A New Approach to Optical Networks Security: Attack-Aware Routing ...

1

A New Approach to Optical Networks Security: Attack-Aware Routing and Wavelength Assignment Nina Skorin-Kapov, Member, IEEE, Jiajia Chen, Lena Wosinska, Member, IEEE

Abstract— Security issues and attack management in transparent WDM (Wavelength Division Multiplexing) optical networks has become of prime importance to network operators due to the high data rates involved and the vulnerabilities associated with transparency. Deliberate physical layer attacks, such as highpowered jamming, can seriously degrade network performance and must be dealt with efficiently. While most approaches are focused on the developing fast detection and reaction mechanisms triggered in case of an attack, we propose a novel approach to help deal with these issues in the network planning and provisioning process as a prevention mechanism. Namely, we propose to route lightpaths in such a way as to minimize the potential damage caused by various physical-layer attacks. We present a new objective criterion for the Routing and Wavelength Assignment (RWA) problem, which we call the Maximum Lightpath Attack Radius (maxLAR), and formulate the routing sub-problem as an integer liner program (ILP). We test it on small networks to get an insight into its complexity and compare with a formulation which minimizes congestion. Results indicate that our formulation achieves significantly better results for the Maximum Lightpath Attack Radius while obtaining near-optimal or optimal congestion in all cases. For larger networks, we propose a tabu search algorithm for attack-aware lightpath routing, in combination with an existing graph-coloring algorithm for wavelength assignment. Testing and comparing with existing approaches from literature indicate its superiority with respect to the maxLAR and average lightpath load, albeit at the expense of somewhat higher congestion. However, this is justified with the obtained improvement in network security. Index Terms— Transparent optical networks, physical layer attacks, routing and wavelength assignment, integer linear programming, tabu search

I. I NTRODUCTION Transparent optical networks based on Wavelength Division Multiplexing (WDM) can exploit the huge capacity of optical fibers by dividing it amongst different wavelengths. As such, they have been established as the enabling technology for today’s high-speed backbone networks, meeting consumers’ ever-increasing bandwidth demands. In wavelength-routed or transparent optical networks, all-optical connections, called lightpaths, are established between pairs of nodes. Transmission along a lightpath is entirely transparent, i.e., with no opto-electronic conversion at intermediate nodes. The set of established lightpaths is referred to as the virtual topology and is used to route the higher layer traffic. N. Skorin-Kapov is with the Department of Telecommunications, Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia. (e-mail: [email protected]). J. Chen and L. Wosinska are with The Royal Institute of Technology KTH/ICT, Kista, Sweden. (email: [email protected]; [email protected])

A. The Routing and Wavelength Assignment (RWA) Problem One of the most important challenges in transparent optical networks planning and provisioning is successfully solving the Routing and Wavelength Assignment (RWA) problem. Given a physical topology and a set of lightpath demands, the RWA problem consists of finding a physical route for each lightpath demand, and assigning to each route a wavelength, subject to the following constraints. If no wavelength converters are available, the same wavelength must be assigned along the entire lightpath (i.e., the wavelength continuity constraint). Furthermore, lightpaths which share a common physical link cannot be assigned the same wavelength (i.e., the wavelength clash constraint). Demands to set up lightpaths between certain nodes can be known a priori and set up semi-permanently (static case), can be established according to a predefined schedule (scheduled case), or can arrive unexpectedly with random holding times (dynamic case). Several variations of the problem have been considered such as RWA with a limited or unlimited number of wavelengths in networks with wavelength converters at each node, at a subset of nodes, or in networks with no wavelength converters. Common objectives include minimizing the number of wavelengths used, maximizing the number of lightpaths successfully set up subject to a limited number of wavelengths, or minimizing the congestion (i.e., the maximum number of lightpaths routed over any one physical link in the network) for the static or scheduled cases. Minimizing the blocking probability is the most common objective for the dynamic case. The RWA problem has been shown to be NP-complete [1]. Thus, several heuristic approaches have been developed to help solve it sub-optimally. Examples of heuristic algorithms which efficiently solve the RWA problem for static, scheduled, and random dynamic lightpath demands can be found in [2], [3] and [4], respectively, and reference therein. Furthermore, some approaches consider physical impairments such as accumulated crosstalk and noise which add new constraints and/or objectives to the problem, such as a limited bit error rate (BER) [5]. B. Security Issues and Motivation The key advantage of transparent optical networks lies in their transparency, enabling high-speed connections with no opto-electronic conversion at intermediate nodes. However, transparency imposes several vulnerabilities to network security. The difficulty in detecting and locating failures (both component faults and deliberate attacks) is enhanced since monitoring must be performed in the optical domain. In general, fault and attack management consists of prevention,

2

detection and reaction mechanisms [6]. Prevention mechanisms in transparent optical networks usually include hardware measures aimed at overcoming the physical vulnerabilities of optical components. Examples include alarming the fiber in case of tampering, or incorporating automatic gain control and power limiting amplifiers to thwart power-jamming attacks which will be described in the next section. However, the efficiency of these approaches are a trade-off with the high price of such equipment. Detection techniques (e.g.,[7], [8]) aim at detecting and localizing attacks based on information received from specialized optical monitoring equipment, which can be quite expensive. Thus, full monitoring capabilities cannot realistically be assumed at all nodes. Reaction mechanisms restore the proper functioning of the network by isolating the source of the failure and reconfiguring the connections. Such techniques can use preplanned backup paths or reactive rerouting schemes, creating a trade-off between speed and utilization of network resources [9]. In general, the higher the reliability performance required, the more spare resources are needed and, consequently, the higher the cost of the network equipment involved. In this paper we propose a novel approach to optical networks security which is aimed at minimizing the potential damage caused by physical-layer attacks. Our goal is to achieve significant prevention measures without the need for specialized equipment, i.e. at minimal extra cost, through careful network planning. Namely, we propose to consider the potential consequences of physical-layer attacks while solving the Routing and Wavelength Assignment problem. The aim is to arrange the set of lightpaths in such a way as to minimize the possible disruption caused by various attack scenarios, i.e. minimize the maximum number of lightpaths which can be disrupted in such situations. Consequently, if fewer lightpaths are attacked, not only is network service disruption reduced, but failure detection and localization algorithms can be faster since they search for the source among fewer potential lightpaths. This extends our preliminary work from [10] and [11] which introduced the problem and provided an initial version of the solution approach. To the best of our knowledge, attacks have not yet been considered in the literature in the context of routing and wavelength assignment. In this paper, we provide a more detailed analysis of the objective criterion proposed, as well as exact and heuristic algorithms for the problem. Furthermore, we compare the obtained results with those of existing approaches with respect to the Maximum Lightpath Attack Radius, as well as congestion and average load. C. Outline of the paper The rest of the paper is organized as follows. In Section II, we describe some physical layer attacks which can occur in transparent optical networks. In Section III, we informally define the RWA problem and present a new attack-aware objective criterion for the problem. We give an ILP formulation for the routing sub-problem of RWA in Section IV, and present a tabu search heuristic for the same problem in Section V. Numerical results and an analysis of the obtained results are given in Section VI. We finish with some ideas for further research and concluding remarks in Section VII.

