Internet Protocol (IP) is becoming one of the most widespread protocols for implementing the network layer in a communication network. In particular, Next Generation Networks (briefly, NGNs) are known, i.e. packet-based networks using IP at their network layer. Such NGNs are able to make use of multiple broadband, QoS-enabled transport technologies, while service-related functions are independent of the underlying transport layer technologies. It is expected that NGNs will enable delivery to users of enriched communication services, such as for instance VoIP (Voice Over Internet Protocol), video call, IPTV (Internet Protocol Television) and other multimedia communication services.
A communication network typically comprises a transport backbone and one or more access networks. While, in recent years, the transport backbone has experienced substantial growth, little has changed in the access networks. As a consequence, the “last mile” is still the main bottleneck between high-capacity Local Area Networks (LANs) and the transport backbone.
The most widespread solutions for implementing access networks today are Digital Subscriber Line (briefly, DSL) networks and Cable Modem (briefly, CM) networks. Although these solutions are an improvement compared to 56 Kbps dial-up lines, they are unable to provide enough bandwidth for the above mentioned enriched communication services.
More particularly, neither DSL nor cable modems can keep up with the ever growing bandwidth demand of such enriched communication services, since both technologies are built on top of existing communication infrastructures not optimised for data traffic. Indeed, in CM networks only a few channels are dedicated to transport of data, while the majority of bandwidth is used for transporting analog video signals. As to DSL networks, they do not allow sufficient data rates at required distances, due to signal distortion and crosstalk.
Passive Optical Networks (briefly, PONs) and, in particular, Gigabit Passive Optical Networks (briefly, GPONs) are currently considered among the best candidates for implementing access networks suitable for providing such IP-based enriched communication services. PONs are generally considered as an attractive solution to the “last mile” problem, since a PON minimizes the number of optical transceivers, central office terminations and fiber deployment.
A PON is a point-to-multipoint (P2MP) optical network with no active elements in the signals' path from source to destination. The only elements used in a PON are passive optical components, such as optical fiber, splices and splitters.
More particularly, a PON typically comprises an optical line termination (briefly termed OLT) and an optical distribution network (briefly termed ODN). The ODN comprises a plurality of optical links (typically comprising silica-based single-mode optical fibers) and optical splitters arranged so as to form a point-multipoint structure radiating from the OLT.
The OLT is suitable for interfacing the ODN with the transport backbone, such as for instance a metropolitan area network (briefly, MAN) or a wide area network (briefly, WAN).
On the other hand, the ODN is suitable for allowing the OLT to exchange traffic with users connected at the far end of its optical links at transmission rates which typically can be higher than 100 Mbit/s. This advantageously allows the users to share the usage (and therefore the costs) of the OLT, thus allowing them to access broadband data services and broadband telephone services at acceptable costs.
When a PON is used for FTTB (Fiber To The Building) or FTTC (Fiber To The Curb) applications, each optical link of the ODN is terminated at its far end with a respective Optical Network Unit (briefly, ONU), which may be located either at the basement of a building or at the curb in the proximity of one or more buildings.
On the other hand, when the PON is used for FTTH (Fiber To The Home) applications, each optical link of the ODN is terminated at its far end with a respective optical network termination (briefly termed ONT), which is typically located within the user's home.
In the present description and in the claims, the expression “optical termination device” will designate an optical device suitable for terminating an optical link of an ODN at its far end, i.e. either a ONU (in case of FTTB or FTTC applications) or a ONT (in case of FTTH applications).
Recently, several security threats to a PON used for FTTH applications have been discovered. Most of such security threats relate to Denial of Services (DoS) attacks, and to attacks to confidentiality of traffic transmitted through the PON.
A serious threat to a PON when used for FTTH applications is the possibility for a malicious entity to steal an already provisioned and activated ONT, and then to access the PON without authentication and/or authorization. This is because the ONT typically is not physically protected, since it is managed directly by the user. Moreover, the need to lower the costs for activation and management of a new ONT makes it difficult to adopt robust security mechanisms, such as security mechanisms based on smart cards.
A malicious entity (e.g. a hacker), with a stolen ONT, can cause several security issues to the PON operator, to the service provider and to users.
For example, a hacker can access a PON by connecting the stolen ONT to an unused port of a splitter of the ODN. Alternatively, the hacker may add a splitter to a link of the ODN, and connect the stolen ONT to the added splitter. In this way, the hacker may receive at least part of the traffic directed to another user. In the above cases, the hacker's ONT acts as a legitimate customer's ONT.
Besides, for instance, a hacker can create a fraud ONT and then use the fraud ONT either for intercepting traffic transmitted to other ONTs or for disturbing transmission from the other ONTs to the OLT.
In order to face the above-mentioned security issues related to a PON, a number of solutions have been proposed.
First of all, each time an optical termination device is connected to an optical link of an ODN and is switched on, the optical termination device typically has to be activated at the OLT. In particular, the ITU-T Recommendation G.984.3 (February 2004) discloses that the activation process is performed under the control of the OLT. The process is started by the OLT, which periodically checks for possible activation of new optical termination devices and/or possible reactivation of switched-off optical termination devices. According to the above mentioned ITU-T Recommendation G.984.3, the activation procedure includes three phases: Parameter Learning, Serial Number Acquisition, and Ranging.
During the Parameter Learning phase, the optical termination device, while remaining passive, acquires operating parameters to be used in the upstream transmission.
During the Serial Number Acquisition phase, the OLT discovers possible new optical termination devices by opening a window for upstream transmission (called “ranging window”) and asking for serial number transmission. In this ranging window, new optical termination devices send their respective serial numbers to the OLT. Upon reception of each serial number, the OLT associates it with an unused optical termination device identifier and sends it to the corresponding optical termination device.
The ITU-T Recommendation G.984.3 (February 2004), paragraph 10.1.1 discloses two methods for acquiring the serial number of a new optical termination device.
According to a first method (“Method-A”), the serial number of the optical termination device is recorded in a local memory of the OLT by the network provider before the optical termination device is switched on for the first time. Therefore, when the OLT detects the optical termination device, it retrieves from its local memory the serial number of the optical termination device and checks whether this retrieved serial number is one of the already stored ones. In the affirmative, the OLT activates the optical termination device, while in the negative the OLT stops the activation procedure.
On the other hand, according to the second method (“Method B”), the serial number of the optical termination device is automatically retrieved by the OLT when the optical termination device is detected for the first time. In particular, when the OLT detects the optical termination device, it retrieves from it its serial number and checks whether the retrieved serial number is one of the already stored ones. In the affirmative, the OLT recognizes the optical termination device as already activated, while in the negative the OLT determines that the optical termination device should be activated for the first time. In this latter case the OLT stores the retrieved serial number in its local memory and activates the optical termination device.
During the Ranging phase, the OLT measures the optical distance between itself and each optical termination device. The aim of the Ranging phase is assigning a time interval for upstream transmission to each optical termination device, thereby synchronizing upstream transmission of the optical termination devices so that the upstream traffic transmitted by each optical termination device arrives at the OLT without collisions.
The ITU-T Recommendation G.984.3 (February 2004), paragraphs 9.2.1-9.2.2 discloses that, upon completion of the Ranging phase, an optional phase allowing the OLT to authenticate an activated optical termination device may be performed, by using a password shared by the OLT and the optical termination device. According to this optional authentication phase, the OLT transmits a Request_Password message to the optical termination. Upon reception of the Request_Password message, the optical termination device replies with a Password message comprising the password. The OLT, which stores an association between the serial number (provided during the Serial Number Acquisition phase) and the expected password, then checks whether the password received from the optical termination device matches with the expected password. In the affirmative, the OLT allows the optical termination device to access the PON; otherwise, the OLT may deny the access to the optical termination device. In case of FTTH applications, this procedure allows the OLT to check that the ONT is always used by the same user, who knows the password associated to the serial number of his ONT. This helps preventing e.g. that an ONT which has been stolen is fraudulently used by parties other than the user.
The ITU-T Recommendation G.984.3 (February 2004) also discloses at paragraph 12.3 that, upon completion of the Ranging phase, an optional phase allowing the OLT and the optical termination device to exchange an encryption key for encrypting data transmitted from the OLT to the optical termination device (also termed “downlink” or “downstream” transmission) can be performed. According to this optional phase, the OLT transmits to the optical termination device a Key_Request message. Upon reception of the Key_Request message, the optical termination device generates an encryption key and transmits it to the OLT, typically by using a number of Encryption_Key messages comprising respective fragments of the encryption key. The OLT then uses the received encryption key for encrypting the data to be transmitted to the optical termination device. This procedure allows preserving confidentiality of the downlink transmission in case it undergoes eavesdropping by unauthorized parties.
Further, US 2007/0274720 discloses a procedure for activating an ONU. First, an account may be associated with a port ID and a first ID. Next, activation data may be received including a serial number of a device and a received ID. Then, it may be determined that the data was received on a port corresponding to the port ID and that the received ID corresponds to the first ID. Next, in response to determining that the data was received on the port corresponding to the port ID and that the received ID corresponds to the first ID, the device may be activated to receive at least one service associated with the account.
In addition, US 2008/0040604 discloses a system and a method for providing a secured transmission through an authenticated encryption for each ONU in downlink transmission of an OLT in GPON. The GPON system includes an OLT for generating a GTC downlink frame by receiving data from an external service provider and ONUs for receiving the GTC downlink frame from the OLT and processing the received GTC downlink frame. The OLT performs the authenticated encryption for the generated GTC downlink frame according to the ONU by including an authentication generator and the ONU determines whether the GTC downlink frame is allowed to be processed or not by checking the authentication of the received GTC downlink frame through an authentication checker.