1. Field of the Invention
The present invention relates to the design of Ethernet passive optical networks. More specifically, the present invention relates to a method and an apparatus for encrypting and decrypting data to improve the security of an Ethernet passive optical network.
2. Related Art
In order to keep pace with increasing Internet traffic, optical fibers and associated optical transmission equipment have been widely deployed to substantially increase the capacity of backbone networks. However, this increase in the capacity of backbone networks has not been matched by a corresponding increase in the capacity of access networks. Even with broadband solutions, such as digital subscriber line (DSL) and cable modem (CM), the limited bandwidth offered by current access networks creates a severe bottleneck in delivering high bandwidth to end users.
Among the different technologies that are presently being developed, Ethernet passive optical networks (EPONs) are one of the best candidates for next-generation access networks. EPONs combine ubiquitous Ethernet technology with inexpensive passive optics. Hence, they offer the simplicity and scalability of Ethernet with the cost-efficiency and high capacity of passive optics. In particular, due to the high bandwidth of optical fibers, EPONs are capable of accommodating broadband voice, data, and video traffic simultaneously. Such integrated service is difficult to provide with DSL or CM technology. Furthermore, EPONs are more suitable for Internet Protocol (IP) traffic, because Ethernet frames can directly encapsulate native IP packets with different sizes, whereas ATM passive optical networks (APONs) use fixed-size ATM cells and, consequently, require packet fragmentation and reassembly.
Typically, EPONs are used in the “first mile” of the network, which provides connectivity between the service provider's central offices and business or residential subscribers. Logically, the first mile is a point-to-multipoint network, with a central office servicing a number of subscribers. A tree topology can be used in an EPON, wherein one fiber couples the central office to a passive optical splitter, which divides and distributes downstream optical signals to subscribers and combines upstream optical signals from subscribers (see FIG. 1).
One challenge in designing an EPON is to improve an EPON's security. Security concerns in an EPON arise because an EPON typically serves non-cooperative, private users through a broadcasting downstream channel. This channel can potentially become available to any interested party capable of operating an end station in a promiscuous mode. In general, to ensure EPON security, a network operator needs to guarantee subscriber privacy. Hence, mechanisms to control subscribers' access to the infrastructure are critical. Unfortunately, conventional encryption methods are not the best choice because they often involve modification of the underlying communication protocols. Such modifications can potentially interfere with other extensions and development of these protocols.
Hence, what is needed is a method for encrypting and decrypting data in an EPON while minimizing interference with future extensions of existing protocols.