62
JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 29, NO. 1, JANUARY 1, 2011
Four-State Data Encoding for Enhanced Security Against Upstream Eavesdropping in SPECTS O-CDMA Chunxin Yang, Student Member, IEEE, Ryan P. Scott, Member, IEEE, David J. Geisler, Student Member, IEEE, Nicolas K. Fontaine, Student Member, IEEE, Jonathan P. Heritage, Fellow, IEEE, and S. J. Ben Yoo, Fellow, IEEE
Abstract—This paper presents an implementation of a modulation technique which is effective in obscuring spectral phase encoded time-spreading (SPECTS) optical code division multiple access (O-CDMA) data streams from eavesdroppers tapping into single-user uplinks. This data modulation technique employs a finite-state Markov chain following a four-state trellis to encode user data in the electronic domain. The encoding redistributes the SPECTS O-CDMA user data bits across four different waveforms to defeat the eavesdropper attacks on upstream links via power detectors or differential phase-shift keying (DPSK) receivers. The four-state encoder-decoder is implemented in a field-programmable gate array (FPGA) with high-speed serial transceivers. A SPECTS O-CDMA testbed with four-state encoded data modulation at up to 2.5 Gb/s/user is demonstrated and its single user link security is tested using a DPSK demodulator to emulate the eavesdropping detection. The security test verifies that this modulation technique effectively prevented interception by DPSK detection. The four-state coding can be extended to be time variable through switching among several trellis state definitions to achieve more rigorous security. Index Terms—O-CDMA, differential phase shift keying (DPSK), FPGA, security.
I. INTRODUCTION
I
N recent years, optical code-division multiple-access (O-CDMA) technology has generated substantial research interests as a promising optical access technology due to several attractive features including flexibility, reconfigurability, ease of network control and potential for enhanced physical layer security [1]–[3]. O-CDMA network security has been analyzed and several security enhancement techniques have been investigated [4]–[10]. The physical layer security relies on coexistence of multiple users and a large code space. Under
Manuscript received May 25, 2010; revised October 14, 2010; accepted October 21, 2010. Date of publication October 28, 2010; date of current version January 05, 2011. This work was supported in part by the Defense Advanced Research Projects Agency (DARPA) and SPAWAR under Agreement N66001-02-1-8937 and in part by the Air Force Office of Scientific Research (AFOSR) through the University of California, Davis Center for Digital Security. C. Yang is with the Department of Applied Science, University of California, Davis, Davis, CA 95616 USA (e-mail:
[email protected]). R. P. Scott, D. J. Geisler, N. K. Fontaine, J. P. Heritage, and S. J. B. Yoo are with the Department of Electrical and Computer Engineering, University of California, Davis, Davis, CA 95616 USA. (e-mail:
[email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/JLT.2010.2090129
such a circumstance, it would be difficult for an eavesdropper to detect a specific user’s data information without knowledge of the O-CDMA code. Spectral phase encoded time-spreading (SPECTS) O-CDMA is a coherent O-CDMA technique which applies spectral phase changes based on a unique code to each user’s data modulated optical pulse, causing the encoded waveform to spread in the time domain. A receiver with full knowledge of the spectral code reconstructs the original short optical pulse and distinguishes the short pulse from other users’ data pulses, which remain spread, by an intensity dependent nonlinear detector. Among several O-CDMA schemes, SPECTS O-CDMA provides relatively high multiple access interference (MAI) suppression as demonstrated by a 32 user 10 Gb/s/user (320 Gb/s) networking testbed [11]. However, investigations have revealed that a SPECTS O-CDMA network is particularly vulnerable to eavesdropping on upstream links where only the single user signal is present without any interference as indicated in Fig. 1, which shows a typical O-CDMA network with star topology. For example, a single SPECTS O-CDMA user employing on-off keyed (OOK) data modulation can be easily intercepted by simple power detection without applying O-CDMA codes [4]. To remedy this security vulnerability, a bright/dark code data modulation scheme is adopted, in which the “1”s and “0”s are represented by two distinct encoded waveforms with nominally the same total energy [12]. Nevertheless, Jiang et al. have shown that the bright/dark code data modulation scheme is still vulnerable to eavesdroppers equipped with a differential phase-shift keying (DPSK) demodulator which can sense the phase difference between the two spectral phase codes used for the “bright” and “dark” waveforms [7]. By detecting the change or lack of change in the successively transmitted waveforms, the original data stream is then recoverable. To protect SPECTS O-CDMA network against DPSK eavesdropping, a new data modulation technique based on a finitestate Markov chain was proposed by Du et al. [13]. Following a three-state trellis, the binary user data stream is converted into a new sequence of three different states corresponding to three different waveforms, two of which are time spread by distinct OCDMA codes while the third is a null energy state. However, this approach can be generalized to more than three states to provide security enhancements and other benefits. For example, here we employ a four-state version for energy balance in the data stream and, as long as the state transition does not directly correspond to the binary data
0733-8724/$26.00 © 2011 IEEE
YANG et al.: FOUR-STATE DATA ENCODING FOR ENHANCED SECURITY
63
Fig. 1. Security vulnerability on the single user upstream links of a SPECTS O-CDMA star network.
sequence, DPSK eavesdroppers cannot recover the user data without knowledge of the O-CDMA codes [13]. We present a field-programmable gate array (FPGA) implementation of such a multi-state encoded data modulation technique following a four-state trellis and demonstrate error-free single user performance in a SPECTS O-CDMA testbed at 1.25 Gb/s and 2.5 Gb/s. We show that when operated as a standard bright/dark code SPECTS O-CDMA testbed, a fiber-optic DPSK demodulator acting as the eavesdropper, intercepts the bright/dark code modulated data stream with a bit error rate (BER) as low as . However, when the four-state encoded data modulation is applied, the BER rises to 0.5, which indicates that the user data is effectively obscured from DPSK eavesdroppers. Some initial experimental results for this technique were published in [14]. Although the testbed uses two optical encoders for code switching in this proof-of-principle demonstration, future O-CDMA encoders based on InP [15] can have the capability to quickly switch codes and only one encoder per user is then necessary. Furthermore, this four-state encoding technique may be readily extended to achieve a higher level of link security by alternating between several different trellis state definitions in a random fashion. In other words, a frame of data is encoded with a particular trellis state definition and then next frame of data is encoded with a different trellis state definition, where the alternating pattern is a random sequence. The transmitter and receiver synchronization is maintained by a previously agreed upon key sequence established through public key encryption. II. PRINCIPLE OF FOUR-STATE ENCODED DATA MODULATION The original data modulation technique proposed in [13] utilizes three states: a waveform generated by O-CDMA phase code 1 (C1 state), a waveform generated by O-CDMA phase code 2 (C2 state), and a null transmission (N state). The odd number of states results in unbalanced rate of “1”s and “0”s in the encoded sequence. Since communication receivers are typically intolerant of this imbalance, we choose a four-state encoding scheme to maintain DC-balance. The unbalanced threestate version can also be implemented by adding a DC-balance
Fig. 2. Security enhanced SPECTS O-CDMA transmitter and receiver with four-state encoding and decoding. (a) Finite-state transition diagram for the four-state encoder and the SPECTS O-CDMA transmitter. (b) SPECTS O-CDMA receiver and four-state decoder. FSTD: finite-state transition diagram, MZM: Mach–Zehnder modulator, O/E: optical-to-electrical converter.
