Securing All-Optical Networks

R. Rejeb, I. Pavlosoglou, M. S. Leeson and R. J. Green

School of Engineering, University of Warwick, Coventry, CV4 7AL, UK.
Tel: +44 (0) 2476 522 333, fax: +44 (0) 2476 418 922, e-mail: r.rejeb@warwick.ac.uk
ABSTRACT
All-optical networks (AONs) are a relatively new technology for high data-rate communications. They contain
only optical components and are intrinsically different from optical networks currently being used. More
specifically, AONs provide transparent features that allow routing and data switching without necessitating the
interpretation or regression of signals within the network. Consequently, AON components and architectures
bring forth a set of new challenges in network security. This paper presents an overview of security issues in
AONs and proposes the design criteria for network management in AONs. In addition, there is a discussion
concerning the implementation of such a system within the authors' research group.
Keywords : All-Optical Networks, Security, Network Management System.

1. INTRODUCTION
The tremendous growth of the Internet, the large increase in traffic demands and the relentless demand for
network capacity have produced a need for new flexible types of services. To deliver these, optical
communication systems have been deployed in many areas such as long-haul telecommunications, interoffice
communications, computer links and undersea systems [1]. Coupled with this development is a need for a
suitable infrastructure to manage such diverse requirements. These transmission systems suffer particularly from
Denial of Service (DoS) attacks because of the extremely high data rates and low Bit Error Rates (BERs) they
offer [2]. Since even short (in terms of duration) attacks can cause large amounts of data to be lost, the need for
securing optical networks has become increasingly apparent.
Optical network security can be classified into two separate, yet interrelated, types: Physical security and
semantic security [2]. The former promises to ensure integrity and privacy of information, as well as the Quality
of Service (QoS) by protecting the network against service disruption and service degradation. The latter focuses
on the protection of information even when an attacker has access to the transmission data channel.
This paper provides an overview of the security issues related to AONs. In particular, it focuses on the security
properties needed to comprehend the fundamental requirements of optical network security. Related work is
introduced and a case study of a reliable Network Management System (NMS) as a guarantee for secure
communication systems is presented. The paper concludes with a review of the essential elements for future
work within the Warwick group, leading towards the realisation of a suitable NMS.

2. SECURITY ISSUES IN AONs

AONs are emerging as a promising technology for very high data rates, flexible switching and broadband
application support. In particular, they provide transparency capabilities allowing routing and switching of traffic
without regeneration of signals within the network. Based on multiplexing techniques that are being used to
increase the transmission capacity in the optical fibre, AONs are divided into two types: time-division
multiplexed (TDM) and wavelength-division multiplexed (WDM) networks [1]. In the recent years, WDM
technology has been rapidly gaining acceptance as an important means employed for taking advantage of the
enormous bandwidth in optical networks. WDM optical networks (even if not all-optical) are increasingly built
upon transparent optical nodes (TONs) such as Wavelength Selective Switches (WSSs) and all-optical amplifiers.
Although transparency, in AONs, offers many advantages for high rate communications, it manifests new and
still unstudied security vulnerabilities [2]. All-optical components are particularly vulnerable to various forms of
DoS and eavesdropping attacks. These attacks can be broadly classified into three categories [3]:
1. Traffic analysis and eavesdropping - the attacker passively analyses traffic on the network.
2. Service denial - the optical signal is disrupted by the attacker(s).
3. QoS degradation - the attacker overpowers legitimate optical signals with attack signals.
In particular, DoS and QoS degradation attacks must be detected and identified at all nodes in the network where
attacks and signal degradations may occur. Moreover, the speed of attack detection must be commensurate with
the data transmission rate due to the following main reasons [2, 3]:
1. The high data rates ensure that large amounts of data can be compromised in short time.
2. The large network latency causes large amounts of data to be already in flight at any one instance.
3. An attack which is erroneously identified as failure can spread through the network.
4. Inappropriate action might be taken by the NMS if attacks are not identified at all nodes.
Transparency in AONs may then introduce significant miscellaneous transmission impairments such as
crosstalk ; Amplified Spontaneous Emission (ASE) noise, and gain competition [4]. As a result, those

impairments aggregate and can impact the signal quality as it progresses towards its destination, so that the
received BER at the destination node might become unacceptable high.

3. SUPERVISORY METHODS AND RELATED WORK

In protecting optical networks from DoS attacks and BER degradations supervisory techniques are required, thus
enabling the detection of an attack. Available supervisory techniques and diagnostic methods exist in two main
approaches [3]. The first is based on methods that perform statistical analysis of the transmitted data: power
detection, Optical Spectral Analysers (OSAs), and BER Testers (BERTs). The second approach relies on the use
of probe signals devoted to diagnostic purposes: pilot tones and Optical Time Domain Reflectometers (OTDRs).
However, most of these supervisory methods are insufficient to detect small and sporadic BER degradations,
failing to detect in-band and out-of-band jamming attacks. Even the use of probe signals is not sensitive enough
to detect the BER degradations [3]. As a direct consequence, the ability to detect attacks and performance
degradation in AONs, using reliable and suitable monitoring methods with short detection time, is highly
desirable in several aspects.
A new method for detecting attacks upon AONs is also proposed in [5]. This is based on the notion that the input
and output signals of a TON should have a mathematical relationship that is well known by the NMS. An
implementation of this method is presented in [6]. This method may be used to determine whether the TON
operates properly and to detect the presence of attacks by measuring the operation of the TON with respect to
some nominal parameters. An algorithm for attack localisation in AONs is discussed in [7]. The algorithm is
distributed and requires only local state information between neighbour nodes along a lightpath1 . It enables each
node to detect and identify attacks being levied against it, receive and process messages arriving to it, and
generate and transmit message to its neighbouring nodes.
A novel approach of monitoring service degradation at individual TONs is presented in [8]. This approach is
based on the detection of signal degradation at TONs rather than detection of error bits themselves. It relies on
the attack detection method presented in [5, 6] and can be used to guarantee the BER in the presence of signal
degradation from coherent crosstalk at TONs. Nevertheless, detection and localisation of subtle forms of attacks
as well as miscellaneous transmission impairments which can cause cumulative data degradation through a
network remain open problems.

4. CONTROL AND NETWORK MANAGEMENT SYSTEMS

One of the main security issues in optical networks evolves around the fact that service disruption attacks can
spread rapidly through a network. Protection against such attacks thus requires the deployment of a reliable NMS
which is an essential component for ensuring an efficient, secure and continuous operation of the network. In
particular, the system should be able to detect performance degradations and disruption attacks, identify them
(i.e. distinguish among operating failures, intentional attacks and miscellaneous transmission impairments) and
localise their sources to allow traffic re-routing and network recovery. To categorise the above, an NMS
implementation should be capable of handling the performance, fault, configuration, security, accounting, and
safety management issues in a network [1, 9].
Whilst some of the available protection and control mechanisms are applicable to different types of network
architectures, many of these are not adequate for AONs. The extremely high data rates in AONs ensure that,
even if the network was under attack for a few seconds, large amounts of data would be compromised.
Therefore, detection of attacks and network restoration should take place rapidly, avoiding critical delays and
ensuring timely recovery.
In particular, performance management is an area of great interest in optical networking because of its essential
role in monitoring the various parameters that measure the performance of the network. It is closely tied into
fault management, which involves detecting problems in the network and alerting the NMS appropriately
through alarms. Performance management is still a major complication in AONs since optical performance
measurements (typically limited to optical power, Optical Signal-to-Noise Ratio (OSNR), and wavelength
registration) do not directly relate to QoS measures used by carriers [9]. The main complication of performance
management is in fact that carrier QoS measurements are concerned with attributes related to the lightpath, like
BER and parity checks [1, 9]. Since the NMS may have no prior knowledge of protocols or BERs being used in
the network, transparent networks are particularly difficult to manage. Furthermore, due to transparency, it is not
possible to access overhead bits in the transmitted data in order to obtain performance-related measures. This
results in further complexity in detecting QoS degradation in the network. Unless the NMS is told what type of
signal is being carried on a lightpath, it will not be able of determining whether the measured power levels and
OSNR fall within the preset acceptable limits [1].
In order to avoid that complication, optical layer overhead techniques are deployed by Synchronous Optical
NETwork/Synchronous Digital Hierarchy (SONET/SDH) framing protocols, which provide a direct measure of
the BER. Similarly, the digital wrapper overhead, developed specifically for the optical layer and standardised
1

End-to-end optical connection between a source and a destination node

by the International Telecommunications Union (ITU), allows the BER measurement in WDM optical networks
[1]. In addition, further research material [5 -8] has been proposed, presenting new possible solutions and
methods of getting more information about BER and QoS measurements in AONs.

5. NOVEL APPROACH FOR ACHIEVING QoS MONITORING

In this section we propose a novel approach for QoS monitoring that can participate in some tasks for fault and
performance management of AONs. Our approach is based on a link -by-link integrity test method to monitor the
quality of data signals travelling though a lightpath in WDM optical networks, employing dynamic wavelength
routing [10]. It therefore requires a prior knowledge of a set of performance-related parameters used in the
network such as power levels, amplifier gain statistics, crosstalk, and ASE components [4].
In order to disseminate these parameters among TONs along a selected lightpath, our approach relies on reliable
control and management mechanisms such as the Generalised Multiprotocol Label Switching (GMPLS) [11-13]
that provisions lightpaths in the network. Such a mechanism must have the ability to select the lightpath along a
selected route, assign a wavelength to the connection, as well as configure the appropriate optical switches in the
network. Finally, it should provide updates on which wavelengths are currently being used on each link, so that
the corresponding WSSs can make up-to-date routing decisions.
VN 0

VN k-1

Tx

VN k+1
QoSG

Wavelength Mux

0 , 1, 2

VLPk
VN k

QoSG

Wavelength Demux

Rx

VLPk-1

VNN-1

Optical
Switch

0 , 1 , 2

Optical
Switch

0 , 1, 2

Output signals
tap

Optical processing unit

(OPU)
QoS unit
(QoSU)
Alarm

(c) Block diagram of QoSG and NMS

(b) Block diagram of QoS guard

0 , 1, 2

Transparency Optical
Node (TON)

QoS guard
(QoSG)

0 , 1, 2

QoSG

(a) Block diagram of a partioned lightpath

Input signals

0 , 1, 2

0
0
0
1, 2

Rx 1
Rx 2
Rx 3

Network
Control
Plane

Tx 1

(NCP)

Tx 3

Tx 2

OPU

OPU

1 , 2

OPU

0
0

OPU

1 , 2

OPU

1 , 2

OPU

1 , 2

QoS Unit

1 , 2

(QoSU)
Alarm
Network Mangement System (NMS)

PM

FM

CM

SM

AM

SFM

P: Performance, F: Fault, C: Configuration, S: Security, A: Account, S F: Safety, M : Management

Figure 1: Functional relationship between the QoSG and NMS

By design, transparent networks do not afford single integrity tests (except for simple tests such as total power)
on either the input or the output of any optical components [5]. This is due to the inaccessible control
information which can be used to obtain performance-related measures. In other words, a quantitative test could
be processed for BER detection along a lightpath and, depending on the necessity of performance-related
parameters, may be made available for an appropriate duration and without significant communication overhead.
The basic idea of our method is to enable the exchange of performance-related parameters among TONs as the
lightpath is established [10]. Following these parameters enables us to obtain performance measurements which
relate directly to QoS measures used by carriers. Since most of these parameters vary in a dynamic manner,
dependant on each lightpath, a control and management protocol such as the GMPLS is required to distribute
and update them along the selected lightpath.
For our method, a lightpath is considered as an end-to-end optical connection between a source and a destination
node that consists of several interrelated (at least one) point-to-point transmission links which we refer to as
Virtual LightPaths (VLPs). The general case is depicted in Figure 1 (a). Each intermediate TON, referred to as a
Virtual Node (VN), is considered as a Virtual Receiver (VRx) and a Virtual Transmitter (VTx) at the same time.
Thus, the BER detection at input and/or output ports on each VN, can be used for assessing the quality of the
transmitted signals, partially along a VLP, but also along the entire selected lightpath. As a result, this may
essentially lead to rapid detection and easy localisation of QoS degradations and attacks in the network.
Since the BER is the key performance attribute associated with a lightpath and can be detected only when the
signal is available in the electrical domain [1], our method proposes the use of a detection device which we refer
to it as QoS Guard (QoSG). This device consists of an Optical Processing Unit (OPU) and a QoS Unit (QoSU)
as shown in Figure 1 (b). Our QoSG inserts a tap into input or output signal paths, and splits off a portion of the
signal for testing. The taped optical signal is then photodetected in the OPU and the resulting electrical signal is
processed into the QoSU, which is responsible for detecting the BER degradation and triggering any device
alarms present. Such a trigger is entirely dependant on the measured BER, and whether or not it falls above some
specified threshold (e.g. 10-12 ).
However, the main objective of our method is to protect against performance degradations at all points in
which they might occur. Therefore our method should satisfy the following functional requirements:

1. Rapid and accurate detection of performance degradation along lightpaths.

2. Easy localisation of service disruption and QoS degradation.
3. Prompt identification and recognition of the source and nature of service disruption in the network.
In order to meet these requirements, there are several related issues that require further consideration. First,
designing concepts for the functional relationship between our QoSG method and the NMS as shown in Figure 1
(c) should be questioned. In particular, the development of efficient schemes for performance degradation
resistant network control and management algorithms should be taken into consideration. Second, available and
proposed control and management protocols (GMPLS for example) that provide lightpaths within the network
may be investigated and where necessary adapted for the peculiarities of our method. In particular, some
additions and extensions are required to adapt routing and signalling protocols which may be employed for
disseminating additional control information among TONs within the network. Finally, there are issues regarding
how to provide appropriate reaction after the detection and localisation of BER degradation and service
disruption in the network.

6. CONCLUSIONS
This paper has presented an overview of security issues in AONs emphasising the challenges that are peculiar to
their operation. In an All-Optical Network, problems rising from physical security and means of protecting
against service disruption and service degradation cannot be tackled using supervisory methods, such as offline
testing or BERTS. In addition, due to high data rates, any attack even for a short duration of time can result in a
large loss of information.
The presence of an NMS is essential to ensure efficient, secure, and continuous operation of any network.
Specifically it handles the management of configuration, faults, performance, accounting, and security; aspects
which are usually interlinked to one other. A key component in this system is the performance management as it
provides signal quality measurements at very low bit BER and fault diagnostic support for the fault management.
Due to the analogue nature of transparent signals, performance management is still a major complication for
TONs. For this purpose, we have proposed a novel approach based on a link-by-link test method for detecting
performance degradation in wavelength-routed WDM optical networks, which can participate in fault and
performance management of AONs.
Despite new methods for detection and localisation of attacks having been proposed in the literature, all
techniques are still in their infancy, offering new directions for future research. As a motivation, the detection
and identification of subtle forms of attack as well as miscellaneous transmission impairments which can cause
cumulative data degradation through a network remain open problems for further work.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]

R. Ramaswami, K. N. Sivarajan: Optical Networks, A Practical Perspective, New York: Academic Press.
M. Mdard et al.: Security Issues in All-Optical Networks, IEEE Network, vol. 3, no. 11, pp. 42-48, 1997.
M. Mdard, S. R. Chinn, P. Saengudomlert: Node wrappers for QoS monitoring in transparent optical
nodes, J. High Speed Networks, vol. 10, no. 4, pp. 247-268, 2001.
B. Ramamurthy et al.: Impact of Transmission Impairments on the Teletraffic Performance of
Wavelength-Routed Optical Networks, J. Lightwave Technol., vol. 17, no. 5, pp. 759-764, 1999.
M. Mdard, D. Marquis, S. R. Chinn: Attack Detection Methods for All-Optical Networks. Network and
Distributed System Security Symposium, session 3, paper 2, San Diego, March 11-13, 1998.
M. Mdard, S. R. Chinn, P. Saengudomlert: Attack Detection in All-Optical Networks, Proc. Optical Fiber
Commun. 98 (OFC98), pp. 272-273, San Jose, February 22-27, 1998.
R. Bergman, M. Mdard, S. Chan: Distributed Algorithms for Attack Localization in All-Optical
Networks, Network and Distributed System Security Symposium, session 3, paper 1, San Diego, 1998.
P. Saengudomlert, M. Mdard: Guaranteeing BER in Transparent Optical Networks Using OOK
Signaling, IEEE J. on Selected Areas in Commun., vol. 20, no. 4, May 2002, pp. 786-799.
Brian J. Wilson, et al.: Multiwavelength Optical Networking Management and Control, J. Lightwave
Technol., vol. 18, no. 12, December 2000.
H. Zang, et al.: Dynamic Lightpath Establishment in Wavelength-Routed WDM Networks, IEEE
Commun. Mag., vol. 39, no. 9., pp. 100-108, 2001.
A. Banerjee, et al.: Generalized Multiprotocol Label Switching: An Overview of Routing and
Management Enhancements, IEEE Commun. Mag., vol. 39, no.1, pp. 144-150, 2001.
D. Awduche Y. Rekhter: Multiprotocol Lambda Switching: Combining MPLS Traffic Engineering
Control with Optical Crossconnects, IEEE Commun. Mag., vol. 39, no. 3, pp. 111-116, March 2001.
Banerjee, et al., Generalized Multiprotocol Label Switching: an Overview of Signaling Enhancements and
Recovery Techniques, IEEE Commun. Mag., vol. 39, no. 7, pp. 144-151, 2001.