This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This term paper explains the security threats to optical fiber networks along with the basic methodology behind such threats, further more the detection and prevention techniques are also explained. Concept of encoding the data over the channel is also presented as a solution to the security issues along with the brief description of quantum cryptography.
Along with the passage of time optical fibers are becoming the widely used communication channel all over the globe as they provides a better solution to reliability and bottle neck bandwidth issues.
A major issue behind every communication channel is the protection of data over the channel. These days' optical channels are also facing different security issues such as information steeling as well as service disruption. This term paper will give sum remedies to avoid such security threats.
Service disruption and information steeling are major issues cracking the quality and reliability of the optical fiber channels. Hackers have developed devices to crackdown optical fibers either for extracting military/commercial information or disrupting the services.
Such devices basically depend on the phenomenon of fiber bending and crosstalk interference which remain to be undeniable properties of optical fiber cables.
All Optical Network Security
It is clear that AONs are emerging as a viable technology for future telecommunications networks. However, security differences with respect to existing electronic and electro optic networks have drawn considerable attention
Some of the features and vulnerabilities are as follows:
1) Because of the very high data rates in AONs, large amount of data may be corrupted or damaged, even in the cases of short or infrequent attacks.
2) End users may continue to use protocols such as TCP/IP that are designed for slower electronic networks. Use of such protocols over large distances having a high bit rate can raise chances of service denial attacks which might be using sporadic or relatively low power method. Such attacks are very difficult to detect.
3) Transparent AONs allow routing and switching of optical signals within the network without regeneration. This transparency raises many security vulnerabilities that do not exist in electro-optic or electronic networks involving signal regeneration.
To provide secure and reliable AONs, various security issues should be considered including physical security and information security. Physical security prevents unauthorized access to network resources. Information security, on the other hand, prevents unauthorized access to information, and assures confidentiality and integrity of the information. 
Service disruption and tapping are the two most common threats to the physical security of AONs. The most commonly used AON components including optical fiber cables,
Combiners, splitters, multiplexers, de-multiplexers, optical amplifiers, optical transmitters, and optical receivers are susceptible to service disruption and tapping attacks.
Fig 1. Optical Fiber Tapping Device 
A. Service Disruption Attacks:
Service disruption attacks can cause data delay, service denial and QoS degradation. Under normal operating conditions, optical fibers radiate a negligible amount of power from the fiber compared to other wave-guide media such as coaxial cable. However, like coaxial cable, service can be easily disrupted if optical fiber is cut or disrupted by any way. Light may be radiated into or out by making a slight bend in the fiber by such less disruptive attack.
Two other most widely used methods of service disruption attacks are in-band jamming and out-of-band jamming.
1) In in-band jamming, an attacker injects a signal designed to reduce the ability of the receiver to interpret the transmitted data correctly. The attack can degrade a signal on that link, and affects other links attached to the node at which the attack signal reaches first. This is primarily due to transparency feature of AONs that lets signals flow through nodes without regenerating them.
2) In out-of-band jamming, an attacker reduces communication signal component by exploiting leaky components or cross-modulation effects. An out-of-band jamming attack can be used to exploit crosstalk in various components. In this type of attack, an attacker injects a signal at a different wavelength from the communication bands, but within the amplifier pass-band. The amplifier provides gain to attack signals and legitimate network communication signals indiscriminately from a finite supply of gain because it cannot distinguish between those signals.
B. Tapping Attack:
Tapping can be used to gain unauthorized access to information that may be used for spy or traffic analysis. Tapping attacks are possible at several points within the network due to component crosstalk. For example, contemporary de-multiplexers within network nodes separate each individual signal (or wavelength) received from a single fiber on to separate physical paths. These de-multiplexers may exhibit cross-talk levels between 0.03% and 1.0%. These cross-talk levels allow a little of each signal to leak onto the wrong path. Yet these signals may have enough fidelity to permit an attacker to detect their presence and recover a portion of data.
At high signal levels, such as at the output of an optical amplifier, fibers exhibit some cross-talk that may be used for tapping by co-propagating a signal on the fiber.
Tapping can also be combined with jamming for very powerful service disruption attack.
As delays may vary gradually with respect to data rates, an attacker may tap a signal and also inject a signal downstream of the point of tapping. This type of attack is called a correlated jamming attack. This attack is very harmful to users with very low Signal to Noise Ratio (SNR). 
Fig 2. Power loss by fiber bending 
Various existing supervisory techniques and automatic diagnostics can be applied to detect attacks upon AONs. Supervisory techniques are classified into two categories; methods that perform statistical analysis of data, and methods that measure a signal devoted to diagnostic purposes. 
