This invention relates to a technique for protecting information transmitted through optical fibers from intrusion. The invention also relates to an apparatus for achieving such protection.
Optical fiber technology is becoming an increasingly important means to transfer information from one location to another. In many situations this information must be protected from intrusion. Optical fibers do not provide any inherent intrusion protection, and the information propagating in the fiber can be extracted from the fibers.
One method used to overcome this problem is to encrypt data. Encryption techniques, currently used in both electrical and optical systems, are complex, expensive, and require extensive security measures. However, encryption requires careful protection of key codes and requires physically protecting the medium. Recently, methods have been developed to make optical fiber systems more immune to intrusion, potentially eliminating the need for encryption units for some uses. Such techniques are described below. While these techniques offer some advantages, implementation of these techniques is complex and requires special fiber optic components. The object of this invention is to provide a relatively simple, low-cost approach for a secure fiber optic communication link that has enhanced sensitivity to intrusion.
The requirement to transmit sensitive information between secure facilities separated by an unsecure environment has led to the development of techniques to either safeguard the information itself or safeguard the transmission medium upon which the information is passed. As mentioned, the information itself may be safeguarded by encryption.
One approach is to detect intrusion attempts in the system, and provide for an alarm and immediate shut-down of sensitive transmissions in event of intrusion. Examples of such techniques include pressurized conduits, electrical capacitance sensors, and video cameras. The medium may be physically protected by hardening the medium or presenting a physical hazard to anyone attempting an intrusion. Encasement in concrete would represent an example of medium hardening. An example of a physical hazard would be a guard dog. Physical protection of the medium suffers the disadvantage the maintenance of the transmission channel may be difficult, and such techniques do not lend themselves to flexible development of such systems.
Optical fiber technology offers several characteristics advantageous to secure transmission of information. Such characteristics include the relative difficulty of collecting optical power radiated by an optical waveguide, the possibility of high data rates, the long transmission spans possible with fiber optics, low weight for tactical uses, and the possibility of constructing intrusion detecting fiber optic links which may eliminate encryption requirements in some uses.
Emissions radiated by an optical waveguide cannot be coupled by copper or metallic waveguides; they must be collected and detected optically. Tapping schemes relying upon coupling of radio frequency information are less useful with optical waveguides, due to the extremely high frequency of an optical carrier. Detection of any radiation must employ sensitive photodetectors specifically optimized for the wavelength and data rate of the transmission.
The attributes that have been responsible for the widespread acceptance of fiber optics as a transmission medium for long distance telecommunications, subscriber loops, and local area networks are also applicable to secure links. Single mode fibers have enabled transmission of data at rates in the gigabit per second range. Low attenuation on the order of 0.2 dB per kilometer yields long distance repeaterless transmission.
The preceding technologies are not considered optimum candidates for an effective Intrusion Resistant Optical Communication (IROC) data network, despite the fact that they offer some intrusion resistance. The techniques all suffer from one or more of the following disadvantages: inadequate intrusion sensitivity, nonstandard parts, limited link span, limited data rate, poor performance with temperature extremes or tendencies for false alarms. In contrast, the present approach offers enhanced sensitivity to intrusion attempts while maintaining the advantages accrued by using standard, commercially available single mode fiber optic components.
The terms intrusion resistance and intrusion detecting are used somewhat synonymously in this discussion. The fiber optic communication schemes described offer resistance to the interception of data by detecting intrusion attempts.
Intrusion detection schemes using Optical Time Domain Reflectometry (OTDR) and received power level sensing simply detect the loss of optical power propagating in the waveguide, which is a necessary consequence of the extraction of optical power required before the signal may be tapped.
Optical time domain reflectometry provides a sensitive measurement of the optical power scattered or reflected by the fiber of in-line components back toward the source. The output of the source is directly modulated by the data and is guided into a link fiber by a directional coupler. Any reflected light generated within the fiber is guided back to the directional coupler, where it is split and directed to the source and to the photodetector. The light directed to the laser source is dissipated as heat, but it may also induce radio frequency oscillations in the laser output. For this reason, it is often desirable to isolate the source from the returned light by placing some polarization control, such a quarter-wave plate or quarter-beat length polarizing fiber, between the source and the directional coupler.