process (e.g., 8 b/10 b coding). By adding the fourth state, there is greater flexibility in designing the state encoder definition. Thus, when extending the state encoder to be time varying (i.e., continuously switching among several different state encoder definitions), the four-state encoding scheme provides addition definitions to use. Fig. 2(a) shows a schematic representation of the SPECTS O-CDMA transmitter with four-state data coding. In the electronic domain, the binary incoming data is encoded with a fourstate trellis sequence, which is depicted as a finite state transition diagram (FSTD) in the shaded box in Fig. 2(a). The four states are labeled in the circles as N (null), C1 (O-CDMA code 1), C2 (O-CDMA code 2) and C12 (both code 1 and code 2 in use). The arrows indicate the direction of the state transition, which is determined by the incoming data bit as labeled on the arrows the previous state. To clearly illustrate the coding operation we will run through a brief example. Fig. 2(a) shows a representative incoming bitstream “10111”. Assuming the initial state is “N” and following the FSTD, when the first binary “1” enters the state machine, the next state will be “C1”. Therefore, the bit-stream is converted to a corresponding sequence of states “C1, N, C1, C12, C2”. The FSTD is designed such that the state always changes when a bit enters (whether “0” or “1”). This means that the adjacent transmitted states will never be identical. Each state is represented by a two-digit binary number shown as the outputs Q1 and Q2 in Fig. 2(a). The four-state encoding of the optical signal is accomplished in a straightforward manner. Fig. 2(a) shows that the short optical pulse source is split into two paths, the Q1 path is spectrally encoded with O-CDMA phase code 1 and similarly the Q2 path is encoded with phase code 2. The Q1 and Q2 signals from the FSTD each drive a Mach–Zehnder modulator (MZM)
64
to perform OOK modulation of the corresponding path. The signals from the two paths are combined and amplified to form the four-state encoded transmitting signal for a single user. For the N state, Q2Q1 is “00” so optical pulses are absent from both paths in the O-CDMA transmitter and no energy is transmitted; For the C1 state, Q2Q1 is “01” so the O-CDMA transmitter transmits waveform 1 created by applying O-CDMA phase code 1 while waveform 2 is not transmitted; similarly, for the C2 state, waveform 2 corresponding to O-CDMA phase code 2 is transmitted while waveform 1 is off; for the C12 state, both waveform 1 and waveform 2 are transmitted simultaneously. Since the amplifier following the transmitter runs in saturation, the C1, C2 and C12 states have equal energy during a bit period. Fig. 2(a) shows the representative transmitted optical signal for the four-state encoded data shown at the input to the FSTD. Fig. 2(b) shows an authorized SPECTS O-CDMA receiver with four-state decoding. At the input to the receiver, the signal is split into two SPECTS O-CDMA receivers. In one receiver a SPECTS O-CDMA decoder applies the conjugate of the spectral phase code 1 to the received signal and the other one applies the conjugate of the phase code 2. Each O-CDMA receiver includes an optical nonlinear thresholder to distinguish the correctly decoded signal from interferes. The two detected optical signals are converted to electrical signals, Q1 and Q2, which correspond to the received four-state sequence. In the end, a four-state decoder, depicted as a mapping table in Fig. 2(b) converts the four-state sequence back to binary user data. The four-state encoded data modulation technique uses the same O-CDMA code space as the three-state version and it is more amenable to dynamic reconfiguration. However, the two waveforms of the C12 states coherently interfere which contributes to the reduced BER performance as compared to the three-state version. The best performance is obtained when O-CDMA codes C1 and C2 are chosen with the greatest degree of orthogonality so that the two waveforms have minimum interference. III. REALIZATION OF THE FOUR-STATE ENCODER-DECODER A. Implementation in Digital Logic Fig. 3(a) defines each state in the FSTD by a two-digit binary number Q2Q1. Therefore, the four-state encoder has two binary output signals Q1 and Q2. Q1 corresponds to O-CDMA code 1 and Q2 corresponds to O-CDMA code 2. Fig. 3(b) shows the realization of the four-state encoder defined by the FSTD in Fig. 2(a). Fig. 3(c) is the four-state decoder functioning as the mapping table in Fig. 2(b). The encoder needs two successive bits to determine the output state, and the decoder need two successive states to recover the binary bit, so the digital circuits consist of logic gates and simple memory parts, flip-flops. B. Parallel Implementation With an FPGA To meet the high-speed requirement of optical communications, the four-state encoder-decoder can either be directly implemented by GHz-rate logic gates and flip-flops or by lower-speed logic through parallelization. We chose the latter path and implemented the four-state encoder-decoder using a Xilinx Virtex-2 pro FPGA. This relatively inexpensive
JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 29, NO. 1, JANUARY 1, 2011
Fig. 3. (a) Logic map showing the relationship between the FSTD states and encoder outputs Q1 and Q2. (b) Realization of the four-state encoder using logic gates and flip-flops. (c) Implementation of four-state decoder using logic gates and flip-flops.
