- Email: [email protected]
WAN systems to support confidential communication
Computers & Security, 10 (1991) 765-776
Fiber-Optic LAWMAN Systems to Support Confidential Communication Gnanesh Coomaraswamy, Srikanta Kumar and Michel E. Marhic
P. R.
Northwestern University,Department of ElectricalEngineeriy and Computer Science, 2145 SheridanRoad, Evanston, IL 60208-3118, U.S.A.
We propose a novel method to support confidentiality in broadcast fiber-optic local area network systems. This approach, which is different from the conventional cryptographic approach, is based on a fundamental property of fiber optics, namely optical bidirectionality. The basic idea is that, when two stations are engaged in a private conversation, it is possible to jam effectively the reception at all other stations via a suitable interconnection of network elements. In this sense, security close to that of a point-to-point link is achieved in a broadcast network. We show that this concept can be successfully applied to arrive at network structures to support privacy in passive fiber-optic broadcast local area and metropolitan networks.
1. Introduction dvances in communications and computer technologies have produced a rapid increase in the demand for new communication services. This continuing trend calls for the design of more sophisticated, efficient, and secure future network systems. While efficient high-performance fiberoptic local area network (FOLAN) systems have become feasible, these systems rely primarily on
A
0167-4048/91/$3.50
traditional cryptographic methods for providing secure communication. Cryptography has always been considered a reliable and technologically feasible method to protect information over a network. However, recent advances in cryptanalysis (breaking ciphers) raise serious questions about the ability of traditional cryptographic techniques to provide a high degree of security’. Furthermore, the design of a secure system in a broadcast environment faces additional challenges because of the high exposure of information on the network. In such an environment, there is potentially a higher risk of information compromise. We propose an alternative method to support confidential communication in broadcast FOLAN systems, which involves a novel interconnection of ‘Non-traditional cryptographic techniques include quantum cryptography, where security is based on the uncertainty principle of quantum physics [ 1, 21.These are primarily motivated by the insecurities in cryptographic techniques, but tend to be generally complex to implement.
0 1991, Elsevier Science Publishers Ltd.
765
G. Coomaraswam y et al.lFibre-Optic
LANIMAN
Systems
network clcmcnts (passive) and the USC of optical bidirectionality. In this approach, confidentiality is achieved without appealing to conventional cryptographic techniques. The two approaches arc complementary, and a combination could be used in practice. Our architecture is based on a fundamental propcrty of fiber-optics, namely optical bidircctionality. Bidircctionality here means that two distinct transmissions in opposite directions can occur simultaneously on the same channel, without any collision. WC show that this property can be used to arrive at network structures to support privacy in a broadcast cnvironmcnt. The basic idea is that when two stations arc engaged in a private conversation, reception at all other stations can bc jammed via properly designed network intcrconnections, thus eliminating the exposure of information to non-intended users. We will demonstrate this idea by applying this concept to the class of demand assignment multiple access (DAMA) schemes (which includes LAN/MAN SYSterns such as Expressnet [3], Fasnct [4], MAP [5] and QPSX [6]), a widely used technique. We illustrate this method by taking Exprcssnct as an example of the DAMA scheme as it encompasses all topological features required in other such schemes. The ideas arc general, and arc applicable to other such networks as well. The paper is organized as follows. We begin with the description of optical bidircctionality and the USC of this to achieve confidentiality. This is followed by a brief description of traditional cryptographic techniques and a comparison of some of its features with our method. Brief descriptions of Expressnet, and fiber-optic structures achieving privacy are then given in Sec. 5. Performance issues arc discussed in Sec. 6, and the conclusions arc in sec. 7. 2. Optical
Bidirectionality
Fig. 2. Achieving
confidentiality.
usually achieved by using two wires, one each for downstream and upstream information. However, in fiber optics, it is possible to provide full duplex transmission over a single fiber [7]. This is achieved by using directional couplers to couple the electrooptic transmitters and receivers to a common fiber as shown in Fig. 1. This is possible because two light waves traveling in opposite directions pass through each other without causing a collision2. We use this property for achieving privacy as follows. First, the transmitter and receiver at a station arc coupled as shown in Fig. 2, and this pair
and Confidentiality
In a typical communication link, simultaneous two-way or full duplex transmission of signals is
766
Fig. 1. Schematic diagam of bidirectional transmission: T, K, and I are transmitter, receiver and isolated port termination, rcspectivcly
‘This property, which has been recognized for some time, has not been fully exploited with respect to its network uses.
Computers and Security, Vol. 70, No. 8
is connected to the network as shown. The idea behind this intcrconncction is that every station at an instant receives all that is being transmitted on the network at that instant, except its own transmission (if any). Coupling is achieved by the USCof an optical coupler, a multi-port device capable of splitting the light entering at an input port among the output ports, according to a fixed ratio. There arc several types of couplers, and for simplicity we consider here only four-port symmetric couplers3. Now, confidentiality is achieved between station i and station j shown in Fig. 2, as follows. First, station i transmits a message signal on the network. Then, station j injects or transmits a jamming signal to the network, while all other stations keep quiet (all these are handled by the media access protocol, the details of which arc given later). Owing to the coupler interconnections, the jamming signal is received by all exceptj; the message signal is received by all except i. Thus all stations other than i and j rcccivc both the data and the jamming signal. This signal is a superimposition of two optical signals in the same direction, which is inseparable. Thus all non-intended stations arc blanked out of the conversation4. The details of access protocols, the architecture, and the interconnection will be presented in Sees. 4 and 5. The principal fcaturc of the proposed method is the elimination of the exposure of information to non-intended users. In the following section, we briefly assess this approach to network security vis-i-vis the traditional encryption techniques.
3The relationship between the input of the coupler and the optimization discussed in the appendix.
ports and the output ports of the coupling ratio are
4This idea is somewhat different from the so called “traffic padding” technique, whcrc “dummy” fields and spurious data are generated and inserted between user data scgmcnts to deny a traffic analyst information infcrablc from the prcscncc, absence, amount, direction and frequency of data transfer [8]. 111contrast, in the method here, user data and jamming signal arc superimposed or added throughout the duration of the call.
3. Cryptography Architecture
and the Proposed
WC begin with some background material on cryptography. In this approach to security, messages to be encrypted are transformed by a function that is parametrized by a key. The recovery of the messages from the encrypted text requires a decryption key which is known only to the intended receiver. These decryption keys themselves need to be convcycd to the rccciver through the public network in a non-readable form, which creates the key distribution problem. In a typical cryptosystem, the selection, protection and distribution of all these keys are handled by a key management system. Key management/distribution systems can become extremely complex in broadcast networks with multiple-access and where significant security threat is present [9, lo]. A large part of this complcxity is due to the inherent nature of broadcast networks, whcrc users are exposed to all the information over the network. Such high exposure of information creates a situation where nonintended users or intruders may listen to or record any conversation on the network. In confidential communication the conversation is generally encrypted; but if sufficient amounts of cnciphercd text can bc collected, the intruder may then USC cryptanalysis on this enciphered text in an attempt to find the encryption key. The threat of such a cryptanalytic attack is present in any broadcast type of cnvironment5, especially in very high-speed networks, whcrc vast amounts of data can be collected in a very short time. A typical key management system counters thcsc possibilities by the use of session keys for the encryption of data. Session keys are data encryption keys, generated by a centralized key server for the duration of a communication session. They arc normally enciphered under a node’s master key, known only to the key server, and are used to
“Most of the cryptosystems that have been publicly the last decade have been broken by cryptanalysis
proposed
in
[I I].
767
G. Coomaraswam y et al.lFibre-Optic
LANIMAN
establish
applications)7, our architecture altcrnativc as no such processing
a common
data encryption
key between
nodes that have different master keys. Session keys play an important role in reducing the threat of cryptanalytic
attacks
by intruders
on rccordcd
text.
