11.1. Introduction

Optical fiber-based networks have emerged as the predominant transport layer technology for telecom service providers [16]. These networks provide very high bit rates to support a broad class of applications. The ability to route large amounts of data and access different channels make them a very appealing option for providing very high-rate access in wide-area networks (WANs), metropolitan area networks (MANs), and even local-area networks (LANs). In particular, if they can be used in an all-optical network (AON) mode where a signal does not have to go through optical-to-electrical-to-optical (O-E-O) conversion, the benefits are larger.

The high capacity of a fiber channel can be efficiently utilized by deploying either time division multiplexed (TDM) or wavelength division multiplexed (WDM) modes [2]. In this chapter, we focus on the AON employing the WDM mode. Fiber bandwidth is divided into multiple optical wavelength channels and each wavelength can support 10 Gbps or higher data rates. A fiber in the future is likely to carry 100 Gbps and hundreds of such channels. However, such networks have four important security ramifications:

  1. Any attack, even that of a short duration and perhaps infrequent, can result in large amounts of data being corrupted or compromised.

  2. End users may be using security protocols designed for slower networks, which may not be efficient or sufficient to detect attacks at very high speeds, resulting in effective service denial attacks using high-bandwidth methods.

  3. The large physical spans in WANs with very high data rates produce high latencies. Such latencies imply that large amounts of data on the wire may be beyond the reach of anti-attack measures.

  4. The transparency feature in AONs has large implications in ensuring security (see Section 11.1.1).

11.1.1. Security Problems in All-Optical Networks

Security in AONs is different from communication and computer security in general. This is because AONs introduce physical-layer mechanisms that cause potential models of attack to be different from those that are well known for traditional electronic networks [7]. The transparency characteristic of AONs means that data do not undergo optical-to-electrical or electrical-to-optical conversion. Thus, connections in such networks are only amplified but not regenerated at intermediate components [8]. This creates many security vulnerabilities that do not exist in traditional networks. Transparency and nonregeneration features make attack detection and localization much more difficult.

11.1.2. Possible Attacks

Attacks on a network can be broadly categorized into six areas:

  1. Traffic analysis attack. The ciphertext length usually reveals the plaintext length from which an attacker can get valuable information. An attacker can tap into fibers and obtain this information.

  2. Eavesdropping. This occurs when an attacker covertly listens in on traffic to get sensitive information.

  3. Data delay. An attacker intercepts the data sent by the user for later use.

  4. Spoofing. This attack is defined as the acquisition of privileges, capabilities, trust, and anonymity by pretending to be a more privileged or trusted process/user. This attack includes masquerading and Trojan horse attacks.

  5. Service denial. This attack deprives a user or an organization of the services of a resource that they would normally expect to have. A denial of service (DoS) attack can also destroy programs and files in a computer system.

  6. Quality of service (QoS) degradation. An attacker overpowers legitimate signals to degrade or deny services.

11.1.3. All-Optical Network Attack Types

AON attacks can be roughly divided into two different types: service disruption attacks and tapping attacks.

Service Disruption Attacks

This type of attack include service denial attacks and QoS degradation attacks. Physically, this type of attack can be carried out using the following three methods.

Fiber attacks

Fibers ideally propagate information on different wavelengths with only frequency-dependent delay and attenuation. They typically have very low radiation loss, that is, under normal operating conditions, there is a negligible radiation of power from the fiber. However, unprotected fiber is very vulnerable against any attacker with physical access (e.g., service is easily disrupted by cutting or bending a fiber).

