1. Field of the Invention
This invention relates generally to optical communication systems and, more particularly, to a secure and survivable optical system, characterized by high throughput and low latency network traffic, which deploys an optical signaling header propagating with the data payload to convey security and survival information.
2. Description of the Background
Recent research advances in optical Wavelength Division Multiplexing (WDM) technology have fostered the development of networks that are orders of magnitude higher in transmission bandwidth and lower in latency than existing commercial networks. While the increase in throughput and the decrease in latency are impressive, it is also necessary to ensure secure and survivable propagation in order to realize the Next Generation Internet (NGI) vision of providing the next generation of ultra-high speed networks that can meet the requirements for supporting new applications, including national initiatives. Towards this end, current research efforts have focused on developing an ultra-low latency Internet Protocol (IP) over WDM optical packet switching technology that promises to deliver the three-fold goal of high throughput, low latency, as well as secure and survivable networks. Such efforts, while promising, have yet to fully realize this three-fold goal. The problems to be mitigated with a secure and survivable network are set forth in the following description.
A. Possible "Attack" Methods
New forms of Optical Layer Survivability and Security (OLSAS) are essential to counter signal misdirection, eavesdropping (signal interception), and denial of service (including jamming) attacks that can be applied to currently deployed and future optical networks. The signal misdirection scenario can be thought of as a consequence of an enemy taking control of a network element or a signaling (control) channel. Possible optical eavesdropping (signal interception) methods can include (i) non-destructive fiber tapping, (ii) client layer tapping, and (iii) non-linear mixing. (Destructive fiber tapping is also a possibility, but this scheme is readily detectable by monitoring power on individual channels.) A description of each of these methods is now summarized:
(i) Non-destructive fiber tapping can be the result of: (a) fiber bending resulting in 1-10% of the optical signal (all wavelengths if a WDM system are used) being emitted out of the fiber cladding and being gathered and amplified by an eavesdropper; (b) fiber-side fusion involving stripping the fiber cladding and fusing two fiber cores together as another way to perform signal interception (note that this is an extremely difficult technique to implement); (c) acousto-optic diffraction involving placing acousto-optic devices on the fiber, which results in the leakage of 1-10% of the optical signal (all wavelengths) outside the fiber cladding. There are three examples of non-destructive fiber tapping, as follows: PA1 (ii) Client layer tapping is the result of measuring the non-zero residuals of other channels by the switches of the multiplexers/demultiplexers. When the signal goes through the optical switches, part of the optical signal that is not dropped at the client layer will appear at the client interface. Even though this signal will have very low power levels, in many instances it can result in recognizable information. PA1 (iii) Non-linear mixing involves sending a high-power pump wave to achieve, for example, four-wave-mixing and in turn map all channels to different wavelengths that are monitored by a malicious user. This technique requires phase matching at dispersion zero wavelength on the fiber.
Finally, denial of service can be the result of a variety of attacks. Some of these attacks include using a high-intensity saturating source, a UV bleach, or a frequency chirped source to jam the optical signal.
B. Comparison With Other Approaches
The three approaches that are currently used to perform encryption of the electronic data in the optical layer are the following: (i) chaotic optical encryption; (ii) quantum optical encryption; and (iii) optical spread spectrum encryption. All three schemes can be used underneath the electronic encryption layer to protect the information from possible attacks.
(i) Chaotic Optical Encryption
The chaotic optical encryption technique uses what is called "chaotic systems" as the optical encryption method. These are single wavelength chaotic synchronous fiber lasing systems that use amplitude or frequency modulation to introduce a "chaotic state" in the network. The information transmitted through the network is encoded onto chaos at the transmitter side and decoded at the receiver side. This is accomplished by using a synchronized "chaotic state" at the receiving end in order to "deencrypt" the original optical signal. Communications method using chaotic lasers have been demonstrated, with representative references being: (1) C. Lee, J. Lee, D. Williams, "Secure Communications Using Chaos", Globecom 1995; and (2) D. Drake, D. Williams, "Pseudo-chaos for Direct-Sequence Spread Spectrum Communications", SPIE, Photonics East, Philadelphia, 1995. The schemes utilized a relatively small message embedded in the larger chaotic carrier that is transmitted to a receiver system where the message is recovered from the chaos. The chaotic optical source and receiver are nearly identical, so that the two chaotic behaviors can synchronize. There are a number of shortcomings for this method, which the technique in accordance with the present invention overcomes.
First, the chaotic behaviors are highly susceptible to changes in the initial conditions. The probability for the receiving end chaotic laser to synchronize its chaotic behavior gets much smaller as the initial conditions wander. For instance, if the two chaotic lasers drift in their relative cavity length due to changes in the ambient, the probability of synchronization drops very rapidly. Hence, multiple receiving users must all synchronize the path length of their lasers. The situation becomes more complex for WDM networks deployed in the field, since cross-modulations in polarization, phase, and amplitude between multiple channels are bound to alter the initial conditions seen by the receiving users. In fact, nonlinear optical effects such as self-phase-modulation will even alter the spectrum of the chaotic carrier. It is difficult to expect such synchronization to be successful for every packet in multiwavelength optical networks. Previously it has been shown with optical network elements equipped with clamped erbium-doped fiber amplifiers (EDFAs) and Channel Power Equalizers (CPEs), lasing in the closed cycles does affect transport characteristics of other wavelength channels, even if it does not saturate the EDFAs. Chaotic oscillations in a transparent optical network due to lasing effect in a closed cycle have been observed. They are attributed to the operation of multiple channel power equalizers within the optical ring. The presence of unstable ring lasers can cause power penalties to other wavelength channels through EDFA gain fluctuation, even though these EDFAs are gain clamped. It has also been found that the closed cycle lasing does not saturate the gain clamped EDFAs in the cycle because the lasing power is regulated by the CPEs. This observation and analysis have significant impacts on the design and operation of network elements in transparent WDM networks.
Second, the noise and the chaotic behaviors are highly frequency dependent. Such a chaotic method, even if it works well for one particular data format, cannot work well for a wide range of data formats.
Third, the accommodation of chaotic optical carrier is made at the expense of useful signal bandwidth, network coverage, and network capacity. To enhance the probability of synchronization, the chaotic optical carrier must possess reasonably high optical power and consequently sacrifices the power available for the data. A simple signal-to-noise argument leads us to the conclusion that the network capacity and network reach will significantly drop due to excessive power in the chaotic carrier.
Fourth, the network must agree on a fixed configuration of the chaotic lasers for both transmitters and receivers. Once the eavesdropper acquires or learns this information, the entire network will be open to this eavesdropper. The method in accordance with the present invention, on the other hand, can vary the security coding from packet to packet for every wavelength channel.
(ii) Quantum Optical Encryption
The second method applies optical encryption at the quantum level by using the state of photons (e.g., polarization of the photons) to detect a security breach. The main idea behind this approach is the encoding of the information in a string of randomly chosen states of single photons. Anyone trying to eavesdrop by tapping part of the light must perform a measurement on the quantum state, thus modifying the state of the light. This modification of the state of the photons can then be used to detect a security breach. Representative references pertaining to this subject matter are: (1) C. Bennett, G. Brassard, A. Ekert, "Quantum Cryptography", Scientific American, 1992; and (2) C. Bennett, F. Bessette, G. Brassard, L. Salvail, J. Smolin, "Experimental Quantum Cryptography", Journal of Cryptology, Vol. 5, No. 3, 1992. One of the fundamental problems of this technique is that it is slow (data rates of only a few Mb/sec can be accommodated) and it can only be applied to communications that span short distances (a few Km). Furthermore, when the optical signal travels relatively long distances, the polarization of the photons may change (even if polarization dispersion fiber is used). This will generate a false alarm. Finally, another problem that arises is whether an attack (security breach) may be carried out that will be undetectable to the parties involved in the secure communication (i.e., the polarization of the photons does not change when an eavesdropper taps part of the light).
(iii) Spread Spectrum Techniques in Optical Domain
The third approach uses the spread spectrum technique to distribute the information packets to a number of different wavelengths. The section that follows tries to identify how this new technique compares to the classical spread spectrum techniques that are currently being used to provide security in mobile systems. Spread spectrum communication was originated 60 years ago; the main purpose then was to protect military communication signals against jamming. In that scheme, frequency hopping and frequency agile multiple access (FDMA) techniques were employed. Later on, CDMA (code-division multiple access) and SDMA (space-division multiple access) were developed to enhance the communication channel capacity and performance.
The CDMA method can increase the channel capacity by almost 10-fold over other access methods, but it is sensitive to both terrestrial signal interference and the noise added in-band by the simultaneous presence of multiple users. Thus, transmitter power control and forward error control (FEC) adjustment is very crucial to the performance of CDMA systems. These systems operate with low bit error rate (BER) (10.sup.-3 is a typical number) and low data rates (on the order of Kbps).
The inventive OLSAS mechanism combines all three approaches employed in the RF domain, namely, frequency hopping and frequency division multiple access (FDMA), CDMA, and SDMA. Rather than increasing the system access capacity at the expense of adding noise in the signal band, a different view of the performance and bandwidth/capacity management in dense WDM optical networks is taken. The abundant bandwidth provided by the WDM optical cross-connects with more wavelengths (e.g., 128) at higher bit rates (10 Gb/s) is traded for each fiber port.