Osa optical encryption system with a binary key codes


Forensics Security 5, — A 33, — E 69, Express 19, Introduction Secret key distribution has always been a challenging problem in secure communications. Today the most adopted key distribution methods are based on asymmetric, or public-key, cryptography. The only solid alternative known today is quantum cryptography, which provides unconditional security.

However, in most cases it is a very expensive solution suitable only for the most critical applications and thus the development of simple, cheap and efficient methods of key distribution is a high priority.

One promising approach for secret key establishment is to exploit the properties of the underlying physical layer communications to arrive at secret keys. Physical layer secret key establishment has been successfully demonstrated in the wireless domain [1, 2], where the channel reciprocity properties of the wireless fading channel provide the basis for key establishment.

These approaches are not applicable to large metro and long-haul networks, where the transmission medium is necessarily an optical fiber. The physical layer underlying optical communications is dramatically different than in wireless communications, and thus devising physical layer secret key establishment for optical networks requires a different approach.

The history of secure fiber-optic communications is quite rich. There are dozens of papers addressing the subject using different approaches. Further, these methods do not exploit any asymmetries associated with the physical layer itself. We present a secret key establishment scheme for optical communications that utilizes the properties of the optical physical layer.

Specifically, our approach is based on monitoring phase fluctuations within the fiber optical medium and works under the assumption that the adversary knows all possible information about the system even while it is working.

Having these two properties combined in the same system makes it advantageous with respect to previous approaches and efficient in terms of amount of work that legitimate parties must use in order to impose serious complications for an eavesdropping adversary.

Method overview The proposed method of key distribution is built on the idea of a large-scale interferometer that detects phase fluctuations in the fiber links between the communicating parties. The simplest realization of the method is shown in Fig. Scheme of the proposed key sharing method. Since the phase in a long interferometer constantly fluctuates, the coefficient x is a function of time.

Thus measuring the same function x t , Alice and Bob have shared common randomness that can be used to generate identical secret keys. The interferometer is fed with a broadband light source from both sides to prevent direct phase tracking in both arms by the adversary Eve. Moreover, since phase fluctuations are spread across the full length of both fibers, Eve cannot substitute a part of the interferometer with her own setup. Instead, to conduct an attack she would require knowing the full characterization of the entire interferometer.

The use of such a vast chaotic system as a fiber link places many restrictions on the potential strategies that Eve can use to eavesdrop, and we discuss this in detail in the security analysis section below. Previous approaches to securing classical optical communications In spite of popular belief, even in the early days of optical communications it was clear that an optical fiber did not provide physical protection from eavesdropping.

Although tapping a fiber optic cable is a more complicated task that tapping an electrical wire [3], several methods of doing this were discovered, including the leaking of light when the fiber is bent, making a directional coupler by fusing with another fiber, the etching of silica cladding to expose the core, etc.

Consequently, a standard assumption for all optical communication security models has been that the adversary has access to the transmitted signals, and thus the transmission should be secured by means other than relying on the physical sanctity of the medium.

Initially, several efforts to make transmissions more protected involved avoiding on-off keying modulation, where all data is clearly visible. The use of phase modulation, carrier-hopping or other techniques, where the intensity of the carrier remains constant also does not provide additional protection, since the same type of demodulator and detector used by the receiver can also be used by the adversary.

One of the first implementations of this technique [3—6] used a phase modulated broadband signal with homodyne detection. Without knowing the path difference in the imbalanced interferometer used, it is impossible to recover the data. Some methods involve a secret channel scrambler [10] or code scrambler [7] that makes the transmission virtually undetectable unless the same de-scrambler is used.

It, however, also requires a pre-shared secret key, which is later expanded via pseudorandom bit generation. However, if the codes change with time, then the question arises as to how to secretly distribute the codes between the parties. The ultimate solution here, one-time pad encryption see e. In short, in order to achieve security one must assume a prior security problem has been solved. More information about some methods mentioned can be found in comprehensive reviews [7, 14].

