Secure communication over optical networks

A Seminar Report

On

Secure Communication Over Fiber Optic Networks

Submitted By Fiona Rozario

Under the Guidance of Dr. Anup Vibhute

Semester I Year 2015- 16

Department of Electronics and Telecommunication Engineering

Dr. D Y Patil Educational Enterprises Charitable Trust’s

Dr. D Y Patil School of Engineering & Technology Dr. D Y Patil Knowledge City, Charholi (Bk.), Via. Lohgaon, Pune – 412 105

Dr. D Y Patil School of Engineering & Technology DEPARTMENT OF ELECTRONICS & TELECOMMUNICATION

YEAR: 2015-2016

CERTIFICATE

This is to certify that Seminar-I report entitled

Secure Communication Over Fiber Optic Networks

By

Fiona Rozario

is a bonafied work carried on by her in partial fulfillment of the requirement for the award of Degree of Master of Engineering in Electronics & Telecommunication (Communication Networks) of Savitribai Phule Pune University.

Date:

Place: Pune

Dr. Anup Vibhute Prof. Mukund G. Wani

Guide H.O.D.

(E & TC Department) (E & TC Department)

ACKNOWLEDGEMENT I would like to express my gratitude towards my Guide, Dr. Anup Vibhute for being a source of encouragement and also being a critic yet appreciable reviewer during the course of the seminar. I would also like to thank our M.E. coordinator, Prof. S. R. Patil, our H.O.D., Prof. Wani and our respected Principal, Dr. Ashok Kasnale for their consistent encouragement during the course of the seminar. Finally, I take this opportunity to thank one and all who have extended, directly or indirectly, all possible help in the successfully completion of the seminar. Fiona Rozario ME5206

INDEX

Chapter Contents Page No.

1 Introduction 1

2 Literature Review

2

3 Optical Networks and Security Issues 4

3.1 What is an optical network? 4

3.1.1 Principle of working of optical fibers 5

3.1.2 Fiber optic communication system 5

3.2 Security issues in optical networks 6

3.2.1 Security issues in network transmission 6

3.2.2 Security issues in optical amplifiers 7

3.2.3 Security issues in optical cross-connects 8

3.3 Security in optical networks 9

4 Encryption Systems 10

4.1 What is encryption? 10

4.2 Types of encryption algorithms 10

5 Optical Encryption Schemes 11

5.1 Optical CDMA (OCDMA) 12

5.1.1 Confidentiality analysis of OCDMA systems 13

5.2 Quantum cryptography 14

5.3 Chaos based encryption 17

5.4 Optical steganography 18

6 Conclusion 20

References 21

Chapter 1 INTRODUCTION

Optical networks form the backbone of the Internet and are an integral constituent of the physical layer of these networks. Since the physical layer forms the bottom layer in the open systems interconnection (OSI) model, the performance and security of the physical layer and especially optical networks have a critical influence on the six layers above it. The security approach in upper layers is limited by both, the processing speed of electronic devices and the capacity availability in the optical network. Fundamental improvements can be achieved for the entire network by increasing the optical network’s performance in terms of channel capacity, data rate, and processing speed. Furthermore, the security of the optical network has an impact on the security of the entire communication system. It is inherently risky to build a security system on top of a physical infrastructure that is vulnerable to attacks. Hence defending the optical network against attacks benefits the security of the upper layer. The actual implementation of a threat or an attack may vary from network to network, owing to the vast variety of optical networks. However, in spite of these many different modalities, the attacks on optical networks can be broadly classified as:

• attack where an adversary tries to listen in on communications (confidentiality), • attack where an unauthorized entity tries to communicate (authentication), • attack where an entity alters or manipulates communication (integrity), • attack where an adversary tries to subvert the successful delivery of communications

(availability), and • privacy risks associated with an adversary observing the existence of communications

(privacy and traffic analysis). The purpose of this report is to explore and compare the various security and encryption methods available for optical networks, namely, fiber-based methods, optical key distribution, optical steganography, and optical chaos-based communication.