User 3

λ2 in Ga

switch Attacker User 1

n io tit pe m o c

amplifier

λ1 λ1

λ 1λ 2 User 1

el nn ha a c stalk r t In ros C

λ1

(a) el nn ha k r-c sstal e t In Cro

Attacker User

λ1 λ2

λ1 λ2 (b)

Fig. 1. (a) Gain competition in amplifiers and intra-channel crosstalk in switches; (b) Inter-channel crosstalk in fibers

II. P HYSICAL L AYER ATTACKS IN T RANSPARENT O PTICAL N ETWORKS Once a set of lightpaths is established via RWA, successfully maintaining it with efficient fault and attack management is critical to secure network operation. Attacks can be particularly malicious due to their ability to appear sporadically and propagate through the network as a result of lightpath transparency. Consequently, they can cause system-wide service disruption and are much harder to locate than component faults. Various physical-layer attacks have been described in [6],[12], and [8]. These attacks can be performed, either by an internal attacker with access at a legitimate network node, or by an external one with physical access to a part of the fiber. In the latter case, an attack can be realized by bending the fiber slightly and radiating light into it, without otherwise disrupting the fiber, making it very hard to localize [6]. Here, we briefly review some typical attack scenarios in order to illustrate the vulnerabilities associated with transparent optical networks (TONs). Erbium Doped Fiber Amplifiers (EDFAs), the most commonly used amplifiers in TONs, have a finite amount of gain available (a limited pool of upper-state photons), which is divided among the incoming signals. Thus, by injecting a high-power jamming signal within the amplifier passband, an attacker can exploit amplifier gain competition to both deprive other signals of power and increase its own power. An example of this is shown in Fig. 1.(a). Some amplifiers may be equipped with automatic gain control functionality which can suppress gain dependence on input power, but such equipment can be expensive. However, most currently available amplifiers do have power monitoring functionality which can send an alarm in case abnormally high power is detected. Although this can trigger localization and reaction mechanisms, significant damage can already be done by the time these mechanisms react and restore proper functioning of the network. Furthermore, jamming signals can be injected sporadically, appearing for very brief intervals, making restoration even more difficult. An attack scenario, referred to as a low power QoS attack, which can cause damage even in networks equipped with

3

automatic gain control amplifiers, is described in [13]. It is achieved by attaching a splitter at the head of a link to attenuate propagation power by a certain amount. Since the amplifiers are placed such that they compensate only for the losses on the previous fiber span, the induced attenuation can significantly degrade the performance metrics of attacked lightpaths. Furthermore, such an attack can propagate if there is optical crossconnect (OXC) equalization at the network nodes. Namely, lightpaths sharing links with the attacked signal on links downstream of the attacking point are attenuated to ensure a flat power spectrum. In such a network, a high-powered jamming signal could not propagate, but a low-powered QoS attack could. Another vulnerability of optical networks is significant crosstalk exhibited in optical switching nodes. In wavelengthselective switches, channels on the same wavelength can interfere with each other causing intra-channel crosstalk (Fig. 1.(a)). Furthermore, long distances and high-power signals can introduce nonlinearities in fiber causing inter-channel crosstalk effects between signals on different wavelengths (Fig. 1.(b)). In this case, a high-power jamming signal injected on a link can interact with other channels via nonlinear effects (e.g. four wave mixing, cross-phase modulation, Raman gain effects) and cause damage even if it is removed with a filter at the end of the fiber span. An even more malicious attack can be achieved by slightly bending the fiber to tap part of a signal, and then inject noise at the tapping point to achieve both eavesdropping and degradation of the SNR on the attacked channel (correlated jamming). A simple overt attack causing outright service denial can also be realized by cutting the fiber. An efficient tapping attack can also be achieved as follows. An attacker can request a legitimate data channel and then not send any data on it. As a result, the corresponding wavelength carries only leakage it picks up from neighboring channels via crosstalk. This weak leakage signal is then amplified at an amplifier1 and, thus, a strong tapped signal is delivered directly into the hands of the attacker via his legitimate data channel. III. P ROBLEM D EFINITION Given is a physical network and a virtual topology, i.e. a set of static lightpath demands. The physical optical network is modelled as a graph where edges are assumed to be bidirectional, each representing a pair of optical fibers (i.e. one fiber per direction). The RWA problem searches for a set of physical paths corresponding to the set of lightpath requests, subject to the wavelength clash and continuity constraints. We assume that there are enough wavelengths to satisfy these constraints for any routing scheme. We limit the maximum number of hops in a lightpath to prevent excessively long paths causing delay and, more importantly, unacceptable physical impairments. A. A new objective for the RWA problem: Maximum Lightpath Attack Radius (maxLAR) Herein, we propose a new objective criterion for the RWA problem, which we refer to as the Maximum Lightpath Attack 1

Network control algorithms may even provide extra amplification for weak signals.