In virtually all of the methods above their authors utilized increasingly complex terminal equipment, trying to prevent data detection by the adversary. Recently there were attempts to use conceptually different ideas based on extensive statistical analysis and noise-like transmission with a feedback [15, 16], however they proved to be insecure due to errors in the security analysis [17]. An interesting classical key distribution system was proposed by Scheuer and Yariv [18], where a communication line becomes a giant fiber laser, and choosing different terminal mirrors allows one to obtain anti-correlated sequences of data at the line ends.

This method has been further advanced in order to produce higher key generation rates [19,20], however, there is still a lack of proof that the system is secure under an attack where the adversary directly measures the reflectance spectrum of the mirror used. On the contrary, it is clear that such a simple attack or a modification thereof may ruin the proposed expensive and technologically-advanced system.

The last method we would like to stress upon is a Sagnac interferometer-based communication system, proposed in [21] and also in [22]. It is a large Sagnac loop with an off-center transmitting phase modulator and a centered modulator generating phase noise. This is the only system that provides asymmetry in eavesdropping. For Alice and Bob it is a simple data transmission system, where, due to the interferometer used, Bob sees plain intensity-modulated data sent by Alice.

However, for Eve it is relatively difficult to recover this data. Doing simple math with the two obtained functions allows one to reconstruct the data, but as we already mentioned, this is an example of a strongly asymmetric method.

To the best of our knowledge, this completes the current list of classical security methods applicable to fiber-optic communications. Of course there is a large body of quantum cryptographic methods, including the famous BB84 and B92 protocols, but they are out of the scope of the present paper.

To summarize the related work, there are only a few methods that can be used without any prior shared secrets, and these methods are vulnerable to certain types of simple attacks.

Hence, a practical optical-based secret key distribution technique that does not rely on prior security contexts is highly desirable, especially if it ensures that the complexity of potential eavesdropping is significantly more than required of legitimate parties. Potential applications The proposed method allows for the generation of identical random secret keys at the two ends of the interferometer. As the method does not use any artificial phase scramblers or noise generators, which can be actively read out by Eve and instead uses random phase fluctuations in the whole length of the fiber link, it provides natural protection from eavesdropping.

As we already pointed out, our approach cannot guarantee absolute key protection. It only creates very serious technical challenges for the potential adversary. Thus, the use of the method by itself might not be sufficient for critical applications. However, we note that it may be used in conjunction with other security methods.

For example, it is natural to envision our key establishment method being used to establish a key for AES encryption, and then further encrypt such data using public key cryptography. Some challenges in real applications of our method will be connected with a limited key generation rate.

However, this is not much different from the situation with conventional public key cryptography, where the asymmetric protocol itself is used for generation of session keys, which are then used for a much faster symmetric encryption.

Without any modifications the method works up to the length, limited by the fiber loss. Going beyond this will require the use of optical amplifiers. As both fibers used in the setup carry a bi-directional stream of light, bi-directional Erbium-doped fiber amplifiers EDFAs will be required.

Examples of their use have been successfully demonstrated in [23, 24], which provides some optimism for the future expansion of the method. In the next section we provide details related to phase fluctuations in fiber optical links, which serve as the basis for the proposed method.

Next we discuss security-related questions and formulate several necessary modifications, which make the system protected from eavesdropping. Section 4 provides details about the experimental demonstration and main results obtained in the experiments.

We also analyze the achievable key generation rate and provide a simple algorithm of key extraction. In conclusion, we give a brief summary of the obtained results and a short discussion about future work towards practical realization of this secret key distribution method. Phase fluctuations in fiber optical networks Until very recently, phase fluctuations in fiber optical networks were largely ignored since all conventional forms of optical communication were immune to these line imperfections.

Even with the migration to coherent optical transmission, phase fluctuations have a negligible impact since they are orders of magnitude slower than the data rate, so bit-to-bit phase fluctuations can always be ignored. Interference waveforms due to phase fluctuations in the Mach-Zehnder interferometer for different lengths of its arms: Polarization fluctuations are typically orders of magnitude slower than phase fluctuations because under normal conditions phase changes of the two polarizations are almost identical.

