Skip to main content

Security Enhancement of Optical Network Logical Design

Final Report Summary - SHIELD (Security Enhancement of Optical Network Logical Design)

In optical networks, connections are vulnerable to physical layer attacks since data signals remain in the optical domain for the entire path. An attack is defined as an intentional action against the ideal and secure functioning of the network. Physical layer threats and attacks in optical networks have been studied in the literature but also operators consider the security in their systems of paramount importance. The “Security enHancement of optIcal nEtwork Logical Design” (SHIELD) project is a research effort focusing on the design of secure next-generation optical networks. The main objective of the project is to design and evaluate novel algorithms that range from Integer Linear Programming (ILP) to several heuristic algorithms for the planning and operational phases of future optical networks, able to support different data rates and node architectures that will focus on providing flexibility in the utilization of resources to minimize the CAPital Expenditures (CAPEX) and Operational EXpenditures (OPEX) costs, while offering security capabilities against physical layer attacks.

The technical part of year 1 addresses the attack-aware Routing and Wavelength Assignment (RWA) problem in optical Wavelength Division Multiplexing (WDM) networks. The objective is to assign routes and wavelengths to the requested connections so as to minimize the affected lightpaths by a possible attack, while minimizing at the same time the number of required resources. A series of algorithms were developed for solving the RWA problem with the objective of minimizing the high-power in-band and out-of-band crosstalk propagation which is caused when a high-power jamming signal is maliciously introduced in the network at a specific network node. Several ILP formulations, relaxation techniques, and heuristics were developed to address the problem. The problem of provisioning of survivable connections was also considered to address the case where a lightpath is under attack, and an alternative lightpath is necessary to establish the connection.

The technical part of year 2 addresses the development of a series of novel Routing and Spectrum (RSA) algorithms that consider the availability of the network and provide improved network and physical layer performance while minimizing the monetary cost and power consumption. Moreover, the research deals with the provisioning of multicast connections in metro optical networks, taking into consideration physical layer impairments that can affect the availability of the connections. Finally, the research also addresses the problem of wavelength selection and scheduling in passive optical networks in order to investigate the problem of spectrum efficiency in access network infrastructures as well.

The technical part of year 3 addresses the problem of security awareness of optical networks in the event of uncertainties. The objective is to assign routes and spectrum to the requested connections so as to minimize the affected lightpaths by a possible attack, while also minimizing the number of required resources. Moreover, the research deals with the placement of devices in order to monitor and mitigate the impact of jamming attacks. A series of algorithms were developed for solving the RSA problem and the placement of devices in certain locations of the network in order to minimize the impact of possible physical layer attacks and also to minimize the cost of the network. Integer Linear and Stochastic Programming are used as well as heuristics are proposed (including Genetic algorithms) to solve the problem for different types of traffic scenarios that include uncertainties (time varying and multi period traffic).

The technical part of year 4 deals with the development of a series of novel RSA algorithms that consider the availability of the network in the event of uncertainties and also the data protection against eavesdroppers. More specifically, the research examines the problem of bandwidth prediction in the presence of traffic demand uncertainty using dynamic programming and the minimization of lightpath reconfigurations during popular events while minimizing the impact of attacks. Moreover, eavesdropping-aware RSA techniques are proposed utilizing spread spectrum techniques. Finally, this deliverable deals with routing, spectrum and core allocation (RSCA) problem in multi-core flexible optical networks taking into account physical layer interactions.

As attacks on the telecommunications infrastructure can cause both tangible and intangible losses for the company that provides the service, as well as for its clients, the current trend is for more and more networks that are virtually uninterruptible. Thus, the scientific/technical impact of this work is significant in terms of designing and engineering telecommunications networks that are protected against attacks from malicious users. This work also has significant commercial impact as the algorithms, heuristics, and tools developed can be exploited by telecommunications vendors and operators within their network infrastructures. Finally, the work carried out under this project has also far reaching economic as well as social impacts by preventing significant loss of information and protecting the confidentiality of the data due to malicious attacks that directly translate to enormous economic losses (for the network operators as well as the companies that use their services), and to the loss of communication means within the population that is nowadays increasingly connected and dependent on uninterrupted communication services for their everyday life activities.

During the project, the fellow had the opportunity to attend and present his work at international conferences and high-ranked peer-reviewed scientific journals, as well as present his work at several local workshops and seminars, and also had the opportunity to co-advise PhD students. This MC-CIG project has enabled the fellow to conduct independent research, helping to accelerate his academic career and integration with the host organization. Thus, the fellow had a unique opportunity to establish a robust career development plan, gain recognition at national and international levels, and obtain research independence. Currently, the fellow works on several projects at the host institution, collaborating with industry, and initiating research activities and proposals/projects.

Project website: