Design and Simulation of Physical Layer Security for Next Generation Intelligent Optical Networks

With the latest technological advancements and attractive features of next generation intelligent optical networks such as high bandwidth, low power consumption, and low transmission loss, etc., they have been considered as most viable solution to satisfy promptly growing bandwidth demands. However, main optical network components bring forth a set of security challenges and reliability issues, accompanied by new vulnerabilities within the network. This paper proposes a new design for an optical encryption and decryption method for enhancing optical network security using p-i-n photodiode which generates Pseudo Random Binary Sequence (PRBS) as a shot noise fluctuations and wavelength converter based design using Semiconductor Optical Amplifier (SOA) based XOR gate which utilizes Cross-Phase Modulation (XPM). The system performance based on Bit Error Rate (BER) and Q factor are analyzed at different data rates for different link lengths up to 100 km using OptiSystem. It is observed that error free transmission with a BER of 10-12 is achieved a data rate of 10Gbps for a link length of only 30 Km for the system with PIN photodiode’s shot noise being used for PRBS sequence generation. However, wavelength conversion based system enables transmission of signal at 10Gbps signal up to a link length of 90Km.


INTRODUCTION
Today, optical networks evolved with more optical components such as optical amplifiers, optical multiplexers, so that single fiber can transmit data rate in the order of Terabits per second (Tbps). In conventional network, there is an increase in attacks because of store and forward base node. Thus, the fiber optic network has been the network of choice and it is expected to remain so for many generations to come. The next generation optical network will be more intelligent and secured with different security approach. Among the different transport network technologies, because of attractive features of optical networks such as huge bandwidth, ultra-high capacity, low energy consumption and ability to transmit optical signals through a long distance without much signal distortion, etc., they have been considered to be the most promising option [1]. In such networks, optical fiber links carry a large number of wavelength channels which are transported from sources to destinations entirely in the optical domain via all-optical channels called light paths. Each light path can be modulated at a very high data rate up to 100 Gbps [2] without the need of Optical-to-Electrical-to-Optical (O/E/O) processing at intermediate nodes [3].

A. Features of All-Optical Network
All optical networks (AON) are becoming more and more attractive compared to electro-optic and electronic networks due to their high bandwidth and avoiding O/E/O conversions [4]. AONs provide huge transmission capacities exceeding 1Tbps over each fiber while in electronic networks it is in few Gbps [5]. This makes AONs a promising technology to satisfy the ever-increasing demands on throughput, delay, low BER of 10 -12 , low attenuation loss of 0.2 dB/Km and low noise [6].
In addition, AONs are characterized by their transparency to the transmitted traffic [7]. This refers to the absence of optoelectronic conversion within the network and hence allows the transmission of input traffic as an optical signal without interpretation and regeneration but only with optical amplification. In addition, it avoids the bottleneck with optoelectronic conversion at each intermediate node. Each node of the AON is equipped with an optical cross connect (OXC) or optical Add/Drop Multiplexer (OADM) both of which are able to pass on the optical signals without O/E/O conversion, thus eliminating electrical delay and therefore reducing power consumption and cost based on the less use of transponders in the networks [8].

