Adrián Pérez-Resa,Miguel Garcia-Bosque,Carlos Sánchez-Azqueta,Santiago Celma

DOI: https://doi.org/10.1109/TIM.2019.2896550

2024-01-27

Abstract:In the past decades, Ethernet has become an alternative technology for the field buses traditionally used in industrial control systems and distributed measurement systems. Among different transmission media in Ethernet standards, optical fiber provides the best bandwidth, excellent immunity to electromagnetic interference, and less signal loses than other wired media. Due to the absence of a standard that provides security at the physical layer of optical Ethernet links, the main motivation of this paper is to propose and implement the necessary modifications to introduce encryption in Ethernet 1000Base-X standard. This has consisted of symmetric streaming encryption of the 8b10b symbols flow at physical coding sublayer level, thanks to a keystream generator based on chaotic algorithm. The overall system has been implemented and tested in an field programmable gate array and Ethernet traffic has been encrypted and transmitted over an optical link. The experimental results show that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from passive eavesdroppers. In addition, no space overhead is introduced in data frames during encryption, achieving the maximum throughput.

Cryptography and Security,Signal Processing

Adrián Pérez-Resa,Miguel Garcia-Bosque,Carlos Sánchez-Azqueta,Santiago Celma

DOI: https://doi.org/10.1109/TCSI.2018.2867918

2024-01-27

Abstract:In this paper, a new physical layer encryption method for optical 10-Gb Ethernet links is proposed. Necessary modifications to introduce encryption in Ethernet 10GBase-R standard have been considered. This security enhancement has consisted of a symmetric streaming encryption of the 64b/66b data flow at physical coding sublayer level thanks to two keystream generators based on a chaotic algorithm. The overall system has been implemented and tested in a field programmable gate array. Ethernet traffic has been encrypted, transmitted, and decrypted over a multimode optical link. Experimental results are analyzed concluding that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from any passive eavesdropper. In addition, no overhead is introduced during encryption, getting no losses in the total throughput.

Cryptography and Security,Signal Processing

Armands Ostrovskis,Toms Salgals,Benjamin Krueger,Fabio Pittala,Mahdieh Joharifar,Richard Schatz,Michael Koenigsmann,Yuchuan Fan,Marek Chacinski,Urban Westergren,Lu Zhang,Haik Mardoyan,Sandis Spolitis,Sergei Popov,Xianbin Yu,Markus Gruen,Vjaceslavs Bobrovs,Hadrien Louchet,Xiaodan Pang,Oskars Ozolins

DOI: https://doi.org/10.1109/jlt.2023.3328774

IF: 4.7

2024-01-01

Journal of Lightwave Technology

Abstract:Development of Data Center based computing technology require energy efficient high-speed transmission links. This leads to optical amplification-free intensity modulation and direct detection (IM/DD) systems with low complexity equalization compliant with IEEE standardized electrical interfaces. Switching from on-off keying to multi-level pulse amplitude modulation would allow to reduce lane count for next generation Ethernet interfaces. We characterize 106.25 Gbaud on-off keying, 4-level and 6-level pulse amplitude modulation links using two integrated transmitters: O-band directly modulated laser and C-band externally modulated laser. Simple feed forward or decision feedback equalizer is used. We demonstrate 106.25 Gbaud on-off keying links operating without forward error correction for both transmitters. We also show 106.25 Gbaud 4-level and 6-level pulse amplitude modulation links with performance below 6.25% overhead hard-decision forward error threshold of 4.5 x 10(-3). Furthermore, for EML-based transmitter we achieve 106.25 Gbaud 4-level pulse amplitude modulation performance below KP-FEC threshold of 2.2 x 10(-4). That shows that we can use optics to support (2x)100 Gbps Ethernet on single lambda at expense of simple forward error correction.

