Derogation of Physical Layer Security Breaches in Maturing Heterogeneous Optical Networks

Abstract

The evolution journey of optical network (ON) towards heterogeneous and flexible frameworks with high order of applications is continued from the last decade. Furthermore, the prominence of optical security, amount of transmitted data, bandwidth, and dependable presentation are heightened. The performance of ON is degraded in view of various natures of attacks at the physical layer, such as service disrupting and access to carrier data. In order to deal with such security breaches, new and efficient ON must be identified. So, this paper elaborates a detailed structure on physical layer security for heterogeneous ON. Possible mechanisms, such as Elliptic-curve Diffie–Hellman (ECDH), are used to treat a physical layer attack, and an efficient framework is proposed in this paper for 64 quadrature amplitude modulation-based orthogonal frequency division multiplex (64QAM-OFDM) ONs. Finally, theoretical and simulation validations are presented, and the effective results of the proposed method and viewpoint are concluded.

1. Introduction

The expanding request of client work for bigger transfer speed has introduced the development of heterogeneous optical networks (ONs) [1]. Such a framework adjusts to broaden high throughput, portability, and future information interconnects. To deliver such high limit connects to a client on move should require heterogeneous ONs. To satisfy the requests of group of future heterogeneous ON, different multiple access user technologies have been recommended [2]. This is comprised of wavelength division multiplex (WDM) [3] dependent ONs, code division various access (CDMA) [1] in light of ONs, and time division numerous entrance (TDMA) [3] in view of ONs. The essential element of using WDM licenses an enormous expansion in limit and segregation colligated with explicit wavelength to every customer. A solitary wavelength pair can be designated to each ON-unit (ONU) [4] for communicating with optical line terminals (OLT) [5]. However, the payoffs of ONs is degraded in view of various physical layer security breaches, such as service disrupting and access to carrier data. Seeing that presently data stream of the ONs surpass 100 Gbps, continuous executing, low-latency signal handling for data security has been progressively tested [6]. To treat such challenges, the parallelism and better speed of optical signal processing is considered a good option for continuously handling such signals in real time and the physical layer of the ONs. Adding to the previous discussion, the security of the encryption previously gave in the higher layer of protocol stack is enhanced in the optical layer [7]. In contrast to their digital parameters, the electromagnetic waves are not induced in optical domains; in results, less external interactions happen to the ONs.

1.1. Related Work

To minimize the impact of security breaches and increase the performance of heterogeneous ONs, many research studies have presented their models. The authors address a physical attack of ONs in Reference [8]. The technique including synchronized true random sequences, and the photonic physical uncountable, is implemented in terms of one time paid and cryptographic key generated, respectively. In Reference [9], the authors propose optical-CDMA mechanism for improving physical layer security in ONs. The physical layer security is investigated for multimode ONs by authors in Reference [10]. Ref. [11] suggests physical layer security for WDM-based ONs using orthogonal frequency division multiplexer (OFDM) signals. Data encryption standard (DES) techniques are used in Reference [12] for enhancing the security in heterogeneous ONs. In Reference [13], the authors focus on optimal scheduling (OS) and cumulative distributive (CD) algorithms, overcoming security breaches in ONs. Physical layer security for mixed fading channels is determined in Reference [14]. The discussed state-of-the-art work concludes that encryption standards are not discussed for ONs including OLT at the end users. In this paper, the physical layer security is analyzed for 64 quadrature amplitude modulation-OFDM (64QAM-OFDM) utilizing the Elliptic-curve Diffie–Hellman (ECDH) algorithm.

1.2. Organization and Notation of Paper

The remaining sections of this paper are organized as follows. Section 2 explains the proposed layout, analytical modeling for secure communication is discussed in Section 3, Section 4 presents the results and discussion of the presented work, and the conclusion of the work is depicted in Section 5.

2. Proposed Layout

The essential objective of this research model is to design an ON, having ability to overcome security breaches with increased flexibility. For this purpose, the suggested model is presented in Figure 1. The transmitter, ‘Tx’, end includes secured 64QAM-OFDM-based modulation schemes, which double the system capacity. The encrypted OFDM symbols are induced by continuous wave (CW) laser source. The Lorentzian type of a CW laser is installed, aiming to generate efficient spectrum light rays. The OFDM encrypted waves are used for downstream transmission. Furthermore, the inter carrier interference (ICI) [15] and cross talk are ignored, for the purpose of maintaining the orthogonality of the signal. Total 64 subcarrier are used for transmission over WDM-based ON, and, as a result, the bandwidth spectrum is decreased. In order to upconvert baseband encrypted OFDM signals, the electrical amplifier with radio frequency (RF) is applied. As in the OFDM, encrypted symbols of 32QAM with 20 Gbps speed are produced easily from RF signals with 20 GHz frequency range. The OFDM-encrypted data are achieved by support of offline digital signal processing (DSP), which is performed by an ES-based public key cryptography algorithm, 16 to 32 bytes in size. For the computational complexity, the 64 QAM-OFDM partial information is taken for encryption, applying discrete cosine transform (DCT) compression method. The encrypted signals are then passed over a single model fiber (SMF) with the help of a WDM multiplexer. Keeping the signal amplification till 3 dBm range, the erbium-doped fiber amplifier (EDFA) is used beyond SMF. At the receiver, ’Rx’ side, all received channels are divided for every ONU, where the signals are proceed over optical filter. After optical to electrical conversion using a photo-detector (PD), electrical amplification is applied on waves to suppress the amplified spontaneous emission (ASE) impairments. To avoid the use of private key for ES, ECDH algorithm is installed for maintained authentic transmission among channels.

Figure 1. Enhanced physical layer security proposed ON against security breaches.

3. Analytical Modeling for Secure Communication

As discussed above, that physical layer security of flexible ONs can be enhanced utilizing an ES-based ECDH algorithm with decreased computational complexity. The architecture of ECDH-ES is depicted in Figure 2. The dogma of cryptography and interpretation are described by ECDH-ES algorithm for N numbers of channels in OLT, where the input in OLT is supported by cryptography, while decryption is applied at ONU of ON. The bit sequences are created by a pseudorandom bit sequence (PRBS) generator, which is formulated [16,17,18] as

$$B=W_T{R}_B,$$

(1)

$$B_G=B-L_z-L_t,$$

(2)

where B denotes number of bit sequence, $W_T$ is time windows parameter bit rate is described by $R_B$, $B_G$ is the number of generated bits, and the number of leading and trailing zeros are represented by $L_z$ and $L_t$, respectively. Quadrature phase carrier and inphase quad bits are modulated to generate 64 QAM. The ES block is used to encrypt the real (I) and imaginary (Q) with key sequences [19]. After encryption of I and Q data, the DCT is applied in order to reduce the size of encrypted data. The time, energy, and computational complexity are rescued by encrypting only the important data of 64 QAM, instead of whole data. As a result, the main information is concealed. Moreover, the cryptography procedure of ES is symmetric; so, the ECDH is applied for inducing the session key. The parameter inside ES for $2^8$ elements is calculated [20,21,22] as

$$E\left(A\right)c_7{A}^7+\dots +c_{1}A+c_0,c_k\in GF,$$

(3)

where GF is Galois field, and the ES module reduction is performed by irreducible polynomial and is estimated [23,24] as

$$E_p=E^8+E^4+E^3+E+1.$$

(4)

Figure 2. Architecture of ECDH-based ES algorithm used for proposed model.

