can be intercepted using
tunable dispersion
compensation devices.
Simplest in implementation.
(b) Temporal phase mask Robust against adversary
attacks.
(c) ASE noise Optical delays between
receiver and transmitter must
be matched exactly to get the
stealth signal.
Public channel does not
induce any power penalty on
the stealth channel and the
stealth channel induces a
power penalty of only 0.2-0.3
dBm on the public channel.
25. An optical system has low latency and is immune to electromagnetic interference; hence optical
encryption is especially important in areas that require a high level of security without
compromising the processing speed.
Although a variety of approaches have been proposed and demonstrated to protect multiple threats
in the physical layer of an optical network, one can conclude that the technique to be applied must
be carefully selected by analyzing factors like infrastructure, criticality of data being exchanged,
cost and size of the optical network (transmission range).
References
[1] Banjac Z., OrliĆ V., PeriĆ M., MiliĆeviĆ S. "Securing data on fiber optic transmission lines." 20th
Telecommunications forum TELFOR (2012).
[2] Marija, Furdek. "Physical-Layer Attacks in Optical WDM Networks and Attack-Aware Network
Planning."
[3] KITAYAMA Ken-ichi, SOTOBAYASHI Hideyuki, WADA Naoya. "Optical Code Division
Multiplexing (OCDM) and its applications to photonic networks.", IEICE Trans. Fundamentals
Vol. E82-A.No. 12 (1999).
[4] Fok Mable P., Wang Zhexing, Deng Yanhua, Prucnal Paul R. "Optical Layer Security in Fiber-
Optic Networks." IEEE Transactions on Information Forensics and Security 6.3 (2011).
[5] Fok Mable P., Wang Zhexing, Prucnal Paul R. "Physical Encoding in Optical Layer Security."
[6] Hongxi, Zhao Qingchun and Yin. "Suggested Rules for Designing Secure Communication Systems
Utilizing Chaotic Lasers: A Survey ."
[7] Wang Z., Fok M. P., Xu L., Chang J., and Prucnal P. R.", Improving the privacy of optical
steganography with temporal phase masks." Optics Express 18.6 (2010).
[8] Wu Ben, Wang Zhenxing, Tian Yue, Fok Mable P., Shastri Bhavin J., Kanoff Daniel R., and
Prucnal Paul R. "Optical steganography based on amplified spontaneous emission noise." Optics
Express 21.2 (2013).
[9] Akhgar Babak, Arabnia Hamid R. Emerging Trends in ICT Security. MK, n.d.
[10] Antonis, Syvridis Dimitris and Bogris. "Secure communications links based on chaotic optical
carriers." 2006.
[11] Christoph, Guenther. "The Relevance of Quantum Cryptography in Modern Cryptographic
Systems." December 2003. SANS Institute InfoSec Reading Room. <https://www.sans.org/reading-
room/whitepapers/awareness/relevance-quantum-cryptography-modern-cryptographic-systems-
1334>.
[12] SWISS Quantum. June 2009. <http://swissquantum.idquantique.com/?-Quantum-Cryptography->.
[13] Brassard Gilles, L¨utkenhaus Norbert , Mor Tal and Sanders Barry C. "Security Aspects of
Practical Quantum Cryptography." Physical Review Letters September 2000.
[14] Ojha Vibha, Sharma Anand, Goar Vishal, Trivedi Prakriti. "Limitations of Practical Quantum
Cryptography." International Journal of Computer Trends and Technology March-April 2011.