Chapter 2 LITERATURE REVIEW

2. Encryption techniques in optical networks

The various encryption techniques in photonics can be broadly classified as following: 1. Optical CDMA 2. Quantum cryptography 3. Chaos based encryption 4. Optical steganography

2.1 Optical CDMA In optical CDMA, multiple users are provided with orthogonal codes and the users can share the same channel to transmit data simultaneously. This works similar to the CDMA systems used by mobile users. In an optical CDMA network, multiple users have their multiplexed codes overlapped. Hence, unless an eavesdropper has knowledge of the code being used by a particular user, the user’s pulses cannot be recovered from the multiplexed stream of pulses. However, for a point-to-point link with only one pair of transmitters and receivers, the data security may be vulnerable to attack. To secure point-to-point links, Wang et al. propose a method to divide the original data stream into multiple data streams and then generate multiplexed signals. The experiment results indicate that the system is robust against various types of attack models [9].

2.2 Quantum cryptography Quantum cryptography is not an algorithm to encrypt and decrypt data. Rather it is a technique of using photons to generate a cryptographic key and transmit it to a receiver using a suitable communication channel. The security provided by quantum key distribution is high as it can also indicate the presence of an eavesdropper trying to receive information about the key. However, the transmission and detection of a single photon of light make this method difficult to realize practically. Also, noise and attenuation in the fiber limit the transmission range and data rate. Scheuer et al. use a large fiber laser to exchange the key so that each user can compare the received signal with his or her own key to obtain the key generated by the other user. Compared to quantum key distribution, this system allows longer ranges and a higher key-establishing rate [9].

2.3 Chaos based encryption Chaos based encryption is a hardware based encryption technique. A random chaotic waveform is generated at the transmitter end by a deterministic system. This chaos is used to mask the confidential data. Only a receiver that has knowledge of how the chaos was produced can reproduce the chaos to cancel it and retrieve the signal. Besides providing confidentiality to the network, chaos-based communications also brings a high level of robustness to data transmission. By spreading the narrowband signal into a wideband signal, chaos-based communication can both create desired jamming and avoid malicious jamming [9].

2.4 Optical steganography In the basic approach to steganography, a short optical pulse is stretched temporally through chromatic dispersion to give it a spectral width wider than the channel spectrum. This merges the signal in the background noise of the public channel. With the right dispersion compensation at the receiver, the stealth signal can be retrieved. In addition to protecting the privacy of data transmission, a hidden channel in the public network can also be applied to other security techniques for countering other possible threats. For example, the stealth channel can be used to transmit information having a high security level requirement, such as the key distribution for the encrypted public channel.

Chapter 3 Optical Networks and Security Issues

3.1 What is an optical network?

An optical network is a type of data communication network built with optical fiber technology. It utilizes optical fiber cables as the primary communication medium for converting data and passing data as light pulses between sender and receiver nodes. A flexible transparent fiber of extremely pure glass or plastic, generally between 10 and 200 microns in diameter, through which light can be transmitted by successive internal reflections, commonly used in telecommunications. An optical fiber consists of a core through which light is transmitted and an outer surface called cladding.

Fig. 1 Optical Fiber Through its use of light as a transmission medium, an optical network is one of the fastest communication networks. It works by using an optical transmitter device to convert an electrical signal received from a network node into light pulses, which are than placed on a fiber optic cable for transport to a receiving device.

Unlike copper based networks, the light pulses of an optical network may be transported quite a distance until the pulses are regenerated through an optical repeater device. After a signal is delivered to a destination network, it is converted into an electrical signal through an optical receiver device and sent to a recipient node. Moreover, an optical network is less prone to external inference and attenuation and can achieve substantially higher bandwidth speeds than copper networks.

3.1.1 Principle of working of optical fibers

Optical fibers work on the principal of total internal reflection of light – when a ray of light travelling from an optically denser medium to an optically rarer medium is incident on the surface of separation of the media at an angle that is greater than the critical angle of the pair of media, then the ray of light undergoes complete reflection back into the denser medium instead of undergoing refraction.

Fig. 2 Total internal reflection Hence, a ray of light travelling in an optical fiber undergoes total internal reflection in the core (which is of a higher refractive index than the cladding).

