Accelerated secure key distribution based on localized and asymmetric fiber interferometers

Chaoran Huang; Philip Y. Ma; Eric C. Blow; Prateek Mittal; Paul R. Prucnal

doi:10.1364/OE.27.032096

1. Introduction

Key generation and distribution are indispensable for secure and private communications. Public key cryptography, depending on the computational hardness, is now the most commonly adopted key distribution method [1,2]. However, concerns about the future security challenges, e.g. quantum computing, have spawned interest in exploring new key establishing approaches. Therefore, physical layer is also exploited for key establishment, instead of solely relying on the cryptographic protocols at higher communication layers [3–7].

Quantum key distribution (QKD) is considered as the only solution that provides theoretically unconditional security in the physical layer [8–10]. However, QKD is vulnerable to the noise in classic channels. The noise and loss in the transmission channels easily buries the signals of interest [8,9,11–13]. These challenges imply that it is costly to implement and maintain a QKD system.

One promising and cost-effective approach is to leverage the unpredictable and random properties of transmission channels and convert the environmental randomness to secure keys. This approach utilizes the channel reciprocity: the keys are highly correlated only between legitimate users (Alice and Bob) but are independent to the signal eavesdropped by the eavesdropper (Eve). The idea has been experimentally demonstrated in both wireless and fiber communication systems using off-the-shelf devices and with negligible computational complexity. In wireless communication systems, key generation benefits from the multipath effects in radio channels, which feature highly dynamic temporal and spatial variations. Secure key distribution relies on the reciprocity only existing between the two users. The third party with a different location between the users will receive a signal independent of that shared between the two users [14–16].

Different from wireless communications, in the optical fiber communication systems, optical signals are well guided in the optical fibers. Therefore, the signals are unidirectional and highly resistant to environmental perturbations. The key generation system has to be delicately designed to magnify the environmental noise before converting it to detectable signals. Besides, the reciprocity does not intrinsically sustain in the optical communication system: the signal tapped out from the transmission link is relevant to that obtained by the legitimate users. Therefore, the key distribution system needs to be designed to break the symmetry between legitimate users and eavesdroppers. To solve these challenges, several approaches have been proposed for key generation and distribution in the fiber communication system by making novel use of the optical components and properties [3,17–21]. Random mode mixing in multimode fibers proves to have rich dynamics and is harnessed for key generation [17]. However, using a multimode fiber as the transmission media implies that this scheme is only compatible with short reach communication links. Polarization mode dispersion [19] and polarization mode interference [19] in polarization maintaining fibers (PMFs) are also exploited for key generation. However, the keys are not completely hidden in the transmission link, which allows the eavesdropper to access signals through fiber tapping. Then the eavesdropper can potentially reconstruct the keys from the disclosing information in the detected signals. Distributed Mach-Zehnder fiber interferometers [20,21] are proposed to convert the environmental noise to optical intensity fluctuations. Asymmetric structures are used to prevent the eavesdropper from directly detecting the keys from the transmission links. However, the interferometers are exposed to the public in [20,21], thus vulnerable to active intrusion attacks. The eavesdropper can easily control the key generation by installing his noise source near the transmission link.

In this paper, we propose and demonstrate a novel key generation and distribution system based on localized and asymmetric fiber-based Mach-Zehnder interferometers (MZIs). The key contributions of our work are summarized as follows:

• We propose key generation and secure distribution system over public fiber links by converting the environmental noise to key signals using MZIs. In contrast to [20,21], two MZIs in our system are installed locally in the offices of legitimate users, strengthening the system robustness of defending active intrusion attacks. Broadband amplified spontaneous noise (ASE) serves as the carrier of the key signal. The lengths of the two MZI arms are highly asymmetric and have a difference of at least a few kilometers. The asymmetric MZI configuration allows the keys to be concealed in the ASE noise from being detected and reconstructed by the eavesdropper. The two MZIs are identical and are located at the terminals of legitimate users, which equilibrates the arm lengths of the MZIs, which allows to remove the high bandwidth noise of ASE and make the signal only detectable to legitimate users.
• We experimentally implement the proposed system and demonstrate that the system can provide reliable performance. Keys are generated at the rate of 502 bit/s and are exchanged over a $\sim$ 10 km optical fiber with a bit error of $\sim$ 0.3%. We also present an experimentally validated system model and show that, compared to the distributed MZI schemes [20,21], the key generation rate can be increased by a factor of 5.7 at a negligible additional cost.
• We analyze system security under different attacks. The results show that the proposed system can ensure a secure key distribution in the public channel under both passive eavesdropping and active intrusions. We experimentally demonstrate that key signal cannot be detected at the fiber link (steganographic key distribution). Instead of capturing the keys in the digital domain, the eavesdropper is forced to build an identical MZI physically without knowing the MZI parameters. The eavesdropper has to randomly guess the parameters from a key space larger than $10^{9}$ by physically adjusting his MZI with milliseconds reconfiguration rate, which therefore takes a few hours to crack the system. To prevent the eavesdropper cracking the system, the MZI parameters can be updated using a pseudo-random function with a fixed seed and time slot. The system robustness relies on (1) the detection system has fundamentally limited bandwidth and sampling capability when operating on the ASE source (2) the receivers of the legitimate users and the eavesdropper have strong geometric asymmetry due to the asymmetric MZI configuration.