To limit the amount of data enciphered under a single encryption key, several strategies can be built into the key managcmcnt system: (i) randomly change
the session
keys bctwccn
sessions
[9], (ii)
employ time stamps in session keys to avoid replays af previously compromised session keys [ 1I], and tiii) cxcrcisc lengthy session keys and master keys to lctcr any brute force attack” on &cm.
in the following, sonic comparative observations arc made bctwcen the proposed architecture and the cryptographic techniques outlined above. Firstly, the architccturc we propose eliminates the need for the session key. This significantly reduces the complexity of key managcmcnt systems, especially in large networks whcrc the management of the substantial number of keys can be cumbersome and cxpcnsivc [lo]. Furthcrmorc at the receiving end, our architecture edge of the jamming
does not rcquirc the knowlsignal for the recovery of the
message (unlike the decryption key required in cryptography), which greatly alleviates the key distribution problem. Secondly, by eliminating the cxposurc of information on the network, our architecture deprives the cryptanalyst of all plaintext
and/or
mat&cd
ciphcrtcxt.
eliminates the risk of information cryptanalysis.
This
virtually
compromise
by
Thirdly, in applications whcrc the large amount of time required for claboratc encryption/decryption is
unacceptable
(high-security,
high-bandwidth
6For cxamplr, the Dara Encryption Standard (DES), with a kq lcngh of 30 bits has a kc) space of 3”’ powblc cotnbinations. For a brute t&cc attack, this ib an uncon~fortably small nunsbcr. becoming wlallcr as computers set faster [ 13); also, the cncryptcd dara in a given wssion interval could bc vcty large in high spwd networks.
768
Finally,
our
Systems
approach
offers
provides a good will be required. lesser
reliance
on
“trusted code”, and a lesser ovcrhcad due to encryption/decryption. In addition, during a private call there is a provision for incr&cd throughput bctwccn the two partics, as they can simultaneously exchange data (intcrspcrsing with the jamming detail hcrc). 4.
signal;
Expressnet
this will not bc cxamincd
Access
The DAMA schemes and-defer mechanism
in
Protocol
are based on the attemptand employ a unidirectional
bus structure. These schemes require a physical ordering (priority) among stations, which is provided by a linear unidirectional bus structure [ 151. In such a structure the transmitted signal propagates in only one direction. This mechanism basically opcratcs as follows. A station wishing to transmit on a given bus awaits until that bus is idle. It then begins to transmit, thus establishing its desire to acquire the bus. However, if another transmission from upstream (higher priority) is dctcctcd, the station aborts its transmission and dcfcrs
to
the
one
from
upstream transmission tinue conflict-free.
upstream.
is thercforc
Here, we take Exprcssnct
The
allowed
[3] as an cxamplc
most to con-
of the
DAMA schemes, and give details of its operation. Broadcast communication is achicvcd by folding a unidirectional cable onto itself so as to create two channels, an outbound channel onto which the users transmit packets and an inbound channel from which users rcceivc packets (SK Fig. 3). All signals arc transmitted on the outbound channel via a transmit tap, and rcccivcd on the inbound channel via a rcceivc tap. Additionally, each station has a sense tap to monitor activity on the upstream side of its transmit
tap.
‘For cxamplc, in rhc “WA chip” the titnc with a 5pccial choice of rxponcnt is around
for cxponcntiation
I I ms [I”].
Computers and Security, Vol. 70, No. 8
I
Fig. 3. Exprcssnet-folded
successful consecutive transmissions (packet) would be separated by a gap of duration td, and two consecutive trains by the duration of a round-trip delay. This is in contrast with the CSMAKD [16] or IEEE 802 token-passing scheme [ 171, in which gaps of the order of the round-trip delay occur at the end of every packet.
bus structure.
Define EOC( ou t) as an event that marks the end of carrier (activity) on the outbound channel. This event is used as the synchronizing event by stations to determine the beginning of a transmission. For example, a station wishing to transmit monitors the carrier on the outbound channel for the event EOC(out). On detection of EOC(out), the station starts the transmission of its data, while continuing to monitor the outbound channel for any activity from upstream stations. If a carrier is detected, the station immediately aborts its current transmission. Otherwise, it continues the transmission of its data until completion. Note that the possible overlap among several transmissions (due to aborted transmissions) is limited to the first td seconds of the transmissions, where td is the time necessary for the detection operation of the event EOC(out). Clearly, a station that has completed the transmission of a packet in a given round will not encounter the event EOC(out) again in that round, thus guaranteeing that no station will transmit more than once in a given round. Define a train to be the succession of transmissions in a given round. Then, event EOT(in) is defined as the event that marks end of train on the inbound channel. The event EOT(in) is detected by sensing the inbound channel for the absence of the carrier for a time greater than td, the time required for detection operation. To start a new round, EOT(in) is used as the synchronizing event, in the same way that EOC(out) was used to start a transmission. Thus, stations synchronize their transmissions to the first two events, EOC(out) or EOT(in). Note that, at a given station, only one such event can occur at a time. According to this mechanism, two
5. Configurations
for Expressnet
In the folded-bus structure shown, two basic functions can be distinguished. The first is that of providing connectivity among all stations for data transmission; that is, the provision of data transmission paths among the stations’ transmitters and their receivers for broadcast communications. The second feature is that of providing the required feature for access control; this consists of achieving a physical order among the stations according to which the latter use the synchronizing events EOC(out) and EOT(in). In the configuration shown there, the data transmission and access control functions are combined into a single linear bus, with appropriately placed sense taps, transmit taps and receive taps. However, these two functions may be implemented in two separate networks of possibly different topolo ies: a data subnetwork and a control subnetwor a . The data subnetwork provides data transmission paths among the stations’ transmitters and receivers for broadcast communication, and the control subnetwork provides the synchronizing events to achieve the physical ordering for access control of the medium. While the control subnetwork must always be linear, the data subnetwork may have different configurations. Here we note a seeming contradiction between the bidirectionality required for jamming, and the unidirectionality required for linear ordering in Expressnet. Fiber optic structures for the control subnetworks have been studied extensively by Nassehi et al. [ 181 for various DAMA schemes. These could be used in our architecture also. Here, we propose structures for the data subnetworks, based on the linear
G. Coomaraswam y et al.lFibre-Optic
i
me-basic
configuration
Linear Bus and Tree Topology
The bidirectional configurations for the data subnetworks, based on linear-bus and tree topologies, are shown in Figs. 4 and 5 respectively. WC call this the basic configuration. Because of the excess loss and reciprocity of couplcrs8, the maximum number of stations that the basic configuration can support is quite limited [19-221. This can be improved by employing known techniques such as stretching and bypassing [ 181. The number of couplers needed to implement the basic configuration may be decreased by a factor of two by coupling the transmitter to the receiver as
Wxiprocity demands that the fraction of power removed from a fiber in one direction, be equal to the fraction of power injected into that fiber from the other direction.
770
Fig. 6. Linear bus-stretched
configuratiotl.
Fig. 7. Binary
configuration.
configuration
bus, tree and star topologies, that are bidirectional and support confidentiality.
5.1.
Systems
j
Fig. 4. Linear bus-basic
Fig. 5. Binary
LANIMAN
tree-stretched
shown in Figs. 6 and 7. In this stretched configuration, a single coupler is used per station, with the output of its otherwise unused port connected via an additional stretch of fiber to the next station. In a typical local arca network, the cost of additional fibers is outweighed by the savings in the number of couplers. The number of couplers between transmitters and receivers in the linear bus may be further reduced by providing bypass paths as shown in the bypassed configuration (for linear bus) in Fig. 8. For sufficiently large values of IV, bypassing improves the performance of the configuration.
5.2.
Modified
Star Topology
We propose a star intcrconncction to support confidentiality as shown in Fig. 9. We call this the modified star coupler. Such a modified star coupler divides the incoming power among all ports other than itself. This is achieved by interconnecring N lx(N-I) bd’ i lrectional tree couplers as shown in Fig. 10. Note that since an entering signal traverses two tree couplers in cascade, the power loss incurred is of the order of l/(Nl)‘, which corresponds to the power loss in a double-tree configuration.
Computers and Security, Vol. 70, No. 8
1
”
2
n+l.....................
w 1
2n
c
N
* N
2
T
Fig. 8. Linear bus-bypassed
Modified
Star
Fig. 9. Power division in a modified star.
(and stretched) configuration.
Then, A transmits a preamble on the data subnetwork and, on receipt of this preamble, B inserts the jamming signal on to the data subnetwork. As soon as the jamming signal reaches A, it commences its confidential payload (data) and continues until call termination. The call is terminated upon B aborting the jamming signal and A relinquishing the bus. These call setup and release procedures are access protocol dependent, but all topologies proposed here (linear bus, tree and modified star) are bidirectional and support confidentiality. 6. Performance
I
2
N-l
N
Fig. 10. Schematic diagram of a modified star coupler.
5.3.
Confidential
Call Setup
Here we describe the call setup procedure for confidcntial communication between two stations A and B. First, station A secures access to the bus (according to the access protocol of Expressnet described in Sec. 4) via the control subnetwork.
Our proposed architecture retains all the salient features of the access protocol, and thus the performance (throughput and bandwidth utilization) for the regular traffic (without confidentiality) is unchanged and is the same as for the unidirectional structures. But for calls supporting confidentiality, the call setup time (of the order of end-to-end propagation delay) would affect the bandwidth utilization for these calls. Nevertheless, the architecture proposed may be viewed as useful in at least two ways. Firstly, if the confidential traffic is low relative to the regular traffic, the confidential calls will not significantly degrade the performance (throughput) of the regular traffic. Thus, our method could be used to provide confidentiality under these conditions. For example, for a call
771
G. Coomaras warn y et al. IFibre-Op tic LANIMAN
duration of T s and the end-to-end propagation delay of z s, the overhead for call setup and release is 42 s and the link throughput is (T - 4$/T. In a 100 Mbps link over 1 km and for call duration of 125 ,us, the link throughput is near 89%. Secondly, in linear topology, “trusted” nodes and bridges appropriately placed could be used (to cut down the propagation delay) to transmit messages in a store-and-forward manner. For example, if “trusted” nodes are located every 0.5 km, then the link throughput would increase to nearly 95%. In the following, WC briefly address some issues that are of practical significance. 6.1. Maximum Number of Stations
In passive fiber-optic networks, the maximum number of stations that a network can support is bounded by the power of the transmitter, the sensitivity of the receiver and the path losses between them. Thus, for a given transmitterreceiver pair, the factor limiting the maximum number of stations on the network is the total loss of the coupler. The total loss specifies the power
S ys terns
lost within the coupler, including radiation, scattering, absorption, and coupling losses. To evaluate the performance of the structures proposed, we study the maximum number of stations that the proposed structures can support. WC present the results in Fig. 11 for a coupler with an excess loss of 0.1 dB, and give the detailed derivations in the appendix. In active broadcast networks, this maximum number is of secondary significance. Repeaters or amplifiers could bc used at convenient points to boost the optical signal to the required level to maintain performance. In the proposed bidircctional networks, the amplification process has an additional constraint; not only should it be alloptical but also bidirectional. Such all-optical bidirectional amplifiers are now available; this greatly increases the maximum number of stations shared by one network in any configuration. Typically, in linear bus or the double-tree configuration, this number could be doubled by having such an amplifier in the middle. 6.2. Authentication
Excess Loss = O.ldB
I( 20
Power Fig.
11.
1
8
IV 40
9
8
80
Pu in dB.
The maximum number of stations NMAXversus power
margin P,.
772
Morgin
In the context of secure data communications, authentication means veri+ng the identity of the communicating principles to one another. If source authentication is not performed, it may be possible for an intruder to masquerade as the bona fide source and send false information to any station on the network, and if destination authentication is not realized, it may be possible for the intruder to pretend to be the intended receiver, and to receive unauthorized information. Authentication forms a small segment of the overall key management system. There are many centralized, distributed and hybrid authentication mechanisms, and they are typically based on encryption techniques. This type of authentication may also be used in our approach. Note that any kind of encryption used in our system is needed for the purpose of authentication more than to achieve security itself. We outline a distributed authentication scheme [23], which could be used in conjunction with our architecture.
Computers and Security., Vol. IO, No. 8
Consider the use of a public key system. Each user has a secret key S and a public key P which is known to all others. Let {M}k denote the message which is the outcome of encrypting message M by key k. Suppose station A wants to send a message to B. Then A sends {address A, address BISKA to B where SKA is the secret key of A. This could be decrypted by anyone who knows the public key of A, including B, and thus source authentication is achieved. Note that no one else other than A can generate or alter such a message, as they do not have access to SKA. Similarly, destination authentication can be achieved. In a more sophisticated procedure, the message from A to B can be encrypted as {{A,B)PKB]SKA,where PKB is the public key of B. Here, only B can decipher the message, by successively applying PKA and SKB (known only to him).
is totally transparent to the user and has self-testing capabilities. Another product employs gradedindex fibers to achieve bimodal operation by utilizing the lower mode for data and the higher mode for monitoring.
6.3. Optical Tapping If the cable (bus) is unprotected, an intruder may be able to tap a private conversation via directional optical tapping. However, such a tap must be inserted physically in between the two communicating stations i and j, where the signals are opposite to each other (see Fig. 12). One way to overcome this is to shield the cable as shown. Several such shieldings with intruder detection capabilities are availabley. One such product is the U.S. National Security Agency (NSA) approved step-index system. This alarmed fiber-optic system
Since the strength and trustworthiness of network secrecy rests on the security of the underlying cryptographic transformations, the trust given to non-disclosure in networks is bounded by the trust in the cryptography. The architecture we propose moves this boundary higher, by significantly reducing the reliance of the trust in cryptography. We have proposed a novel architecture which is complementary to the cryptographic approach and when combined with it reduces the risk of information compromise and the complexity of key management systems. This is mainly due to the feature ofjamming out the private communication to non-intended users. In this sense security close to that of point-to-point links is achieved in a broadcast environment.
Another way to deter optical tapping is to ensure that in the event of a physical entry, no useful information can be found in that part of the fiber. The modified star configuration that we suggest (Sec. 5) considerably reduces such access points with useful information, hence dissuading the possible intruder. Ensuring that the transmission power at possible entry points is too low to be detected via surreptitious couplers, could be another method to discourage physical entry. 7. Conclusion
The interconnection ideas presented here to support privacy in optical LAN/MAN systems are quite general. An application of this architecture to IEEE 802.6 (DQDB MAN) is presented in Coomaraswamy et al. [24]. The ideas can also be applied to other access schemes such as CSMAKD [ 161.
Fig. 12. Surreptitious
optical coupling.
90wing to the proprietary of operations are available.
nature of these products no details
773
G. Coomaraswamy
et al.lFibre-Optic
References [l] C. H. Bennett, G. Brassard, S. Brcidhart and S. Wcisner, Quantum cryptography or unforgettable subway tokens, in Advances in Cwtography: Proc. CRYl’TO82, Plenum, New York, 1983, pp. 267-275. [2] C. H. Bennett and G. Brassard, Quantum public key distribution reinvented, SIGACT News, 18 (1987) 5 l-53. [3] F. A. Tobagi, F. Borgonovo and L. Fratta, Expressnet: A high-performance integrated services local area network, IEEEJSAC, SAC-I (1983) 898-912. [4] J. 0. Limb and C. Flares, Description of Fasnet, a undirectional local area communications network, Bell Syrt. Tech.J.,61 (1982) 1413-1440. 151M. A. Marsan and G. Albertengo, lntegratcd voice and data network, Compput.Comm., 5 (3) (1982). 11. M. Newman, 2. L. Bud&s and J. L. Hullet, The QPSX MAN, IEEE Commun. Mq.. 26 (4) (1988) 20-28. PI B. S. Kawasaki, K. 0. Hill, D. C. Johnson and A. U. Tenne-Sens, Full duplex transmission link over singlestrand optical fiber. Opt. Left., 1 (3) (1977) 107- 108. 181K. Kirkpatrick, J. Kimmins and B. Schanning, A network security tutorial, 1%~. IEEE 802.10 SILS Working Group Meet., November 10, 1988, IEEE, New York, 1988.
LANIMAN
Systems
WI
F. Aurachcr and M. M. Witte, Optimized layout for a data bus system based on a new planar access coupler, Appl. Opt., 16 (1977) 3140-3142. Pll J. 0. Limb, On fiber optic taps for local area networks, Proc. Int. Conf: on Communications, Amsterdam, The Netherlands,May 1984, pp. 1130- 1 136. PI C. A. Villarruel, K. P. Moeller and W. D. Burns, Tapped tee single mode data distribution system, IEEEJ. Quantum Ehxtron., QE-17, (1981) 941-946. and M. D. Shrocder, Using encryption for I231 K. M. Needham authentication in large networks of computers, Commun. ACM, 21 (12) (1978) 993-999. 1241 G. Coomaraswamy, S. P. K. Kumar and M. E. Marhic, Fiber optic configurations supporting confidentiality in passive DQDB systems, Proc. IEEE INFOCOM ‘91, April 199f,Vo1.2,IEEE,NcwYork, l991,pp.901-910.
161
PI W.
F. Esrsam, S. M. Matyas, C. H. Mcycr and W. L. Tuchman, A cryptographic key management scheme for implementing the Data Encryption Standard, IBM Sy~t,_/., 17 (2) (1978) 106-125. V. Voydock and S. Kent, Security in High Level Protocols, IEEE Commun. Msg., 23 (7) (1985) 12-24. [“I E. F. Brickell and A. M. Odlyzko, Cryptanalysis: A survey of recent results, Proc. IEEE, 76 (5) (1988) 578-593. 1121D. E. Dcnning and G. M. Sacco, Time stamps in key distribution protoco1s, Commun. ACM, 24 (8) (1981) 533-538. DES K&sited, Dalarnation, (October 15, 1131 T. Athanasiou, 1985) 110-116. Digital encryption and data virus, l’roc. 1141 1. Ingemarsson, IEEE 802.10 S1L.SWorking Group Meet., November 10, 1988, IFJ!E,New York, 1988. assignment multiple 1151 M. Fine and F. A. Tobagi, Demand access schemes in broadcast bus local area networks, IEEE Trans. Comput., C-33 (1984) 1 130- 1 159.
[l()l
Appendix A.1
Optical
Couplers
optical coupler is a multiport device that couples two or more optical fibers in such a manner that light from one port can be transferred to the others and vice versa. Several types of couplers exist, and for simplicity we consider here only the four-port symmetric or reciprocal couplers as shown in Fig. A 1. The arrows in that figure indicate the directions of allowed power flow. If power P, is incident upon port 1 of the coupler, this power will divide between ports 2 and 3 according to the desired splitting ratio and ideally, no power will reach port 4, the isolated
in
[‘61K.
M. Metcalfe and D. K. Boggs, Ethernet: Distributed packet switching for local area networks, Commun. ACM., 19 (I 976) 395-403. bus access method and physical layer spc1171 Token-passing c&cation, IEEE Local Area Network Standards,802.4, IEEE Computer Society, Silver Spring, MD, 1983. I’81 M. M. Nassehi, F. A. Tobagi and M. E. Marhic, Fiber optic configurations for local area networks, IEEE JSAC, SAC3, (1985) 941-949. I191 D. E. Altman and H. F. Taylor, An eight terminal fiber optics data bus using tee couplers, Fiber Integrated Opt., 1 (1977) 335-152.
774
Fig. Al.
Four-port
symmetric
couplers.
Computers and Security, Vol. 70, No. 8
port. Using the notation defined in Fig. A 1, the input-output relationship of the reciprocal coupler is given by
p: [I[ P:
=
ax
a(l-x)
a(1 -x) ax
II I P,
Maximum
Number
of Stations
Now, the maximum number of stations is derived from the inequality I,,,,,, G P,,,,, where L,,, is the worst case loss and P,,, is the power margin of the transmitter-receiver pair. The power mar in P,, of a T-R pair is defined as 10 log(P,/P,,,i,,) 43 , where P0 is the output power of the transmitter and P,,i,, is the minimum power needed for the receiver operation. For a given power margin of a T-R pair and excess loss of the COUDkr. the maximum number of stations that each of these structures can support is calculated: Linear stretched bus (L) l)+(N+
l)](E, + 10 log 2)
Modified star (S)
In deriving the performance results, it is assumed that the transmitter and the receiver of all stations are identical. The signal attenuation due to cable loss is ignored; in the local area environment, distances will usually be less than 1 km and thus the fiber attenuation will be less than a few decibels. For simplicity, the splice and/or connector insertion losses associated with the couplers are included in their excess loss. All couplers arc assumed to be four-port and symmetric and individually optimized (explained below). The excess loss of an S x S star coupler is assumed to be E, log, S, where E, is the excess loss of a 2 x 2 bidirectional coupler, which is a good approximation for commercially available star couplers [A l].
L max= 10 log(W-
L “Iax= [2 log&V-
PI
where x denotes the coupling factor between fibers and a denotes the transmittance due to excess loss of E, & (i.e. a = 10 -EC”‘). The excess loss specifies the power lost within the coupler, which includes radiation,. scattering, absorption and coupling to the isolated port. A.2.
Minimum depth binary tree (T)
l)EC
L nlaX = 20 log(N-
A.3.
Coupler
1) + 2E,[log,(N-
1) + 1]
Optimization
The individual optimization of the coupling coefficients for the unidirectional and bidirectional linear busses are outlined as follows. In a unidirectional bus where stations are ordered from i to IV, the optimum coupling coefficient for minimum power loss is given by xi = 1/(N + 1 - i) [ 181, where xi is the coupling coefficient of station i. Note that the value x, increases monotonically with i, with x, = i/IV, and x~= 1. Next, consider the bidirectional linear bus data subnetwork shown in Fig. 6, where xi is the coupling coefficient between station (i - 1) and station i. First, assume that the coupling of the transmitter and the receiver of each station does not affect the individual optimization of the couplers on the bus. Then, the optimized value of xj is given by xi= max{ l/i, l/(N- i + 1)) [A 11, which is a symmetric distribution with the minimum x, of 2/(N+ 1) at i = (N+ 1)/2 and maximum of xi of 1 at i= 2 or (N- 1). The distribution is such that, when any of the end stations transmits, stations along the bus starting from the transmitting station would receive exponentially decreasing power until the mid-station (at i = (IV+ 1)/2), after which all stations receive equal power. Now, consider the coupling of the transmitter to the receiver. Since the transmission and the reception are both bidirectional, it is necessary that the transmission power be divided in both directions; the location of the station determines how much power is coupled in each direction. A larger number of stations in one direction demands a greater coupling coefftcient in that direction. However, in symmetric couplers, because of the reciprocity, a larger coupling coefficient makes the transmitter receive more power than the receiver, which is by no means desirable. This indicates that the opti-
775
G. Coomaraswam y et al.lFibre-Optic
mum coupling coefficient should be very close to 4 and the value of 4 is taken in this study. Thus, all stations arc equally affected, supporting the above assumption that the coupling of the T-R pair does not affect the global optimization.
Gnanesh Coomaraswamy received his BSc. d egree in electronic and telecommunication engineering from the University of Moratuwa, Moratuwa, Sri Lanka in 1983 and MS. degree in electrical engineering from Northwestern University, Evanston, IL, in 1988. He is currently a candidate for a Ph.D. degree in electrical engineering at Northwestern University, Evanston, IL. During the summer of 1988 he was a research intern at the International Telecommunication Satellite (INTELSAT) in Washington, DC, where he studied the error burst characteristics of satellite links. His areas of research are network protocols, network security and performance of fiber-optic networks.
Srikanta P. R Kumar received his Ph.D. degree from Yale University, New Haven, CT, in 198 1. He joined the Electrical Engineering and Computer Science Department of Northwestern University in 1985, where he is currently an associate professor. He has also served on the faculty of Kennselacr Polytechnic Institute and SUNY, Buffalo, NY, and has been a summer research fellow at University of California at Berkeley, CA, in 1983. His current research interests span various aspects of communication networks, fail-safe network protocols, security, cellular and wireless systems and stochastic scheduling. His research has been sponsored by various agencies including BNR, Ameritech, U.S. West Advanced Technologies, and the National Science Foundation.
776
LANIMAN
Reference [Al]
Systems
for Appendix
A
M. M. Nassehi, F. A. Tobagi and M. E. Marhic, Topological design of fiber optics local area networks with application to Expressnet, Stan@d Univ. Computer Systems l’eclr. Rep., March 1985, pp. 85-27 1.
Michel E. Marhic received his Ph.D. d egree in engineering and applied physics from the University of California at Los Angeles, CA, in 1974. Prior to this. he obtained his M.S. and B.S. degrees in Electrical Engineering from Case Western Reserve University, Cleveland, OH, and Ecole Sup&cure d’Electricit& Paris, France in 1970 and 1968 respectively. He ioined the Electrical Engineering and ComputcrAScienci Department of Northwestern University in 1974, where he is now a professor. During 1984 and 1985 he was a visiting professor at Stanford University where he worked on fiber-optic network architectures, coupler design and holography. He has been a consultant for over two dozen industries. He founded the Mid-west Biolaser Institute, and is the co-founder of holicon and holographic industries.
Fiber-Optic LAWMAN Systems to Support Confidential Communication Gnanesh Coomaraswamy, Srikanta Kumar and Michel E. Marhic
P. R.
Northwestern University,Department of ElectricalEngineeriy and Computer Science, 2145 SheridanRoad, Evanston, IL 60208-3118, U.S.A.
We propose a novel method to support confidentiality in broadcast fiber-optic local area network systems. This approach, which is different from the conventional cryptographic approach, is based on a fundamental property of fiber optics, namely optical bidirectionality. The basic idea is that, when two stations are engaged in a private conversation, it is possible to jam effectively the reception at all other stations via a suitable interconnection of network elements. In this sense, security close to that of a point-to-point link is achieved in a broadcast network. We show that this concept can be successfully applied to arrive at network structures to support privacy in passive fiber-optic broadcast local area and metropolitan networks.
1. Introduction dvances in communications and computer technologies have produced a rapid increase in the demand for new communication services. This continuing trend calls for the design of more sophisticated, efficient, and secure future network systems. While efficient high-performance fiberoptic local area network (FOLAN) systems have become feasible, these systems rely primarily on
A
0167-4048/91/$3.50
traditional cryptographic methods for providing secure communication. Cryptography has always been considered a reliable and technologically feasible method to protect information over a network. However, recent advances in cryptanalysis (breaking ciphers) raise serious questions about the ability of traditional cryptographic techniques to provide a high degree of security’. Furthermore, the design of a secure system in a broadcast environment faces additional challenges because of the high exposure of information on the network. In such an environment, there is potentially a higher risk of information compromise. We propose an alternative method to support confidential communication in broadcast FOLAN systems, which involves a novel interconnection of ‘Non-traditional cryptographic techniques include quantum cryptography, where security is based on the uncertainty principle of quantum physics [ 1, 21.These are primarily motivated by the insecurities in cryptographic techniques, but tend to be generally complex to implement.
0 1991, Elsevier Science Publishers Ltd.
765
G. Coomaraswam y et al.lFibre-Optic
LANIMAN
Systems
network clcmcnts (passive) and the USC of optical bidirectionality. In this approach, confidentiality is achieved without appealing to conventional cryptographic techniques. The two approaches arc complementary, and a combination could be used in practice. Our architecture is based on a fundamental propcrty of fiber-optics, namely optical bidircctionality. Bidircctionality here means that two distinct transmissions in opposite directions can occur simultaneously on the same channel, without any collision. WC show that this property can be used to arrive at network structures to support privacy in a broadcast cnvironmcnt. The basic idea is that when two stations arc engaged in a private conversation, reception at all other stations can bc jammed via properly designed network intcrconnections, thus eliminating the exposure of information to non-intended users. We will demonstrate this idea by applying this concept to the class of demand assignment multiple access (DAMA) schemes (which includes LAN/MAN SYSterns such as Expressnet [3], Fasnct [4], MAP [5] and QPSX [6]), a widely used technique. We illustrate this method by taking Exprcssnct as an example of the DAMA scheme as it encompasses all topological features required in other such schemes. The ideas arc general, and arc applicable to other such networks as well. The paper is organized as follows. We begin with the description of optical bidircctionality and the USC of this to achieve confidentiality. This is followed by a brief description of traditional cryptographic techniques and a comparison of some of its features with our method. Brief descriptions of Expressnet, and fiber-optic structures achieving privacy are then given in Sec. 5. Performance issues arc discussed in Sec. 6, and the conclusions arc in sec. 7. 2. Optical
Bidirectionality
Fig. 2. Achieving
confidentiality.
usually achieved by using two wires, one each for downstream and upstream information. However, in fiber optics, it is possible to provide full duplex transmission over a single fiber [7]. This is achieved by using directional couplers to couple the electrooptic transmitters and receivers to a common fiber as shown in Fig. 1. This is possible because two light waves traveling in opposite directions pass through each other without causing a collision2. We use this property for achieving privacy as follows. First, the transmitter and receiver at a station arc coupled as shown in Fig. 2, and this pair
and Confidentiality
In a typical communication link, simultaneous two-way or full duplex transmission of signals is
766
Fig. 1. Schematic diagam of bidirectional transmission: T, K, and I are transmitter, receiver and isolated port termination, rcspectivcly
‘This property, which has been recognized for some time, has not been fully exploited with respect to its network uses.
Computers and Security, Vol. 70, No. 8
is connected to the network as shown. The idea behind this intcrconncction is that every station at an instant receives all that is being transmitted on the network at that instant, except its own transmission (if any). Coupling is achieved by the USCof an optical coupler, a multi-port device capable of splitting the light entering at an input port among the output ports, according to a fixed ratio. There arc several types of couplers, and for simplicity we consider here only four-port symmetric couplers3. Now, confidentiality is achieved between station i and station j shown in Fig. 2, as follows. First, station i transmits a message signal on the network. Then, station j injects or transmits a jamming signal to the network, while all other stations keep quiet (all these are handled by the media access protocol, the details of which arc given later). Owing to the coupler interconnections, the jamming signal is received by all exceptj; the message signal is received by all except i. Thus all stations other than i and j rcccivc both the data and the jamming signal. This signal is a superimposition of two optical signals in the same direction, which is inseparable. Thus all non-intended stations arc blanked out of the conversation4. The details of access protocols, the architecture, and the interconnection will be presented in Sees. 4 and 5. The principal fcaturc of the proposed method is the elimination of the exposure of information to non-intended users. In the following section, we briefly assess this approach to network security vis-i-vis the traditional encryption techniques.
3The relationship between the input of the coupler and the optimization discussed in the appendix.
ports and the output ports of the coupling ratio are
4This idea is somewhat different from the so called “traffic padding” technique, whcrc “dummy” fields and spurious data are generated and inserted between user data scgmcnts to deny a traffic analyst information infcrablc from the prcscncc, absence, amount, direction and frequency of data transfer [8]. 111contrast, in the method here, user data and jamming signal arc superimposed or added throughout the duration of the call.
3. Cryptography Architecture
and the Proposed
WC begin with some background material on cryptography. In this approach to security, messages to be encrypted are transformed by a function that is parametrized by a key. The recovery of the messages from the encrypted text requires a decryption key which is known only to the intended receiver. These decryption keys themselves need to be convcycd to the rccciver through the public network in a non-readable form, which creates the key distribution problem. In a typical cryptosystem, the selection, protection and distribution of all these keys are handled by a key management system. Key management/distribution systems can become extremely complex in broadcast networks with multiple-access and where significant security threat is present [9, lo]. A large part of this complcxity is due to the inherent nature of broadcast networks, whcrc users are exposed to all the information over the network. Such high exposure of information creates a situation where nonintended users or intruders may listen to or record any conversation on the network. In confidential communication the conversation is generally encrypted; but if sufficient amounts of cnciphercd text can bc collected, the intruder may then USC cryptanalysis on this enciphered text in an attempt to find the encryption key. The threat of such a cryptanalytic attack is present in any broadcast type of cnvironment5, especially in very high-speed networks, whcrc vast amounts of data can be collected in a very short time. A typical key management system counters thcsc possibilities by the use of session keys for the encryption of data. Session keys are data encryption keys, generated by a centralized key server for the duration of a communication session. They arc normally enciphered under a node’s master key, known only to the key server, and are used to
“Most of the cryptosystems that have been publicly the last decade have been broken by cryptanalysis
proposed
in
[I I].
767
G. Coomaraswam y et al.lFibre-Optic
LANIMAN
establish
applications)7, our architecture altcrnativc as no such processing
a common
data encryption
key between
nodes that have different master keys. Session keys play an important role in reducing the threat of cryptanalytic
attacks
by intruders
on rccordcd
text.
To limit the amount of data enciphered under a single encryption key, several strategies can be built into the key managcmcnt system: (i) randomly change
the session
keys bctwccn
sessions
[9], (ii)
employ time stamps in session keys to avoid replays af previously compromised session keys [ 1I], and tiii) cxcrcisc lengthy session keys and master keys to lctcr any brute force attack” on &cm.
in the following, sonic comparative observations arc made bctwcen the proposed architecture and the cryptographic techniques outlined above. Firstly, the architccturc we propose eliminates the need for the session key. This significantly reduces the complexity of key managcmcnt systems, especially in large networks whcrc the management of the substantial number of keys can be cumbersome and cxpcnsivc [lo]. Furthcrmorc at the receiving end, our architecture edge of the jamming
does not rcquirc the knowlsignal for the recovery of the
message (unlike the decryption key required in cryptography), which greatly alleviates the key distribution problem. Secondly, by eliminating the cxposurc of information on the network, our architecture deprives the cryptanalyst of all plaintext
and/or
mat&cd
ciphcrtcxt.
eliminates the risk of information cryptanalysis.
This
virtually
compromise
by
Thirdly, in applications whcrc the large amount of time required for claboratc encryption/decryption is
unacceptable
(high-security,
high-bandwidth
6For cxamplr, the Dara Encryption Standard (DES), with a kq lcngh of 30 bits has a kc) space of 3”’ powblc cotnbinations. For a brute t&cc attack, this ib an uncon~fortably small nunsbcr. becoming wlallcr as computers set faster [ 13); also, the cncryptcd dara in a given wssion interval could bc vcty large in high spwd networks.
768
Finally,
our
Systems
approach
offers
provides a good will be required. lesser
reliance
on
“trusted code”, and a lesser ovcrhcad due to encryption/decryption. In addition, during a private call there is a provision for incr&cd throughput bctwccn the two partics, as they can simultaneously exchange data (intcrspcrsing with the jamming detail hcrc). 4.
signal;
Expressnet
this will not bc cxamincd
Access
The DAMA schemes and-defer mechanism
in
Protocol
are based on the attemptand employ a unidirectional
bus structure. These schemes require a physical ordering (priority) among stations, which is provided by a linear unidirectional bus structure [ 151. In such a structure the transmitted signal propagates in only one direction. This mechanism basically opcratcs as follows. A station wishing to transmit on a given bus awaits until that bus is idle. It then begins to transmit, thus establishing its desire to acquire the bus. However, if another transmission from upstream (higher priority) is dctcctcd, the station aborts its transmission and dcfcrs
to
the
one
from
upstream transmission tinue conflict-free.
upstream.
is thercforc
Here, we take Exprcssnct
The
allowed
[3] as an cxamplc
most to con-
of the
DAMA schemes, and give details of its operation. Broadcast communication is achicvcd by folding a unidirectional cable onto itself so as to create two channels, an outbound channel onto which the users transmit packets and an inbound channel from which users rcceivc packets (SK Fig. 3). All signals arc transmitted on the outbound channel via a transmit tap, and rcccivcd on the inbound channel via a rcceivc tap. Additionally, each station has a sense tap to monitor activity on the upstream side of its transmit
tap.
‘For cxamplc, in rhc “WA chip” the titnc with a 5pccial choice of rxponcnt is around
for cxponcntiation
I I ms [I”].
Computers and Security, Vol. 70, No. 8
I
Fig. 3. Exprcssnet-folded
successful consecutive transmissions (packet) would be separated by a gap of duration td, and two consecutive trains by the duration of a round-trip delay. This is in contrast with the CSMAKD [16] or IEEE 802 token-passing scheme [ 171, in which gaps of the order of the round-trip delay occur at the end of every packet.
bus structure.
Define EOC( ou t) as an event that marks the end of carrier (activity) on the outbound channel. This event is used as the synchronizing event by stations to determine the beginning of a transmission. For example, a station wishing to transmit monitors the carrier on the outbound channel for the event EOC(out). On detection of EOC(out), the station starts the transmission of its data, while continuing to monitor the outbound channel for any activity from upstream stations. If a carrier is detected, the station immediately aborts its current transmission. Otherwise, it continues the transmission of its data until completion. Note that the possible overlap among several transmissions (due to aborted transmissions) is limited to the first td seconds of the transmissions, where td is the time necessary for the detection operation of the event EOC(out). Clearly, a station that has completed the transmission of a packet in a given round will not encounter the event EOC(out) again in that round, thus guaranteeing that no station will transmit more than once in a given round. Define a train to be the succession of transmissions in a given round. Then, event EOT(in) is defined as the event that marks end of train on the inbound channel. The event EOT(in) is detected by sensing the inbound channel for the absence of the carrier for a time greater than td, the time required for detection operation. To start a new round, EOT(in) is used as the synchronizing event, in the same way that EOC(out) was used to start a transmission. Thus, stations synchronize their transmissions to the first two events, EOC(out) or EOT(in). Note that, at a given station, only one such event can occur at a time. According to this mechanism, two
5. Configurations
for Expressnet
In the folded-bus structure shown, two basic functions can be distinguished. The first is that of providing connectivity among all stations for data transmission; that is, the provision of data transmission paths among the stations’ transmitters and their receivers for broadcast communications. The second feature is that of providing the required feature for access control; this consists of achieving a physical order among the stations according to which the latter use the synchronizing events EOC(out) and EOT(in). In the configuration shown there, the data transmission and access control functions are combined into a single linear bus, with appropriately placed sense taps, transmit taps and receive taps. However, these two functions may be implemented in two separate networks of possibly different topolo ies: a data subnetwork and a control subnetwor a . The data subnetwork provides data transmission paths among the stations’ transmitters and receivers for broadcast communication, and the control subnetwork provides the synchronizing events to achieve the physical ordering for access control of the medium. While the control subnetwork must always be linear, the data subnetwork may have different configurations. Here we note a seeming contradiction between the bidirectionality required for jamming, and the unidirectionality required for linear ordering in Expressnet. Fiber optic structures for the control subnetworks have been studied extensively by Nassehi et al. [ 181 for various DAMA schemes. These could be used in our architecture also. Here, we propose structures for the data subnetworks, based on the linear
G. Coomaraswam y et al.lFibre-Optic
i
me-basic
configuration
Linear Bus and Tree Topology
The bidirectional configurations for the data subnetworks, based on linear-bus and tree topologies, are shown in Figs. 4 and 5 respectively. WC call this the basic configuration. Because of the excess loss and reciprocity of couplcrs8, the maximum number of stations that the basic configuration can support is quite limited [19-221. This can be improved by employing known techniques such as stretching and bypassing [ 181. The number of couplers needed to implement the basic configuration may be decreased by a factor of two by coupling the transmitter to the receiver as
Wxiprocity demands that the fraction of power removed from a fiber in one direction, be equal to the fraction of power injected into that fiber from the other direction.
770
Fig. 6. Linear bus-stretched
configuratiotl.
Fig. 7. Binary
configuration.
configuration
bus, tree and star topologies, that are bidirectional and support confidentiality.
5.1.
Systems
j
Fig. 4. Linear bus-basic
Fig. 5. Binary
LANIMAN
tree-stretched
shown in Figs. 6 and 7. In this stretched configuration, a single coupler is used per station, with the output of its otherwise unused port connected via an additional stretch of fiber to the next station. In a typical local arca network, the cost of additional fibers is outweighed by the savings in the number of couplers. The number of couplers between transmitters and receivers in the linear bus may be further reduced by providing bypass paths as shown in the bypassed configuration (for linear bus) in Fig. 8. For sufficiently large values of IV, bypassing improves the performance of the configuration.
5.2.
Modified
Star Topology
We propose a star intcrconncction to support confidentiality as shown in Fig. 9. We call this the modified star coupler. Such a modified star coupler divides the incoming power among all ports other than itself. This is achieved by interconnecring N lx(N-I) bd’ i lrectional tree couplers as shown in Fig. 10. Note that since an entering signal traverses two tree couplers in cascade, the power loss incurred is of the order of l/(Nl)‘, which corresponds to the power loss in a double-tree configuration.
Computers and Security, Vol. 70, No. 8
1
”
2
n+l.....................
w 1
2n
c
N
* N
2
T
Fig. 8. Linear bus-bypassed
Modified
Star
Fig. 9. Power division in a modified star.
(and stretched) configuration.
Then, A transmits a preamble on the data subnetwork and, on receipt of this preamble, B inserts the jamming signal on to the data subnetwork. As soon as the jamming signal reaches A, it commences its confidential payload (data) and continues until call termination. The call is terminated upon B aborting the jamming signal and A relinquishing the bus. These call setup and release procedures are access protocol dependent, but all topologies proposed here (linear bus, tree and modified star) are bidirectional and support confidentiality. 6. Performance
I
2
N-l
N
Fig. 10. Schematic diagram of a modified star coupler.
5.3.
Confidential
Call Setup
Here we describe the call setup procedure for confidcntial communication between two stations A and B. First, station A secures access to the bus (according to the access protocol of Expressnet described in Sec. 4) via the control subnetwork.
Our proposed architecture retains all the salient features of the access protocol, and thus the performance (throughput and bandwidth utilization) for the regular traffic (without confidentiality) is unchanged and is the same as for the unidirectional structures. But for calls supporting confidentiality, the call setup time (of the order of end-to-end propagation delay) would affect the bandwidth utilization for these calls. Nevertheless, the architecture proposed may be viewed as useful in at least two ways. Firstly, if the confidential traffic is low relative to the regular traffic, the confidential calls will not significantly degrade the performance (throughput) of the regular traffic. Thus, our method could be used to provide confidentiality under these conditions. For example, for a call
771
G. Coomaras warn y et al. IFibre-Op tic LANIMAN
duration of T s and the end-to-end propagation delay of z s, the overhead for call setup and release is 42 s and the link throughput is (T - 4$/T. In a 100 Mbps link over 1 km and for call duration of 125 ,us, the link throughput is near 89%. Secondly, in linear topology, “trusted” nodes and bridges appropriately placed could be used (to cut down the propagation delay) to transmit messages in a store-and-forward manner. For example, if “trusted” nodes are located every 0.5 km, then the link throughput would increase to nearly 95%. In the following, WC briefly address some issues that are of practical significance. 6.1. Maximum Number of Stations
In passive fiber-optic networks, the maximum number of stations that a network can support is bounded by the power of the transmitter, the sensitivity of the receiver and the path losses between them. Thus, for a given transmitterreceiver pair, the factor limiting the maximum number of stations on the network is the total loss of the coupler. The total loss specifies the power
S ys terns
lost within the coupler, including radiation, scattering, absorption, and coupling losses. To evaluate the performance of the structures proposed, we study the maximum number of stations that the proposed structures can support. WC present the results in Fig. 11 for a coupler with an excess loss of 0.1 dB, and give the detailed derivations in the appendix. In active broadcast networks, this maximum number is of secondary significance. Repeaters or amplifiers could bc used at convenient points to boost the optical signal to the required level to maintain performance. In the proposed bidircctional networks, the amplification process has an additional constraint; not only should it be alloptical but also bidirectional. Such all-optical bidirectional amplifiers are now available; this greatly increases the maximum number of stations shared by one network in any configuration. Typically, in linear bus or the double-tree configuration, this number could be doubled by having such an amplifier in the middle. 6.2. Authentication
Excess Loss = O.ldB
I( 20
Power Fig.
11.
1
8
IV 40
9
8
80
Pu in dB.
The maximum number of stations NMAXversus power
margin P,.
772
Morgin
In the context of secure data communications, authentication means veri+ng the identity of the communicating principles to one another. If source authentication is not performed, it may be possible for an intruder to masquerade as the bona fide source and send false information to any station on the network, and if destination authentication is not realized, it may be possible for the intruder to pretend to be the intended receiver, and to receive unauthorized information. Authentication forms a small segment of the overall key management system. There are many centralized, distributed and hybrid authentication mechanisms, and they are typically based on encryption techniques. This type of authentication may also be used in our approach. Note that any kind of encryption used in our system is needed for the purpose of authentication more than to achieve security itself. We outline a distributed authentication scheme [23], which could be used in conjunction with our architecture.
Computers and Security., Vol. IO, No. 8
Consider the use of a public key system. Each user has a secret key S and a public key P which is known to all others. Let {M}k denote the message which is the outcome of encrypting message M by key k. Suppose station A wants to send a message to B. Then A sends {address A, address BISKA to B where SKA is the secret key of A. This could be decrypted by anyone who knows the public key of A, including B, and thus source authentication is achieved. Note that no one else other than A can generate or alter such a message, as they do not have access to SKA. Similarly, destination authentication can be achieved. In a more sophisticated procedure, the message from A to B can be encrypted as {{A,B)PKB]SKA,where PKB is the public key of B. Here, only B can decipher the message, by successively applying PKA and SKB (known only to him).
is totally transparent to the user and has self-testing capabilities. Another product employs gradedindex fibers to achieve bimodal operation by utilizing the lower mode for data and the higher mode for monitoring.
6.3. Optical Tapping If the cable (bus) is unprotected, an intruder may be able to tap a private conversation via directional optical tapping. However, such a tap must be inserted physically in between the two communicating stations i and j, where the signals are opposite to each other (see Fig. 12). One way to overcome this is to shield the cable as shown. Several such shieldings with intruder detection capabilities are availabley. One such product is the U.S. National Security Agency (NSA) approved step-index system. This alarmed fiber-optic system
Since the strength and trustworthiness of network secrecy rests on the security of the underlying cryptographic transformations, the trust given to non-disclosure in networks is bounded by the trust in the cryptography. The architecture we propose moves this boundary higher, by significantly reducing the reliance of the trust in cryptography. We have proposed a novel architecture which is complementary to the cryptographic approach and when combined with it reduces the risk of information compromise and the complexity of key management systems. This is mainly due to the feature ofjamming out the private communication to non-intended users. In this sense security close to that of point-to-point links is achieved in a broadcast environment.
Another way to deter optical tapping is to ensure that in the event of a physical entry, no useful information can be found in that part of the fiber. The modified star configuration that we suggest (Sec. 5) considerably reduces such access points with useful information, hence dissuading the possible intruder. Ensuring that the transmission power at possible entry points is too low to be detected via surreptitious couplers, could be another method to discourage physical entry. 7. Conclusion
The interconnection ideas presented here to support privacy in optical LAN/MAN systems are quite general. An application of this architecture to IEEE 802.6 (DQDB MAN) is presented in Coomaraswamy et al. [24]. The ideas can also be applied to other access schemes such as CSMAKD [ 161.
Fig. 12. Surreptitious
optical coupling.
90wing to the proprietary of operations are available.
nature of these products no details
773
G. Coomaraswamy
et al.lFibre-Optic
References [l] C. H. Bennett, G. Brassard, S. Brcidhart and S. Wcisner, Quantum cryptography or unforgettable subway tokens, in Advances in Cwtography: Proc. CRYl’TO82, Plenum, New York, 1983, pp. 267-275. [2] C. H. Bennett and G. Brassard, Quantum public key distribution reinvented, SIGACT News, 18 (1987) 5 l-53. [3] F. A. Tobagi, F. Borgonovo and L. Fratta, Expressnet: A high-performance integrated services local area network, IEEEJSAC, SAC-I (1983) 898-912. [4] J. 0. Limb and C. Flares, Description of Fasnet, a undirectional local area communications network, Bell Syrt. Tech.J.,61 (1982) 1413-1440. 151M. A. Marsan and G. Albertengo, lntegratcd voice and data network, Compput.Comm., 5 (3) (1982). 11. M. Newman, 2. L. Bud&s and J. L. Hullet, The QPSX MAN, IEEE Commun. Mq.. 26 (4) (1988) 20-28. PI B. S. Kawasaki, K. 0. Hill, D. C. Johnson and A. U. Tenne-Sens, Full duplex transmission link over singlestrand optical fiber. Opt. Left., 1 (3) (1977) 107- 108. 181K. Kirkpatrick, J. Kimmins and B. Schanning, A network security tutorial, 1%~. IEEE 802.10 SILS Working Group Meet., November 10, 1988, IEEE, New York, 1988.
LANIMAN
Systems
WI
F. Aurachcr and M. M. Witte, Optimized layout for a data bus system based on a new planar access coupler, Appl. Opt., 16 (1977) 3140-3142. Pll J. 0. Limb, On fiber optic taps for local area networks, Proc. Int. Conf: on Communications, Amsterdam, The Netherlands,May 1984, pp. 1130- 1 136. PI C. A. Villarruel, K. P. Moeller and W. D. Burns, Tapped tee single mode data distribution system, IEEEJ. Quantum Ehxtron., QE-17, (1981) 941-946. and M. D. Shrocder, Using encryption for I231 K. M. Needham authentication in large networks of computers, Commun. ACM, 21 (12) (1978) 993-999. 1241 G. Coomaraswamy, S. P. K. Kumar and M. E. Marhic, Fiber optic configurations supporting confidentiality in passive DQDB systems, Proc. IEEE INFOCOM ‘91, April 199f,Vo1.2,IEEE,NcwYork, l991,pp.901-910.