The EC group parameter over field $Z_e$ should satisfy the all pair conditions $(a,b)\in Z_e$, which is written [24,25,26,27] as

$$b^2=a^3+x+a+y.$$

(5)

As for ECDH elements, the parameters of Equation (5) must be fulfilled. The power is measured as

$$P=(a_p,b_p),$$

(6)

and private and public keys are designed after establishing the OLT and ONU parameters, which include large integers and points on the curve. Owing to associative property, the OLT and ONU estimate the same outcomes, called joint secret key. Additionally, the joint secret key works as a session key for encrypting and decrypting ES. The I and Q signals induce the encrypted data $N_E\left(k\right)$, defined as

$$N_E\left(k\right)=R\left(Q_E\left(k\right)\right)\ast C_E\left(k\right)+J{I}_k\left(Q_E\right)\ast d_E\left(k\right).$$

(7)

Here, $Q_E\left(k\right)$ is used for QAM output, and ES keys are denoted by $c_E\left(k\right)$ and $d_E\left(k\right)$. In the coming process, FFT is applied on $N_E\left(k\right)$ waves, aiming to attain frequency domain from time domain. The cryptography signal of OFDM is evaluated as

$$N_R\left(T\right)={\Sigma }_{k=1}^{K-1}{N}_E\left(k\right)\ast exp(Js\pi (a\left(k\right)-1)(T-1)/K),$$

(8)

where $a\left(k\right)$ defines subcarrier index, time index is explained by T, and $N_R\left(T\right)$ is the encrypted OFDM signal. Last, the $N_R\left(T\right)$ waves are converted into RF waves; thus, the same procedure is continued for other channels. The outcomes of simulation model is evaluated using Equation (9), which is given as

$$Y_e={\Sigma }_{\mathsf{\xi }=1}^{\chi }{Y}_k\left[\chi \right]\left[{\Sigma }_{i=1,i\ne k}^{\chi }\frac{1}{2}erf(Q_{x1}/\sqrt{2})\right],$$

(9)

where $\chi$ shows attained symbols, $Y_k\left[\chi \right]$ mentions the probability of occurrence of $\chi$, and $Q_{x1}$ is defined as

$$Q_{x1}=\frac{z_{x1}}{{\delta }_{xi}+{\delta }_{ix}}.$$

(10)

Here, $z_{x1}$ is distance among regions x and i, and standard deviation is explained by ${\delta }_{xi}+{\delta }_{ix}$.

4. Results and Discussion

To validate the proposed analytical and architecture models, the simulation analysis is performed in this section. The explanation of exercised elements is depicted in Table 1 for computing the efficiency of the proposed model in terms of security breaches in ONs. Table 1 explains that some parameters are kept constant for evaluating the system outcomes, such as line width, gain, symbol rate, and noise figure.

Table 1. Description of parameters utilized for evaluating proposed system performance.

Name	Description
Lorentzian laser	1540.4 nm, 256 samples
Subcarrier	1200
Length	200 km
Launch power	−10 to 4 dBm
Data rate	100 Gbps
No FFT point	1200
Line width	0.15 MHz
Symbol rate	2.5 × 10${}^9$
Noise figure	4 dB
Gain	30 dB