Fig. 3 Total internal reflection in an optical fiber 3.1.2 Fiber optic communication system

When the input data, in the form of electrical signals, is given to the transmitter circuitry, it converts them into light signal with the help of a light source. This source is of LED whose amplitude, frequency and phases must remain stable and free from fluctuation in order to have efficient transmission. The light beam from the source is carried by a fiber optic cable to the destination circuitry, wherein the information is converted back to the electrical signal by a receiver circuit. The receiver circuit consists of a photo detector along with an appropriate electronic circuit, which is capable of measuring magnitude, frequency and phase of the optic field. This type of communication uses the wavelengths near to the infrared band that are just above the visible range. Both LED and Laser can be used as light sources based on the application.

Fig. 4 Block diagram of fiber optic communication system There are three main basic elements of fiber optic communication system. They are • Compact Light Source • Low loss Optical Fiber • Photo Detector

Accessories like connectors, switches, couplers, multiplexing devices, amplifiers and splices are also essential elements in this communication system.

3.2 Security issues in optical networks Network attacks can be categorized as [2]: • Service disruptions, which prevent communication or degrade QoS • Tapping, which compromises privacy by providing unauthorized access to the data Attacks on optical networks may be aimed at: • Network transmission • Optical amplifiers • Optical cross connects

3.2.1 Security issues in network transmission

There are various fiber optic tapping or eavesdropping methods, but most fall into the following categories [1]: a) Hooking into the ports: The attacker directly hooks the tapping device into one of

the ports of the optical amplifiers or repeaters. These devices provide the easiest point of attack. However, hooking into a port is impractical if the critical points of the network are physically well secured.

b) Splice methods: An optical fiber is spliced and an appropriate instrument is inserted to allow the signal to transit to the attacker. Since there is a brief interruption of data, this attack is detectable. However, if the downtime is short, the system attributes the disturbance to a network glitch and allows data transmission to continue.

c) Splitter coupler method: By bending the fiber to a certain radius that can compromise total internal reflection, a small amount of light is made to leak out. This does not break the fiber nor cause any disturbance in the data transmission. The amount of light lost is less than 1%, which is sufficient to recreate the original electrical signal. However, use of the modern bend-insensitive fibers renders this attack futile.

d) Rayleigh tapping: Due to non-uniform density of core particles, Rayleigh scattering takes place in the core, which scatters the light in all directions. Some of this light refracts out of the fiber and is susceptible to be captured if an attacker is aware of this phenomenon. The attacker needs to place a focusing device (like a lens) near the fiber and focus the light onto a separate segment of fiber for analysis.

3.2.2 Security issues in optical amplifiers

The basic principle of amplification is through stimulated emission of radiation by atoms in the presence of an optical (electromagnetic) signal. The gain medium receives energy through a process called pumping, which raises some electrons into excited quantum states. This is accompanied by absorption of photons from the incident electromagnetic field. The transition of those electrons back into lower energy state is accompanied by emission of photons of the same frequency, direction of propagation, phase and polarization as the incident photons. Once the number of electrons in one excited state exceeds their number in some lower-energy state, population inversion is achieved and the amount of stimulated emission due to light that passes through is larger than the amount of absorption. Hence, the light is amplified. Due to the fact that the distribution of excited electrons is not uniform at various energy levels within the amplifier’s passband, the gain of an EDFA depends on the wavelength of the incoming signals, with a peak around 1532 nm. Each of the signals is granted photons proportionally to its power level, which can lead to a gain competition. This can be used to create an out-of-band jamming attack. The attacker injects a powerful signal on a wavelength different from those of other, legitimate signals, but still within the passband of the amplifier. The amplifier, unable to distinguish between the attack signal and legitimate data signals, will provide gain to each signal indiscriminately. This means that the stronger, attacking signal will be provided with higher gain than weaker, legitimate signals, robbing them of power. Thereby, the QoS level on the legitimate signals will deteriorate, potentially leading to service denial [2].