161
PI W.
F. Esrsam, S. M. Matyas, C. H. Mcycr and W. L. Tuchman, A cryptographic key management scheme for implementing the Data Encryption Standard, IBM Sy~t,_/., 17 (2) (1978) 106-125. V. Voydock and S. Kent, Security in High Level Protocols, IEEE Commun. Msg., 23 (7) (1985) 12-24. [“I E. F. Brickell and A. M. Odlyzko, Cryptanalysis: A survey of recent results, Proc. IEEE, 76 (5) (1988) 578-593. 1121D. E. Dcnning and G. M. Sacco, Time stamps in key distribution protoco1s, Commun. ACM, 24 (8) (1981) 533-538. DES K&sited, Dalarnation, (October 15, 1131 T. Athanasiou, 1985) 110-116. Digital encryption and data virus, l’roc. 1141 1. Ingemarsson, IEEE 802.10 S1L.SWorking Group Meet., November 10, 1988, IFJ!E,New York, 1988. assignment multiple 1151 M. Fine and F. A. Tobagi, Demand access schemes in broadcast bus local area networks, IEEE Trans. Comput., C-33 (1984) 1 130- 1 159.
[l()l
Appendix A.1
Optical
Couplers
optical coupler is a multiport device that couples two or more optical fibers in such a manner that light from one port can be transferred to the others and vice versa. Several types of couplers exist, and for simplicity we consider here only the four-port symmetric or reciprocal couplers as shown in Fig. A 1. The arrows in that figure indicate the directions of allowed power flow. If power P, is incident upon port 1 of the coupler, this power will divide between ports 2 and 3 according to the desired splitting ratio and ideally, no power will reach port 4, the isolated
in
[‘61K.
M. Metcalfe and D. K. Boggs, Ethernet: Distributed packet switching for local area networks, Commun. ACM., 19 (I 976) 395-403. bus access method and physical layer spc1171 Token-passing c&cation, IEEE Local Area Network Standards,802.4, IEEE Computer Society, Silver Spring, MD, 1983. I’81 M. M. Nassehi, F. A. Tobagi and M. E. Marhic, Fiber optic configurations for local area networks, IEEE JSAC, SAC3, (1985) 941-949. I191 D. E. Altman and H. F. Taylor, An eight terminal fiber optics data bus using tee couplers, Fiber Integrated Opt., 1 (1977) 335-152.
774
Fig. Al.
Four-port
symmetric
couplers.
Computers and Security, Vol. 70, No. 8
port. Using the notation defined in Fig. A 1, the input-output relationship of the reciprocal coupler is given by
p: [I[ P:
=
ax
a(l-x)
a(1 -x) ax
II I P,
Maximum
Number
of Stations
Now, the maximum number of stations is derived from the inequality I,,,,,, G P,,,,, where L,,, is the worst case loss and P,,, is the power margin of the transmitter-receiver pair. The power mar in P,, of a T-R pair is defined as 10 log(P,/P,,,i,,) 43 , where P0 is the output power of the transmitter and P,,i,, is the minimum power needed for the receiver operation. For a given power margin of a T-R pair and excess loss of the COUDkr. the maximum number of stations that each of these structures can support is calculated: Linear stretched bus (L) l)+(N+
l)](E, + 10 log 2)
Modified star (S)
In deriving the performance results, it is assumed that the transmitter and the receiver of all stations are identical. The signal attenuation due to cable loss is ignored; in the local area environment, distances will usually be less than 1 km and thus the fiber attenuation will be less than a few decibels. For simplicity, the splice and/or connector insertion losses associated with the couplers are included in their excess loss. All couplers arc assumed to be four-port and symmetric and individually optimized (explained below). The excess loss of an S x S star coupler is assumed to be E, log, S, where E, is the excess loss of a 2 x 2 bidirectional coupler, which is a good approximation for commercially available star couplers [A l].
L max= 10 log(W-
L “Iax= [2 log&V-
PI
where x denotes the coupling factor between fibers and a denotes the transmittance due to excess loss of E, & (i.e. a = 10 -EC”‘). The excess loss specifies the power lost within the coupler, which includes radiation,. scattering, absorption and coupling to the isolated port. A.2.
Minimum depth binary tree (T)
l)EC
L nlaX = 20 log(N-
A.3.
Coupler
1) + 2E,[log,(N-
1) + 1]
Optimization
The individual optimization of the coupling coefficients for the unidirectional and bidirectional linear busses are outlined as follows. In a unidirectional bus where stations are ordered from i to IV, the optimum coupling coefficient for minimum power loss is given by xi = 1/(N + 1 - i) [ 181, where xi is the coupling coefficient of station i. Note that the value x, increases monotonically with i, with x, = i/IV, and x~= 1. Next, consider the bidirectional linear bus data subnetwork shown in Fig. 6, where xi is the coupling coefficient between station (i - 1) and station i. First, assume that the coupling of the transmitter and the receiver of each station does not affect the individual optimization of the couplers on the bus. Then, the optimized value of xj is given by xi= max{ l/i, l/(N- i + 1)) [A 11, which is a symmetric distribution with the minimum x, of 2/(N+ 1) at i = (N+ 1)/2 and maximum of xi of 1 at i= 2 or (N- 1). The distribution is such that, when any of the end stations transmits, stations along the bus starting from the transmitting station would receive exponentially decreasing power until the mid-station (at i = (IV+ 1)/2), after which all stations receive equal power. Now, consider the coupling of the transmitter to the receiver. Since the transmission and the reception are both bidirectional, it is necessary that the transmission power be divided in both directions; the location of the station determines how much power is coupled in each direction. A larger number of stations in one direction demands a greater coupling coefftcient in that direction. However, in symmetric couplers, because of the reciprocity, a larger coupling coefficient makes the transmitter receive more power than the receiver, which is by no means desirable. This indicates that the opti-
775
G. Coomaraswam y et al.lFibre-Optic
mum coupling coefficient should be very close to 4 and the value of 4 is taken in this study. Thus, all stations arc equally affected, supporting the above assumption that the coupling of the T-R pair does not affect the global optimization.
Gnanesh Coomaraswamy received his BSc. d egree in electronic and telecommunication engineering from the University of Moratuwa, Moratuwa, Sri Lanka in 1983 and MS. degree in electrical engineering from Northwestern University, Evanston, IL, in 1988. He is currently a candidate for a Ph.D. degree in electrical engineering at Northwestern University, Evanston, IL. During the summer of 1988 he was a research intern at the International Telecommunication Satellite (INTELSAT) in Washington, DC, where he studied the error burst characteristics of satellite links. His areas of research are network protocols, network security and performance of fiber-optic networks.
Srikanta P. R Kumar received his Ph.D. degree from Yale University, New Haven, CT, in 198 1. He joined the Electrical Engineering and Computer Science Department of Northwestern University in 1985, where he is currently an associate professor. He has also served on the faculty of Kennselacr Polytechnic Institute and SUNY, Buffalo, NY, and has been a summer research fellow at University of California at Berkeley, CA, in 1983. His current research interests span various aspects of communication networks, fail-safe network protocols, security, cellular and wireless systems and stochastic scheduling. His research has been sponsored by various agencies including BNR, Ameritech, U.S. West Advanced Technologies, and the National Science Foundation.
776
LANIMAN
Reference [Al]
Systems
for Appendix
A
M. M. Nassehi, F. A. Tobagi and M. E. Marhic, Topological design of fiber optics local area networks with application to Expressnet, Stan@d Univ. Computer Systems l’eclr. Rep., March 1985, pp. 85-27 1.
Michel E. Marhic received his Ph.D. d egree in engineering and applied physics from the University of California at Los Angeles, CA, in 1974. Prior to this. he obtained his M.S. and B.S. degrees in Electrical Engineering from Case Western Reserve University, Cleveland, OH, and Ecole Sup&cure d’Electricit& Paris, France in 1970 and 1968 respectively. He ioined the Electrical Engineering and ComputcrAScienci Department of Northwestern University in 1974, where he is now a professor. During 1984 and 1985 he was a visiting professor at Stanford University where he worked on fiber-optic network architectures, coupler design and holography. He has been a consultant for over two dozen industries. He founded the Mid-west Biolaser Institute, and is the co-founder of holicon and holographic industries.