The light reflected within the optical fiber is largely due to scattering, which is scattering from fiber inhomogeneities in size roughly equal to the wavelength of light. Light may also be returned by reflections due to refractive index differentials across a boundary such as a connector or splice. In particular, if the link fiber is bent anywhere along its length in an attempt to extract optical power to read the signal, the bend will generate a return wave down the fiber.
This reflection generates a characteristic signature in the photodetector output which may be interpreted as in intrusion attempt. Additionally, the location of the bend may be calculated by multiplying the speed of propagation in the fiber by the propagation time delay from the bend to the detector.
The received power level sensing technique is a simple adaptation of OTDR to monitor the optical power throughput of the fiber. The output of the fiber is split by a beamsplitter or directional coupler. Part of the output is directed to the photodetector, where the signal is detected. The remaining part is directed to an optical power meter, which continuously monitors the power output of the fiber. If some of the light in the fiber is coupled out by a tap, the power meter detects the decrease in power throughput.
The major disadvantage for the OTDR and power level sensing approaches is that they lack the resolution necessary to reliably detect a successful bending tap. In addition, the techniques are difficult to implement for many uses, such as star networks or linear busses.
Power level detection intrusion detection techniques are made more resistant to tapping by operating the transmission in the "whisper mode". See U.S. Pat. No. 4,435,850, hereby incorporated by reference. To operate in "whisper mode", the optical carrier is modulated by a signal with a peak-to-peak amplitude many orders of magnitude smaller than the amplitude of the carrier, which is of such high frequency that it appears as a DC component to the photodetector. The DC component is strong enough to swamp out all noise mechanism in the receiver, such as thermal noise and amplifier front end noise. The remaining noise component is quantum noise, and is a function only of received signal power, given a fixed detector responsivity and bandwidth. The signal current out of the detector is a function of both received power and modulation index. Therefore, the modulation index may be set to give any desired signal-to-noise ratio. This enables the signal-to-noise ratio to be set as low as tolerable by keeping the modulation index arbitrarily low. Because the power coupled out of a bending tap is orders of magnitude less than the power to the receiver, the resulting signal-to-noise ratio of the extracted signal is too low to reliably reconstruct the signal. However, "whisper mode" operation limits total link distance possible, and limits bit-error-rate times data rate product.
Concentric core fibers may be used to protect secure information by surrounding the secure optical data channel with a concentric optical guard band carrying unclassified information. A special fiber with two cores is used as the transmission medium. The central core is colinear with the axis of the fiber, and is used to carry the secure information. Theoretically, the central core may be multimode or single mode, step index or graded index, but fabrication difficulties practically limit the construction to the multimode, step index design. Surrounding the central core and concentric with it is a second core region, separated from the central core by a cladding band of refractive index lower than that of the two cores. The second core is of necessity multimode and step index, and is used to carry the optical guard band. When bends or microbends are used to extract the secure signal, the guard band signal is coupled out and attenuated before the signal band. By continuously monitoring the guard band for unexpected attenuation, the secure transmitters can be shut down during an intrusion attempt.
This fiber is disadvantageous because it comprises expensive dual core fiber and complicated input/output optical coupler. See H. Hoar, Design and Develop a Concentric Core Optical Fiber, Air Force Technical Report RADC TR 82-88 (Nov. 1982), hereby incorporated by reference.
The coupler requires a great deal of hand craftsmanship to assemble and is therefore expensive to produce. The approach also requires well designed fiber to minimize cross-talk or leakage of the signal band into the guard band. It is also difficult to use in tactical uses due to difficulty in splicing or connectorizing. Any small misalignment in the fibers during connectorization or splicing contributes to cross-talk. Additionally, the use of multimode step index designs for the central core leads to a low upper limit for link distance and data rates. The concentric core fiber is also potentially susceptible to compromise by laser drilling. Utilization of the design to a star network or linear bus would be difficult because of the need for directional couplers, which would be difficult to implement in this design.
Another technique concerns high order and low order mode groupings which are excited in multimode fibers. High order mode groupings are more sensitive to intrusion than others. Some disadvantages involve a need for specialized couplers to separately excite high and low order modes. See Berdague and Facq, Mode Division Multiplexing In Optical Fibers, Applied Optics. Vol. 21, No. 11 (June 1982), hereby incorporated by reference.