Phase fluctuations become a limiting factor when one considers the precise transfer of optical frequencies over large distances, e. As pointed out in a series of publications [25,27], most of the phase noise falls into kilohertz spectral range and leads to spectral broadening of ultrastable laser clock signals.

Other critical applications sensitive to phase jitter include large-scale quantum coherence experiments [28, 29] and quantum communications [30]. Unlike the above mentioned applications, our key generation approach takes advantage of phase fluctuations and uses them as a source of randomness. In order to better understand underlying physics we collected some information about phase fluctuations.

One interesting study of phase fluctuations was published in [31], where commercially installed optical fibers were used.

For comparison with this work and validation of our experimental demonstration, we performed a series of experimental measurements in our laboratory environment. Clearly, phase fluctuations depend on the length of the fiber and the environment where the fiber is located. In our study we measured phase fluctuations using a Mach-Zehnder interferometer similar to the one used in [31].

Three different lengths of the interferometer arms were chosen to explore phase jitter. Figures 2 and 3 show samples of measured waveforms and their spectra calculated via Fourier transform of a long measurement series.

As expected, the time scale of measured fluctuations is directly related to the length of the interferometer arms. FFT spectra of phase fluctuations in the Mach-Zehnder interferometer: The intermediate length interferometer m shows much faster oscillations with a typical change time of 0.

The power spectrum lies below 60 Hz. The longest interferometer with 26 km arms exhibits qualitatively different behavior. The time scale of such changes is in the millisecond range, while the power spectrum is around 1 kHz wide. Our study demonstrated that measured phase fluctuations, especially in the long interferometer, are mainly due to the presence of acoustic noise in the lab environment: Slower effects such as a temperature change also contribute to fluctuations: Our obtained results are in agreement with the experiment performed in a real telecom network [31], which allows us to generalize our further laboratory experiments to the case of real communication lines.

Security discussions Realization of most security algorithms is often connected with an operation or a function that is able to be performed only under some very specific conditions accessible by the legitimate users. In quantum cryptography, meaningful measurement of a quantum state can be made only if there were no previous attempts of measuring it.

In conventional asymmetric cryptography, factorization of a large number is possible only provided that one factor is known.

Secret key generation in wireless systems [32] is possible because fading channel characteristics are unique for a pair of antennae, and cannot be measured by a third party. In the optical world, there is also an operation which can be performed only if some very rigorous conditions are satisfied — this is a measurement of an optical phase. The difficulty of phase measurement is directly connected with the incredibly high rate of the phase change.

The only known and potentially achievable method of phase measurement is via interference of two optical fields. In this way a relative phase or a difference between two optical phases can be accessed. Another strong limitation is bandwidth: Eavesdropper tapped into the system. This holds only in the two cases: Those two cases are usually referred to as coherent addition of light. An obvious requirement for such a measurement to be successful is that both optical fields must exist at the same physical location.

If this is not true and they are separated by at least a few dozen meters, phase fluctuations connected with the transport of light across the separating distance can lead to significant measurement errors. A similar problem arises if the fields are broadband and are correlated but with a significant shift in time, i. The only way to delay optical signals is to let it propagate over some distance, but this, in turn, leads to additional phase fluctuations.

Our proposed key establishment scheme, Fig. Alice and Bob, such that they keep the couplers terminating the interferometer in protected locations. If the lengths of the interferometer arms are equal, a very broadband optical signal used as the input will satisfy the coherence conditions, and the output power, or the splitting coefficient, will fluctuate at a slow frequency.

Alice and Bob can track these changes and use this function to generate a secret key. As mentioned earlier, these power fluctuations are due to the ever-changing optical path length, which is a result of thermal and mechanical effects in the fibers.

If the distance between Alice and Bob is relatively long a few km and more , phase fluctuations in the interferometer are large enough to create a unique pattern measurable only by Alice and Bob but not by Eve. It can be easily converted to a secret key, which then can be used for conventional cryptography. Below we analyze possible vulnerabilities of the system and formulate an adversary model that we use throughout this work.