Fig. 5 Out-of-band jamming

3.2.3 Security issues in optical cross-connects Optical cross-connects (OXC) are wavelength selective and may also be referred to as wavelength routing switches (WRS). The main hazard in their functioning is crosstalk. There are two types of crosstalk [2]: • out-of-band; occurs among adjacent lightpaths at different wavelengths, and • in-band; occurs among lightpaths at the same wavelength

Out-of-band crosstalk usually occurs in optical fibers, especially under high power conditions or long distances. It can also arise inside OXCs due to non-ideal demultiplexing, where one channel is selected and the others are not perfectly rejected. Optical switches may also produce out-of-band crosstalk due to imperfect isolation of different output ports. In-band crosstalk occurs because switch ports are not perfectly isolated from each other. Hence components of different signals transmitted on the same wavelength leak and interfere with each other. This means that each channel that crosses through an optical switch mixes with leakage from signals on the same wavelength.

Fig. 6 Out-of-band and In-band crosstalk in optical demultiplexers

In-band cross talk is more serious than out-of-band crosstalk. For example, if there are unused ports at the output of a switch to which a tapper gains access, they can analyze traffic and gain information carried at other signals on the same wavelength. If an attacker injects a high-powered signal, its components will leak onto adjacent channels on the same wavelength. This will deteriorate the signal quality of the transmission on those signals, as shown in Fig. 7. Jamming attacks exploiting in-band crosstalk in switches have some of the highest damage capabilities among all attacks [2].

Fig. 7 Jamming attack

3.3 Security in optical networks

Security in optical networks can be classified as: • Physical security: ensures minimum privacy of data and QoS • Semantic security – protects meaning of the data even if the attacker has already

reached it. This deals with cryptography.

Chapter 4 Encryption Systems

4.1 What is encryption?

Encryption is mathematically altering data (plaintext) in a consistent manner to form an unintelligible ciphertext. Encryption is a reversible process and relies on a secret key to encrypt plaintext to ciphertext and vice versa.

Fig. 8 Encryption and decryption 4.2 Types of encryption algorithms:

There are two types of encryption algorithms: • Symmetric algorithms • Asymmetric algorithms

Symmetric encryption schemes or Private encryptions schemes use a key (any text, numbers, etc.) to encrypt data, and the same key is used to decrypt that data. The smallest change in the secret key will fail to decrypt an encrypted message. For example, text that is encrypted using AES encryption with key Infosec will fail to decrypt another cipher text which was encrypted using key INFOSEC. Asymmetric encryption schemes or Public encryption schemes use two sets of keys. One key is called a public key and other is called a private key. A public key is used to encrypt data whereas a private key is used to decrypt that data. Similar to symmetric cryptography, the smallest change in any of the two keys will make them useless to get the original data. A benefit of asymmetric cryptography is that you can share the public key with the whole world so that they can use it to send you encrypted data. And the private key is stored safely with the owner and is used for decryption. One disadvantage of this type of cryptography is that if your private key is lost or leaked then you will have to generate a new pair of public and private keys.

Chapter 5 Optical Encryption Schemes

Encryption protects data transmission by encrypting the original data into cipher text. Without knowing the key for the encryption process, the eavesdropper cannot recover the data. Compared with electronic circuits, optical processing and transmission devices have lower latency and higher speed [9]. Fiber-based devices do not generate an electromagnetic signature and hence the signal in the fiber neither radiates an electromagnetic signal nor is it jammed by external electromagnetic interference. Although, compared to electronic encryption, optical encryption has limited functionality; it still plays an important role in areas that require both strong security and fast processing speed.

Fig. 9 Schematic diagram for optical encryption

The optical XOR logic has been investigated and studies by many researchers as a starting point to optical encryption. The XOR logic is an important starting point for building optical layer encryption since, in cryptography, combining XOR with feedback is essential in generating long key streams from smaller keys. The implementations of block ciphers require XOR, feedback, and feed-forward capabilities. Translating these building blocks into the optical domain and using them together can provide a high-speed, electromagnetic wave-immune encryption. However, practical optical implementations of the above building blocks face many challenges. Notably, optical systems are susceptible to noise accumulation and the propagation of undesirable logic levels. As mentioned earlier, optical encryption schemes can be categorized as: 1. Optical CDMA 2. Quantum cryptography 3. Chaos based encryption 4. Optical steganography

5.1 Optical CDMA (OCDMA)

OCDMA draws its analogy from the wireless spread spectrum CDMA systems. Where CDMA employed frequency domain spreading/despreading, OCDMA employs time domain spreading/despreading. An optical short pulse is spread over a one-bit duration T by encoding. The decoding time-despreads the signal, reconstructing the signal if the codes between the encoder and decoder match [3]. The signal remains spread over T if the codes do not match.