Optical amplifier attacks

Optical amplifiers are critical and necessary components for AONs. The erbium doped fiber amplifier (EDFA) is commonly used in current optical networks. EDFA consists of an optical fiber having a core doped with the rare-earth element erbium. Light from one or more external semiconductor lasers is coupled into the fiber, exciting the erbium atoms. Optical signals entering the fiber stimulate the excited erbium atoms to emit photons at the same wavelength as the incoming signal. This amplifies a weak optical signal to higher power. EDFAs can simultaneously amplify signals over a range of wavelengths, making them compatible with WDM systems. However, the nature of EDFA operation in WDM communication links and nodes can lead to a phenomenon known as gain competition, whereby multiple independent WDM wavelengths share a limited pool of available upper-state photons within the fiber. The result is that a stronger signal (possibly from an attack) can deprive a weaker signal of signal amplification gain. This gain competition, combined with the fact that a fiber has extremely low loss, means that EDFA is susceptible to power jamming from remote locations. In some cases, an attacker from a legitimate network access point can cause service denial to many other users in this manner.

Switching node attacks

Wavelength selective switches (WSSs) have significant crosstalk levels. Crosstalk causes signals to leak onto unintended outputs and permits inputs to cause interference on other optical signals that are passing through these devices. The level of crosstalk greatly depends on the particular components and architecture of a switch. However, crosstalk is additive and thus the aggregate effect of crosstalk over a whole AON may be much worse than the effect of a single point of crosstalk. An attacker could inject a very strong signal into a switch. Although only a small fraction of it may leak onto another channel, a sufficiently powerful signal modulated in a malicious way can be highly disruptive.

Tapping Attacks

This type of attack includes both eavesdropping attacks and traffic analysis attacks. Physically, this can be achieved in two different ways: fiber or EDFA attacks and switching node attacks. Some of the possible attacks, like fiber cuts, can be treated as a component failure. Other attacks, like correlated jamming, have limited spreading capability as they affect only those connections that share a link or a node with the attack connections.

11.1.4. Issues in Crosstalk Attack Diagnostic Algorithms

Attack monitoring and localization is important for the security of AON. There has been some work [3, 911] in the area of attack localization in AONs, and some detection methods have been proposed. However, it is not clear if these methods guarantee the localization of every attack. Other studies [12, 13] describe the capability of an optical monitoring module. Generally, an optical monitor can measure a single connection’s optical power as well as its optical SNR (signal-to-noise ratio). But placing monitors at each node in a network is not an attractive and efficient option. Supervisory connection concepts have also been proposed. A network management system using supervisory connections [14, 15] can detect and monitor the performance of devices in the network. The advantage of this scheme is that a monitoring device can be put in a remote place. The major drawback of such a scheme is that extra supervisory connections are needed to send control signal and detection data. However, this method provides the means required for sparse monitoring.

The goal of this chapter is to provide quantitative answers to questions about the level of resources needed to support a modern attack management system. Our research in attack-diagnostic problems broadly lies in three areas: modeling (i.e., how to model crosstalk attacks); characterization and algorithms (i.e., how to devise methods for detection and localization of crosstalk attacks); and policies (i.e., how to implement the various steps involved in the diagnosis of crosstalk attacks).

Crosstalk Attack Modeling

To establish clear models for crosstalk attacks and monitoring nodes, we study the special properties of crosstalk attacks and analyze the power levels for attack signals, affected signals, and unaffected signals according to the origination and propagation mechanism for crosstalk attacks. We assume that using different power levels implies that different signals have different attack capabilities. With these assumptions, a reasonable crosstalk attack model is established. The monitoring model is based on power-level detection.

Characterization and Algorithms

The next important question then is how to locate the attack source. We develop necessary and sufficient conditions for a one-crosstalk attack diagnosable network and a k-crosstalk attack diagnosable network. We also develop a diagnosis algorithm.

Sparse Monitoring Policies

An interesting problem in the attack diagnosis system is whether a sparse monitoring network can provide sufficient information for detection and localization purpose. Based on the necessary and sufficient conditions, we develop solutions that only require sparse monitoring in the network. It is shown that these solutions are sufficient to detect a single crosstalk attack. We also develop methods for a k-crosstalk attack diagnosable system.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset