Physical Layer Attacks
advertisement
Lecture: 6 Network Survivability and Robustness Ajmal Muhammad, Robert Forchheimer Information Coding Group ISY Department Outline Introduction to Network Survivability Protection Techniques Classification Physical Layer Attacks Optical Network Component Vulnerabilities Link failure, equipment failure Path protection, link protection Dedicated resources, shared resources Fibers, switches, amplifiers Protection and Prevention of Attacks Network Survivability A very important aspect of modern networks Optical fibers with extremely large capacity has becomes dominant transport medium. Interruption for even short period of time may have disastrous consequences. No service provider is willing to accept unprotected networks anymore. Restoration = function of rerouting failed connections Survivability = property of a network to be resilient to failure Requires physical redundancy and restoration protocols. Optics in the Internet Data Center SONET SONET DWD M DWD M SONET SONET Access Metro Long Haul Metro Access Protection and Restoration in Internet A well defined set of restoration techniques already exists in the upper electronic layers: ATM/MPLS IP TCP Restoration speeds in different layers: BGP-4: 15 – 30 minutes OSPF: 10 seconds to minutes SONET: 50 milliseconds Optical Mesh: currently hundred milliseconds to minutes Why Optical Layer Protection? Advantages: Speed Efficiency Limitations Detection of all faults not possible (3R). Protects traffic in units of lightpaths. Race conditions when optical and client layer both try to protect against same failure. Protection Techniques Classification Restoration techniques can protect the network against: Link failures Fiber-cables cuts and link devices failures (amplifiers) Equipment failures OXCs, OADMs, electro-optical interface Protection can be implemented in: Optical channel sub-layer (path protection) Optical multiplex sub-layer (link protection) Different protection techniques for: Ring networks Mesh networks Protection in Ring Network Unidirectional Path Switched Ring 1+1 Path Protection Used in access rings for traffic aggregation into central office Bidirectional Link Switched Ring Bidirectional Link Switched Ring 1:1 Span and Link Protection 1:1 Link Protection Used in metropolitan or longhaul rings Used for inter-office rings Unidirectional Path Switched Ring (UPSR) Signal sent on both working and protected path Best quality signal selected Receiving Traffic Sending Traffic N2 N1 Outside Ring = Working Inside Ring = Protection N3 N4 N1 send data to N2 1+1 Protection Traffic is sent over two parallel paths, and the destination selects a better one. In case of failure, the destination switch onto the other path. Pros: simple for implementation and fast restoration Cons: waste of bandwidth Bidirectional Link Switched Ring (2-Fiber BLSRs) Sending/Receiving Traffic N2 Sending/Receiving Traffic N1 Both Rings = Working & Protection N3 N4 N1 send data to N2 & N2 replies to N1 1:1 Protection During normal operation, no traffic or low priority traffic is sent across the backup path. In case failure both the source and destination switch onto the protection path. Pros: better network utilization. Cons: required signaling overhead, slower restoration. Protection in Mesh Networks Network planning and survivability design Disjoint path idea: service working route and its backup route are topologically diverse Lightpaths of a logical topology can withstand physical link failures Working Path Backup Path Reactive / Proactive Reactive A search is initiated to find a new lightpath which does not use the failed components after the failure happens. It can not guarantee successful recovery, Longer restoration time Proactive Taxonomy Backup lightpaths are identified and resources are reserved at the time of establishing the primary lightpath itself. 100 percent restoration Faster recovery Path Protection Dedicated Path Protection • • • Shared Path Protection Backup resources are used for protection of multiple links Assume independent failure and handle single failure The capacity reserved for protection is greatly reduced Link and Channel Based Protection Link-based Protection Channel-based Protection Path Protection / Link Protection Normal Operation Path Switching: restoration is handled by the source and the destination. Link Switching: restoration is Link Switching: restoration is handled by the nodes adjacent to handled by the nodes adjacent the failure. to the failure. Span Protection: if additional fiber Link Protection is available. Outline Introduction to Network Survivability Protection Techniques Classification Physical Layer Attacks Optical Network Component Vulnerabilities Link failure, equipment failure Path protection, link protection Dedicated resources, shared resources Fibers, switches, amplifiers Protection and Prevention of Attacks Physical Layer Attacks Attack: Intentional action against the ideal and secure functioning of the network Attacks are much more hazardous