Fig. 4. Realization of parallel four-state encoders and decoders in an FPGA. “b b . . . b b . . .” is the input serial data sequence and it is deserialized into 20 parallel data streams. “s s . . . s s . . .” is the encoded serial four-state sequence. Each state s contains two digits: Q1 and Q2.
FPGA device includes several on-chip 3.125 Gb/s serial transceivers (i.e., transmitter-receiver pair) and corresponding 20:1 serializers and deserializers (i.e., time multiplexers and demultiplexers). As illustrated in Fig. 4, the FPGA receiver deserializes the ” to 20 parallel data incoming user data “ streams which enter the 20 parallel encoders. Encoder 1 con” to a four-state verts the deserialized data stream “ ”. Similarly, the th encoder converts sequence “ “ ” to “ ”. Based on the FSTD, is related to . The Q1 and Q2 parts of each state are serialized separately and sent out via two high-speed transmitters. The ”, and each state serial output sequence is “ is associated with the 20th state transmitted before it. The corresponding parallel four-state decoder block is implemented in the FPGA. It receives the serial Q1 and Q2 signals with two high-speed serial receivers and deserializes Q1 and Q2 to 20 parallel streams. Q1 and Q2 must be synchronized before being converted back to the original user data bit sequence. The FPGA implementation is readily expandable to include several different FSTD definitions on chip, for example, one FSTD as shown in Fig. 2(a) and another FSTD with inversed state transition direction. The four-state encoder can be controlled externally to switch between the FSTDs and change the encoding formula. Similarly the four-state decoder can be designed to switch between two mapping tables. In this way time-
YANG et al.: FOUR-STATE DATA ENCODING FOR ENHANCED SECURITY
65
Fig. 5. Arrangement of single user SPECTS O-CDMA testbed with four-state encoded data modulation. PRBS: pseudo-random bit sequence; PPG: programmable pattern generator, BERT: bit-error-rate tester, OFCG: optical frequency comb generator, MZM: Mach–Zehnder modulator, HNLF: highly-nonlinear fiber.