Radius (maxLAR). We define the maxLAR as the maximum number of lightpaths any one lightpath is link-sharing with, where link-sharing is defined as a property indicating whether two lightpaths traverse at least one common physical link. This differs from the load balancing approach since the maxLAR considers how many unique lightpaths any one lightpath is linksharing with, and not the number of lightpaths routed over each link along its path. Namely, we consider the maximum number of lightpaths that will be disrupted in case of several physicallayer attacking scenarios. If a jamming signal is injected on a legitimate lightpath, it can disrupt the lightpath it is injected on, as well as the other lightpaths with which it traverses common links as a result of gain competition in amplifiers and interchannel crosstalk on fibers. We assume that only the original attacking signal can cause crosstalk effects, i.e. that attacked channels do not acquire attacking capabilities themselves. A low power QoS attack can also propagate along a lightpath in case of OXC power equalization, disrupting all link-sharing lightpaths downstream of the attack. Furthermore, a low power tapping attack can pick up leakage from all lightpaths traversing common links with the one reserved by the attacker. We currently only consider the set of attacks achieved by exploiting the vulnerabilities of fibers and amplifiers, but our future work will also include the vulnerabilities associated with optical switches. Our main objective for the RWA problem is to minimize the maxLAR while successfully routing all lightpath requests. A secondary objective is to reduce lightpath congestion (i.e., the maximum number of lightpaths routed over any one physical link). Namely, the maxLAR of a routing scheme is also an upper bound on congestion, so by minimizing the maxLAR, we also minimize the worst case on congestion. Note that one aspect of congestion is that it represents the maximum number of disrupted lightpaths in case of a fiber cut or other component malfunction along any link. Thus, minimizing congestion could potentially minimize the need for rerouting in case of such failures, which can be an additional benefit of our approach. Furthermore, the maxLAR is also an upper bound on the number of wavelengths needed for successful wavelength assignment, both in networks equipped with wavelength converters and those without. In wavelength-convertible networks, the congestion is equivalent to the number of wavelengths required, making the maxLAR an upper bound on both. In networks with no wavelength conversion, congestion is only a lower bound on the number of wavelengths needed, while the maxLAR is still an upper bound. Namely, wavelength assignment can be modelled as the graph coloring problem on a graph where nodes represent lightpaths and two nodes are connected with a link if their corresponding lightpaths traverse a common physical link. We call such a graph the conflict graph of a particular routing solution. The chromatic number of a graph is the minimum number of colors necessary to color the graph successfully. Although calculating the chromatic number is NPcomplete, simple upper bounds have been defined. In [14], the upper bound was shown to be ∆(G) + 1, where ∆(G) is the maximum degree of the graph. According to our definition, the maxLAR is equal to the maximum degree of the conflict graph incremented by one, making it an upper bound on the

4

LP4 2 1

x, y 2

4 LP2

LP5 3

LP3

1 6

LP2

LP5 3

5 LP1

λ2

6

5

LP1

Conflict graph: maxLAR = 2

λ1

LP1 LP5

LP2

LP4

LP3

(a)

LP3

LP4

Conflict graph: maxLAR = 4

λ1

4

λ2

LP1 LP5

LP2

LP4

LP3

(b)

Fig. 2. An example of two RWA schemes with the same number of wavelengths and the same congestion but with different values for the maxLAR.

chromatic number, i.e. an upper bound on the number of wavelengths needed. An example of two different routing schemes for a set of five lightpath requests on a 6 node network are shown in Figure 2. Both routing solutions have a congestion of two and both can be realized using two wavelengths. However the maxLAR in the first routing scheme is 4 (Fig. 2.(a)), while the second has a maxLAR of 2 (Fig. 2.(b)). Namely, a jamming attack injected at the beginning of lightpath 4 in the first routing scheme could potentially disrupt lightpaths 2, 3, 4, and 5. In the second routing scheme, a jamming signal injected on any legitimate lightpath could disrupt at most 2 lightpaths (including itself). Even though these two routing schemes use the same number of wavelengths, use equally long lightpaths, and have the same congestion, the second routing scheme could significantly reduce the damage caused by some physical-layer attacks at no extra cost. IV. I NTEGER L INEAR P ROGRAMMING (ILP) F ORMULATION : ILP LAR In this section, we formulate the routing sub-problem as an integer linear program (ILP) with the objective to minimize the LAR. The formulation could be extended to include wavelength assignment (WA) to ensure feasibility if there is a limited number of wavelengths given. However, this would increase complexity without necessarily favoring solutions using fewer wavelengths2 . Consequently, we solve wavelength assignment subsequently using an existing graph coloring heuristic algorithm from [15], which we refer to as the Greedy Graph Coloring (GGC) algorithm which minimizes the number of colors used. The ILP formulation for the routing sub-problem of RWA follows. A. Notation We use the following notation: i, j The source and destination nodes of a lightpath, i.e. the end nodes of a virtual link in V , i, j ∈ {1, 2, . . . , N } 2

Unless the number of distinct wavelengths was added to the objective function.

The source and destination nodes of a lightpath, i.e. the end nodes of a virtual link in V , x, y ∈ {1, 2, . . . , N } m, n The end nodes of a physical link in P , s, d ∈ {1, 2, . . . , N } Parameters: N The number of nodes in the network. H An upper bound on the number of physical hops of a lightpath. Pm,n The physical topology, where Pm,n = 1 of there exists a link between nodes m and n, and Pm,n = 0 otherwise. Vi,j The virtual topology, i.e. the set of lightpaths, where Vi,j = 1 of there is a lightpath request between nodes i and j, and Vi,j = 0 otherwise. Variables: i,j pi,j m,n The physical route variables, where pm,n = 1 if there is a lightpath between nodes i and j and it is routed on physical link Pm,n , and pi,j m,n = 0 otherwise. (i,j)(x,y) (i,j)(x,y) lsm,n The link-sharing variables where lsm,n = 1 if both lightpaths corresponding to virtual links Vi,j and (i,j)(x,y) Vx,y are routed via physical link Pm,n ; lsm,n = 0, otherwise. ls(i,j)(x,y) The link-sharing variables where ls(i,j)(x,y) = 1 if the lightpaths corresponding to virtual links Vi,j and Vx,y share at least one common physical link; ls(i,j)(x,y) = 0, otherwise. LAR(i,j) An integer representing the attack radius of lightpath Vi,j , i.e. how many other lightpaths it shares links with, including itself. maxLAR An integer representing the maximum attack radius of any lightpath in the network. B. Objective M inimize

maxLAR

(1)

C. Constraints 1) Physical routing constraints: pi,j ∀i, j, m, n m,n ≤ Pm,n

(2)

pi,j ∀i, j, m, n (3) m,n ≤ Vi,j Remark: This ensures that only those lightpaths that are requested are routed (constraint 3) and only on existing physical links (constraint 2). 2) Flow conservation constraints:  i=k  Vi,j , X i,j X i,j −Vi,j , j = k ∀i, j, k. pk,m − pm,k =  m m 0, k 6= i, j (4) pi,j (5) m,j ∈ {0, 1} Remark: Constraints 4 and 5 ensure flow conservation of lightpaths over physical links.