Fig. 10 Principle of OCDMA system

In a typical OCDMA system, each data stream is encoded with a specific code and it can be decoded only with the corresponding decoder. Since it is a multiple access system, many codes (orthogonal to each other) can exist in the transmission channel, which overlap in time and optical spectrum. Hence, without a priori knowledge of the codes, a given signal cannot be detected. OCDMA codes are divided into two groups [4]: • Coherent OCDMA codes: employs specific phase pattern to create codes in the spectral

domain or the temporal domain. One such scheme is the spectral-phase encoding (SPE) scheme. A mode-locked laser (MLL) is used as the optical source, which generates very short repeating optical pulses. In the spectral domain, the optical pulses are represented by a series of coherent spectral components. After passing through a SPE encoder, different spectral components experience different phase shifts, forming a SPE code pattern. At the receiver, the SPE decoder performs conjugation of phase shift to each spectral component, so that all the spectral components become in-phase again and an ACP is generated. In the multiple-access channel as shown in Fig. 11, other SPE codes after the desired decoder will result in cross-correlation peaks, or the MAI, which will not interfere with the ACP when the SPE codes in the multiple-access channel are orthogonal. Time gating can be used to isolate the ACP from the MAI. A common orthogonal SPE code set is Hadamard code, which is represented by a Hadamard matrix HN, as shown in Fig. 11.

Fig. 11 SPE system and Hadamard-8 matrix

• Incoherent OCDMA code: implements the encoding through intensity modulation in the temporal domain and/or the wavelength domain. A wavelength-hopping time spreading (WHTS) system is an incoherent OCDMA system. WHTS codes use incoherent optic pulses (chip pulses) at different wavelengths and assign them to different time slots in one bit interval. To receive the desired code, a decoder is used to align all the WHTS code’s chip pulses into one chip interval, to generate an auto-correlation peak (ACP) as shown below.

Fig. 12 2D – WHTS system

In a multiple access channel, each WHTS code is transmitted simultaneously with other codes. The presence of codes that do not match with the decoder appears as cross-correlation peaks and causes multiple-access interference (MAI) after decoding. MAI can be minimized if all the WHTS codes in the multiple access channels are orthogonal.

5.1.1 Confidentiality analysis of OCDMA systems

WHTS system: WHTS codes employ incoherent chip pulses to constitute the codes and hence each chip pulse of a WHTS code already carries all the data information. Since the chip pulses of WHTS codes do not exactly overlap in the temporal domain, it is possible

for an adversary to isolate each chip pulse of the desired WHTS code and intercept the data [5]. By isolating a single chip pulse of the code, the adversary can obtain the data information by detecting it with a photodetector. This is illustrated in the figure below.

Fig. 13 Detecting the data by WHTS codes in a multi-user channel without a decoder

SPE system: The approach that compromises the WHTS system cannot be used in SPE systems due to the coherence. The adversary will have to find the entire phase code pattern of the user to be able to intercept the data [5]. For example, for an SPE code with eight phase chips, even if seven phase chips are set correctly and auto-correlation peak is not generated. This is because all the spectral components are still not in phase. A brute-force attack is remains the only option that can compromise the system. The number of codes being used is limited to N since the codes need to be orthogonal. Hence the maximum number of tries that an adversary needs in a brute force attack is N. Single-user or multi-user OCDMA system cannot guarantee the security of the transmitted data. Additional measures are required based on the above systems to improve the confidentiality performance.

5.2 Quantum cryptography

The problem with symmetric cryptography is that the same key is used to both encrypt and decrypt the messages. If for some reason that key is leaked to some third party, then it can be used to decrypt communication between two trusted devices or persons. In the worst case, the communication can be intercepted and altered. Another major problem with this type of cryptography is how to decide which key to use and how to share between trusted devices or persons.