HL Xu,JF Zhou,MH Cao,KS Chen

DOI: https://doi.org/10.1117/12.668185

2006-01-01

Abstract:Superstructured fiber Bragg grating (FBG) technology has emerged as an attractive means to produce compact, and potentially low-cost in-fiber devices for a variety of lightwave applications. In this paper, a secure optical communication system based on tunable FBG arrays is described. Utilizing the inherent characteristics of FBG array to decompose broadband pulses simultaneously in wavelength and time, one broadband light pulse reaching a series of different Bragg gratings may be split into a number of separated pulses, each with different wavelength and is positioned at different time. To recover the original pulse, an inverted grating array is needed at the receiver side, i.e., the transmission is secure in case that the exact structure of the FBG array is unknown. Some of the factors affecting the process of encryption/decryption are indicated. To further increase the security of the system, theories about bent functions are presented and applied to generate bent sequences so as to charge the modes of FBG arrays because of the bent functions' excellent cryptographic properties. Simulations results are presented and analyzed to show the feasibility of the system. The paper is concluded with a discussion of the advantages for such an optical encryption/decryption system.

Xulin Gao,Wenfu Gu,Zhitao Deng,Xinyi Li,Jinyang Ye,Yuehua An,Shubo Bi,Anbang Wang,Yuncai Wang,Yuwen Qin,Zhensen Gao

DOI: https://doi.org/10.1109/lpt.2024.3371515

IF: 2.6

2024-03-13

IEEE Photonics Technology Letters

Abstract:In the current context of information explosion, securing the physical layer in the backbone networks of coherent optical communication is vitally important. In this letter, we experimentally validate a secure communication scheme for coherent optical communication systems based on electro-optic phase feedback encryption, thereby successfully transmitting a 40 Gb/s dual-polarization quadrature phase shift keying (DP-QPSK) signal over a distance of 180 km. By strategically incorporating a delay line interferometer and a dispersion component within the electro-optic feedback loop, it is possible to generate random phase scrambling at a moderate modulation depth. With the utilization of commercial hardware, the encryption of DP-QPSK signals can be seamlessly accomplished in a plug-and-play manner, removing the necessity for additional synchronization or key distribution systems. The proposed scheme paves a new way to protect the polarization-multiplexing signals and offers a promising approach for secure coherent optical communication system.

engineering, electrical & electronic,optics,physics, applied

Adrian Chan,Mostafa Khalil,Kh Arif Shahriar,David V. Plant,Lawrence R. Chen,Randy Kuang

DOI: https://doi.org/10.48550/arXiv.2301.06113

2023-01-15

Abstract:Optical layer attacks on communication networks are one of the weakest reinforced areas of the network, allowing attackers to overcome security when proper safeguards are not put into place. Here, we present our solution or Quantum Encryption in Phase Space (QEPS), a physical layer encryption method to secure data over the optical fiber, based on our novel round-trip Coherent-based Two-Field Quantum Key Distribution (CTF-QKD) scheme. We perform a theoretical study through simulation and provide an experimental demonstration. The same encryption is used for QEPS as CTF-QKD but achieved through a pre-shared key and one-directional transmission design. QEPS is uniquely different from traditional technology where encryption is performed at the optical domain with coherent states by applying a quantum phase-shifting operator. The pre-shared secret is used to seed a deterministic random number generator and control the phase modulator at the transmitter for encryption and at the receiver for decryption. Using commercially available simulation software, we study two preventative measures for different modulation formats which will prevent an eavesdropper from obtaining any data. QEPS demonstrates that it is secure against tapping attacks when attackers have no information of the phase modulator and pre-shared key. Finally, an experiment with commercial components demonstrates QEPS system integrability.