5

3) Cycling constraints: X mpi,j m,n ≤ 1 X

npi,j m,n ≤ 1

i,j pi,j m,n + pn,m ≤ 1

A. Tabu search ∀i, j, n

(6)

∀i, j, m

(7)

∀i, j, m, n

(8)

Remark: Constraints 6-8 help prevent cycles in lightpaths. 4) Link-sharing constraints: x,y ls(i,j)(x,y) ≥ pi,j ∀i, j, x, y, m, n (9) m,n m,n + pm,n − 1, ls(i,j)(x,y) ≤ pi,j m,n m,n

∀i, j, x, y, m, n

(10)

ls(i,j)(x,y) ≤ px,y m,n m,n ,

∀i, j, x, y, m, n

(11)

(i,j)(x,y) lsm,n ∈ {0, 1} (12) Remark: Constraints 9 - 12 ensure that if there are lightpaths between node pairs (i, j) and (x, y) which are both routed over link (m, n), that they are marked as link-sharing. X (i,j)(x,y) ls(i,j)(x,y) ≤ lsm,n , ∀i, j, x, y (13) m,n (i,j)(x,y) ls(i,j)(x,y) ≥ lsm,n ,

∀i, j, x, y, m, n

(14)

ls(i,j)(x,y) ∈ {0, 1} (15) Remark: Constraints 13 - 15 ensure that ls(i,j)(x,y) is set to 1 if lightpaths (i, j) and (x, y) traverse at least one common physical link, and 0 otherwise. 5) Attack radius constraints: X LAR(i,j) = ls(i,j)(x,y) , ∀i, j (16) x,y

LAR(i,j) ≥ 0,

LAR(i,j) integer

(17)

maxLAR ≥ LAR(i,j) , ∀i, j (18) Remark: Constraints 16 and 17 ensure that LAR(i,j) represents the attack radius of lightpath (i, j). Constraint 18 ensures that the lightpath attack radius of any lightpath is no greater than the maxLAR, which is being minimized. 6) Hop bound constraints: X pi,j ∀i, j (19) m,n ≤ H m,n

Remark: The constraint above ensures that the number of hops in a lightpath is bounded by H.

Solving the ILP formulation above gives us the optimal routing scheme with respect to the maxLAR. However, such an ILP formulation is not scalable, so heuristic approaches need to be developed for large instances of the problem. V. A TABU SEARCH HEURISTIC : TS LAR Herein we propose a tabu search heuristic for the routingsubproblem, aimed to minimize the maxLAR for bigger problems. Tabu search was chosen since it was shown to give results for the RWA of scheduled lightpath demands in [3]. Wavelength assignment is solved subsequently using the GGC graph coloring algorithm from [15].

Tabu search is an iterative meta-heuristic which guides simpler search procedures through various areas of the solution space, preventing them from remaining in local optima. In each iteration, the search begins with a current solution, explores all its neighboring solutions, and chooses the best neighboring solution (which is not forbidden by the tabu list) to become the current solution in the next iteration. A tabu list is a memory structure specific to tabu search which ‘memorizes’ a certain number of previously visited solutions to prevent the algorithm from cycling and getting stuck in local optima. Potential solutions are evaluated with respect to a certain fitness function. After a desired number of iterations, the algorithm terminates and the best found solution is deemed the final result. A detailed review of the tabu search method can be found in [16]. B. The T S LAR heuristic A description of the proposed tabu search algorithm T S LAR for lightpath routing, motivated by a tabu search algorithm from [3] for scheduled lightpath demands, follows. To design a tabu search algorithm, it is necessary to define the structure of a potential solution, the neighborhood of each solution, the tabu list, and a fitness function. Let the physical optical network be modelled as a graph G = (V, E), where V is the set of nodes and E is the set of edges. Edges are assumed to be bidirectional (each representing a pair of optical fibers, i.e. one fiber per direction). Given is also a set τ = {LP1 , . . . , LPM } representing a set of static lightpath demands. Each lightpath demand LPi , where i = 1, . . . , M , is given by a pair (si , di ), si , di ∈ V , representing the source and destination nodes of LPi , respectively. A potential routing solution X is represented by a vector of M integers, X = (x1 , . . . , xM ), where xi ∈ {1, . . . , K}, i = 1, . . . , M , represents the path used by LPi among its K-shortest paths. In other words, we limit potential physical routes to the Kshortest paths between node pairs, where K can be set to the desired value. The T S LAR algorithm initially routes all the lightpaths in τ on their shortest paths in G. Neighboring solutions with respect to the current one are all those where one and only one lightpath is routed on a different route. Instead of examining all neighboring solutions and evaluating them, we suggest a flexible neighborhood reduction technique which can drastically reduce the size of the neighborhood while still obtaining solutions of high quality. First we construct the conflict graph CG(X) of the current solution X where each node represents a lightpath and there is a link between two nodes if they share a common physical link. The maximum degree of a conflict graph, incremented by one, represents the maxLAR of that particular routing scheme and is denoted as maxLAR(X). We define the reduced neighborhood be the set of nodes (lightpaths) L(X) in the conflict graph whose degree is: Degree(LPi ) ∈ ˙ CG(X) ≤ α(maxLAR(X) − 1), 0 ≤ α ≤ 1, where α is an input parameter. If we set α = 1, then it is a pure greedy neighborhood reduction where only the nodes which are of highest degree, i.e., which determine the maxLAR,