We also summarize all necessary precautions that should be taken to ensure proper security of the system against eavesdropping. Phase measurements by the adversary If a broadband light source with a bandwidth beyond the capabilities of electronics is used by legitimate users, the assumptions about light interference stated above imply that the only way for Eve to perform phase measurement is if the signals from the two arms of the interferometer can be mixed such that coherence condition is satisfied.

That means that Eve must ensure that the the two alternative light paths to the mixing point have the same lengths. A possible strategy for Eve is illustrated in Fig. She taps into both fibers as shown, dividing the interferometer into four segments: If the length of segment a is equal to that of c, Eve can see interference between a and c, disclosing phase fluctuations in the left part of the interferometer.

Similar she can see phase fluctuations in the right part of the interferometer by interfering signals from b and d. System with added delays and physical separation between the arms of interferometer. From a practical point of view, even this simple job requires precise optics, electronics and significant of engineering art to be successful. Eve needs to make sure that her setup, including tapping into the interferometer, precise optical path length adjustments and the effects of a light mixing tool, do not introduce any phase jitter significant for the operation of the legitimate key extraction algorithm.

Moreover, since the measurable quantity is light intensity, but not the phase itself, she needs to perform corresponding analysis to extract phase fluctuations in both parts of the original interferometer and add them together to obtain the expected phase difference in the interferometer as a whole.

Each of the operations performed by Eve, in the real world, introduces distortions and errors compared to the pure signal measured by Alice and Bob. To increase protection of the system from such an attack, Alice and Bob may create strong asymmetry in the system by placing additional spans of fiber at their protected locations, as shown in Fig. The length of these fiber spans should be large enough to create randomness comparable with the randomness generated by unprotected fibers.

In this case to satisfy the coherence condition for the two light fields, Eve will have to apply a delay matching the length of the additional fiber spans, i. The fibers used by Eve cause practically unavoidable random phase fluctuations in the delay line, which will corrupt her measurements.

If the fibers are installed at a significant distance from each other, Eve will have to necessarily cover this distance with her fibers, which also introduces additional phase distortions. It has to be mentioned here that there exist methods of partial phase stabilization in fiber optical links, which have had improvement recently [25, 29, 33, 34].

However, there is always some residual phase jitter, which is required to make the feedback in such schemes work. Active intrusion attack All hardware implementations of even flawless key distribution techniques, such as quantum cryptography, have a number of vulnerabilities connected with particular hardware realization, which may not distinguish between correct system operation and a smart intrusion into the system.

This is supported by a number of successful attacks performed against commercial quantum key distribution systems [35—38]. In this sense our system is not an exception and needs to be protected from such attacks. To stay within specifications, the system has to make sure that the measured intensity fluctuations are the result of interference between two broadband optical signals. For example, Eve may cut both fibers of the interferometer and send an intensity-modulated signal through one of the fibers to Alice and Bob.

Alice and Bob still will observe intensity fluctuations, but those will be under total control by Eve. In this case, the interference condition is not met. Alternatively, Eve can use narrowband spectral filters, to limit optical bandwidth of the signal received by legitimate users. This will make the phase measurable by a standard heterodyne method, thus disclosing the distributed key.

This violates the requirement of receiving broadband light. If both conditions are met, then the system will work properly. Therefore, constant monitoring of incoming light is important for system security. The first condition is measurable by tapping into both fibers before the coupler and monitoring optical power. In response, a maximum number of concurrent signals for transmission as well as a numeric base upon which data communication will occur are set.

Additionally, a calibration phase is enabled. The calibration phase comprises transmitting a sequence of binary frames starting from a highest number of active crystals down to one active crystal and registering a definition for each color frame. System comprises a sender apparatus and laser receiver apparatus Sender apparatus comprises a controller co-processor , a light beam , transmitter , and laser canons a and b.

Receiver apparatus comprises a controller co-processor a. Receiver apparatus is enabled to receive any light wave band color and determine via co-processor a light wave color combinations that produced a resulting wave.

In response, co-processor a caches a resulting bit pattern until the bit pattern fills a complete frame. The completed bit pattern is passed through processing with respect to higher level protocols.