The elements, such as length, input power, laser wavelength, and data rate, are varied to analyze the impact of security breaches. WDM-based ON is designed in this work, employing encrypted 64QAM-OFDM modulation scheme. The light source is provided by Lorentzian CW laser with 1540.40 nm wavelength and 256 samples per bit. Each OFDM needs 12 symbols for cycle prefix, where, then, ES-based ECDH algorithm is applied to secure the OFDM transmitted waves, for which the procedure is declared in Algorithm 1. Figure 3 shows the link among analytical model and simulation model. The data flow is generated using Equations (1) and (2), and then ECDH technique is applied over each channel for starting the encryption the I and Q data. The data is transmitted after fulfilling all the encrypted conditions using Equations (5)–(10) to increase physical layer security against security breaches. The relation among encrypted ON and unencrypted ON is provided in Figure 4. The results are measured for 50 and 100 km transmission ranges, using input power as a function of bit error rate (BER). The input power is employed with magnitude −10 to 4 dBm over 50 and 100 km fiber length ONs. Figure 4 depicts a clear variance within encrypted and unencrypted setups of ONs. It shows that, with increase length of fiber, BER decreases from ${10}^{-7}$ to ${10}^{-5}$. For the same range of fiber length, Figure 4 declares that, in view of unencrypted model, unwanted waves are added with real transmitted signals. As a result, the signal quality is degraded. So, it is recorded that, at −2 dBm, input power and 50 km transmitted encrypted ONs give ${10}^{-7}$ BER, while, when using even ONs with the unencrypted model, the BER is degraded to ${10}^{-6}$. With improving the input power, the BER decreases for both encrypted and unencrypted signals. The reduction in BER is fast among −10 to −5 dBm; on the other side, after −5 dBm, minimum changes are shown to have occurred in BER, in view of increase in impairments, as it can be seen from the curve portion in Figure 4. The result analysis for fiber length against BER is expressed in Figure 5, where the comparison among several mechanisms is explored, such as Ronald Shamir Adleman (RSA), elliptic curve cryptography (ECC), and ECDH-based ES. It can be seen from Figure 5 that the unencrypted model presents a worse response because of the addition of undesired signals in the system. Secondly, Figure 5 explains that the performance of ECDH-ES against security breaches is more efficient than the ECC and RSA algorithm. In other words, the computational complexity of RSA and ECC are more than the ECDH-ES algorithm. Investigating the consequences of the proposed ONs at 100 km, ${10}^{-8}$ achieves for installing ECDH-ES. On the other side, RSA and ECC-based ON give ${10}^{-7}$ and ${10}^{-6}$ BER, respectively. Thus, the physical layer security of ONs enhances, using ECDH-based ES methodology.

Algorithm 1: Proposed ES-based ECDH algorithm for enhancing physical layer security in ONs

ine x and y private keys are selected, including primitive parameters using Equations (5) and (6):

$M_{XY}$ = ($a_{XY}$, $b_{XY}$), ECDH session key is computed for OLT, and ONU in ON.

: For key extension

: H = [$H_0,H_1\dots H_n$], where $H\in N_{xy}$

: Initialize $b_r$

for k = n + 1 to 59.

temp = nbox($H_t-1$)

v = temp⊕ recon($b_r$ + 1)

$H_k$ = $H_{k-n-1}$⊕v

$H_{k+1}$ = $H_{k-n}$⊕$H_k$

$H_{k+2}$ = $H_{k-n+1}$⊕$H_{k+1}$

if key size = 256 bits

$H_{k+n}$ = nbox($H_{k+3}$)

For 128, 192, and 256 bit key, estimate 3,5 and 7 sub-keys

k = k + n + 1

$b_r$ is incremented

Modify H and go to (initialize $b_r$)

While encryption

generate I and Q data in 128, 192, and 256 blocks

initial phase = block(1 − input) ⊕ block(first − sub-key)

for round 9, 11, and 13 down to 1

bytesubs = nbox (first phase)

for shift row

circular shift row 1, 2, 3, and 4 left

for each row and column, mcol = constant × shift row, addrv = mcol ⊕ block(round-subkey)

for final step, out = repeat (bytesub to circular shift)

ciphertext = out

go to (generated I and Q step)

Figure 3. The description of flowchart for evaluating the physics behind the mathematical model and simulation model.

Figure 4. Encrypted 64QAM-OFDM and unencrypted 64QAM-OFDM model comparison in terms of input power and BER at 50 and 100 km distance.

Figure 5. Comparison of ECC, RSA, and ECDH-ES algorithms used for enlarging quality of physical layer security of matured ON.

