1410

IEEE PHOTONICS TECHNOLOGY LETTERS, VOL. 22, NO. 19, OCTOBER 1, 2010

Secure Optical Transmission in a Point-to-Point Link With Encrypted CDMA Codes

Zhenxing Wang, Student Member, IEEE, Lei Xu, Member, IEEE, John Chang, Ting Wang, Senior Member, IEEE, and Paul R. Prucnal, Fellow, IEEE
AbstractWe propose to utilize encrypted wireless CDMA codes in optical communications to built a secure point-to-point link. The CDMA codes are encrypted by advanced encryption standard (AES) before encoding data. Digital signal processing techniques are utilized for encrypted signal generation and reception without substantial hardware cost. Our experiment successfully transmits data at 1.56 Gb/s with a bit-error rate below forward error correction limit. Our analysis indicates that the system can be robust against various types of attack models. Index TermsAdvanced encryption standard (AES), code division multiple-access (CDMA), photonic layer security.

an electrical encrypted signal is generated and used to modulate an optical carrier for a point-to-point transmission link, with bit-error rate (BER) performance lower than the forward error correction (FEC) limit. Our discussion shows that this method can resist various attack models. II. PRINCIPLE DESCRIPTION In a wireless CDMA system, the data from each user is multiplied by a pseudo-noise code sequence to realize multiple accesses in the wireless channel. Each receiver decodes the data from the multiplexed signal by performing a correlation with its own code. Wireless CDMA provides a certain degree of transmission condentiality, because the transmitted data can be successfully received only if the matching CDMA code is known and used for correlation. In order to obtain optimal transmission performance, an orthogonal code set is usually adopted to minimize the interference from other codes. In practice, however, the wireless CDMA code design has specic standards (e.g., IS-95), which are known to the public. Based on these standards, the code sequences can be easily derived by simple detection [5], which leads to effective data interception by applying the corresponding decoding processes. To improve their transmission condentiality, additional encryption can be applied to these wireless CDMA codes [5]. When each CDMA code is encrypted with AES, the encrypted codes are difcult to compromise without the key, even though the original code set is known. Data streams from different users are encoded by different encrypted CDMA codes and combined in the wireless channel, achieving condential transmission. However, it is not feasible to achieve high-speed transmission Gb s in wireless communications with this approach, due to the limited spectral bandwidth. We propose using encrypted CDMA codes to build a highspeed condential point-to-point data link in ber optic communications, where the spectral bandwidth is much wider to accommodate the data rate. As shown in Fig. 1, the data stream is rst temporally divided into multiple data streams through inverse multiplexing, and each sub-datastream is encoded by one AES-encrypted CDMA code sequence. The encoded data streams will be combined to generate a noise-like signal, which is used to modulate a laser beam for optical transmission. It is difcult to extract data from the multiplexed signal without the knowledge of the encrypted codes. Note that the orthogonality of the original CDMA codes does not hold after encryption, resulting in larger interference after decoding. To overcome the performance degradation by code encryption, FEC techniques can be applied to improve the BER. Compared with direct AES encryption of the original data stream, our approach only encrypts the individual CDMA codes

I. INTRODUCTION

HOTONIC layer security has recently received considerable attention, since more and more security sensitive data are being carried through optical networks, such as bank-related information, companies internal data, and private messages. It is desirable to secure the data in the optical transmission layer to achieve high-speed transmission and optical signal processing transparency. Optical code-division multiple access (CDMA) can provide data condentiality in the photonic layer, in systems where the channels are optically multiplexed, and several demonstrations of secure optical CDMA systems have been carried out [1], [2]. However, in point-to-point transmission links, the optical CDMA codes can be easily identied [3], [4]. Thus, the data is vulnerable to the adversarys eavesdropping. In this letter, we propose the use of encrypted wireless CDMA codes to build a condential optical point-to-point transmission link. The CDMA code sequences are encrypted by advanced encryption algorithms [e.g., advanced encryption standard (AES)] and are difcult to decrypt directly. The transmitter temporally divides the original data stream into multiple data streams, encoded by different encrypted CDMA codes. The amplitude of the remultiplexed signal becomes randomized and noise-like, making it difcult to resolve the data even with the knowledge of the original CDMA code set. The CDMA code encryption, data encoding, and decoding are all realized electronically by digital signal processing (DSP) techniques, without introducing substantial hardware cost. In our experimental demonstration,
Manuscript received April 23, 2010; revised July 14, 2010; accepted July 17, 2010. Date of publication July 29, 2010; date of current version September 06, 2010. Z. Wang, J. Chang, and P. R. Prucnal are with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08544 USA (e-mail: zhenxing@princeton.edu; jcve@Princeton.edu; prucnal@princeton.edu). L. Xu and T. Wang are with NEC Labs, America, Princeton, NJ 08540 USA (e-mail: leixu@nec-labs.com, ting@nec-labs.com). Color versions of one or more of the gures in this letter are available online at http://ieeexplore.ieee.org. Digital Object Identier 10.1109/LPT.2010.2061223