Modal biplexing technology enables the use of an optical guard band around and concentric with the signal in commercially available multimode fibers. With modal biplexing, the secure information channel is optically injected into the low order guided modes. The guard bank is optically injected into the high order guided modes. Resistance to intrusion by bending taps follows from the fact that high order modes become radiative before low order modes when the fiber is bent. While in principle, modal biplexing may be used with commercially available fibers, excessive cross-talk between high order and lower order modes prohibit links of any appreciable distance. For superior mode isolation over long distances, it is necessary to use a fiber with a specially designed refractive index profile.
Preferential modal injection may be accomplished by using multimode fused biconical taper couplers, by using spatial filters, or by using angular division multiplexers.
Fused biconical taper (FBT) couplers are directional couplers made by fusing two bare optical fibers with heat and pulling the fused fibers lengthwise to induce a down-taper and up-taper in the fiber. The fused taper region acts as a mode mixer to redistribute light in the coupler.
Due to the peculiarities of lightwave propagation in a tapered optical fiber, the coupling of light from the input (or throughput) to the tap-off fiber depends on which mode the light is propagating in. Light propagating in high order modes is readily coupled into the tap-off fiber. Low order modes, however, will not couple into the tap-off fiber, but remain in the throughput fiber. Therefore, the light propagating in the tap-off fiber is deficient in low order modes but well populated by high order modes, and light propagating in the input fiber is predominantly low order, although some greatly attenuated high order modes still remain. The FBT coupler can then be used as a modal biplexer. The secure signal is injected into the input end of the throughput fiber of the coupler after first being passed through a modal filter to strip off the high order modes (a simple taper in the input fiber works effectively as a modal filter). The signal then passes through the fused biconical taper coupler, remaining as low order modes on the throughput fiber. The guard bank is injected into the tap-off fiber, where it is coupled into the input fiber as high order modes. From this point, the high order guard band and the low order mode secure signal propagate simultaneously and independently on the same filter.
Another method of preferential modal injection is the use of spatial filters. This technique is taught in the Berdague et al. article. A lens may be used to Fourier transform the output of an optical fiber into its spatial frequency components. A filter introduced in the Fourier plane may be configured to filter out either the high order or the low order components.
When step index multimode fiber is used, the angle of incidence of the injecting ray upon the fiber end is directly proportional to the mode number of the resulting stimulated mode. For this type of fiber, then, angular division multiplexers may be used for modal biplexing. A device of this type is described in R. D. Stearns, C. K. Awawa, and S. K. Yao, Angular Division Multiplexer for Fiber Communication Using Graded-Index Rod Lenses, Journal of Lightwave Technology, Vol. LT-2, No. 4, pp. 358-362 (Aug. 1984).
The modal biplexing approach has been demonstrated, but it suffers disadvantages in certain uses. It requires special input couplers or filters. The maximum link distance is limited to less than the mode coupling length of the fiber, usually less than one kilometer. The use of multimode fiber implies a limited data rate due to modal dispersion. The method is not suitable for networking due to the difficulty in implementing the interconnects. In addition, splices, connectors, and star couplers are all modally sensitive interconnects, so that at best, they will attenuate the high order modes more strongly than the low order modes, reducing the margin of security. At worst they act as mode scramblers and generate excessive cross-talk.
If the two legs of a single mode fiber optic Mach-Zender interferometer are used as the transmission medium for the optical signal, then the interference pattern at the output may be monitored for evidence of fiber perturbation. Fiber optic interferometers have been the subject of widespread research for their capabilities as highly sensitive detectors of external fields such as acoustic pressure fields and magnetic fields, and for detecting angular rotation. T. G. Giallorenzi, J. A. Bucaro, A. Dandridge, G. H. Siegel, J. H. Cole, S. C. Rashleight, and R. G. Priest, Optical Fiber Sensor Technology, IEE Journal of Quantum Electronics, Vol. QE-18, No. 4, pp. 626-664 (April 1982), hereby incorporated by reference.
In this technique, the reference fiber is encased in an environment where it cannot be perturbed in any way. Any perturbation of the link fiber by pressure or bending induces a small optical path length change in the fiber, which phase modulates the coherent light propagating in the single mode fiber.