2. System description

2.1 System overview

As shown in Fig. 1, our key generation and distribution system considers a pair of legitimate users (Alice and Bob) equipped with two fiber-based MZIs and connected by a public optical fiber link. The environmental noise applies on the MZIs and generate secret keys in the MZIs. The keys are exchanged securely over the public link without encryption. The environmental noise comes from the acoustic noise and mechanical vibrations in the environment. In addition, temperature changes also contribute to the environmental noise at a lower frequency. The two MZIs are identical and are installed at the Alice’s and Bob’s local offices. The parameters of two MZIs can be pre-shared between Alice and Bob in a secret channel or through a physical meeting. The real lengths of the MZI arms can be calibrated by a fiber length meter and precisely synchronized by fine tuning of a tunable delay line until the received signal powers by Alice and Bob reach their maxima. We reasonably assume that the MZI setups cannot be physically accessed and the MZI parameters are unknown to the eavesdropper (Eve). The length of the MZIs is the critical and secret parameter associated with the system security. The two arms of the MZI have a length difference over tens of kilometers. Such an asymmetric MZI structure protects the signal from being not only detected but also reconstructed by Eve. The MZI arms are tightly coiled on spools, which allows the environmental noise to induce the same stretch to the whole fibers. To maintain a continuous key generation, Alice and Bob can install the MZIs at a location that does not become quiet even at night, for example, data centers. Or they can replace the fibers of MZIs with longer fibers at night which helps to amplify the fluctuations.

Fig. 1. System illustration: The key is generated from the environmental noise by using two localized MZIs collectively. The key is securely exchanged between Alice and Bob in public fiber links without encryption. ASE: amplified spontaneous emission, serves as the key carrier; PD: photo-detector, is used to detect the key; PC: polarization controller.

Download Full Size | PDF

Two broadband ASE sources from two independent erbium-doped fiber amplifiers (EDFAs) serve as the signal carriers, and are launched into the two MZIs from the opposite directions. The keys are generated in the two MZIs collectively by converting the environmental noise into optical intensity fluctuations. The keys are subsequently transmitted over the fiber link. Alice and Bob will receive the keys simultaneously and sample the keys with a synchronized clock.

2.2 System operation principle

In this section, we mathematically derive: (1) the keys received by Alice and Bob, and show that the keys received by them are identical; (2) the signal tapped at the fiber link, and show that no signal can be detected by Eve.

We first derive the key signal transmitted from Alice and received by Bob. The ASE noise with an electrical field $E^A_0=A^A_0\exp [i(\omega ^A t+\theta ^A_n)]$ is launched into Alice’s MZI (MZI^A) and is split into two branches. $A^A_0$ is the amplitude, $\omega ^A$ is the central frequency, and $\theta ^A_n$ is the phase noise of the ASE source from Alice. At the point before the signals on the two MZI arms are combined, the phase noise of the ASE source becomes $\theta ^A_n(t)$ and $\theta ^A_n(t+t_{MZI})$, respectively, where $t_{MZI}$ is the traveling time in the long arm with a length $L_{MZI}$, while the traveling time in the short arm can be ignored due to its negligible length. Apart from the inherent phase noise from the ASE source, the signal in the long arm experiences additional phase noise $\Delta \theta ^A_e(t)$, originated from the environmental noise. Therefore, the electrical field launched into the transmission link (point A in Fig. 1) is given by

(1)$$E^A(t) = \frac{1}{2}A^A_0\exp(i\omega^At)\{\exp(i\theta^A_n(t))-\exp[i(\theta^A_n(t+t_{MZI})+ \Delta\theta^A_e(t)]\}.$$

After the signal arrives at Bob’s office, the signal goes into the MZI of Bob (MZI^B). Since MZI^B is identical to MZI^A, the electrical field after MZI^B (point C) is given by

(2)$$\begin{aligned} E_{AB}(t) = \frac{1}{4}(\alpha L_T)^{\frac{1}{2}}A^A_0\exp(i\omega^A t)\{\exp[i(\theta^A_n(t+t_T+t_{MZI}) + \Delta\theta^B_e(t+t_{MZI}+t_T))]-\\ \exp[i(\theta^A_n(t+2t_{MZI}+t_T)+ \Delta\theta^A_e(t)+ \Delta\theta^B_e(t+t_{MZI}+t_T))]-\\ \exp[i\theta^A_n(t+t_T)]-\exp[i(\theta^A_n(t+t_{MZI}+t_T)+ \Delta\theta^A_e(t))]\}. \end{aligned}$$

where $\alpha$ is the loss coefficient of the transmission fiber, $L_T$ is the transmission length, $t_T$ is the transmission time from Alice to Bob’s office, and $\Delta \theta ^B_e(t)$ is the phase noise from the environment induced by MZI^B. Due to the large bandwidth of the ASE source, the interference only occurs between the signals with the phase terms $\theta ^A_n(t+t_T+t_{MZI}) + \Delta \theta ^A_e(t)$ and $\theta ^A_n(t+t_T+t_{MZI}) + \Delta \theta ^B_e(t+t_{MZI}+t_T)$, because the ASE phase noise $\theta ^A_n(t+t_T+t_{MZI})$ can be canceled out after interference.

To main the performance of key distribution, it is important to ensure that the arm length of two MZIs are matched. Otherwise, the residual ASE phase noise will reduce the waveform fluctuation. When the arm length discrepancy between the two MZIs is within the coherent length of the ASE source, the key waveform can be detected but with a reduced fluctuation range [21]. This will result in increased key generation errors due to the reduced the signal to noise ratio (SNR) of the key signals. When the arm length discrepancy is larger than the coherent length of the ASE source, users can only receive a constant optical power.

Key waveform received by users: the signal intensity that is transmitted from Alice and received by Bob becomes

(3)$$I_{AB}(t) = |E_{AB}(t)|^2 = \frac{1}{8}\alpha L_T|A^A_0|^2[2-\cos(\Delta\theta^A_e(t)-\Delta\theta^B_e(t+t_{MZI}+t_T))].$$

Similarly, the intensity of the signal that is transmitted from Bob and received by Alice is given by

(4)$$I_{BA}(t) = |E_{BA}(t)|^2 = \frac{1}{8}\alpha L_T|A^B_0|^2[2-\cos(\Delta\theta^A_e(t+t_{MZI}+t_T)-\Delta\theta^B_e(t))].$$

The key waveform can be extracted by normalizing the AC signal of $I_{AB}(t)$ and $I_{BA}(t)$, and is given by

(5)$$\begin{aligned} K_{AB}(t) &= \cos(\Delta\theta^A_e(t)-\Delta\theta^B_e(t+t_{MZI}+t_T))\\ K_{BA}(t) &= \cos(\Delta\theta^B_e(t)-\Delta\theta^A_e(t+t_{MZI}+t_T)) \end{aligned}$$

The key waveforms received by Alice and Bob are identical, when $\Delta \theta ^A_e(t) = \Delta \theta ^A_e(t+t_{MZI}+t_T)$ and $\Delta \theta ^B_e(t) = \Delta \theta ^B_e(t+t_{MZI}+t_T)$. This requires that $\Delta \theta ^A_e$ and $\Delta \theta ^B_e$ approximately stay the same during $t_{MZI}+t_T$. Since the environmental noise bandwidth is around a few kilohertz, $\Delta \theta ^{A(B)}_e(t)$ and $\Delta \theta ^{A(B)}_e(t+t_{MZI}+t_T)$ will be approximately identical when the transmission length is within tens of kilometers. An excessively long transmission distance will cause phase discrepancy in two transmission directions, thus increasing key distribution errors. Equation (5) indicates that our approach can successfully generate and exchange the key between two users. The keys consist of environment induced phase noise from both Alice and Bob.

