## Abstract

The physical layer of optical access network is vulnerable to various attacks. As the dramatic increase of users and network capacity, the issue of physical-layer security becomes more and more important. This paper proposes a physical-enhanced secure strategy for orthogonal frequency division multiplexing passive optical network (OFDM-PON) by employing frequency domain chaos scrambling. The Logistic map is adopted for the chaos mapping. The chaos scrambling strategy can dynamically allocate the scrambling matrices for different OFDM frames according to the initial condition, which enhance the confidentiality of the physical layer. A mathematical model of this secure system is derived firstly, which achieves a secure transmission at physical layer in OFDM-PON. The results from experimental implementation using Logistic mapped chaos scrambling are also given to further demonstrate the efficiency of this secure strategy. An 10.125 Gb/s 64QAM-OFDM data with Logistic mapped chaos scrambling are successfully transmitted over 25-km single mode fiber (SMF), and the experimental results show that proposed security scheme can protect the system from eavesdropper and attacker, while keep a good performance for the legal ONU.

©2012 Optical Society of America

## 1. Introduction

The passive optical network (PON) has been widely deployed as the growth in demand of high access speed as well as low-cost deployment. Recently, orthogonal frequency division multiplexing (OFDM) signal modulation has attracted overwhelming research interest due to its strong inherent tolerant to fiber dispersion, significant system flexibility and potentially low cost for access network beyond 10G [1–9]. Considering the huge increase of subscribers and freedom flexibility in OFDM-PON, security has become one of the major concerns in future optical networks [10]. The broadcast mechanism and reflections of splitter in OFDM-PON can mislead the information going to a different optical network unit (ONU). The security problem has probed a strong need to eliminate the intruders in OFDM-PON such as denial of service attack, eavesdropping and masquerading of an ONU [11, 12].

Various technologies have been explored to improve the security in optical access network. However, most of the previous literatures focus on the security on the higher layer with cryptographic protocol, which encrypts the data frames but lefts the control frames and headers without protection. Hence it is a risky practice to build security on top of an insecure foundation [12, 13]. The physical layer is a transparent pipe for users and services, so the encryption on physical layer can inherently prevent the vicious attacks, which can be regarded as a transparent secure strategy. On the other hand, due to the convenient digital processing of OFDM signal, it is feasible to realize data encryption at the physical layer without changing any optical module or electrical circuit.

Among the proposed technologies, both quantum and chaotic cryptographies have received the most attention [14–16]. For the quantum method, the same no-cloning theorem of quantum technology inhibits its signal amplification. It will limit the transmission distance and the speed of key distribution, which is opposite to merits of OFDM-PON. Moreover, it needs a sophisticated optical equipment to prepare, transmit and detect the secure key, which would notably increase the cost of OFDM-PON. On the other hand, chaos-based communication has emerged as a promising solution to provide data confidentiality due to its high initial condition sensitivity [16–18]. The transmitted signal can be masked with chaos carrier or sequence with a highly unpredictable and random-look nature. It is sensitivity to variables’ and parameters’ changes and a small variation of any one (variable) changes (the outputs) considerably. Hence it is an effective secure strategy in OFDM-PON. Recently, we have proposed a kind of method to increase the security of physical layer by employing chaos scrambling [19]. It and the change of scrambling matrices are realized through an inheritance matrix.

In this paper, we have proposed and experimentally demonstrated a new chaos-based scrambling physical-enhanced secure strategy for OFDM-PON. An initial matrix of Logistic mapped chaos scrambling is employed to serve as the secure key. In our proposed strategy, the chaos scrambling is executed in the frequency domain of OFDM signal, which still reserves the orthogonal nature of OFDM. Through the sub-domain mapping, the chaos scrambling can periodically update the secure key for each ONU, which further enhance the security procedures. Unlike Ref [19], the update is realized through the scrambling matrix itself instead of the inheritance matrix, which can improve the efficiency of the generation of scrambling matrix. In our experiment, a 10.125 Gb/s confidential optical 64QAM-OFDM transmission with 128-order chaos scrambling is successfully achieved while remaining the spectral efficiency of OFDM symbols. This approach can also provide scalable secure strategy in OFDM-PON application.