6

are included in the neighborhood. By reducing the value of α, we enlarge the neighborhood size to consider more potential solutions allowing for more flexibility and potentially leading to a better final solution, but at the price of longer execution time. The |L(X)| individual neighbors comprising the reduced neighborhood are obtained by randomly rerouting each lightpath in L(X) on one of its K-shortest paths other than its current path. To determine the best neighboring solution which will pass into the next iteration, we create a conflict graph for each neighbor and find its corresponding maxLAR, i.e., its maximum degree incremented by one. The neighboring solution with the lowest maxLAR is passed into the next iteration and becomes the new current solution. If this solution is better than the incumbent solution, the incumbent solution is updated. The lightpath which was rerouted in the new current solution with respect to the previous iteration is then put on the tabu list and rerouting it again is then forbidden for a certain number of iterations (defined by the length of the tabu list). If two neighboring solutions in our algorithm have the same maxLAR, we consider a secondary objective. Recall that each routing solution corresponds to exactly one conflict graph CG(X) on which we can solve the graph coloring problem to find a wavelength assignment. Our aim is to obtain routing solutions whose corresponding conflict graph will need fewer colors (wavelengths) to perform graph coloring successfully. As already mentioned, the maxLAR is an upper bound on the number of wavelengths needed (i.e., an upper bound on the chromatic number). However, tighter bound on the chromatic number was given in [17], where the author showed that the chromatic number is always less than or equal to ∆2 (CG(X))+1, where ∆2 (CG(X)) is the largest degree of any node v in CG(X), such that v is adjacent to a node whose degree is at least as big as its own. If two neighboring solutions in our algorithm have the same maxLAR, the one with a smaller value for ∆2 (CG(X)) is chosen since this solution has better potential to minimize the number of wavelengths required for WA. If there is no improvement after a certain number of iterations, we take a random number of lightpaths and randomly reroute them for diversification purposes. If at some point no neighbor is feasible (i.e. they are all on the tabu list), we reroute all the lightpaths with a degree of ∆2 (CG(X)). If this solution is also on the tabu list, we randomly reroute a random set of lightpaths. The pseudocode follows. TS LAR Heuristic; Input and initialization: G = (V, E); α; τ = {LP1 , . . . , LPM }, where SLDi = (si , di ), i = 1, . . . , M ;//the set of lightpaths K; //the number of K-shortest paths X0 = (x01 , . . . , x0M ), x0i := 1, i = 1. . . . , M ; //initial routing solution with all paths set to 1 Find maxLAR(X0 ) and the corresponding lightpaths L(X0 ) = {LPr1 , . . . , LPrs }, ri ∈ {1, . . . , M }, i = 1, . . . , s; X := X0 such that Degree(LPri ) ≥ α · maxLAR(X0 ) ;//incumbent solution maxLAR := LAR(X0 );//fitness of incumbent solution T abulist := {}, i := 0, itW ithoutImprov := 0; Begin: //Tabu search iterations

while i < desired number of iterations do Xit := {}, maxLAR(Xit ) := ∞, L(Xit ) := {}; for j in 1, . . . , |L(Xi )| do xir 0 := random number in {1, . . . , K}\xir except for that forbidden by tabu j j list; Xi0 := (xi1 , . . . , xir −1 , xir 0 , xir +1 , . . . , xiM ); j j j Find maxLAR(Xi0 ) and L(Xi0 ); 0 if maxLAR(Xi ) = maxLAR(Xit ) then if ∆2 {CG(Xi0 )} < ∆2 {CG(Xit )} then Xit := Xi0 ; end if if ∆2 {CG(Xi0 )} = ∆2 {CG(Xit )} then Chose randomly between Xi0 and the current Xit and set one of them as Xit ; end if end if if maxLAR(Xi0 ) < maxLAR(Xit ) then Xit := Xi0 , maxLAR(Xit ) := maxLAR(Xi0 ), L(Xit ) := L(Xi0 ); end if end for if maxLAR(Xit ) == ∞ then //all neighbors are on the tabu list Find all nodes with ∆2 in conflict graph of solution Xi (i.e. ∆2 {(CG(Xi )}) and randomly reroute them. If this is on tabu list, choose a random number of lightpaths and randomly reroute them; else Xi := Xit , maxLAR(Xi ) := maxLAR(Xit ), L(Xi ) := L(Xit ); end if Update tabu list; if maxLAR(Xi ) = maxLAR then if ∆2 {Xi } < ∆2 {X} then X := Xi , L(X) := L(Xi ); end if if ∆2 {CG(Xi )} = ∆2 {CG(X)} then Chose randomly between Xi and the current X and set one of them as X end if end if if maxLAR(Xi ) < maxLAR then X := Xi , maxLAR := maxLAR(Xi ); else itW ithoutImprov := itW ithoutImprov + 1; end if if itW ithoutImprov ≥ allowed no. of iterations without improvement then Select a random number of lightpaths and randomly reroute them; itW ithoutImprov = 0; end if i := i + 1; end while End

Fig. 3.

1

2

3

6

5

4

An example of a physical topology with 6 nodes.

C. Complexity analysis Herein we examine the computational complexity of the T S LAR algorithm. In our algorithm, we first compute the K-shortest paths using Eppstein’s algorithm [19] and then run the desired number of iterations of T S LAR. Eppstein’s algorithm for the K-shortest paths with time complexity O(|E| + |V | log |V | + K)) is run for each of the M lightpath demands. In each iteration of the T S LAR algorithm, each neighboring solution is evaluated by finding its conflict graph and then determining the LAR(X), and potentially ∆2 (CG(X)). The conflict graph can be constructed in O(M 2 ) time. The LAR(X) and the corresponding reduced neighborhood can be found in O(M ) time, while ∆2 (CG(X)) can be found in O(M 2 ). It follows that the worst case complexity (i.e. if we

7

ILP_LAR ILP_LOAD

7

5

6

TS_LAR

4

Average LAR

5

maxLAR

ILP_LAR ILP_LOAD

TS_LAR

4 3 2

3

2

1

1 0

0 1

2

3

4

5

6

7

8

9

10 11 12 13 14 15

1

2

3

4

Tested Traffic Matrix

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(a)

(b)

Fig. 4. The (a) maxLAR and (b) average LAR obtained by the proposed ILP LAR formulation, the proposed heuristic TS LAR, and the formulation ILP LOAD which minimizes congestion from [18] for the 6-node network.

ILP_LAR ILP_LOAD

4.0

ILP_LAR ILP_LOAD

TS_LAR

3.0

3.5

2.5

Average Load

3.0

Congestion

TS_LAR

2.5 2.0 1.5 1.0

2.0 1.5 1.0 0.5

0.5 0.0

0.0 1

2

3

4

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(a)

1

2

3

4

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(b)

Fig. 5. The (a) congestion and (b) average load (i.e. the average number of lightpaths routed over all links) obtained by the proposed ILP LAR formulation, the proposed heuristic TS LAR, and the formulation ILP LOAD which minimizes congestion from [18] for the 6-node network.

have to find ∆2 (CG(X))) of evaluating a neighboring solution is O(M 2 ). There are at most M neighboring solutions, however depending on α, this number can be dramatically reduced. If the number of iterations is denoted as I, the complexity of the algorithm after K-shortest paths are found is O(I · M 3 ). The GGC algorithm ran for wavelength assignment is an improvement algorithm run for a desired number of iterations, where each iteration has a worst case time complexity of O(|V |2 ). VI. N UMERICAL R ESULTS We modelled the proposed ILP formulation, denoted as ILP LAR, in the AMPL modelling language and ran it using CPLEX v6.4, a software for solving linear programming problems. Due to the high complexity of the problem, only small cases could be run in reasonable time. We tested the

formulation on the 6-node network shown in Fig. 3. To create a set of lightpath requests, we generated 15 different traffic matrixes using the method suggested in [21], where a fraction F of the traffic is uniformly distributed over [0, C/a] while the remaining traffic is uniformly distributed over [0, C ∗ Υ/a]. Here, C represents the lightpath channel capacity, a is an arbitrary integer greater than or equal to 1, and Υ represents the average ratio of traffic intensities between node pairs with high and low traffic values. The values were set to C = 1250, a = 20, Υ = 10, and F = 0.7, as in [21]. To obtain virtual topologies from the generated traffic matrices, we assigned lightpaths requests to node pairs in decreasing order of their corresponding traffic with at most 3 lightpaths originating and terminating at each node, i.e., we assumed 3 transmitters and

8

Helsinki

Oslo Stockholm Glasgow

Moscow Copenhagen

Dublin Hamburg London

Warsaw

Amsterdam Berlin Frankfurt

Brussels

Kiev

Prague Paris

Munich Zurich

Vienna

Bordeaux

Budapest

Milan Zagreb Marseille Rome

Lisbon

Madrid

Barcelona Athens

Fig. 6. The 30-node fiber topology of the basic network from the Cost Action 266 project [20].

3 receivers per node3 . The upper bound on the number of hops for physical paths was set to H = 4. We ran ILP LAR for the 15 different traffic matrices generated in the above described way and compared with the results obtained using an ILP formulation which minimizes congestion from [18]. Due to the consistency of the results, we feel that 15 random cases are sufficient, while enabling clear graphical presentation. This formulation, denoted as ILP LOAD, can be obtained from ILP LAR by removing constraints 9-18 for link-sharing and attack radii, changing the objective function to maxLOAD (a variable representing the maximum load, i.e. congestion), and adding the following constraint: maxLOAD ≥

X

pi,j m,n

∀m, n.

(20)

i,j

Although cycling constraints 6-8 are not included in the formulation from [18], we include them here since they can only improve the results with respect to the lengths of lightpaths without affecting the congestion. In order to gain insight into the effectiveness of the heuristic approach by comparison with optimal solutions, we ran TS LAR for the same test data as for the formulations. TS LAR was run for 2000 iterations, the length of the tabu list was set to 10, and K was set to 3 to limit the lengths of the lightpaths to their 3rd-shortest paths. The routing solutions obtained by the heuristic, as well as the formulations, were used as input to the GGC graph coloring algorithm ran for wavelength assignment. We compare the results for the considered test cases with respect to the maxLAR, i.e., the maximum attack radius over all lightpaths, and the average LAR, i.e., the average lightpath attack radius of all lightpaths, shown in Figs. 4.a and 4.b, respectively. The congestion and average number of lightpaths routed over all links (referred to as the average load) are shown in Figs. 5.a and 5.b, respectively. The number of wavelengths used was equal to the congestion for all cases, i.e. equal to the lower bound of a given routing solution, and, thus, the results are not shown separately. We can see that ILP LAR significantly outperforms ILP LOAD with respect to the maxLAR and average LAR, while still obtaining optimal congestion in 13 out of 15 test cases. Recall that the maxLAR is an upper 3

At most one lightpath was established between the same pair of nodes.

bound on congestion and, thus, minimizing the maxLAR also ensures that the congestion cannot be higher. The heuristic approach proved to be very effective, obtaining the optimal maxLAR in all cases, optimal congestion in 14 out of 15 cases, and even outperforming ILP LAR in some cases for the average LAR. Furthermore, both the proposed formulation and heuristic approach outperformed ILP LOAD with respect to the average number of lightpaths routed over all the links (i.e. the average load) as shown in Fig. 5.b. The main reason for this is that by minimizing the maxLAR, the algorithms tend to establish shorter lightpaths (in terms of hops), which is directly proportional to the average load. Namely, the average load is equal to the total length of all the lightpaths in terms of the number of hops, i.e. sum of the hops over all the lightpaths established in the network, divided by the number of links in the network. These results are even more significant when the hop bound constraints are removed. This also means that the total resources used, in terms of link-wavelength pairs, is lower in the solutions obtained by ILP LAR and TS LAR. Besides increased resource availability, establishing shorter lightpaths is also desirable due to decreased transmission impairments leading to better signal quality. Since the ILP LAR formulation is complex and, thus, highly intractable, heuristic algorithms need to be run to find sub-optimal solutions for larger problems. The T S LAR, in conjunction with GGC for graph coloring, proved to be very effective for the 6-node topology. To assess its performance on larger problems, we ran it on the 30-node reference basic topology from the COST Action 266 project [20] shown in Fig. 6. 15 different virtual topologies, i.e. sets of lightpaths, were created using the same method as described above for the 6-node networks, but with 10 transmitters and receivers per node. We compare with standard shortest path routing, denoted as SP , aimed to minimize lightpath hop length, as well as two greedy algorithms from the literature aimed to minimize the number of wavelengths (and with it congestion). The first, Greedy EDP RWA (Greedy Edge Disjoint Paths RWA) [22], is based on creating a partition of lightpaths where each element of the partition contains edge disjoint paths which can, consequently, be assigned the same wavelength. The second, BFD RWA (Best Fit Decreasing RWA) [23], is an approach based on bin packing which attempts to ‘pack’ lightpaths onto wavelengths on which they fit ‘best’ (i.e. using the shortest available physical path) in decreasing order of the lengths of their shortest paths. Both algorithms include a hop bound which limits the length of established lightpaths. We set this bound to the length of the longest 3rd-shortest path of any lightpath request in order to perform a fair comparison with T S LAR when K is set to 3. The results for the maxLAR, average LAR, congestion and the average number of lightpaths over all links (average load) are shown in Figs. 7.a, 7.b, 8.a, and 8.b, respectively. The results for the number of wavelengths were equal to congestion in almost all cases and are, thus, omitted for the sake of brevity. We can see from Fig 7.a. that the proposed T S LAR heuristic significantly outperformed all the other approaches with respect to the maxLAR. For example, in case of matrix number 5, a link-based attack could potentially disrupt 51 lightpaths