Quantum Physics,Cryptography and Security

Zhensen Gao,Ying Luo,Lihong Zhang,Bin Tang,Xulin Gao,Wenfu Gu,Yuehui Sun,Zhaohui Li,Yuwen Qin,Yuncai Wang

DOI: https://doi.org/10.1364/OE.477785

2023-01-16

Abstract:To guarantee information security from the lowest level of optical networks, it is essential to provide physical layer security in fiber-optic communication systems. However, it is challenging to realize high speed physical secure optical communication based on advanced optical modulation formats and pure commercial hardware components. In this work, we report an experimental demonstration of a high-speed 56 Gb/s PAM4 physical-layer secure optical communication system by employing an electro-optic self-feedback hardware module for temporal self-phase encryption and decryption without consuming any additional encryption channel. An encrypted 56 Gb/s PAM4 confidential signal is successfully decrypted after transmitting over 60 km single-mode fiber. The demonstrated scheme can not only be integrated with existing optical communication networks, but can also be used as a pluggable module, which may provide a promising solution for ultra-high speed physical secure optical communication by combining with advanced multiplexing technology in future.

Cui Chen,Yang Zhe,Yang Siyu,Cheng Tao,Jiang Liqiong,Wang Xiangqing

DOI: https://doi.org/10.1109/wccct52091.2021.00008

2021-01-01

Abstract:With the wide application of large-capacity and high-speed optical networks, its security has become a current research focus. Due to the limitations of traditional key distribution and encryption schemes, this paper proposes an innovative key distribution and encryption control scheme based on physical layer channel feature extraction and analysis. First of all, the transceiver terminal extracts the physical characteristics of the fiber channel separately, and generates a consensus key through quantization coding. Second, use the generated key base to encrypt the transmission sequence, map the Quadrature Phase Shift Keying (QPSK) signal to the high-order 1024×1024-QAM signal, and use the noise stream to perform the high-order QAM. The signal is flooded. The system utilizes channel non-replication and randomness of channel noise, the security and randomness of the key are good, and the key formation rate is high and the key generation equipment is simple. The system uses high-order QAM modulation, which increases the security of the system. The experimental results show that the coding rate of the key generated by the system reaches 400kb/s, and the coding performance of the key is better; the operating key is generated by the key base extension, which has strong anti-interception ability; the system has a low bit error rate and secure transmission Good performance.

DOI: https://doi.org/10.1007/s11082-022-04354-8

IF: 3

2022-12-13

Optical and Quantum Electronics

Abstract:The need for high levels of data privacy in various applications has made transmitting safe data more crucial. In this work, a cipher algorithm based secure optical communication system is demonstrated via OptiSystem software to transmit a secure message over a link distance of 100 km with bitrate of 80 Gbps. The message in the electrical domain is encrypted and decrypted using the MATLAB component via Rivest Cipher 4 (RC4) algorithm. The results show that message encryption decreased link distance from 77.4 to 63 km by around 18.6% as a result of an increase in the dispersion effect. Dispersion compensation fiber (DCF) is used to address this problem, increasing link distance from 63 to 100 km by roughly 58.73%.

engineering, electrical & electronic,optics,quantum science & technology

Zhuangkun Wei,Liang Wang,Schyler Chengyao Sun,Bin Li,Weisi Guo

DOI: https://doi.org/10.3390/s22103951

IF: 3.9

2022-05-24

Sensors

Abstract:The proliferation of low-cost Internet of Things (IoT) devices has led to a race between wireless security and channel attacks. Traditional cryptography requires high computational power and is not suitable for low-power IoT scenarios. Whilst recently developed physical layer security (PLS) can exploit common wireless channel state information (CSI), its sensitivity to channel estimation makes them vulnerable to attacks. In this work, we exploit an alternative common physics shared between IoT transceivers: the monitored channel-irrelevant physical networked dynamics (e.g., water/oil/gas/electrical signal-flows). Leveraging this, we propose, for the first time, graph layer security (GLS), by exploiting the dependency in physical dynamics among network nodes for information encryption and decryption. A graph Fourier transform (GFT) operator is used to characterise such dependency into a graph-bandlimited subspace, which allows the generation of channel-irrelevant cipher keys by maximising the secrecy rate. We evaluate our GLS against designed active and passive attackers, using IEEE 39-Bus system. Results demonstrate that GLS is not reliant on wireless CSI, and can combat attackers that have partial networked dynamic knowledge (realistic access to full dynamic and critical nodes remains challenging). We believe this novel GLS has widespread applicability in secure health monitoring and for digital twins in adversarial radio environments.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhensen Gao,Qiongqiong Wu,Lei Liao,Biao Su,Xulin Gao,Songnian Fu,Zhaohui Li,Yuncai Wang,Yuwen Qin