## 2. Principle

Figure 1 illustrates a schematic of proposed secure OFDM-PON based on Logistic mapped chaos scrambling, which also can act as a random interleaver to improve the signal performance. Due to the chaos characteristic, the scrambling can enhance the PON security as well as the bit rate error (BER) performance. In Fig. 1, the PRBS downstream data is mapped into m-QAM or m-PSK data symbols and then goes through serial to parallel (S/P) transform. The N parallel outputs are frequency information on N OFDM subcarriers. Before the inverse Fourier transform (IFFT), the frequency information of OFDM signal is scrambled with chaos scrambling matrix. The scrambling matrix is generated from a Logistic based chaos map, which is controlled by the initial value and iteration parameter. In our proposed scheme, one dimensional Logistic map is employed as the chaos map, which is defined by [20]

where*μ*is the bifurcation parameter, n denotes the n

^{th}iteration compared with x

_{0},

*x*is the n

_{n}^{th}value iterated in Eq. (1) and

*x*can be an arbitrary value between 0 and 1. It gets a sophisticated kinetic behavior and changes with

_{0}*μ*dramatically. When

*μ*falls into the domain 3.569945<

*μ≤*4, the behavior changing will fall into chaos . Figure 2 shows the iteration process when

_{$\mu \in [3,4]$}with 100 times iteration. When

*μ≤*3.45, we can see that x only have two values, which gets 50% opportunity to get the right value. When

*μ*is beyond 3.45, the optional value of x becomes doubling. When

*μ*≥3.57, the values of

*x*increase a lot for a same

*μ*, which indicates x falling into an chaos status. Due to the unpredictable nature, with any given

*μ*, for any initial value

*x*, the Logistic map can iterate a unique sequence. A minimal variety of

_{0}*x*will lead to great difference of sequence behavior.

_{0}We assume that the number of OFDM subcarriers is *N* and an *N*-order chaos scrambling matrix is generated to encrypt the frequency information of OFDM signal. The time domain OFDM signal with chaos scrambling can be expressed as

*k*is the k

^{th}OFDM subcarriers,

*C*is the OFDM frequency information without scrambling,

_{k}*P*is the

*N*-order scrambling matrix. In Eq. (2), P is an

*N*×

*N*“0-1” scrambling matrix which is defined as

In the scrambling matrix, each row has only one “β” and no two rows are the same. *β _{ik}* indicates the scrambling position of

*C*. For simplicity, P is rewritten as

_{k}*j*denotes the j

^{th}scrambling matrix P

_{j},

*p*

_{j}is the row factor in Eq. (3) and {}

^{T}means transpose matrix. There we define the initial value

*P*when

_{0}*k*= 0, and

*P*satisfies the condition of Eq. (3) and Eq. (4).

_{0}In order to obtain *P _{k}* (

*k*>0), the chaos domain

_{$x\in (0,1)$}is equally divided into

*N*sub-domains and

*N*is the number of OFDM subcarriers. There we number the sub-domain from 1 to

*N*and each number indicates a position for initial iteration value of

*P*. The midpoint of each sub-domain is chose as initial iteration value, which can be expressed as

_{k}If we want to get *P _{k}*, we need to extract the positions of all the “β” from

*P*firstly and the position vector can be expressed as

_{k-1}_{n}is the right-subscript of “β” in each row of P

_{k-1}. Then

*Pos*is used for sub-domain mapping and the new initial iteration values can be expressed as

The elements of *I _{k}* are the initial iteration values for

*P*in (1). Besides, an iteration interval is employed for the generation of scrambling matrix, which indicates the step length of Logistic iteration in Eq. (1). Due to the chaos nature of Logistic map,

_{k}*I*will be an unpredictable parameter. After Logistic iteration with a certain steps, the chaos map would fall into a specific sub-domain, and the number of the sub-domain indicates the position of “β” in the corresponding row of

_{k}*P*. With a given step length and initial value

_{k}*P*, the Logistic iteration will continue until transverse all the sub-domains. Although the initial value is sensitive to small change, the performance wouldn’t affected by small errors. First, we have mapped the initial value into a sub-domain number with Eq. (5)-(6), which converts it into an integer value. When it is transmitted as part of the key in the channel, it would not affected by the channel noise. Second, the generation of scrambling matrices is implemented in the DSP domain at the local OLT and ONU, and they would not experience the channel. However, there would be a little more complexity at the terminal.