Similarly, the payoff of mature ONs is investigated in terms of peak to average power (PAPR) and complementary cumulative distributed function (CCDF), as assessed in Figure 6, which elaborates the outcomes of encrypted 64QAM-OFDM and unencrypted 64QAM-OFDM flexible ON, employing ECDH-ES, RSA, and ECC techniques. Figure 6 shows that fruitful PAPR is recorded for ECDH-ES-based secured 64QAM-OFDM signal as compared to RSA and ECC algorithm. It is also depicted in Figure 6 that physical layer security is improved in the proposed ON; hence, secure communication can be possible up to long range with huge capacity. Figure 7 compares the secured transmitted OFDM signals and unsecured transmitted signals of ON at 100 Gbps data rate speed and 200 length of fiber. That clarifies that the data is disrupted badly using unencrypted ON. The frequency domain of the OFDM signal in ONs is measured, implementing optical spectrum analyzer, which is assessed in Figure 8. The spectrum of unencrypted transmitted signal diverges and generates noisy waves, as presented in Figure 8. As for the eye diagram presentation of the proposed secured structure, Figure 9 describes the eye diagrams of noisy signals attacked ON and the encrypted model. The framework of this proposed model is compared with current existence models, as mentioned in Table 2, which explains the efficient performance of the proposed work as compared to currently presented models. The comparison of the proposed model in terms of security is illustrated in Table 3, which includes the authenticated-ECDH (A-ECDH) and Biswas security set up. Table 3 also shows that the Biswas scheme and proposed model have similar security features. Moreover, the proposed authentication scheme has better performance than the Biswas scheme. Consequently, the proposed scheme provides all the features of security by offering better performance than the other two schemes.

Figure 6. Investing PAPR as a function of CCDF for different RSA, ECC, and ECDH-ES algorithms.

Figure 7. (a) Distort constellation analyzer diagram of unencrypted ON. (b) Constellation diagram of protected model.

Figure 8. (a) Optical spectrum analyzer diagram for interrupted signals due to addition of unwanted data. (b) Secured optical spectrum analyzer diagram.

Figure 9. (a) Worse representation of eye diagram due to unsecure model. (b) Eye diagram of encrypted proposed model.

Table 2. Comparison of the proposed model with existing approaches.

Used Methodology	[28]	[29]	Presented Model
Modulation Format	16QAM-OFDM	16QAM-OFDM	64QAM-OFDM
Encryption Technique	3- level chaotic encryption	Quantum Key Distribution (QKD)	ECDH-ES
Data Rate	10 Gbps	40 Gbps	100 Gbps
Sumbol Rate	10${}^5$	10${}^7$	2.5 × 10${}^9$
Fiber length	20 km	100 km	200 km

Table 3. Comparison of the proposed model with existing approaches in terms of security.

Parameter	ECDH [30]	Biswas Approach [31]	Presented ECDH-ES
Session Key	-	yes	yes
Mutual Encryption	Exist	Exist	Exist
Joint Secret Key	-	-	yes
Impersonation security breach	Not Secure	Not Secure	Secure
No of I and Q Generated Blocks	128	128	128, 192, and 256

5. Conclusions

Secure and long range consistent communication framework is set to become a crucial demand in the near future. Thus, in this paper, the breaches on physical layer of ONs are discussed. Several models, such as RSA and ECC, are compared with proposed ECDH-ES-based encrypted OFDM signals. The proposed ON is designed using private and session keys in order to increase fidelity of system against the attacks of authorized signals. For this purpose, the mathematical model is studied to present how the security breach distorts the transmitted signals and how to treat such distortions. The proposed framework provides mutual authentication, session key security, general joint key security, and known key security simultaneously. It protects the communication from the attacks, such as key compromise impersonation attack, service disrupting, and access to carrier data. Compared to Biswas and A-ECDH schemes, the proposed ECDH-ES setup consumes less computation time with latest authenticated secret session key scheme. The simulation model is declared based on the proposed and mathematical models, which is analyzed using different parameters, such as wavelength of laser, length of fiber, data rate, line width, noise figure, gain, and no FFT points. The measuring elements, such as BER, PAPR, CCDF, and eye diagram, are used to test the outcomes of the proposed model against encrypted 64QAM-OFDM using ECDH-ES, ECC, and RSA and unencrypted 64QAM-OFDM signals. The proposed framework is beneficial for improving the physical layer security of future generation optical heterogeneous network. It is founded from the simulation analysis that encrypted-based 64QAM-OFDM ON gives good results. It is also concluded that the system PAPR is improved using ECDH-ES algorithm for securing transmitting data.