In this 'Viewpoint' we take a look at 'Total Optical Security' in protecting optical fibre, considering the risks and the steps that can be taken.
Introduction
Optical fibre cables form the underlying infrastructure on which the modern data centric society is founded. Often taken for granted, these life lines are in fact susceptible to many hazards. While all data processing equipment is securely locked away in data centres, often underground or otherwise highly secured, the interconnecting fibre lines run outside in public ground.
Fibre may be harmed unwillingly by rodents, ground work or even natural phenomenon’s such as flooding or earthquakes. Even worse, the fibres are the easiest way to attack an otherwise highly secure network. This may include cutting fibres to create outages, or in the most advanced way, tapping of the data carried though the fibre.
All of these scenarios do indeed happen. For example some years back Germany’s largest airport in Frankfurt was attacked by anti-airport activists. Entire fibre bundles where not only cut, but in fact a few meters were taken out meaning that direct re-splicing would not be possible.
In another recent case the main fibre to a town was cut by clever burglars, to prevent the alarm forwarding of the jeweller’s alarm system to the police. As a direct consequence, Internet service for the whole town went down for half a day.
Safety Measures
Lanode's partner MICROSENS has realised the high vulnerability of the fibre infrastructure and offers an increasing range of detecting and securing network elements.
OM1 - The most basic function is the detection of changes to fibre behaviour. A fibre which is sharply bent, dented or otherwise deteriorating, changes its optical characteristics. Most prominent is the change of attenuation. With the Optical Power Monitor - OM1, the fibre attenuation is permanently monitored and even small changes (up to 1/10 dB) are recognised and reported. Gradual changes can be detected and further measures can be taken before an outage occurs. By placing an OM1 at each end the difference between the power levels of each end can be determined. This value is the fibre attenuation.
OM2 - The OM2 module takes this detection one step further by simultaneously measuring all wavelengths of a DWDM link. Thus each individual wavelength channel is monitored for its power level and wavelength accuracy. Problems in the WDM system can be detected as well as any fibre impairments. Due to the detailed information the system can distinguish between fibre plant related and end equipment related changes to the power level. The OM2 is intended for permanent round the clock surveillance. Operators receive straight forward SNMP alarms indicating the affected wavelength or fibre changes.
The diagram below shows an Optical Power Monitor application controlling a simple point-to-point WDM link:
FibreMonitor - Naturally, sudden failures such as a cut cannot be predicted. However, with the FibreMonitor system valuable time between a failure and the actual beginning of the repair process on site can dramatically be reduced. This system detects changes to the fibres attenuation, similar to the OM1 described before. In addition, it also detects the exact location where the event occurred with meter accuracy within seconds. In practical terms this means that no time is wasted in getting a repair team to the exact location of the failure.
Without the FibreMonitor a long time is wasted by first checking if indeed a fibre is broken or perhaps if the attached equipment is at fault. This alone may take a lengthy testing procedure. If several fibre providers are interconnected to form the service it needs to be resolved which carrier is at fault. The carriers themselves will not know, because the fibre is, as such, blind. Valuable time might be wasted in discussing who will need to check the fibre.
Eventually, someone will need to drive to one end of the fibre, disconnect the attached equipment and insert an OTDR. The tester may, depending on the type of error, give a clear response, or its measurements will need to be visually compared to a previous measurement to see where a difference is found. Finally, the point should be found and the subsequent driving to the actual location of the problem can begin.
In simple terms the FibreMonitor eliminates the additional network downtime which is required to diagnose the precise location of a fault. These wasted hours represent lost productivity which should be put in perspective when evaluating the equipment cost of operating a permanent fibre monitoring system. This is especially important if no alternative fibre link exists, as is often the case with remote locations or star shaped networks.
Fibre Backup
While a fibre is down, network operation should not stop if at all possible. Many protocols such as IP and SDH/Sonet provide protection schemes that support such uninterrupted service if an alternate path is available. There are potential pitfalls here. Ethernet protection requires all traffic to be re-routed logically. This requires careful setting of many router options and most importantly takes a long time. The automatic network convergence may take minutes. There is also the organizational issue that a fibre backup typically is part of the network carrier offering, while router backup must be organised by the customer. Another problem is that ring topologies, which are required for SDH backup for example, are not always available.
In all these cases a backup in the physical layer offers an elegant solution. Using the LP1 module, data is re-routed to a secondary fibre within 10-20ms. Higher layer protocols are not affected and continue to operate unimpeded. A network convergence time does not occur. The LP1 works on the same principle as the OM1 and may also be used to provide early warning to cable failures and backup switching even before an actual failure occurs.
Fibre Tapping
So far we have looked into resolving network failures. But what about the, in some cases even more consequential, aspect of data stealing? For a long time fibres have been deemed inherently secure because they do not create a magnetic field around them which could be monitored. While this fact still holds true, it is nonetheless relatively simple to extract light out of an operating fibre. The most straightforward method is by bending the fibre sharply. Some light cannot follow the given path of total reflection and exits the fibre core into the outside coating. When that coating is removed, which does not disturb its operation, that extracted light can be fed to a highly sensitive receiver and data can be intercepted.
NB: A low cost bend coupler is sufficient to eavesdrop on a fibre within a splice cassette.
Due to the effect that light, which leaks out at one point, does not reach the end-point the receive power level will decrease a little bit. The OM1, OM2 and the FibreMonitor detect very minor changes to the fibre power level. Thus tapping of a fibre is detectable. In combination with the exact position of the change, it may even be possible to catch the thief while at work!
It is often perceived that fibres which are underground and with thick coating around them cannot be tapped. While this may be true it is important to realise that all fibre links are constructed from several fibre sections, which are joined (spliced) together in so called splicing cabinets. These boxes are usually easily accessible on the side of a street, to permit quick access to the Telecom technician. Here the fibres are not only available without any protection at all, they are also clearly marked to facilitate trouble shooting. This is a convenient place for an intruder attack.
Data Encryption
An accepted way to safeguard data is encryption. One can argue that tapping a fibre is of no use, since all important data is encrypted anyway. While principally true, it is alarming to know that only small fractions of the transported data is in fact encrypted. E-mail traffic typically is not, and neither is most data stored on file servers. When this data is moved about to create backup images in remote disaster recovery data centres, this data is in most cases transported in their native, unprotected format.
The use of application level software encryption requires extra effort and care by both the administrators and the user which is simply not taken. When large amounts of data are handled, a software based solution will seriously impact performance.
Lanode offers a hardware based, on-the-fly, real-time encryption product line from MICROSENS called CipherPilot that guarantees automatic protection of all data on a fibre or wavelength. Running at data rates from 100Mbit/s up to 10Gbit/s and being maintenance free with automatic key distribution a new level of functionality is achieved which would have been unthinkable only a few years ago. Encrypting the fibre at layer 2 also has the benefit that all traffic, for example VOIP traffic or video from security cameras, are obscured.
Summary
The different technologies presented here all take their role in adding data reliability and security. There are clear differences in their contribution toward security which is closely related to their complexity and ultimately their cost.
With the MICROSENS suite of products State-of-the-Art secure networks can be realised and they are ideally suited for all types of governmental, military or industrial networks with highest availability and security requirements.
Comparison Chart
The chart below provides a summary of the main differences between the monitoring and encryption solutions in the Total Optical Security Suite.
Function |
OM1 |
OM2 |
LP1 |
FibreMonitor |
CipherPilot |
Total fibre Power |
Yes |
Yes |
Yes |
No |
No |
Wavelength Specific power |
No |
Yes |
No |
No |
No |
fibre Attenuation |
Yes (with 2 OM1) |
Yes (with 2 OM1) |
Yes (with 2 OM1) |
Yes |
No |
Connector / Splice Quality |
No |
No |
No |
Yes |
No |
Runs on actively used fibre |
Yes |
Yes |
Yes |
Yes |
(on channel) |
Runs on unlit fibre |
No |
No |
No |
Yes |
- |
Switch Backup on fibre attenuation |
No |
No |
Yes |
No |
No |
Localize fibre Problems (Distance) |
No |
No |
No |
Yes |
No |
Encrypts Data |
No |
No |
No |
No |
Yes |
Application Focus |
Basic fibre Error Detection |
WDM channel monitoring plus basic fibre error detection |
Basic fibre Error Detection plus fibre Backup |
Advanced fibre Error Detection and Intrusion Detection |
Data Security on fibre |
Extract from an original article from MICROSENS
Used with permission