As the demand for network capacity grows, the issue of securing the physical layer of optical network cannot be overlooked. Optical layer security benefits from electromagnetic immunity however the optical layer includes not only fiber spans but also network equipments which are vulnerable to a variety of attacks. This means that optical networks can be almost as easy to tap or to interfere as copper wire based networks.
One approach that has been proposed for providing communications security is optical encryption of the signals transmitted across an optical communications network, as proposed by Jung et al, “Demonstration of 10 Gbps all-optical encryption and decryption system utilizing SOA XOR logic gates”, Optical and Quantum Electronics, vol. 40, no. 5-6, April 2008. A problem faced by optical encryption is that optical encryption and decryption devices are required for each wavelength channel at each transmitter and receiver within a communications network, raising the cost of the network.
One known approach shown in WO2011103930 is concerned with the vulnerability of optical monitoring points in the communications network. These monitoring points are intended for monitoring optical spectrum and power but may be vulnerable to unauthorised eavesdropping. They typically comprise an optical splitter arranged to extract between 1% and 10% of the optical signal that is to be monitored, the extracted signal being provided to a monitoring port. All of the traffic carried by the optical signal being monitored is replicated in the extracted signal and is provided to the monitoring port. There is a resulting problem that live traffic is vulnerable to eavesdropping at the monitoring port and this presents a problem of communications network security.
International Telecommunications Union document ITU-T X.805 “Security architecture for systems providing end-to-end communications” sets out various optical protection schemes for making an optical connection secure against a fibre being cut to place an in-line tap for eavesdropping. However, the methods set out in ITU-T X.805 only monitor cuts in an optical communications network fibre link and are not able to detect eavesdropping of an optical signal via a monitoring port.
Optical signal transforming apparatus is arranged to receive the tapped signal and to apply an optical transfer function to the tapped signal to form an optical monitoring signal. The optical transfer function is arranged to preserve the spectral property of the tapped signal and to apply a time-domain obfuscation to the tapped signal. The optical signal transforming apparatus is further arranged to provide the optical monitoring signal to the monitoring port. Thus an optical monitoring signal from an input optical signal or an output optical signal may be formed on which the traffic is obfuscated in the time-domain and in which a spectral property of the input optical signal or the output optical signal is preserved. Therefore it becomes difficult or impossible for traffic on the input signal or the output signal to be intercepted by eavesdropping on the optical monitoring signal, without the need for encryption of each wavelength channel.