than component failures as the damage they cause is more difficult to prevent: Attacks Classification Service disruption: prevents communication or degrades the quality of service (QoS) All connections and components appear to be functioning well in the optical domain, but the electrical bit error rates (BERs) of the legitimate channels are already impaired Tapping: compromises privacy by providing unauthorized users access to data, which can then be used for eavesdropping or traffic analyses Component Vulnerabilities: Fibers Bending the fiber violates the total internal reflection and causes light to leak outside the fiber Photodetector can pick up such leakage and deliver the transmitted content to the intruder Exploiting fiber nonlinearities: cross-phase modulation and Raman effects may cause a signal on one wavelength to amplify or attenuate a signal on another wavelength Co-propagate a malicious signal on a fiber and decrease QoS or tap legitimate signals Commercial tapping devices introduce losses less than 0.5 dB and some even below 0.1 dB Optical Switches Optical switches are prone to signal leakage, giving rise to crosstalk Malicious users can take advantage of this to cause service degradation and/or perform eavesdropping Inter-channel crosstalk: occurs between signals on adjacent channels. Can be eliminated by using narrow pass-band receivers. Intra-channel crosstalk: occurs among signals on the same wavelengths, or signals whose wavelengths fall within each other’s receiver pass-band. Crosstalk levels of optical switches range from -35 dB (SOA, liquid crystal, electro-optical, thermo-optical) to -55 dB for MEMS. Examples Tapping attack exploiting intra-channel crosstalk in an optical switch If a tapper gains access to upper output port, part of the signal at lambda 2 is delivered straight into his hands Jamming attack exploiting intra-channel crosstalk in an optical switch Attacker injects a high-powered signal on the same Wavelength (in-band jamming) as other legitimate data signals. Components of the high-power signal will leak onto adjacent channels, impairing the quality of the transmission on those signals Optical Amplifiers Erbium-doped fiber amplifiers (EDFAs) are the most commonly used amplifier in today’s WDM networks. An optical amplifier is characterized by its gain, gain bandwidth, gain saturation, polarization sensitivity and amplifier noise. The distribution of excited electrons is not uniform at various levels within a band The gain of an EDFA depends on the wavelength of the incoming signal with a peak around 1532 nm Can be compensated by employing passive or dynamic gain equalization Gain Competition in EDFA The limited number of available upper-state photons necessary for signal amplification must be divided among all incoming signals. Each of the signals is granted photons proportional to its power level, which can lead to gain competition. Stronger incoming signals receive more gain, while weaker signals receive less Gain competition can be exploited to create service disruption A malicious user can inject a powerful signal on a wavelength different from those of other legitimate signals (out-of-band jamming), but still within the pass-band of the amplifier. The stronger malicious signal will get more gain than weaker legitimate signals, robbing them of power. Qos level of the legitimate signals will deteriorate, potentially leading to service denial. Equip amplifiers with input and output power monitoring capability Low Power QoS Attack Optical splitter is attached at the head of link AB to attenuate the propagation power by a certain amount (7 dB). Link AB OSNR degradation for LP1 & LP3 exacerbate to 18.5 dB. Attack is able to propagate by taking advantage of the OXC equalizations. Equalizer in node B will attenuate LP2 to ensure the flat power spectrum on link Make the network more BC sensitive to the abnormal changes The amplifier (with gain control of 15 dB) are placed such that each can exactly compensate the loss introduced by the preceding fiber spans 75 km Performance monitoring at the amps & OXCs should be aware of the real-time LP configuration and vary the alarming thresholds accordingly 7 dB attenuation Performance metrics of each channel measured at different places of the network Protection and Prevention of Attacks Achieving complete protection requires large investments by the network operator. Hardware measures- shielding the fiber, additional equipment capable of limiting excessive power (e.g., optical limiting amplifiers, variable optical attenuators or optical fuses). Use components with lower crosstalk levels. Transmission schemes- applying different modulation and techniques, limiting the bandwidth and power of certain signals. coding Architecture and protocol design- identifying and avoiding risky links or assigning different routes and wavelengths to separate trusted from untrusted users. Optical encryption- protect communication confidentiality by making it incomprehensible to an eavesdropper.