B. Security issues in All-Optical Network
Even though, optical networks are expected to be able to satisfy the promptly growing bandwidth demands, in order to make this technology completely usable to the future optical internet many issues need to be resolved. AONs come with new challenges in terms of network security [9]. Security in AONs is an important research area, and it is different from communication and computer security in general. While much of the work in the security area is concentrated on confidentiality, privacy and authentication [10], physical layer security of data in AONs is becoming more and more important [11].
Today's optical networks are highly vulnerable to various forms of attacks, including high-power jamming, physical infrastructure attacks, denial of service, service disruption (degrades QoS), tapping attacks (provides access to unauthorized users) which can be used for eavesdropping and traffic analysis. However, transparency feature of AONs also creates many security vulnerabilities [12,13,14,15,16]. In particular, AON components have different accessibility and vulnerabilities from electronic components. For example, it is quite easy to tap or jam signals at a specific wavelength by bending an optical fiber slightly and either radiating light out of it or coupling light into it. Moreover, the high data rate feature offered by optical networks makes data extremely sensitive to faults and attacks, even short failures may lead to loss or compromise of large amount of data and revenue. Therefore, the need for securing and protecting AONs has become increasingly significant. Also, Time Division Multiplexed -Passive optical network (TDM-PON) system is vulnerable to various security attacks because of its passive nature and because it lacks the intelligence to detect and counteract security attacks in access networks [14]. In TDM-PON, eavesdropping on downstream data is easily done because the central office broadcast data to all the users. Therefore, the need for securing optical networks has become increasingly significant.
Different techniques have been proposed for enhancing optical network security including optical encryption, optical chaos-based communication [17]. In this paper optical encryption and decryption method for enhancing optical network security using pseudorandom binary sequence (PRBS) generated from the shot noise fluctuations in p-i-n photo diode and XOR gate utilizing XPM in SOA is proposed and analyzed in this work. The organization of paper is as follows: Section 2 presents our proposed encryption and decryption scheme along with its implementation followed by simulation results. Section 3 concludes the paper.

Optical Encryption and Decryption for Enhancing Network Security
Over the past few years, there has been more concern about data security of optical networks because of brisk increase in optical network capacity. Among several techniques, optical encryption is considered as good candidate to facilitate secure communication without compromising the processing speed [18].
Encryption and Decryption have been utilized several years by governments and defense forces to secure much of world's most sensitive data. Encryption is the process of transforming original message to an unrecognizable or encoded form by using an encryption algorithm especially to hide or lock original information from unauthorized users.

Fig. 1. Block Diagram of Secured Optical Communication System
The simplified block diagram of secured optical communication which involves optical encryption and decryption is shown in Fig 1. The schematic block diagram of the proposed Encryption and Decryption is shown in Fig.  2. Input message is referred to as plaintext and encoded information is referred to as ciphertext. The whole process needs a key stream which is generated by PRBS. All optical XOR used as a building block of all optical encryption decryption system which utilizes the cross phase modulation. By applying XOR operation twice, the original message is recovered at the receiver, i.e the ciphertext is converted back into plaintext.
The entire process generally needs an encryption algorithm and a keystream. Data protection, data privacy, security, and integrity of a system relies directly on two important parameters: strength of algorithm and length of key.

A. Key generation Using PRBS generator and simulation setup
In encryption and decryption, the keystream plays a vital role and there are many methods for generation of pseudo random numbers which are based on either simple mathematical or physical sources [19]. In the simulation layout of the proposed design is shown in Fig. 3, PRBS is generated from the shot noise fluctuations in p-i-n photodiode.
The optical signal from CW laser source is divided equally by a beam splitter into two equal optical signals of power Pin, which is then made to fall on p-i-n photodiodes in the upper and lower arm, respectively. Photodiodes convert the optical signal falling on it into current proportional to the incident optical power and in addition the current due to fluctuations of the incident power.

Fig. 3. Simulation Layout of PRBS Generator
Total current generated by photodiode can be written in the form ) ( where, I is the average current or photocurrent (in I can be calculated as where, R is the responsivity of photodetector (A/W), and in P is the incident optical power (Watts).
Autocorrelation and spectral density are related by The noise variance is given by [20] f where, f  is the effective noise bandwidth of the receiver, and q is the charge of electron.
The total shot noise is then given by [20] f However, both the photodiodes generates same photocurrent and different shot noise since fluctuating currents will be generated randomly.
The outputs of photodiodes are then subtracted in order to cancel out photocurrent so that only fluctuating current or quantum noise is present at subtractor output. The randomness of generated sequence can be checked by using monobit test [21] and is calculated as where, erfc is the complementary error function, and abs S is test statistic and is given by where, n S is the addition of all the bits of sequence after converting zeros and ones to values of the -1 and +1 respectively, and is the number of bits in a sequence. After calculating the value of P the decision for randomness is made such that if 0100110100 Using the generated sequence the test for randomness is performed. The generated sequence shown in Table 1 is found to be random as the obtained value for P is 0.5271. The randomness of generated sequence is discussed in our publication [22].

B. XOR based Encryption Algorithm
All optical XOR logic operation has been typically used as encryption algorithm to achieve secured data transmission. All optical XOR gate has several advantages such as immunity to electromagnetic signature, low latency, high extinction ratio etc.
The two optical signals (Data stream and Probe signal) at same or different wavelengths are coupled appropriately using 3dB couplers arranged in SOA -MZI configuration as shown in Fig. 2. In the upper arm optical data is coupled with probe signal and in the lower arm probe signal is coupled with keystream which are then launched into two SOAs in the upper and lower arm respectively. The incoming data pulses or the control signal produces the carrier density variation within SOA which provides change in refractive index of nonlinear medium and phase modulation of CW beam occurs in the upper arm depending on the control signal. Similarly, in the lower arm phase modulation is carried on due to keystream. Then, two beams are combined by coupler after passing through SOAs. Depending on the phase difference between two beams, they will interfere constructively or destructively and therefore all optical XOR operation is performed on two input data streams.
The rate equations from which the associated nonlinear optical effects and dynamics of carrier density in SOA can be analyzed using [23].
where, N is the carrier density, J is the rate of carrier injection through bias current, tr N is the transparency carrier density, C S is the control light power, Sp is the probe light power, C w is the control light frequency, p w is the probe light frequency,  is the carrier lifetime, d g is differential gain, h is the reduced Planck's constant,  is the optical confinement factor, and  is the optical loss coefficient including absorption and scattering loss. The intensity modulation in the intensity of the probe light can be obtained from above equations.
However, the phase shift experienced by the probe signal is given by where,  is the phase of probe light and N  is line width enhancement factor.

C. XOR based Decryption Algorithm
The two optical signals (Cipher Text and Probe signal) at same or different wavelengths are coupled appropriately using 3dB couplers arranged in SOA -MZI configuration as shown in Fig.2. In the upper arm encrypted optical data is coupled with probe signal and in the lower arm probe signal is coupled with keystream which are then launched into two SOAs in the upper and lower arm respectively. The cipher text streams produces the carrier density variation within SOA which provides change in refractive index of nonlinear medium and phase modulation of CW beam occurs in the upper arm depending on the encrypted signal. Similarly, in the lower arm phase modulation is carried on due to keystream. Then, two beams are combined by coupler after passing through SOAs. Depending on the phase difference between two beams, they will interfere constructively or destructively and therefore all optical XOR [24,25,26] operation is performed on encrypted signal, by which we get a decrypted signal or plain text. Same mathematical analysis holds good for the decryption process.

D. Simulation of Secured Optical communication System
Based on the schematic block shown in Fig 2, the system is simulated in Optisystem. The layout of which is shown in Fig. 4. The design comprises of subsystem of XOR gate and generated key. The simulation parameters are tabulated in Table 2.
The optical data (message signal) at the wavelength of 1540nm is encrypted into cipher text using the generated key and transmitted. The encryption is carried out based on XOR operation. The cipher text which is transmitted is received at the receiver and using the same key, decrypted using XOR operation to recover the original data.  The simulation is carried out for different data rates and link lengths and the performance of the system is analyzed based on BER and Q factor.

Performance Analysis
The input Message (0101101110) at 1540nm (Fig. 5a) to be transmitted at a data rate of 10Gbps is encrypted using the key (1111001001) at 1540 nm (Fig. 5b) generated by PRBS generator. As explained earlier XOR operation is performed to get the encrypted signal (1010100111) at 1540nm (Fig. 5c). This encrypted signal is transmitted and upon reception is decrypted using XOR operation to get the original signal (0101101110) as shown in Fig. 5d.  The performance parameters of the proposed optical encryption and decryption system are listed in Table 3. Qfactor and the Bit-Error Rate (BER) are most commonly used performance measures. Q-factor is another way to represent the signal to noise relationship. In optical system, the BER is typically too small to measure and hence Q factor is more suitable to be used. It represents signal quality and allows simplified analysis of system performance. Obviously, the larger the Q is, the less will be the bit error rate. Bit error rate and Q factor relationship is given as  Simulation results are analyzed for 10, 20 and 30km of fiber length. As the optical fiber length i.e. distance between transmitter and receiver, increases BER increases and Qfactor decreases. When optical fiber length of 30km is used, the minimum BER and maximum Q-factor of encrypted signal are 0.3726e-20 and 13.583, respectively whereas that of decrypted signal are 0.9392e-11 and 6.964 respectively at 10 Gbps. Implemented encryption and decryption system gives satisfactory result for optical fiber length up to 30km.