A. Power Detection methods:
These methods are based on the comparison of received optical signal power to the expected value of optical signal power. Any change in the received optical signal power with respect to the expected signal power could be used to determine security attacks. There are two major drawbacks of these methods.
Firstly, a slight decrease in optical signal power is difficult to detect. Secondly, small but detectable changes in optical signal power resulting from component aging and fiber repairs may not be attributable to attacks, and may not adversely affect optical signals.
B. Optical spectrum analysis methods:
These methods measure the spectrum of an optical signal. They are able to detect a change in spectrum shape, even if that change in shape does not involve a change in power over the whole channel. Optical spectrum analysis methods provide more information than power detection methods. However, they rely on statistical comparisons between sample averages and statistical averages that require additional processing time that makes them slower than some other attack detection methods.
C. Pilot tone methods:
These methods use highly defined and unique signals, called Pilot tones, which travel along the same links and nodes as the communications data.
They are used to detect transmission disruptions.
D. Optical time domain reflectometry methods:
Optical time domain reflectometry methods are a special application of pilot tones. They analyze the pilot tone's echo.
These methods are typically used to detect attacks that involve fiber tampering.
Some hardware measures can be employed to alleviate service disruption.
1) Optical Limiting Amplifier (OLA) limits the output power to a specified maximum. Setting limits on light power also limits crosstalk and, therefore, crosstalk detection.
2) Band-limiting filters can be utilized in order to discard signals outside certain bandwidth. This can prevent gain competition attacks in optical amplifiers.
3) Alarming and physical strengthening of the cladding or ways to detect minute power losses may prevent a physical tap in the fiber.
However, physical strengthening and alarming the cladding needs tremendous changes in the existing infrastructure, and that entail significant expense. Additionally, physically securing optical fiber against physical tapping does not provide protection against tapping via crosstalk. As an alternative, devices with lower crosstalk may diminish both service disruptions and tapping attacks.
4) Separate data paths for trusted and untrusted users may also prevent security threats. 
Fig 3. Strengthened protection over fiber core 
This data protection technique encodes the data at the transmitter side with a specific understandable key for the receiver; this data over the channel is only understandable by the specific receiver. This technique indeed minimizes the threat of data privacy exploitation over the optical channel.
Some users are reluctant to implement encryption unless absolutely necessary because generating keys and processing encryption slows down their computer systems. Other users implement encryption but are frustrated by the resulting slowdowns. 
Fig 4. Encoding/Decoding Block Diagram 
A. Quantum Cryptography:
Quantum cryptography is a technology that exploits the laws of quantum physics to securely distribute symmetric cryptographic keys over a fiber optic link. The keys are then used with symmetric cryptographic algorithms to guarantee the confidentiality and integrity of data transmission over the link.
While conventional key distribution techniques rely on public key cryptography or manual exchange, and offer therefore only limited and conditional security. The secrecy of keys distributed by quantum cryptography is guaranteed in an absolute fashion by quantum physics. Quantum cryptography also allows fully automated key management, with frequent key replacement, and irrefutably reveals eavesdropping. Implementing quantum cryptography consequently ensures future-proof confidentiality of data exchanged over a link, which is extremely difficult to obtain with conventional techniques. 
B. Working of Quantum Key Distribution:
QKD lets two parties agree on secret keys.
It's a technique for agreeing on a shared random bit sequence within two distinct devices, with a very low probability that other eavesdroppers will be able to make successful inferences as to those bits' values. We use the random bit sequences as secret keys for encoding and decoding messages between the two devices.
Device A sends a series of single photons to Device B, each modulated with a random basis and a random value. Device A chooses a card side at random, writes a random
0 or 1 on that side, and sends the card to Device B. Device B also chooses a side at random and reads that side's value.
When Device A and Device B choose the same side, Device B reads exactly what Device A wrote. Otherwise, Device B reads a 0 or 1 completely at random. After Device B reads all the photons, Device B performs a sifting transaction with Device A to discard all cases where Device B read the wrong side. Device B sends which ones were correct. Then Device A and Device B discard all values where they disagreed on the basis and keep the remaining values for raw key material.
This complex procedure prevents an intruder to access and interpret data from the channel, as this procedure works on highly efficient handshaking between the transmitter and receiver. Any information loss with in the channel would not cost a crack down in the system as that specific packet would be considered as unmatched side of card within the transaction of data. 
Fig 5. Key exchange block Diagram 
Optical fiber security is a key element for an AON; so it is necessary to maintain a tap prevention and detection system with in the network. Physical strengthening of the fiber optic channel may protect the channel from intrude but will cost to be an expensive solution. Hence encryption of the data at the transmitter end would be more feasible solution within the existing channel and would provide a better level of privacy.