Detection of optical path length changes on the order of a fraction of the light wavelength (and therefore very small fiber bends) is possible by comparing (using interferometry) the modulated phase of the link fiber with the unmodulated phase of the reference fiber. If "whisper mode" of operation is used, the interference of the DC outputs of the two interferometer arms can be monitored for changes in fringes. This approach provides extreme sensitivity to intrusion attempts, but tactical implementation may be difficult due to environmental effects. The fiber optic interferometer is very sensitive to environmental perturbations such as temperature fluctuations, magnetic fields, and ambient acoustic noise. In order to maintain maximum sensitivity of the system, it is necessary that the polarizations of the two outputs of the link and reference fiber be aligned. This requires either expensive polarization maintaining fiber and couplers, or some form of adaptive polarization controller, which currently exists only as a laboratory concept.
A polarization multiplexing technique involves two degenerate orthogonal modes of a single mode polarization maintaining fiber excited with a data and guard signal. Bending the fiber to extract data scrambles the polarization and modes detection difficult. Disadvantages involve the need for expensive polarization--maintaining fiber and complicated polarizing input/output couplers. See R. Ulrich, Polarization Stabilization on Single-Mode Fibers, Appl. Phys. Lett. 35 (1979), hereby incorporated by reference.
Polarization sensing intrusion detection techniques exploit the fact that single mode fibers propagate two degenerate modes at orthogonal polarizations. Light input into a single mode fiber may be preferentially injected into one of the two polarization axes. If a low birefringence fiber with a beat length equal to or greater than the separation between the transmitter and receiver is used, then the output of the fiber will have the same polarization state and orientation as the input, as long as the fiber is not perturbed in any way. If the fiber is moved or perturbed, as it would be in a intrusion attempt, then the change on polarization change at the output would be detected. Typically, a polarizing beamsplitter is used to separate the two polarizations output by a fiber. Alarm electronics then compare the two detector outputs for evidence of polarization mode cross-coupling.
The polarization sensing technique has several disadvantages. Fibers are not currently available having beatlengths greater than 150 m and fibers with beatlengths exceeding 500 m will be extremely difficult to fabricate, even using the spinning preform technique. Should such fibers become available in the future however, the capability of the fiber to maintain its polarization state during environmental changes is questionable. Temperature changes, for example, will most likely cause polarization rotation in the fiber, which could be interpreted by the receiver as an alarm condition. An additional disadvantage is that the implementation may require the use of bulk optic polarizers and beamsplitters.
Coherent fiber optic receivers, in which the output of a single mode fiber is mixed with the output of a local oscillator before detection by a photodiode, allow quantum-limited detection of a weak signal. As in "whisper mode" operation, this technology allows quantum-limited detection of a weak signal by swamping the thermal noise and front-end noise of the detector with strong DC bias. In the "whisper mode" technique, the DC optical bias that makes this possible is transmitted along the fiber with the signal. In the coherent transmission scheme, the DC bias results from the local oscillator, which is housed in the same secure environment as the receiver.
Coherent techniques do not in themselves provide intrusion detection. However, they do provide intrusion resistance because the transmitter may be operated at an output power that just exceeds the threshold for adequate signal-to-noise ratio at the receiver. Because power coupled out of the waveguide by a bend will be orders of magnitude less than the level at the signal output of the fiber, the signal-to-noise ratio at the tap may be insufficient to reconstruct the signal.
While coherent transmission technology may in the future prove useful of intrusion-resistant fibers, a number of obstacles currently make its use in the field impractical. As with the interferometric techniques, polarization control is necessary to ensure the polarization alignment of the link fiber output with local oscillator laser output. The technique requires the high spectral purity of expensive narrow linewidth lasers such as distributed feedback lasers or cleaved coupled cavity lasers. To date, the only demonstrations of this technology have been in the laboratory.
The technologies surveyed all attempt to exploit the fundamental advantages of optical fiber technology in intrusion-resistant fiber optic communications links. However, each suffers from one or more serious disadvantages: inadequate intrusion sensitivity, nonstandard parts, limited link distance, limited data rate, or excessive sensitivity to environmental variations. A unique new intrusion detection method which overcomes these problems has been discovered.