The co-processor verifies a bit pattern checksum against received out of band information, to ensure data was received properly or requires re-transmission. If sender apparatus comprises a legacy sender unit, system will detect a light pattern and disable co-processor a functionality to conserve power.

Upon receiving an out of band signal, system initiates a bandwidth throttling calibration process. If receiver apparatus receives light pulses and no out of band signal is detected, system enables a legacy mode, and disables throttling functionality. The calibration process comprises enabling and disabling each of the Vcel lasers and determining a received color. The calibration process includes:. Receiving by receiver apparatus from QD Vcel cannon a a group of multi-frequency light pulses via a plurality of channels.

A co-processor determines that the group of multi-frequency light pulses comprises an out of band OOB signal transmitted over a first channel of the plurality of channels. Receiver apparatus received from a first laser device of QD Vcel cannon a first light pulse of the plurality of multi-frequency light pulses. The first light pulse includes a first frequency for testing a visibility of the first light pulse at receiver apparatus The co-processor determines in response to receiving the first light pulse if the first light pulse is visible at receiver apparatus If the first light pulse is visible at receiver apparatus then all laser devices are independently tested and differing groups of the lasers are tested within a specified threshold until the calibration process has completed.

If the first light pulse is not visible at receiver apparatus then the laser device is disabled and additional laser devices are tested until the calibration process has completed. If an error detection of more than an acceptable amount of packets is determined then, the calibration process will re-start to eliminate unreliable channels. The communication process includes:. Assigning by the computer co-processor bit locations for a plurality of multi-frequency light pulses transmitted over a plurality of channels enabled by the lasers of the QD Vcel cannon.

The assignment is based on a laser pattern table generated during the calibration process describing laser generated light pulses. The co-processor appends a parity bit associated with the OOB signal transmitted over a first channel of the plurality of channels. An odd or even number of frequencies of the plurality of multi-frequency light pulses are compared with the parity bit.

It is determined based on results of the comparison if a pattern associated with the plurality of multi-frequency light pulses comprises a correct pattern. If the pattern is correct then bit locations for an additional plurality of multi-frequency light pulses transmitted over an additional plurality of channels enabled by the lasers of the QD Vcel cannon are assigned based on the laser pattern table.

If the pattern is not correct then plurality of multi-frequency light pulses are re-transmitted over the plurality of channels to determine a correct pattern. Upon completing the communication process, system executes a process for secure transmission using multiple frequencies over a multimode fiber cable.

The process includes validating that system supports the aforementioned bandwidth throttling process. In response to the validation, a secure physical channel is generated via an OOB channel enablement as described, supra. An associated security key is validated or exchange via a selected predetermined secure algorithm to secure the OOB secure channel enablement.

The associated security key may be validated or exchanged via usage of hardware pre-share keys for securing OOB secure channel enablement. Alternatively, the associated security key may be validated or exchanged via usage of hardware certificates for securing OOB secure channel enablement. Additionally, the associated security key may be validated or exchanged via usage of generated random self-signed hardware certificates for securing OOB secure channel enablement. A communication channel bundle selection is secured in response to a user input requesting a specified number of required secure channels.

The specified number of required secure channels of the bundle may include: System may selects frequencies for the channel bundle selection. System may include an N number of channels or frequencies available for data transition such that when a channel is not in use, system may dynamically include the unused channel with the communication channel bundle selection and remove an unused frequency at each random channel selection instance.

Additionally, a random channel may be selected from a communication channel bundle selection and associated random bundle bit count. A random key may be generated for securing each channel included within a secure communication channel bundle. An additional rekeying policy may be enabled. The rekeying policy may be configurable for users of system to enable user defined policies thereby enabling channel encryption and generating a communication tunnel.

The communication tunnel is enabled to transfer data such that when a channel is not used for data transfer, the unused channel may be used for overflow or migrating OOB secure channel data for the secure communication channel bundle.

Additionally, a random channel selection and associated random bundle bit count may be triggered at a predetermined threshold prior to expiration of a bit count for the secure communication channel bundle. In response to the expiration of the bit count, system enables a channel hopping process with respect to a new randomly assigned channel within the secure communication channel bundle.