DOI: https://doi.org/10.1364/OE.467578

2022-08-15

Abstract:Protecting confidential high speed optical signal transmission at the lowest physical layer is a critical challenge for modern fiber-optic communication systems. In this paper, we experimentally demonstrate a novel synchronous privacy enhanced chaotic temporal phase en/decryption scheme for high-speed physical layer secure optical communication. A remote chaos synchronization architecture relying on common source signal driving and private response hardware modules comprising of dispersive components and slave lasers is employed to generate synchronized private chaotic en/decryption signals, and simultaneously suppress residual driving-response correlation for enhancing the security. A proof-of-principle demonstration by secure transmission of a 28 Gb/s on-off-keying modulated confidential signal over 100 km single mode fiber link based on the private chaotic temporal phase en/decryption scheme is successfully achieved. The demonstrated hardware optical en/decryption approach may provide a promising way towards future ultra-high speed physical layer secure optical communication systems.

Luis Velasco,Morteza Ahmadian,Laura Ortiz,Juan P. Brito,Antonio Pastor,Jose M. Rivas,Sima Barzegar,Jaume Comellas,Vicente Martin,Marc Ruiz

DOI: https://doi.org/10.3390/s24206631

IF: 3.9

2024-10-16

Sensors

Abstract:Optical communications providing huge capacity and low latency remain vulnerable to a range of attacks. In consequence, encryption at the optical layer is needed to ensure secure data transmission. In our previous work, we proposed LightPath SECurity (LPSec), a secure cryptographic solution for optical transmission that leverages stream ciphers and Diffie–Hellman (DH) key exchange for high-speed optical encryption. Still, LPSec faces limitations related to key generation and key distribution. To address these limitations, in this paper, we rely on Quantum Random Number Generators (QRNG) and Quantum Key Distribution (QKD) networks. Specifically, we focus on three meaningful scenarios: In Scenario A, the two optical transponders (Tp) involved in the optical transmission are within the security perimeter of the QKD network. In Scenario B, only one Tp is within the QKD network, so keys are retrieved from a QRNG and distributed using LPSec. Finally, Scenario C extends Scenario B by employing Post-Quantum Cryptography (PQC) by implementing a Key Encapsulation Mechanism (KEM) to secure key exchanges. The scenarios are analyzed based on their security, efficiency, and applicability, demonstrating the potential of quantum-enhanced LPSec to provide secure, low-latency encryption for current optical communications. The experimental assessment, conducted on the Madrid Quantum Infrastructure, validates the feasibility of the proposed solutions.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Oscar J. Ciceri,Carlos A. Astudillo,Zuqing Zhu,Nelson L. S. da Fonseca

DOI: https://doi.org/10.1109/mnet.111.2100716

IF: 10.294

2022-01-01

IEEE Network

Abstract:Federated Learning (FL) is a distributed machine learning type of processing that preserves the privacy of user data, sharing only the parameters of ML models with a common server. The processing of FL requires specific latency and bandwidth demands that must be fulfilled by the operation of the communication network. This article introduces two Dynamic Wavelength and Bandwidth Allocation algorithms for TWDM-PONs: one based on bandwidth reservation and the other on statistical multiplexing for the Quality of Service provisioning for FL traffic over 50 Gb/s Ethernet Passive Optical Networks.