9

TS_LAR BFD_RWA

90

SP Greedy_EDP_RWA

TS_LAR BFD_RWA

SP Greedy_EDP_RWA

Average LAR

40

maxLAR

60

30

0 1

2

3

4

5

6

7

8

9

30

20

10

0

10 11 12 13 14 15

1

2

3

4

Tested Traffic Matrix

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(a)

(b)

Fig. 7. The (a) maxLAR and (b) average LAR obtained by the proposed heuristic TS LAR, Shortest Path (SP) routing, Greedy EDP RWA [22], and BFD RWA [23] for the 30-node network from [20].

TS_LAR BFD_RWA

40

SP Greedy_EDP_RWA

TS_LAR BFD_RWA

15

SP Greedy_EDP_RWA

Average Load

Congestion

30

20

10

0 1

2

3

4

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(a)

10

5

0 1

2

3

4

5

6

7

8

9

10 11 12 13 14 15

Tested Traffic Matrix

(b)

Fig. 8. The (a) congestion and (b) average load (i.e. the average number of lightpaths routed over all links) obtained by the proposed heuristic TS LAR, Shortest Path (SP) routing, Greedy EDP RWA [22], and BFD RWA [23] for the 30-node network from [20].

in the solution obtained by T S LAR, 63 with SP routing, 65 with BF D RW A and 83 with Greedy EDP RW A out of the maximum of 150 lightpaths established. Furthermore, T S LAR performs best with respect to the average LAR in all cases, although SP and BF D RW A are comparable. With respect to congestion (and number of wavelengths), we can see from Fig. 8.a that the BF D RW A algorithm performs best, followed closely by Greedy EDP RW A. T S LAR performs somewhat worse, while SP obtains dramatically higher congestion. The average load (and, proportionally, the average lightpath length in hops) is shown in Fig. 8.b. Here we can see that, as expected, SP performs best (i.e., it gives the optimal solution with respect to lightpath length), followed very closely by T S LAR. BF D RW A performs somewhat worse, while Greedy EDP RW A performs sig-

nificantly worse. These results makes sense since the main objective of Greedy EDP RW A is to minimize the number of wavelengths (and consequently congestion), without no consideration for path length (and average load) beyond the hop bound constraint. Shortest Path (SP) routing, conversely, aims only to establish short lightpaths, with no consideration for congestion or wavelengths. BF D RW A and T S LAR consider both (recall that the maxLAR is an upper bound on both congestion and wavelengths), however the number of wavelengths (and congestion) is given precedence over shorter paths in the former, and vice-versa in the latter. Thus, the T S LAR algorithm performs a trade-off by allowing for somewhat higher congestion in order to establish lightpaths of near-optimal length (and, consequently, a lower average load) and significantly better maxLAR and average LAR. We feel that

10

the trade-off with congestion is justified with the severity of the potential damage which can be caused by physical-layer attacks in such networks. VII. C ONCLUSION In this paper, we consider the problem of Routing and Wavelength assignment in Transparent Optical Networks. We present a novel objective criterion, called the Maximum Lightpath Attack Radius (maxLAR) which measures the largest number of lightpaths sharing a common link with any one lightpath. By minimizing the maxLAR, we can limit the maximal disruption caused by various physical-layer attacks. As such, we can improve network security and robustness through careful network planning, at no extra cost for specialized equipment. We formulate the routing sub-problem as an integer linear program and compare with a formulation with the objective to minimize congestion on a small network. The results show that our formulation obtains near-optimal results for congestion, while significantly reducing the maxLAR and the average number of lightpaths routed over all links (i.e. average load). For larger problems, solving the ILP is intractable and, thus, we propose a tabu search heuristic algorithm, run in combination with a graph coloring algorithm for wavelength assignment. Testing on a larger network and comparing with existing approaches from the literature indicates that the proposed algorithm obtains superior solutions with respect to the maxLAR and average load, but as a trade-off with an increase in congestion. This trade-off seems justified by the extremity of the vulnerabilities associated with optical networks security. Future work will include incorporating into our model intra-channel crosstalk occurring in optical switches, with an emphasis on its propagation capabilities. We will consider the case where attacking capabilities decrease proportionally to their distance from the attacking point, measured in the number of switches, attacked lightpaths and actual distance traversed. Furthermore, the proposed formulation and heuristic approach will be extended to include attack-aware wavelength assignment. Careful power equalization placement in order to thwart jamming attacks and further reduce the LAR at a minimum cost will also be considered. VIII. ACKNOWLEDGEMENT The work described in this paper was carried out with the support of the BONE-project (”Building the Future Optical Network in Europe”), a Network of Excellence funded by the European Commission through the 7th ICT-Framework Programme, and research project 036-0362027-1641 funded by the Ministry of Science, Education and Sports of the Republic of Croatia. R EFERENCES [1] I. Chlamtac, A. Ganz, and G. Karmi, “Lightpath communications: An approach to high-bandwidth optical WANs,” IEEE Trans. Commun., vol. 40, pp. 1171–1182, 1992. [2] T. Noronha, M. Resende, and C. Ribeiro, “A genetic algorithm with random keys for routing and wavelength assignment,” submitted to Networks. [3] N. Skorin-Kapov, “Heuristic algorithms for the routing and wavelength assignment of scheduled lightpath demands in optical networks,” IEEE J. Select. Areas Commun., vol. 24, pp. 2–15, 2006.