Data is transferred using a resulting communication tunnel until the transfer is complete. If an error on a channel in the secure communication channel bundle is detected, the channel is disabled, an alarm is issued, and existing predetermined routing and switching methods are enabled to secure an alternative fiber path. Each of the steps in the algorithm of FIG.

In step , the process is initiated. In step , a receiver apparatus e. In step , a computer co-processor of the receiver apparatus checks for an OOB signal. If in step , the co-processor determines that the plurality of multi-frequency light pulses comprises an OOB, then step of FIG. If in step , the co-processor determines that the plurality of multi-frequency light pulses does not comprise an OOB, then in step , a legacy communication mode is enabled.

In step , communications are transmitted and step of FIG. The process is terminated in step In step , a signal is transmitted from a transmitter device over an OOB channel. In step , the transmitter device determines a next individual frequency light pulse e.

In step , next individual frequency light pulse i. In step , the receiver apparatus tests the received individual frequency light pulse for reliability. In step , it is determined if the received individual frequency light pulse is reliable i. If in step , it is determined that the received individual frequency light pulse is not reliable then in step the transmitter apparatus disables the associated QD Vcel laser transmitting the received individual frequency light pulse and step is repeated to determine another individual frequency light pulse for transmission.

If in step , it is determined that the received individual frequency light pulse is reliable then in step , it is determined if all individual laser emitters have been tested. If in step , it is determined that all individual laser emitters have not been tested then step is repeated.

If in step , it is determined that all individual laser emitters have been tested then in step , it is determined if the received individual frequency light pulse is unreliable.

If in step , it is determined that the received individual frequency light pulse is unreliable then in step , the transmitter apparatus disables an associated Vcel laser and step in executed as described, infra. If in step , it is determined that the received individual frequency light pulse is not unreliable then in step , the transmitter apparatus determines a group of multiple frequency light pulses for transmission.

In step , it is determined if the testing process has completed. If the testing process has completed then step of FIG. If the testing process has not completed then in step , the transmitter apparatus transmits a next group of multiple frequency light pulses that have not been tested for transmission. In step , the receiver tests the next group of multiple frequency light pulses for reliability and in step it is determined if the received i.

If the received group of multiple frequency light pulses is reliable then step is repeated. If the received group of multiple frequency light pulses are not reliable then in step it is determined if a testing retry threshold has been reached. If the retry threshold has been reached then step is repeated. If the retry threshold has not been reached then in step , a request for the transmitter apparatus to retry a last frequency light pulse combination is enabled and step is repeated.

In step , a bit location is assigned to enabled lasers e. In step , a parity bit is calculated for an OOB channel. In step , the receiver apparatus tests a received signal with respect to the parity bit. In step, , it is determined if the bit pattern is reliably received. If the bit pattern is reliably received then step is repeated.

If the bit pattern is not reliably received then in step , it is determined if a maximum number of bit pattern receiving tries has been reached. If it is determined that a maximum number of bit pattern receiving tries has been reached then step is repeated.

If it is determined that a maximum number of bit pattern receiving tries has been reached then in step , a retransmission for the bit pattern is requested and step is repeated. In step , an initial security key is transmitted by laser transmitter apparatus of FIG.

In step , the OOB signaling channel is secured based on the initial security key resulting in a secure OOB signaling channel. In step , a secure bundle comprising the secure OOB signaling channel and a group of channels of the plurality of channels and associated transmission frequencies is generated based on the secure OOB signaling channel.

The secure bundle may be generated by the following process:. Randomly generating a secure key for securing each channel of the group of channels. In step , data is transmitted via the secure bundle. In step , it is determined if any channels of the group of channels does not transmit the data. If in step , it is determined that at least one channel does not transmit the data then the at least one channel is allocated for migrating data flow over the secure OOB signaling channel to the at least one channel.

In step , it is determined that the bit count for the secure bundle will expire within a specified time period. In step , a new group of channels is randomly selected. In step , an updated secure bundle comprising the secure OOB signaling channel and an updated group of channels and updated associated transmission frequencies is generated.

In step , an updated bit count associated with the updated secure bundle is randomly selected.