_{0}At the ONU, the encrypted data stream is descrambled with the reversed matrix of *P* and the procedure is same as the scrambling at the OLT. In this scheme, the OLT assigns different initial values and step lengths to different ONU. It is difficult to extract the data from the signal without the knowledge of initial values and the step length of the iteration. Since the scrambling matrix would not induce any redundant information, it reserves enough budget for forward error correction (FEC) coding and will not affect the performance of OFDM signal. Besides, the chaos scrambling is executed in the electrical domain and easily constructed, so it can be designed into any method of digital optical communications without changing any optical module.

## 3. Experiment and results

Experiment is provided to verify the performance of the proposed method for physical-enhanced security and the experimental setup is illustrated in Fig. 3 . The downstream pseudorandom binary sequence (PRBS) signal is firstly experiencing OFDM modulation through DSP processing offline. After constellation mapping and S/P transform, the data symbols are scrambled by the matrices and then execute the IFFT. The main system parameters are shown in Table 1 . For chaos scrambling, the secure key consists of Logistic map, step length and initial matrix, which ensure the security of the physical layer. The key distribution is realized as follows: When an ONU/RRU is authorized by the OLT, it will randomly generate a key named KEY1 and send to OLT. After receiving KEY1, OLT would send the control information and another key named KEY2 to the ONU/RRU, which is encrypted with KEY1. Then the ONU/RRU will use KEY2 as the communication key. In the experiment, the Hamilton symmetry is adopted for IFFT in order to execute the direct intensity modulation. Cyclic prefix and guard interval is 1/16 and 1/8 of OFDM symbol length respectively. An arbitrary waveform generator (AWG7122B) with a sample rate of 10Gs/s is adopted for D/A conversion, which yields a net data rate of 10.125 Gb/s for 64QAM mapped OFDM signal. A training sequence is added every 50 data frames for synchronization and channel estimation. The electrical waveform and spectrum is shown in Fig. 4(a) and 4(b), where we can see that the bandwidth of the signal is about 4 GHz. A commercial DFB laser at 1552.15nm is used as optical source, and the output OFDM signal is modulated onto the optical carrier by an intensity modulator (IM), which is working at its linear region. The encrypted optical OFDM signal is amplified by a commercial EDFA and then launched into 25 km single mode fiber (SMF) at an optical power of 5 dBm.

After transmission, the signal is split by a 1:4 power splitter before sent to the ONU. At the ONU side, the received signal is sampled with a 20Gs/s real-time sampling scope after direct detection via 10 GHz photodiode (PD), and the received electrical spectrum is shown in Fig. 4(d). The off-line DSP processing is used to decrypt and demodulate the vector signal. With its dedicated secure key, the ONU can recover its own data through descrambling processing. For the malicious ONU, it is difficult to thieve data without the secure key. It has to detect out not only the initial matrix, but also the step length of chaos iteration.

For chaotic system, the Lyapunov exponent is defined to characterize the rate of separation infinitesimally close trajectories for different initial value [18]. When the exponent η>0, it means that the trajectories will separate and the system is in chaos. For OFDM signal, we assume that the spectrum of each OFDM subcarrier is a Sinc function, and the Lyapunov exponent of the system is shown in Fig. 5
, where*μ* is the bifurcation parameter in Eq. (1). We can see that when*μ*is adjacent to 4, the system is chaotic, which is accord with Fig. 2.

As mentioned in section 2, the Logistic iteration will continue until transverse all the sub-domains to generate the scrambling matrix. There we define the order of scrambling size as L. The computational complexity of the generation is consisting of two parts: the iteration period to transverse the sub-domains and the size of scrambling. First we show the complexity for the iteration with different step length in Fig. 6 , where we adopt different initial values and same scrambling size. For Fig. 6, we calculate 1000 iteration and get an average period. We can see that the average iteration periods of different step length is below 3. On the other hand, the L×L scrambling matrix is generated from Eq. (6), where it is simplified into a 1×L position vector. So the complexity scaling is proportional to L. The total complexity is 3×L compared with the IFFT of N×logN. So the system complexity is determined by the IFFT block, which indicates a low complexity penalty for chaos scrambling.