In public key cryptography, most keys are at least 128-bit keys which are considered to be very strong. An attacker can easily get hold of the public key because it is shared by the user. But to generate a private key for that public key involves huge amounts of calculations with permutations and combinations. At present a supercomputer is what you need to crack a PKC and many years to complete it. But it will become pretty much possible with the advances in technology.

Quantum cryptography deals with secure key distribution. It uses photons to send a key. The key is ransmitted at a lower rate than the data but at a higher security level. The key information is coded into the quantum states of a photon. A photon is the smallest particle of light. It has three types of spins: 1. Horizontal 2. Vertical 3. Diagonal (Right and Left)

Polarization can be used to polarize (pass through a filter) a photon so that it has a particular spin, vertical or horizontal or diagonal. Polarization of a photon is performed using polarization filters. According to Heisenberg’s Uncertainty Principle, it is impossible to measure together the speed and position of a particle with highest accuracy, and its state will change when measured. In other words, if an eavesdropper intercepts the transmitted photons and passes it through its polarizer, if it is wrong it will make the receiver get the wrong photon. Hence the interception of communication will get detected. It means that if a photon is polarized using say X filter (Diagonal Polarization), then to get the original spin of the photon only X filter can be used. If a + filter (Rectilinear Polarization) is used on the photon, then it will either be absorbed by the filter or the polarized photon will be of different spin than the original photon. For example, a horizontal spinning photon when passed through a wrong filter will lead to diagonal spin, which is incorrect. The below table shows output spin for used polarization:

Polarization Output Spin

Rectilinear Polarization (+) Horizontal Spin (–) Vertical Spin (|)

Diagonal Polarization (X) Left Diagonal Spin (\) Right Diagonal Spin (/)

The photons used in quantum cryptography are called as qubits and the ‘0’ and ‘1’ mapping we decide to use for each polarization state is called a basis. The rectilinear and diagonal basis are as shown in the table:

Spin Horizontal Spin (–)

Vertical Spin (|)

Left Diagonal Spin (\)

Right Diagonal Spin (/)

Value 0 1 0 1

Suppose Alice applies polarizations on photons and gets the spin and keeps a note of it. Every spin has a value associated with it. Hence the qbit sequence being sent to Bob is 110001001010. The transmission of these qubits takes place on a secure optical channel. Bob is listening for incoming photons and randomly applies any polarization filter (rectilinear or diagonal) and keeps a note of applied polarization, spin and the output value.

The probability that the correct polarization filter is applied so that the qbit is correctly recovered is 0.5. If the qbit is correctly recovered with the correct polarization filter, the output is 1 else it is 0.

Suppose Bob applies the polarization filters as shown below; then the qbit sequence received by Bob is 011001101010.

Fig. 14 Quantum cryptography

Now when the transmission has completed, Alice and Bob communicate on a public channel that need not be encrypted. Bob tells Alice the polarizations (not the spin or value) he applied in the exact same sequence, and Alice only says YES/NO. In this communication, Bob gets to know the wrong polarizations. After successful key transmission and fixing of wrong polarization, encrypted data can be sent and decrypted when received.

If a user is intercepting the communication between sender and receiver, then he too will have to randomly apply polarization on the photons sent (like Bob). After polarization, he will forward the photons to Bob. But it is impossible for the eavesdropper to guess all polarizations correctly. Hence, the eavesdropper changes some of the qubits in trying to intercept them. So when Bob and Alice validate the polarizations, and Bob fails to decrypt the data, then the interception of communication will get detected. Although the quantum channel provides a high security level to the key distribution, the requirement of single photon transmission and detection leads to difficulty in practically realizing the system. It demands separate channels linking the source with the many destinations, which implies high cost [14][12]. The transmission range (max. 250 km) [14] and data rate is limited by the noise and attenuation in the single photon transmission channel [9][13]. Also, use of amplifiers is limited since this will change the polarization of

the qubits [11]. Jamming a transmission is very easy in quantum systems. Something as simple as a paper clip inserted in a fiber will change the polarization state of the qubits and lead to misinterpretation of data [14].