Feng Chen,Man Song,Fen Zhou,Zuqing Zhu

DOI: https://doi.org/10.1109/tnsm.2021.3081590

2021-01-01

Abstract:The fast development of cloud computing and Big Data applications has promoted virtualization technologies such as network function virtualization (NFV), which in turn dramatically increased the amount of sensitive data being transmitted over the optical networks for datacenter interconnections (DCIs). To ensure the physical-layer security in DCIs, people have developed optical transport network (OTN) encryption technologies, i.e., leveraging high-speed encryption cards (ECs) to encrypt OTN payload frames. Although experimental studies have confirmed the benefits of ECs in terms of line-speed processing, low latency, and small encryption overhead, the problem of how to utilize them to build a secure packet-over-optical network with high cost-effectiveness has not been explored yet. In this paper, we study how to realize cost-effective and security-aware multilayer planning in a packet-over-optical network that covers both trusted and untrusted zones, in consideration of OTN encryption. We first formulate an integer linear programming (ILP) model to minimize the total capital expenditure (CAPEX) of the multilayer planning, which includes the costs of OTN linecards (LCs), ECs, and bandwidth resources, and solve the optimization exactly. Then, we prove the NP-hardness of the multilayer planning, and to reduce the time complexity, we propose a column generation (CG) model and design a more time-efficient approximation algorithm based on it. Our simulation results confirm the performance and advantages of our CG-based proposal, i.e., it is much more time-efficient than solving the ILP directly, and outperform the existing heuristic in terms of total CAPEX and costs of used LCs and ECs.

Chulun Lin,Taixia Shi,Yiqing Liu,Yang Chen

2024-07-12

Abstract:A novel microwave photonic scheme for secure data transmission in optical networks is proposed. The security of the scheme is guaranteed by physical encryption and decryption via the temporal Talbot effect in dispersive mediums. First, the original data is randomized in the digital domain by performing an exclusive OR operation using a random matrix. Subsequently, a time-varying multi-tone electrical signal, which represents the randomized data matrix, is modulated onto an optical carrier. The optical signal after modulation is then phase-modulated by a temporal Talbot array illuminator (TAI) signal, and the optical signal after discrete quadratic phase modulation will lose its original appearance in the frequency domain and be further dispersed in the first dispersive medium. Due to the dispersion that does not match the TAI signal exactly, the waveform after the first dispersive medium is a noise-like signal. Hence, the physical encryption of the original data is successfully achieved. As the optical signal passes a second dispersive medium that makes the total dispersion match the TAI signal, the temporal waveform of the noise-like signal after photodetection is transformed into pulses. "1" and "0" in the randomized data matrix are represented through the presence and absence of pulses, and the physical decryption is achieved. By further processing the recovered data matrix using the random matrix, the original data can be recovered. The physical layer security of the proposed scheme and its fiber transmission capability are demonstrated. 8-Gbit/s data is transmitted, encrypted, and decrypted using two dispersive mediums and an optical fiber of 10 to 200 km, and error-free transmission is achieved. Many factors that affect the encryption, decryption, and transmission performance of the system have been analyzed.

Optics,Signal Processing

Xiaojie SHI,Guangxiang WU

DOI: https://doi.org/10.13921/j.cnki.issn1002-5561.2018.01.009

2018-01-01

Abstract:Optical transmission network security issues have become increasingly prominent, the urgent need for a encryption device which can effectively solve the problem of information transmission security. This pa-per analyzes the characteristics of the frame structure of SDH, combined with SDH networking equipment, designs a 155Mb/s optical transmission encryption device based on SDH, and introduces the components and the specific implementation method of device. The experiment proves that the combination of the device and SDH optical transmission equipment used in network, the introduction of low transmission delay and high transmission reliability can effectively improve the security of SDH optical network information transmission.

