Data encryption-decryption is necessary in a variety of communication technologies. Communication between any two entities is made more secure by encrypting the data. Specifically, communications through PONs may benefit from improved data encryption.
PONs having a plurality of optical network units (ONU) communicating with an optical line terminal (OLT) are well known in the art. An exemplary PON is shown schematically in FIG. 1. Specifically, the figure shows at Ethernet PON (EPON) 100 that has an OLT 102 communicating with three ONUs 106, 108 and 110 through a splitter 104. One of the key international standard specifications for a PON-based broadband optical access system is given by ITU-T Recommendation G.983.1. G.983.1 includes description of a data encryption function termed “churning” to offer a protection capability for data confidentiality purposes. This function is mandatory because, in a PON system, the OLT always physically broadcasts information downstream, but only one ONU at a time can decode the information. More specifically, in the system of FIG. 1, OLT 102 first sends a certain downstream message to request each ONU (e.g., ONU 104) to provide its churning key. In response to this request, the ONU 104 generates a churning key and sends it back to the OLT 102. With the received churning key, the OLT 102 encrypts, or churns, downstream cells before sending them out to ONU 104. This data churning operation for downstream cells are performed on an individual virtual path (VP) basis. OLT 102 notifies ONU 104 of which virtual path is churned or not, by sending a special downstream message indicating the virtual path identifier (VPI) of a particular path that is churned or not churned. This information is referred to as “churning parameters”.
All ONUs in a PON system have their respective churning keys, and the churning of downstream information can be enabled or disabled separately for each VPI. The OLT sends downstream messages to notify each ONU of churning parameters before sending downstream cells. When data is received through a churned VP, the destination ONU decodes the data with its own churning key. Churning is a memory-less and history-less function. Every byte is churned without relation to any other byte. The transformations of some nibbles may be identified by using a very simple method based on the knowledge of known fields in packets.
Churning was suggested as a compromise for a non-encryption solution. As shown below, a major current disadvantage is that the decoding of churning is trivial Churning is easily broken using a very few packets and a breaking tool.
Since churning is different for upper and lower nibbles, two different tables are maintained by the breaking tool, but isolating data patterns is simpler because it is easier to identify patterns when looking at nibbles Following that, a simple differential cryptographic method is used by the breaking tool. Churning is a simple shift of a single bit in a nibble to a different bit location in a nibble with potential inversion. By locating the transformation of each bit, the entire transformation table is known.
The entire process is carried out by the breaking tool without caring about the key. The key itself is not important. The only important information is the nibble transformation. In the example below, we see two different transformations for two nibbles. Each output bit is affected only by a single input bit of the same nibble.
Consequently, it would be advantageous to have a churning method that will provide better encryption security than known churning methods.