5.3 Chaos based encryption

Among the various approaches tried to assure privacy and security in optical networks, chaos based encryption have a promising future. As chaos is a pseudo-random signal with wide bandwidth and it is unpredictable for a long term, it can be used to securely hide the confidential message [6]. It is a hardware-based technique at the physical layer. Fig. 15 shows the operating principle of chaos-based optical communications. The transmitter consists of an optical oscillator, which operates in the chaotic regime, producing an optical carrier with a broad (GHz-wide) spectrum. Information is encoded on this chaotic carrier using different techniques. Assuming a high complexity in signal carrier and low message amplitude, it is practically impossible to extract this encoded information using techniques like linear filtering, frequency-domain analysis etc. At the receiver side, a second chaotic oscillator is used, ‘similar’ to that of the transmitter. This similarity refers to structural, emission, and intrinsic parameters of the semiconductor laser, to the feedback loop characteristics, and to the operating parameters.

Fig. 15 Chaos based optical communication system

At the receiver, part of the received message with the encoded information is injected into the receiver. Assuming efficient synchronization of transmitter and receiver, the receiver generates, at its output, a chaotic carrier almost identical to the injected carrier, but without the encoded information. Therefore, subtracting this chaotic carrier from the incoming chaotic signal, which includes the encoded information, reveals the transmitted information. The message extraction is based on synchronization of transmitter and receiver. In the context of chaos terminology, synchronization means that the irregular time evolution of the chaotic emitter’s output in the optical power can be perfectly reproduced by the receiver, provided that the emitter and receiver are identical. Even minor discrepancies between the emitter and receiver oscillators can result in degraded synchronization.

There are three main methods of message encryption using optical chaotic communications [6]: 1. Chaotic masking (CMS): The chaotic carrier is generated by the transmitter laser (TL).

The message is directly added with this carrier, as shown in Fig. 16 (a). 2. Chaotic shift keying (CSK): The message directly modulates the injection current of the

TL. Hence, the TL produces the chaotic carrier with message hidden in it. Fig. 16 (b) illustrates CSK.

3. Chaotic modulation (CMO): The output power of TL is added with the message. Then this mixed signal is sent back to the TL by a feedback loop as a modulation to generate the chaotic carrier. Fig. 16 (c) illustrates CMO.

Fig. 16 Methods of message encryption using optical chaotic communications (a) CMS, (b) CSK, (c) CMO

Studies and experiments show that - information can be transmitted at high bit rates using deterministic chaos in a manner that is robust to perturbations and channel disturbances that are unavoidable under real-world conditions, for distances on the order of 200km [10].

5.4 Optical steganography

Optical steganography aims at transmitting stealth signals in public fiber optic communication channels without being detected. The basic principle of optical steganography is to temporally stretch a stealth data pulse using chromatic dispersion. This reduces the amplitudes to a very low level such that the stealth signal is not detected in the system noise. At the receiver, using matched dispersion compensation the signal can be retrieved. However, this approach provides a weak security. If an eavesdropper suspects the presence of a stealth signal, using a tunable dispersion compensation device, the privacy of the data can be compromised. A second approach with temporal phase modulation is proposed and analyzed in [7]. After a temporal phase mask is applied on the stretched signal, different portions of the signal undergo different phase shifts. Corresponding phase recovery along with dispersion compensation is required at the receiver to recover the signal.

The spectra of the public signal and the combined signal have very insignificant differences and are indistinguishable in real optic networks. The received stealth channel experiences only <0.1dB performance degradation resulting from the temporal phase modulation, compared with the approach without phase modulation [7].

Fig. 17 Temporal signal with and without phase mask encryption

Yet another approach to optical steganography has been explored in [8]. The amplified spontaneous emission, ASE noise from EDFAs is used to provide security. The data signal is added onto the ASE noise. Since ASE noise exists in optical networks, an eavesdropper will not be able to distinguish between “signal with ASE” and “noise ASE”. The BER curves of the stealth signal with and without the public channel are indistinguishable [8]. The BER measurements of the public channel show that adding the stealth channel only causes a 0.2 to 0.3 dBm power penalty.

Fig. 18 (a) Spectrum of channel with and without ASE, stealth signal (b) BER measurements with and without stealth channel and AASE.

Chapter 6 Conclusion

The table below compares the various security techniques.

Technique Limitations Advantages OCDMA Effected by dispersions in the

fiber; hence range of transmission gets limited to no longer than 100 km [3].

It is a multiple access system; plurality of codes can exist in the same channel.

Confidentiality is not as strong as that provided by data encryption.

Chaos based encryption Synchronization of receiver and transmitter is critical to proper functioning. It is very difficult to get lasers of the same parameters for synchronization.

There is high level of robustness at high bit rates

It can create jamming as well as avoid jamming to a high degree.

Quantum cryptography Use of amplifiers will change the qubits. Hence the range of transmission is limited.

This method can notify of interception of data [12].

It needs a dedicated channel of high quality for key exchange between every pair of sender and receiver. Hence multiplexing is not possible.

Very vulnerable to jamming. Optical steganography: (a) Temporal stretching of pulse

Data can be intercepted using tunable dispersion compensation devices.

Simplest in implementation.

(b) Temporal phase mask Robust against adversary attacks.

(c) ASE noise Optical delays between receiver and transmitter must be matched exactly to get the stealth signal.

Public channel does not induce any power penalty on the stealth channel and the stealth channel induces a power penalty of only 0.2-0.3 dBm on the public channel.

An optical system has low latency and is immune to electromagnetic interference; hence optical encryption is especially important in areas that require a high level of security without compromising the processing speed. Although a variety of approaches have been proposed and demonstrated to protect multiple threats in the physical layer of an optical network, one can conclude that the technique to be applied must be carefully selected by analyzing factors like infrastructure, criticality of data being exchanged, cost and size of the optical network (transmission range).

References [1] Banjac Z., OrliĆ V., PeriĆ M., MiliĆeviĆ S. "Securing data on fiber optic transmission lines." 20th

Telecommunications forum TELFOR (2012). [2] Marija, Furdek. "Physical-Layer Attacks in Optical WDM Networks and Attack-Aware Network

Planning." [3] KITAYAMA Ken-ichi, SOTOBAYASHI Hideyuki, WADA Naoya. "Optical Code Division

Multiplexing (OCDM) and its applications to photonic networks.", IEICE Trans. Fundamentals Vol. E82-A.No. 12 (1999).

[4] Fok Mable P., Wang Zhexing, Deng Yanhua, Prucnal Paul R. "Optical Layer Security in Fiber-Optic Networks." IEEE Transactions on Information Forensics and Security 6.3 (2011).

[5] Fok Mable P., Wang Zhexing, Prucnal Paul R. "Physical Encoding in Optical Layer Security." [6] Hongxi, Zhao Qingchun and Yin. "Suggested Rules for Designing Secure Communication Systems

Utilizing Chaotic Lasers: A Survey ." [7] Wang Z., Fok M. P., Xu L., Chang J., and Prucnal P. R.", Improving the privacy of optical

steganography with temporal phase masks." Optics Express 18.6 (2010). [8] Wu Ben, Wang Zhenxing, Tian Yue, Fok Mable P., Shastri Bhavin J., Kanoff Daniel R., and

Prucnal Paul R. "Optical steganography based on amplified spontaneous emission noise." Optics Express 21.2 (2013).

[9] Akhgar Babak, Arabnia Hamid R. Emerging Trends in ICT Security. MK, n.d. [10] Antonis, Syvridis Dimitris and Bogris. "Secure communications links based on chaotic optical

carriers." 2006. [11] Christoph, Guenther. "The Relevance of Quantum Cryptography in Modern Cryptographic

Systems." December 2003. SANS Institute InfoSec Reading Room. <https://www.sans.org/reading-room/whitepapers/awareness/relevance-quantum-cryptography-modern-cryptographic-systems-1334>.

[12] SWISS Quantum. June 2009. <http://swissquantum.idquantique.com/?-Quantum-Cryptography->. [13] Brassard Gilles, L¨utkenhaus Norbert , Mor Tal and Sanders Barry C. "Security Aspects of

Practical Quantum Cryptography." Physical Review Letters September 2000. [14] Ojha Vibha, Sharma Anand, Goar Vishal, Trivedi Prakriti. "Limitations of Practical Quantum

Cryptography." International Journal of Computer Trends and Technology March-April 2011.