Key waveform received by Eve at the fiber link: the intensity of the signal launched into the transmission link from Alice can be derived from Eq. (1) and is given by

(6)$$I^A(t) = |E^A(t)|^2 = \frac{1}{2}|A^A_0|^2\{\cos[\theta^A_n(t+t_{MZI})-\theta^A_n(t)+\Delta\theta^A_e(t)]+1\}.$$

The normalized waveform is give by

(7)$$S^A_T(t)=\cos[\theta^A_n(t+t_{MZI})-\theta^A_n(t)+\Delta\theta^A_e(t)]$$

As shown in Eq. (7), the signal at the fiber link consists not only the environmental noise $\Delta \theta ^A_e(t)$, but also the phase noise from the ASE source $\theta ^A_n(t+t_{MZI})-\theta ^A_n(t)$. The bandwidth of the ASE source is a few THz, which is significantly larger than that of the environment induced phase noise $\Delta \theta ^A_e(t)$ (KHz). Therefore, the key information $\Delta \theta ^A_e(t)$ is buried in the ASE phase noise $\theta ^A_n(t+t_{MZI})-\theta ^A_n(t)$. When $S^A_T(t)$ is detected using a PD, the PD imposes a low-pass filter on $S^A_T(t)$, since the state-of-the-art detection system has a bandwidth of only $\sim$ 100 GHz. Therefore, after the PD, $S^A_T(t)$ becomes $\overline {S^A_T(t)} = 0$. This indicates that our system enables steganographic key distribution in which the key signal is concealed from being detected at the transmission link.

3. System implementation and performance

3.1 Experimental demonstration of key generation and distribution

Experimental setup: Two identical MZIs are constructed in our experiment, each consisting of two 50:50 fiber couplers and two fibers as the MZI arms. The fiber on the long arm has a length of 26 km and is tightly coiled on a spool. The short arm consists only the pigtails of the fiber couplers and has a length of only 1 m. Two MZIs are connected by a 10 km single mode fiber (SMF) as the transmission link. A polarization controller (PC) is inserted to align the signal polarizations on the two arms. The ASE sources are generated from two independent EDFAs operating without input signals. No synchronizations are required between the emission spectra and power of the two ASE sources. The ASE sources are launched to the two MZIs respectively, and are subsequently phase modulated by the environmental noise. The modulated optical signals are transmitted in the fiber link from the opposite directions, and are simultaneously converted to electrical signals using two PDs with a bandwidth of 20 GHz. The electrical signals are sampled and digitized by two oscilloscopes (Tektronix DPO4034) at a sample rate of 20 KSample/s. In the experiment, the two oscilloscopes are physically connected by an electrical cable and synchronized using a common clock. In the real system implementation, the GPS-based timing allows wireless clock synchronization between Alice and Bob.

Key waveform extraction and correlation measurement: Fig. 2(a)–2(b) show the typical key waveforms received by Alice and Bob respectively. The similarity between the two waveforms indicates whether the keys can be exchanged without excessive errors. The similarity is evaluated by measuring the cross correlation between the two waveforms as shown in Fig. 2(c). The maximal cross-correlation coefficient is 0.86, so one can expect significant similarities between the two waveforms. The residual discrepancy is potentially attributed to the phase change during the transmission, as indicated in Eq. (5). This discrepancy will result in key exchange errors, which however can be mitigated by information reconciliation [22,23].

Fig. 2. (the key waveforms obtained by (a) Alice and (b) Bob, respectively; (c) correlation measurement of two waveforms as a function of time lag. The peak correlation coefficient is 0.86, indicating the key waveforms obtained by Alice and Bob have significant similarity.

Download Full Size | PDF

Key bits extraction and error measurement: To extract the key digits from the waveforms, we use the level crossing protocol which is widely exploited in wireless communications [16]. In this protocol, a low threshold and a high threshold are specified according to the algorithm described in [16]. The key bit is assigned to 1 if the sampled signal level is higher than the high threshold, and is assigned to 0 if the sampled signal level is lower than the low threshold. The signal with a level between the two thresholds will be abandoned. The high and low thresholds $\gamma \pm$ are determined by $\overline {S(t)}\pm \alpha \times \sigma$, where $\overline {S(t)}$ is the average value of the waveform, factor $\alpha$ controls the thresholds to optimize the key rate and errors, and $\sigma$ is the standard derivation of the signal. 500,000 samples are recorded in the experiment. Due to the decorrelation time of $\sim$ 1.5 ms, the key waveforms are resampled at a sample rate of 666 Sample/s to guarantee that the extracted key bits are random [18,21]. We perform the level cross protocol to the downsampled signals, and the thresholds are optimized to ensure that the error rate is a minimum. Under the optimized threshold, 24.8% bits are abandoned because their power levels are between the two thresholds. After the key extraction, we obtain an average raw key generation rate of 502 bit/s with a bit error of $\sim$ 0.3%, which is comparable to other key generation and distribution approaches [14,17–19].

