SHIELD: Security Enhancement of Optical Network Logical Design


As in next-generation optical networks the signal will remain in the optical domain for portion of the path or even for the entire path, making them more vulnerable to physical layer attacks, security issues in these networks are of paramount importance. An attack can be defined as an intentional action against the ideal and secure functioning of the network. In general, the physical layer attacks in transparent optical networks can be grouped in two main categories: eavesdropping and service disruption. The first category of attacks is eavesdropping, in which case the main purpose of the attacker is to passively analyze the traffic in the network after gaining access to the information through an unauthorized observation method. To gain mid-span access to the fiber, the eavesdropper has to cut through and strip away the cable’s outer jacket to access the individual fibers in its center. The second category of attacks is high-power jamming. This type of attack propagates through the transparent network affecting several connections. Due to the high bit rates of optical networks and the interaction of the connections, a jamming attack can cause a huge amount of information loss. Therefore, the limitation of attack propagation is a crucial consideration in designing next generation optical networks.

There have been few public reports of physical attacks on the fiber infrastructure; in 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport in Germany and in 2003, an illegal eavesdropping device was discovered in Verizon’s optical network. Utilizing this optical tap, it was believed that someone was trying to illegally access financial information prior to its release. Other reported international incidents for optical taps on proprietary networks include police networks in the Netherlands and Germany, and the networks of large pharmaceutical companies in the U.K. and France. (Sandra Kay Miller, “Fiber optic network vulnerable to attack”, Information Security Magazine, Nov. 2006.)

The project “Security enhancement of optIcal nEtwork Logical Design” (SHIELD) is a research effort focusing on the logical design of secure next-generation optical networks. The logical design problem of optical networks is referred to the process of finding paths and wavelengths (lightpaths) to requested connections. This problem, known as the Routing and Wavelength Assignment (RWA) is considered as one of the most important problems in optical network design. The project focus on providing flexibility in the utilization of resources to minimize the CAPital Expenditures (CAPEX) and Operational EXpenditures (OPEX) costs, such as monetary cost and power consumption, while offering security capabilities against physical layer attacks.

Project’s Website:

The research is funded by the People Programme (Marie Curie Actions) of the European Union’s Seventh Framework Programme (FP7/2007-2013) under REA Grant Agreement n° 630853.