All Optical Encryption and Decryption using wavelength Conversion
The schematic of proposed design is shown in Fig. 6. In this work, SOA-MZI structure based on XPM is utilized to realize all optical XOR logic operation [27,28]. The optical data streams (Pi) and security key (Ki) which is generated by delaying data signal (Pi) at same wavelength λ1 (1554nm) are launched into two SOAs. A CW signal at different wavelength λ2 (1552nm) is split into two beams which are injected into upper and lower branch of MZI respectively. The data stream produces the carrier density variation within SOA which provides change in refractive index which leads to phase modulation of CW beam. Then, two beams are combined by coupler after passing through SOA. Depending on the phase difference between two beams, they will interfere constructively or destructively and give encrypted output at the CW laser wavelength λ2 (1552nm) Decryption of encrypted data is achieved by first performing the wavelength conversion of delayed signal (Ki) which is at wavelength λ1 to the encrypted data (Ci) wavelength λ2 and then performing XOR logic operation between Ci and Ki, i.e., Pi= Ci XOR Ki.
In the proposed design, all optical wavelength conversion is the key for encryption and decryption along with XOR operation. By utilizing the nonlinear characteristics, XPM wavelength conversion is achieved. XPM relies on the dependency of the refractive index of the carrier density in the active region of the SOA. An incoming signal that depletes the carrier density will modulate the refractive index and thereby result in phase modulation of a CW signal, resulting in wavelength conversion. Data initially carried by wavelength λ1 will be completely preserved and transmitted further along at the new wavelength λ2. The simulation layout for all optical wavelength conversion using cross phase modulation XPM is shown in Fig. 7.

Fig. 7. Simulation Layout for XPM based Wavelength Converter
The design uses SOA-MZI architecture. Wavelength conversion is achieved in the following way: a delayed signal or security code at the wavelength λ1 is coupled into upper arm of the MZI along with the data signal. As the signal propagates through the upper SOA, it modulates the carrier density, causing a change in the refractive index, and thereby a phase modulation. CW light at the wavelength λ2 is sent through coupler acting as splitter, and is subsequently split equally and sent to the two interferometer arms. In the lower arm the CW light will experience a constant phase change according to the biasing of the lower SOA. However, in the upper arm the CW light will experience a phase change depending on the bit pattern of the input data signal. Thus, the CW light will combine constructively or destructively at the interferometer output depending on the modulation of the input signal. In this way, the bit pattern of the security code is transferred to the CW light, which is selected at the output using a filter and one of these wavelength as a new signal carrier and the initial data will be completely preserved and transmitted along at the new wavelength λ2. After performing wavelength conversion at the receiver end, XOR operation is performed between security code and encrypted output both at same wavelength λ2 to recover the original input message.

