With any fiber optic transmission it is possible for a sufficiently motivated attacker to tap the fiber line and eavesdrop on the data channels within the fiber. To tap a fiber link an attacker would scrape off the cladding from the optical cable and bend the cable in such a way that enough optical signal is coupled to the attackers optical receiver. Other than a slight signal loss there is no indication to the system that the cable has been tapped in such a way since this tapping does not destroy the data link and is non-intrusive. Of course an attacker would need physical access to the fiber cable to do this, but in a long haul system the fiber is very long and there are many opportunities for a sufficiently motivated attacker to have this physical access.
Currently there is no data confidentiality mechanism applied to high-speed optical data. For lower speed data links it is possible to apply digital encryption of data using encryption algorithms such as advanced encryption standard (AES) and digital encryption standard (DES or triple-DES). Use of these protocols on a high-speed optical link is currently not possible due to the very large quantity and high-speed of the data which can be greater than 10 Gigabits/second on a single wavelength, and greater than 40 wavelengths on a single fiber. Encryption protocols are complex and involve many different operations on the data and as such are limited in speed even when implemented in hardware.
It would be possible to encrypt individual lower speed data channels before being multiplexed onto the high-speed optical fiber. This will only protect the individual data channels however should the fiber be tapped, and not the bulk optical data being sent over the fiber. Encrypting all lower speed channels would be prohibitively costly due to the large amount of data which would require many very powerful hardware encryption engines. This invention presents a low cost solution that will protect all bulk traffic on the fiber link at once.