Then we start considering the exhaustive key search attack in order to quantitative analysis the system security. Assuming the order of scrambling matrix is L = 2^{z}, there is 2^{z}! possible combination for the initial matrix, excluding the possible values of step length and bifurcation parameter. In our experiment, we choose L = 128 and the exhaustive trial is more than 3 × 10^{215} for malicious ONU. Furthermore, we have changed the scrambling matrix every 50 OFDM symbols. Hence it is infeasible to search the secure key for each OFDM frame.

To ensure the security of the system, a high initial sensitivity is an important point. Figure 7
shows the OFDM subcarriers distribution after chaos scrambling with two chaos scrambling matrix, which are named P_{0}’ and P_{0}” respectively. The difference between the initial values of the two matrices is just 0.001, and the scrambling size L = 128. The coordinate point of the column in Fig. 7 indicates the OFDM subcarrier index before and after scrambling respectively. Although the difference of initial values is just 0.001, we can see that it leads to total different subcarrier distributions after chaos scrambling.

We investigate the BER performance for ONUs with correct descrambling before and after transmission. Figure 8 shows the BER curves, where we can see that there is less than 0.5dB power penalty for 64QAM mapped OFDM signals after 25 km fiber. To compare the performance, the BER curves of the malicious ONU are also included in Fig. 8. It is clear that the eavesdropper has a BER around 0.4, which means that it cannot demodulate the useful data intended for the legal ONU. Due to the limitation of the scrambling size in the experiment, the BER at the eavesdropper is 0.4 instead of maximum value of 0.5. Furthermore, the period change of the scrambling matrix would also affect the BER. If the scrambling size is large enough, the BER of the eavesdropper would reach the value of 0.5. For the case of non-chaos scrambling, the BER performance is almost the same as chaos scrambling, which indicates that the chaos scrambling would not affect the whole performance of the system.

Figure 9
illustrates the BER performance with and without chaos scrambling when there is attack which affects some of the OFDM subcarriers. We can see that the information on the attacked subcarriers is totally ruined without chaos scrambling and the BER is above 10^{−2}, which cannot be recovered through FEC coding. However, the chaos scrambling can homogenize the error distribution among all the subcarriers. Although the BER of other subcarriers has deteriorated a little, the BER of the whole signal can be keep below 10^{−3}.

## 4. Conclusion

This paper proposes and experimentally demonstrates a novel physical-enhanced secure strategy for OFDM-PON, where the Logistic chaos scrambling is used to enhance the security level. The eavesdropper cannot detect the useful data from the legal ONU due to the unknown secure key consisting of the initial value and step length; besides, the chaos scrambling can efficiently resist the burst attacker from the malicious ONU. A 10.125Gb/s encrypted 64QAM-OFDM downstream signal is successfully demonstrated in OFDM-PON. Scrambling matrixes of 128-order are adopted in our experiment, which leads to a trial number of more than 3 × 10^{215}. The results show a good resist against attack and ensure a confidential communication in the physical layer.

## Acknowledgment

The financial supports from National Basic Research Program of China with No. 2010CB328300, National Natural Science Foundation of China with No. 60932004, 61077050, 61077014, 61177085, BUPT Excellent Ph. D. Students Foundation with No.CX201112, BUPT Young Foundation with No.2009CZ07 are gratefully acknowledged. The project is also supported by the Fundamental Research Funds for the Central Universities with No.2011RC0307, 2011RC0314.

## References and links

**1. **M. Cvijetic, “Advanced Technologies for Next-Generation Fiber Networks,” in *Proc*. OFC’10, paper OWY1 (2010).

**2. **D. Qian, N. Cvijetic, J. Hu, and T. Wang, “40-Gb/s MIMO-OFDM-PON using polarization multiplexing and direct-detection,” in *Proc*. OFC’09, paper OMV3 (2009).