varying four-state encoder-decoder can be implemented. The coordination of switching time between the transmitter and receiver can be achieved by a predefined order of switching between the FSTDs, or using an additional channel for switching control. The original data stream can be framed and toggled between the FSTDs. The time-varying four-state coding offers the potential for higher level of link security. IV. EXPERIMENTAL RESULTS A. Experimental Arrangement Fig. 5 shows the experimental arrangement for the single-user SPECTS O-CDMA testbed with four-state encoded data modulation. The 10 GHz microwave synthesizer provides the clock and divided clocks for driving the optical source, the programmable pattern generator (PPG), and the FPGA. The pseudo-random binary sequence original user data is a (PRBS) generated by the PPG (the high-speed transceivers on the FPGA are unable to recover the clock and synchronize properly with longer PRBSs due to long strings of “1”s and “0”s). The parallelized four-state encoder implemented in the FPGA converts the user data to a four-state encoded two-digit sequence Q2Q1 that drives the optical modulators. The optical source is a 10 GHz, 600-fs optical pulse train from a stable optical frequency comb generator (OFCG), which is split into two paths. Each path includes a Mach–Zehnder modulator (MZM) driven by Q1 or Q2 for OOK modulation of the split pulse train, and SPECTS O-CDMA encoders for applying 128-chip Walsh codes as the phase codes to the modulated pulse train. The two optical paths are carefully synchronized and power equalized before they are recombined. An erbium-doped fiber amplifier (EDFA), operating in saturation, amplifies the combined optical signal so the C1, C2 and C12 states have equal energy. At this
point, the single user signal is ready for transmission. At the authorized receiver side, two O-CDMA decoders apply the conjugate Walsh codes of the corresponding O-CDMA encoders to the received optical signal. The correctly decoded pulses are short while the incorrectly decoded pulses (interferers) remain split and spread in time. The O-CDMA nonlinear thresholder, based on filtering of spectral spreading by the self-phase modulation effect in 500 m of highly-nonlinear fiber (HNLF), distinguishes the short pulses with their high peak intensity from the interferers. After optical to electrical conversion, the parallelized four-state encoder in the FPGA recovers the received four-state sequence to the original PRBS for BER measurement. B. Single User Results Fig. 6(a) presents the BER performance of the SPECTS O-CDMA testbed with four-state encoded data modulation at 1.2519 Gb/s and 2.50375 Gb/s. These data rates are set to match the operation rate of the DPSK demodulator that is used in the interception tests. The received power is recorded before the O-CDMA thresholder. The BER group “O-CDMA encoder 1” is the measured performance of O-CDMA encoder-decoder pair 1 without four-state encoding, with the O-CDMA encoder 2 blocked, and the group “O-CDMA encoder 2” is similar. The 4-dB power penalty between the O-CDMA encoder 1 and encoder 2 mainly comes from the differences in the EDFAs and the HNLFs used in the two nonlinear thresholders. In particular, the output power of the EDFAs differed by 2.5 dB and the HNLFs are different lengths and from different manufacturers. The BER group labeled as “four-state encoded” is the measured performance of the single user SPECTS O-CDMA link with four-state encoded data modulation, which achieves at both 1.25 Gb/s and 2.5 Gb/s. The a BER better than
66
JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 29, NO. 1, JANUARY 1, 2011
four-state encoding, the BER collapses to 0.4999, when accumulated over a 2-minute interval. The accuracy of the BER measurement at high error rates is limited since the BER test set cannot correctly synchronize the received pattern to the original pattern during the BER measurement. However, the fluctuations . Even though the around a BER of 0.5 are still less than DPSK received data is incorrect as a result of the four-state encoding, the corresponding eye diagram in Fig. 6(b) is not completely closed. This is because both the N-C1 or -C2 transitions and the C12-C1 or -C2 transitions generate outputs with different energy levels in the DPSK demodulator even though the original data is scrambled by the four-state encoding into an unintelligible sequence. Nonetheless, the DPSK demodulator is able to detect the waveform change and displays a partially open eye diagram, but that in no way implies the original data stream is recovered. This result indicates that the four-state data modulation technique effectively enhances security against eavesdroppers equipped with DPSK detection. V. SECURITY ANALYSIS This section analyzes how the four-state coding defeats eavesdropping based on power detection and DPSK detection. For the DPSK based eavesdropping, two different situations are assumed: the eavesdropper without knowledge of four-state coding and the eavesdropper knowing the FSTD. Fig. 6. BER measurements for the security enhanced SPECTS O-CDMA testbed. (a) Single user performance of SPECTS O-CDMA with four-state data modulation at 1.25 Gb/s and 2.5 Gb/s. (b) DPSK detection on single user with bright/dark code modulation and four-state encoded modulation. Down arrow symbol: data point indicating zero errors for a given amount of time to achieve 10 . the 95% confidence level for BER