[4] X. Chu and B. Li, “Dynamic routing and wavelength assignment in the presence of wavelength conversion for all-optical networks,” IEEE/ACM Trans. Networking, vol. 13, no. 3, pp. 704–715, June 2005. [5] B. Ramamurthy, D. Datta, H. Feng, J. P. Heritage, and B. Mukherjee, “Impact of transmission impairments on the teletraffic performance of wavelength-routed optical networks,” J. of Lightwave Technol., vol. 17, pp. 1713–1723, 1999. [6] M. M´edard, D. Marquis, R. Barry, and S. Finn, “Security issues in all-optical networks,” IEEE Network, vol. 11, no. 3, pp. 42–48, May/June 1997. [7] T. Wu and A. Somani, “Cross-talk attack monitoring and localization in all-optical networks,” IEEE/ACM Trans. Networking, vol. 13, no. 6, pp. 1390–1401, Dec. 2005. [8] C. Mas, I. Tomkos, and O. Tonguz, “Failure location algorithm for transparent optical networks,” IEEE J. Select. Areas Commun., vol. 23, no. 8, pp. 1508–151, Aug. 2005. [9] M. Sivakumar, R. K. Shenai, and K. Sivalingam, “A survey of survivabilty techniques for optical WDM networks,” in Emerging Optical Network Technologies: Architectures, Protocols and Performance, A. Sivalingam and S. Subramaniam, Eds. New York, USA: Springer Science+Media, Inc., 2005, ch. 3, pp. 297–332. [10] N. Skorin-Kapov, J. Chen, and L. Wosinska, “A tabu search algorithm for attackaware lightpath routing,” in Proc. of ICTON 2008, Athens, Greece, June 2008, pp. 42–45. [11] N. Skorin-Kapov, “A MILP formulation for routing lightpaths for attack protection in TONs,” in Proc. of NAEC 2008, Riva del Garda, Italy, Sept. 2008. [12] N. Skorin-Kapov, O. Tonguz, and N. Puech, “Self-organization in transparent optical networks: A new approach to security,” in Proc. of the 9th International Conference on Telecommunications (Contel 2007), Zagreb, Croatia. [13] T. Deng and S. Subramaniam, “Covert low-power QoS attack in all-optical wavelength routed networks,” in Proc. of the Global Telecommunications Conference (Globecom 2004), vol. 3, 2004, pp. 1948–1952. [14] R. Brooks, “On coloring the nodes of a network,” in Proc. Cambridge Phil. Soc., vol. 37, 1941, pp. 194–197. [15] D. Kirovski and M. Potkonjak, “Efficient coloring of a large spectrum of graphs,” in Proc. 35th Conf. Design Automation, San Francisco, CA, June 1998, pp. 427–432. [16] F. Glover and M. Laguna, Tabu Search. Boston, MA: Kluwer Academic Publishers, 1997. [17] L. Stacho, “New upper bounds for the chromatic number of a graph,” J. Graph Theory, vol. 36, no. 2, pp. 117–120, Feb. 2001. [18] D. Banerjee and B. Mukherjee, “A practical approach for routing and wavelength assignment in large wavelength-routed optical networks,” IEEE J. Select. Areas Commun., vol. 14, pp. 903–908, June 1996. [19] D. Eppstein, “Finding the k shortest paths,” SIAM J. Computing, vol. 28, no. 2, pp. 652–673, 1998. [20] R. Inkret, A. Kuchar, and B. Mikac, Advanced Infrastructure for Photonic Networks: Extended Final Report of COST Action 266. Zagreb: Faculty of Electrical Engineering and Computing, University of Zagreb, 2003, pp. 19–21. [21] D. Banerjee and B. Mukherjee, “Wavelength-routed optical networks: Linear formulation, resource budgeting tradeoffs, and a reconfiguration study,” IEEE/ACM Trans. Networking, vol. 8, no. 5, pp. 598–607, 2000. [22] P. Manohar, D. Manjunath, and R. K. Shevgaonkar, “Routing and wavelength assignment in optical networks from edge disjoint paths algorithms,” IEEE Commun. Lett., vol. 6, pp. 211–213, May 2002. [23] N. Skorin-Kapov, “Routing and wavelength assignment in optical networks using bin packing based algorithms,” Europ. J. Op. Res., vol. 177, pp. 1167–1179, 2007.

Nina Skorin-Kapov is an Assistant Professor at the University of Zagreb, Faculty of Electrical Engineering and Computing in Croatia. She received her Dipl.-Ing. (2003) and Ph.D. (2006) degrees in Electrical Engineering from the University of Zagreb, Croatia, and completed a Post-Doctoral Fellowship at Tlcom Paris - cole Nationale Suprieure des Tlcommunications, Paris, France from 9/2006-9/2007. Her main research interests include optimization in telecommunications (particularly in WDM wide-area optical networks), optical networks planning and security.

Jiajia Chen received a B.S. degree (2004) in information engineering from Zhejiang University, China, and a Ph.D. degree (2009) from the Royal Institute of Technology (KTH), Sweden. Currently, she is working as a postdoc in Next Generation Optical Networks (NEGONET) group at KTH. She is co-author of over 20 publications in international journals and conferences in the area of optical networking. Her research interests include fiber access networks and switched optical networks.

11

Lena Wosinska received her Ph.D. degree in photonics and Docent degree in optical networking from the Royal Institute of Technology KTH in Stockholm, Sweden. She joined KTH in 1986, where she is currently an associate professor in the School of Information and Communication Technology (ICT), heading a research group in optical networking (Next Generation Optical Networks NeGONet), and coordinating a number of national and international scientific projects. Her research interests include optical network management, reliability and survivability of optical networks, photonics in switching, and fiber access networks. She has been involved in a number of professional activities including guest editorship of the following special issues that appeared in OSA Journal of Optical Networking: High Availability in Optical Networks; Photonics in Switching; Reliability Issues in Optical Networks; and Optical Networks for the Future Internet. Since 2007 she has been an Associate Editor of OSA Journal of Optical Networking and since April 2009 she serves in the Editorial Board of IEEE/OSA Journal of Optical Communications and Networking. Since 2005 she is a General Chair of the Workshop on Reliability Issues in Next Generation Optical Networks (RONEXT), which is a part of the IEEE International Conference on Transparent Optical Networks (ICTON). She serves on Technical Program Committees of many international conferences.