A. Simulation of Wavelength conversion based Encryption and Decryption
The simulation layout for optical encryption and decryption is shown in Fig. 8. Here, two XOR gate, a key and a wavelength converter are used to perform encryption and decryption at transmitter and receiver side respectively. The input data to be transmitted and key are fed to XOR gate. By applying bitwise XOR operation between every bit in the signal and a given key, encoded data is obtained at the output of XOR gate. At the receiver, after performing the wavelength conversion of the key, XOR operation is again performed between encoded data and the key, the original data is obtained at the receiver. Simulation parameters are displayed in Table 4.  The optical signal representation and optical spectrum of the input data sequence (0111) at 1554nm to be transmitted are shown in Fig. 9a and Fig. 9b respectively. The data signal is generated at bit rate of 2.5Gbps, 1554nm wavelength (192.91 THZ frequency). The optical signal representation and optical spectrum of the security key (1101) at 1554nm generated by delaying data signal are shown in Fig. 9c and Fig. 9d respectively. Therefore, the security code is also generated at bit rate of 2.5 Gbps, 1554 nm wave-length (192.91 THz frequency).
The resultant encrypted signal (1010) is obtained at 1552 nm wavelength (192.16 THz frequency) after performing XOR operation between data signal (0111) and security key (1101) both at 1554 nm wavelength (192.91 THz frequency). The optical signal representation and optical spectrum of encrypted signal are shown in Fig. 9e and Fig.  9f respectively. From Fig. 9e, it can be observed that the encrypted signal wavelength is different from that of key and message. Hence it is clear that the encrypted message is transmitted at different wavelength.    At the receiver side by using cross-phase modulation (XPM) based wavelength converter, the wavelength of security key is changed to 1552 nm without altering the key data (1101) carried by signal. The optical signal representation and optical spectrum of the security key (1101) after performing wavelength conversion are shown in Fig. 10a and Fig.10b respectively.   The optical signal representation and optical spectrum of decrypted signal are shown in Fig. 10c and Fig. 10d respectively. From Fig. 10c, it can be observed that the decrypted output obtained at the same wavelength at 1554nm as the original message wavelength.

B. Performance Analysis
The system parameters such as the Q-factor and BER values are analyzed by varying the data rate for different transmission distance from 10 km to 100 km using OptiSystem. As transmitted bit rates increases, BER increases and hence degrades the Q-factor. Also, for smaller transmission ranges, higher bit rates gives affordable BER and Q-factor; but as range increases higher data rates may not be preferred. The Q-factor v/s Transmission distance for different data rates is given in Fig. 11 which indicates that for 100 Km of transmission distance error free transmission and good quality of the signal reception at the receiver is achieved at 10 Gbps. For optimum Q factor and lower data rates more than 100 Km fiber length can be used.   Table 5 lists the Q-Factor and BER for a link length of 90 km for different data rates. From Fig. 12, the Q Factor and BER for link length of 90 km are analyzed and indicate that as transmission bit rates increases, the Q-factor degrades and BER increases. For 90 km of transmission distance, error free transmission and good quality of the signal reception at the receiver is achieved at different data rates.

CONCLUSIONS
In this paper, two different methods are presented to achieve optical encryption and decryption. In the first method, pseudorandom binary sequence (PRBS) generated from shot noise fluctuations in p-i-n photodiode is utilized. Implemented encryption and decryption system gives satisfactory result for optical fiber of length upto 30 Km at 10Gbps. Therefore, can be used to protect the integrity of downstream data in optical access networks. The results show that decryption by an eavesdropper becomes impossible because large number of possible permutations of different parameters are used in our system.
In the Second method, optical encryption and decryption system using wavelength converter is designed in OptiSystem simulation. The performance analysis of the system, in terms of received signal Q-factor and BER, and its dependence on system parameters are analyzed based on the simulation results. The obtained results indicate that for 90 Km of transmission distance transmission with a BER of 10e-9 at the receiver is achieved at 10 Gbps. In future different techniques networks such as chaos-based communication to enhance the robustness of data transmission against narrow band interference can be designed.

Declarations
Funding There is no funding provided to prepare the manuscript. Conflict of Interest There is no conflict of Interest between the authors regarding the manuscript preparation and submission. Ethical Approval This article does not contain any studies with human participants or animals performed by any of the authors. Informal Consent Informed consent was obtained from all individual participants included in the study.    Please see the Manuscript PDF le for the complete gure caption Figure 5 Please see the Manuscript PDF le for the complete gure caption Please see the Manuscript PDF le for the complete gure caption Please see the Manuscript PDF le for the complete gure caption Please see the Manuscript PDF le for the complete gure caption Please see the Manuscript PDF le for the complete gure caption Figure 10 Please see the Manuscript PDF le for the complete gure caption Figure 11 Please see the Manuscript PDF le for the complete gure caption Figure 12 Please see the Manuscript PDF le for the complete gure caption