1041-1135/$26.00 2010 IEEE

WANG et al.: SECURE OPTICAL TRANSMISSION IN POINT-TO-POINT LINK WITH ENCRYPTED CDMA CODES

1411

Fig. 1. Schematic diagram of generating multiplexed signals encoded by encrypted CDMA codes. Data bit 0 is represented by signal 1.

and uses the encrypted codes to directly encode data. The corresponding signal processing therefore is simpler, and a higher data rate is achievable. Moreover, the proposed approach realizes code encryption, data encoding, and decoding by DSP techniques, without using multiple optical encoders and decoders, which simplies the system design and saves the implementation cost. Although the digital-to-analog converter (DAC) limits the rate of a real-time DSP-aided system, current DACs achieve rates up to 30 GS/s (e.g., VEGA DAC II), meeting our requirement. III. EXPERIMENTAL SETUP AND RESULTS Fig. 2 shows the schematic diagram of the experiment. A computer is used to generate multiplexed encrypted CDMA signals. The original CDMA codes are m-sequences [6], having 511 chips, and are encrypted by AES. As shown in Fig. 1, the original binary data stream is separated into multiple data streams through a serial-to-parallel conversion. Each data stream is encoded by an encrypted CDMA code, and the encoded outputs are combined together synchronously in chip level. To achieve signal synchronization at the receiver, a preamble sequence is inserted in front of the multiplexed data stream, which is a 127-chip m-sequence. The total signal sequence is loaded into an arbitrary waveform generator (AWG) with a sample rate of 10 GS/s, to generate the corresponding electrical signal waveform. The total data rate is calculated as: , where is the codes chip rate (here Gchips s, equal to the AWG sampling rates) and is the codes chip number (here ). is the number of parallel encoders shown in Fig. 1. The electrical signal output is used to modulate a continuous-wave (CW) laser beam at 1553.66 nm, using the linear modulation region of a Mech-Zehnder modulator, which has an extinction ratio of 15 dB. The optical spectrum of the signal is shown in the inset of Fig. 2. The generated optical signal is transmitted through a 21-km standard single-mode ber (SSMF). and We study the system performances using encrypted codes, yielding a total data rate of 0.98, 1.56, and 2.15 Gb/s, respectively. In order for performance comparison, 50, 80 and 110 original CDMA codes are also used for data transmission, respectively. The correlation between any two different original codes is 1. By contrast, Fig. 3 displays the cor-

Fig. 2. Schematic diagram of experiment. Inset: spectra of CW laser and modulated signal.PC: computer; AWG: arbitrary waveform generator; IM: intensity modulator.

Fig. 3. Correlation matrix value of 80 encrypted CDMA codes.

relation between any two of 80 encrypted codes. The cross correlations between the encrypted codes range from 75 to 75. At the receiver side, a real-time sampling oscilloscope with sampling rate of 40 GS/s is used to capture the received optical waveform. Fig. 4(a) and (b) displays the signal waveforms to be transmitted and captured after propagation through the ber, respectively, which illustrate good linearity during the E-O modulation and ber transmission. The captured waveform is processed with an ofine computer program, which utilizes the same preamble sequence to synchronize the received signal and the same encrypted CDMA codes to decode the data. Fig. 5 shows the BER measurements of the transmission with and without encryption. A smaller number of codes yields a lower BER, but also results in less total data rate. With encrypis obtained when 80 codes are used, tion, a BER of 1.7 10 under the FEC limit. Error oors are present for 80 and 110 encrypted codes, due to the loss of code orthogonality. We did not see much dispersion effects in the 21 km transmission, because of the narrow spectrum of our signal. However, when the dispersion effects become critical, DSP technologies can be applied to compensate them. IV. DISCUSSION The AES encryption of CDMA codes essentially maps the original orthogonal code set to a random code set in the 2

