Applying Software Defined Network Concepts for Securing the Client Data Signals Over the Optical Transport Network of Egypt

Abstract

The physical layer of the Optical Transport Network (OTN) is the weakest layer in the network, as anyone can access the optical cables from any unauthorized location of the network and stat his attack by using any type of the vulnerabilities. The paper discusses the security threats and the practical challenges in the Egyptian optical network and presents a new technique to protect the client’s data on the physical layer. A new security layer is added to the OTN frames in case of any intrusion detection in the optical layer. The design of the proposed security layer is done by using a structure of XOR, a Linear Feedback Shift Register (LFSR), and Random Number Generator (RNG) in a non-synchronous model. We propose the security model for different rates in the OTN and wavelength division multiplexing (WDM) system. The proposed model is implemented on the basis of protecting the important client signals only over the optical layers by passing these signals into extra layer called security layer, and before forming the final frame of the OTN system, this done by adding a new card in the Network Element (NE) to perform this job and by using the software defined network (SDN) concept of the centralized controller for all the network to find the intrusions in the optical layers. The encryption techniques of the client signals over the OTN are done between the source and the destination stations only and the signals are encrypted in the entire routes between both sides. The centralized controller of the SDN is used to manage the cryptographic model by distributing the encryption and decryptions keys to the source and the destination stations of the client signals. At the same time it is used to automatic detection of any intrusions in the OTN sections by continues tracing of the variations in the optical to signal network ratio (OSNR) in the OTN, these variations are proportionally related to the risks of the optical hacking and may be new intrusion is started. The results show that using the centralized controller of the SDN in the proposed model of the OTN encryption schemes is providing a high security against any wiretapping attack at the same time the processes of detecting the intrusions in the optical layer over all the network become easier than before, and we can found that If any unauthorized attacker has the ability to access the fiber cables from any unmonitored location, the centralized controller of the SDN in the OTN will detect the variations in the OSNR in of the intruded section of the network and will automatically enable the check phase and according to the results of the check phase it will activate the cryptographic techniques for the selected client signals which passing through this intruded section, and the attacker will find encrypted data signals only and will need many years to find one the right key to perform the decryption process.