Rainer Strobel

DOI: https://doi.org/10.1080/01468030.2018.1523507

2018-10-05

Abstract:In future, Internet access speeds beyond 1 Gbit/s will be required, which is mainly provided by fiber connections in the fixed access network. A high-performance copper-based transmission technology can enable fiber to the building and fiber to the home installations in a cost-effective copper/fiber hybrid network. ITU has started a project for multi-gigabit copper access (MGfast), as a successor of the G.fast technology with the goal to provide symmetric services with 10 Gbit/s aggregated rate for each subscriber. Besides the use of higher bandwidth up to 424 MHz or 848 MHz, full duplex transmission with echo cancellation is another major improvement in MGfast. Line bonding and frequency bonding allow the use of the same physical layer architecture for different media types. This paper discusses network topologies for the hybrid network and technology options for copper transmission to achieve the desired rate and reach.

optics

Xiaomin Chen,Admela Jukan,Ashwin Gumaste

DOI: https://doi.org/10.1109/JLT.2013.2291318

2013-06-25

Abstract:The need for optical parallelization is driven by the imminent optical capacity crunch, where the spectral efficiency required in the coming decades will be beyond the Shannon limit. To this end, the emerging high-speed Ethernet services at 100 Gbps, have already standardized options to utilize parallel optics to parallelize interfaces referred to as Multi-lane Distribution (MLD). OFDM-based optical network is a promising transmission option towards the goal of Ethernet parallelization. It can allocate optical resource tailored for a variety of bandwidth requirements and that in a fundamentally parallel fashion with each sub-carrier utilizing a frequency slot at a lower rate than if serial transmission was used. In this paper, we propose a novel parallel transmission framework designed for elastic (OFDM-based) optical networks to support high-speed Ethernet services, in-line with IEEE and ITU-T standards. We formulate an ILP optimization model based on integer linear programming, with consideration of various constraints, including spectrum fragmentation, differential delay and guard-band constraints. We also propose a heuristic algorithm which can be applied when the optimization model becomes intractable. The numerical results show the effectiveness and high suitability of elastic optical networks to support parallel transmission in high-speed Ethernet. To the best of our knowledge, this is the first attempt to investigate the parallel transmission in elastic optical networks to support standardized high-speed Ethernet.

Networking and Internet Architecture

José David Vega Sánchez,Luis Urquiza-Aguiar,Martha Cecilia Paredes Paredes,Diana Pamela Moya Osorio

DOI: https://doi.org/10.48550/arXiv.2006.08044

2020-06-15

Abstract:Physical layer security is a promising approach that can benefit traditional encryption methods. The idea of physical layer security is to take advantage of the features of the propagation medium and its impairments to ensure secure communication in the physical layer. This work introduces a comprehensive review of the main information-theoretic metrics used to measure the secrecy performance in physical layer security. Furthermore, a theoretical framework related to the most commonly used physical layer security techniques to improve the secrecy performance is provided. Finally, our work surveys physical layer security research over several enabling 5G technologies, such as massive multiple-input multiple-output, millimeter-wave communications, heterogeneous networks, non-orthogonal multiple access, and full-duplex. Also, we include the key concepts of each of the aforementioned technologies. Future fields of research and technical challenges of physical layer security are also identified.

Information Theory,Signal Processing

Marcus de Ree,Georgios Mantas,Jonathan Rodriguez

DOI: https://doi.org/10.48550/arXiv.2309.15569

2023-09-27

Abstract:Physical layer security (PLS) encompasses techniques proposed at the physical layer to achieve information security objectives while requiring a minimal resource footprint. The channel coding-based secrecy and signal modulation-based encryption approaches are reliant on certain channel conditions or a certain communications protocol stack to operate on, which prevents them from being a generic solution. This paper presents Grain-128PLE, a lightweight physical layer encryption (PLE) scheme that is derived from the Grain-128AEAD v2 stream cipher. The Grain-128PLE stream cipher performs encryption and decryption at the physical layer, in between the channel coding and signal modulation processes. This placement, like that of the A5 stream cipher that had been used in the GSM communications standard, makes it a generic solution for providing data confidentiality in IoT networks. The design of Grain-128PLE maintains the structure of the main building blocks of the original Grain-128AEAD v2 stream cipher, evaluated for its security strength during NIST's recent Lightweight Cryptography competition, and is therefore expected to achieve similar levels of security.

Cryptography and Security