1412

IEEE PHOTONICS TECHNOLOGY LETTERS, VOL. 22, NO. 19, OCTOBER 1, 2010

Fig. 6. Schematic diagram of random inverse multiplexing.

the encrypted CDMA codes, instead of the key of the AES encryption. If at certain bits the adversary knows all the data ( for bit 1, and 1 for bit 0) for each code value . Denote the th chip value of code as .( or , ) A set of equations can be listed as
Fig. 4. (a) Signal waveform to transmitted through ber. (b) Signal waveform captured by real-time oscilloscope.

(1) where is the sampled signal transmitted in the optical channel. Equation (1) can be solved by knowing enough . In order to protect the system against KPAs, we can design a special inverse multiplexing algorithm other than a simple serial-to-parallel conversion, which maps the serial data stream randomly to each encoder, as shown in Fig. 6. For example, in our experiment, a block of 4000 bits is mapped into 80 encoders every time, each encoder encoding 50 bits. The random mapcombinations, ping will yield which is complex enough to ensure that the adversary cannot nd which code encodes , or s temporal position. Therefore, equation (1) will not be obtained. Moreover, although the preamble that we use is just an m-sequence, it can be specially designed to be random-like and kept secret, which prevents the adversary from synchronizing the transmitted signal and nding . This will help to improve the systems condentiality against all of the above three attack models. V. CONCLUSION We propose to build a secure optical point-to-point transmission link with encrypted CDMA codes. Our experiment demonstrates the feasibility of the approach, and the analysis discusses the systems robustness against different attack models. REFERENCES
[1] S. Etemad, A. Agarwal, T. Banwell, J. Jackel, R. Menendez, and P. Toliver, OCDM-based photonic layer security scalable to 100 Gbits/s for existing WDM networks, J. Opt. Netw., vol. 6, pp. 948967, 2007. [2] C. Yang et al., Two-User 150-km eld ber security enhanced SPECTS O-CDMA transmission, IEEE Photon. Technol. Lett., vol. 19, no. 9, pp. 852854, Sep. 2007. [3] T. H. Shake, Condentiality performance of spectral-phase-encoded optical CDMA, J. Lightw. Technol., vol. 23, no. 7, pp. 16521663, Jul. 2005. [4] Z. Jiang, D. E. Leaird, and A. M. Weiner, Experimental investigation of security issues in O-CDMA, J. Lightw. Technol., vol. 24, no. 11, pp. 42284234, Nov. 2006. [5] M. Tafaroji and A. Falahati, Improving code division multiple access security by applying encryption methods over the spreading codes, IET Commun., vol. 1, no. 3, pp. 398404, 2007. [6] S. W. Golomb, Shift Register Sequences. San Francisco, CA: HoldenDay, 1967.

Fig. 5. BER measurements of original and encrypted CDMA codes.

10 code space. In this mapped code set, the cross correlations of the encrypted codes determine the BER performance and limit the maximum data rate. A tradeoff can be made between the code set randomness and the code performance. For instance, a semi-random code set, in which the cross correlations are conned under a desired value, may be considered unpredictable and provide enough security. Its BER performance will lie between the AES encrypted codes and the original codes shown in Fig. 5. In addition, since the optical signal has a narrow bandwidth, WDM techniques can be used to increase the total transmission rate. In cryptography, there are several attack models including ciphertext only attacks (COAs), meaning that the adversary only has access to the ciphertext, known plaintext attacks (KPAs), assuming that the adversary knows part of plaintexts and the corresponding ciphertexts, and chosen plaintext attacks (CPAs) presuming that the adversary can chose an arbitrary plaintext and obtain the corresponding ciphertext. Our proposed system is robust against COA, when sufcient encoded data streams get multiplexed at the transmitter [5]. In our experiment, the number of encoders can be increased easily by choosing CDMA codes with more chips (e.g., codes with 1023 or 2047 chips), without degrading BER performances. However, the system could be vulnerable under KPA or CPA attacks. To intercept the data, the adversary only needs to nd