**3. **N. Cvijetic, D. Qian, and J. Hu, “100 Gb/s Optical Access Based on Optical Orthogonal Frequency Division Multiplexing,” IEEE Commun. Mag. **48**(7), 70–77 (2010). [CrossRef]

**4. **B. Liu, X. Xin, L. Zhang, J. Yu, Q. Zhang, and C. Yu, “A WDM-OFDM-PON architecture with centralized lightwave and PolSK-modulated multicast overlay,” Opt. Express **18**(3), 2137–2143 (2010). [CrossRef] [PubMed]

**5. **J. L. Wei, E. Hugues-Salas, R. P. Giddings, X. Q. Jin, X. Zheng, S. Mansoor, and J. M. Tang, “Wavelength reused bidirectional transmission of adaptively modulated optical OFDM signals in WDM-PONs incorporating SOA and RSOA intensity modulators,” Opt. Express **18**(10), 9791–9808 (2010). [CrossRef] [PubMed]

**6. **J. Yu, M. F. Huang, D. Qian, L. Chen, and G. K. Chang, “Centralized Lightwave WDM-PON Employing 16-QAM Intensity Modulated OFDM Downstream and OOK Modulated Upstream Signals,” IEEE Photon. Technol. Lett. **20**(18), 1545–1547 (2008). [CrossRef]

**7. **X. Liu and F. Buchali, “Intra-symbol frequency-domain averaging based channel estimation for coherent optical OFDM,” Opt. Express **16**(26), 21944–21957 (2008). [CrossRef] [PubMed]

**8. **W. Shieh, Q. Yang, and Y. Ma, “High-Speed and High Spectral Efficiency Coherent Optical OFDM,” in *Proc*.OFC’08, paper TuC2.3 (2008).

**9. **J. Armstrong, “OFDM for optical communications,” J. Lightwave Technol. **27**(3), 189–204 (2009). [CrossRef]

**10. **D. Fisher, “Optical Communication Challenges for a Future Internet Design,” in *Proc*. OFC’09, paper OMQ1 (2009).

**11. **B. B. Wu and E. E. Narimanov, “A method for secure communications over a public fiber-optical network,” Opt. Express **14**(9), 3738–3751 (2006). [CrossRef] [PubMed]

**12. **M. Hossen, K. D. Kim, and Y. Park, “Synchronized Latency Secured MAC protocol for PON based large sensor network,” in *Proc*. ICACT’10, 1528–1532(2010).

**13. **O. Matoba, T. Nomura, E. P. Cabre´, M. S. Milla’n, and B. Javidi, “Optical Techniques for Information Security,” in *Proceedings of IEEE Issue on Optics and Photonics for Security and Defense* (Dept. of Comput. Sci. & Syst. Eng., Kobe Univ., Kobe) **97**, 1128–1148 (2009).

**14. **F. G. Deng and G. L. Long, “Secure direct communication with a quantum one-time pad,” Phys. Rev. A **69**(5), 052319–052322 (2004). [CrossRef]

**15. **M. C. Soriano, P. Colet, and C. R. Mirasso, “Security Implications of Open- and Closed-Loop Receivers in All-Optical Chaos-Based Communications,” IEEE Photon. Technol. Lett. **21**(7), 426–428 (2009). [CrossRef]

**16. **A. Argyris, E. Grivas, M. Hamacher, A. Bogris, and D. Syvridis, “Chaos-on-a-chip secures data transmission in optical fiber links,” Opt. Express **18**(5), 5188–5198 (2010). [CrossRef] [PubMed]

**17. **M. van Turnhout and F. Bociort, “Chaotic behavior in an algorithm to escape from poor local minima in lens design,” Opt. Express **17**(8), 6436–6450 (2009). [CrossRef] [PubMed]

**18. **C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J. **28**, 656–715 (1949).

**19. **L. Zhang, X. Xin, B. Liu, and Y. Wang, “Secure OFDM-PON based on chaos scrambling,” IEEE Photon. Technol. Lett. **23**(14), 998–1000 (2011). [CrossRef]

**20. **S.-L. Chen, T. T. Hwang, and W.-W. Lin, “Randomness enhancement using digitalized modified logistic map,” IEEE Trans. Circuits Syst., II Express Briefs **57**(12), 996–1000 (2010). [CrossRef]