The errors can be corrected by the information reconciliation and private amplification process, at the expense of reducing the key generation rate [22–24]. Information reconciliation corrects the errors carried out between Alice and Bob’s keys. To locate and correct the errors, information (e.g. parities) needs to be exchanged over the public channels, and thus are easily disclosed to the eavesdropper [22,23]. Privacy amplification distills the disclosed information and produces a new key with length that is $n$ bit shorter, where $n$ is the number of bits that is leaked to the eavesdropper [24]. After privacy amplification, the eavesdropper has almost no knowledge about the new generated key, however key rate is reduced. The minimum information to be exchanged between the two parities for information reconciliation is given by $h(\varepsilon ) = -\varepsilon log_2(\varepsilon )-(1 - \varepsilon )log_2(1 - \varepsilon )$, where $\varepsilon$ is the key error rate [22,23]. The percentage of secure bits after the reconciliation protocol is $1-h(\varepsilon )$, which is 97% when the error rate is 0.3%. Therefore, the key rate is estimated to reduce from 502 bit/s to 486 bit/s to ensure the keys are not disclosed to the eavesdropper after privacy amplification.

Key randomness evaluate:To evaluate the key randomness, we first perform auto-correlation on the key waveforms received by Alice and Bob respectively. The result in Fig. 3(a) show that the key waveforms become uncorrelated when the waveform delay is larger than 1.5 ms. This indicates that two samples measured at a time difference larger than 1.5 ms are independent. We also perform 8-bit key histogram test to evaluate the key bits distributions. The extracted key bits are encoded to a 8-bit digits, and then the distribution probability of the digits are calculated over 256 bins. Unfortunately, the 8-bit key histogram in Fig. 3(b) does not show a perfect uniform distribution, and the probability variance is $2.28\times 10^{-5}$. This result indicates that the environmental fluctuation (at least measured from our laboratory environment) is a weak random source departing from uniformity. The randomness can be enhanced with randomness extractor functions [25]. Randomness extractor can be applied to the raw keys, together with a short, uniformly random seed, and generate a highly random and uniformly distributed output. The random seed in some randomness extractors can be reused [26,27]. In this case, the random seed can be exchanged between Alice and Bob securely by a one-time physical meeting. This technique has been widely applied to post-process the keys generated from the physical processes, such as radioactive decay and quantum random-number generation [26]. In our future work, we will improve the key extraction algorithm to improve the key distribution uniformity and study the randomness extraction algorithms to enhance the key randomness. The randomness of the improved key will be examined using National Institute of Standard Technology (NIST) statistical tests.

Fig. 3. (a) Autocorrelation functions for the two signals measured by Alice and Bob. (b) 8-bit key histogram of Alice’s extracted key

Download Full Size | PDF

3.2 Characterization of localized MZI: expedite key generation rate

In this section, we build an experiment verified model comparing the phase noise accumulation in the localized and distributed MZIs [20,21], and show that our approach can expedite the key generation rate by using localized MZIs.

The key generation schemes exploiting environmental noise face a common challenge of limited key generation rate. In the interferometer-based approaches, the key generation rate can be improved by increasing the interaction length between environmental noise and fibers. However, increasing the fiber length will induce extra transmission latency and will cause additional discrepancy between the waveforms received by the two users.

It was experimentally observed in [28] that phase noise in a localized MZI (the fibers are on spools) is significantly larger than that in a distributed MZI (fibers are installed in the telecoms network). For a distributed MZI, the environmental noise at a particular location can only influence a short fiber section nearby. The noise at different locations is approximately independent. An average effect will occur when the environment induced phase noise accumulates along the fiber, thus reducing the key generation rate. Unlike the distributed MZI, in the localized MZI, the total fiber spool responses to the environment noise simultaneously, so the phase noise accumulates along the fiber in the same direction. Therefore, the localized MZI can achieve a faster key generation rate compared to the distributed MZI with the same fiber length.

Modeling the phase noise in MZIs: We derive a model describing the phase noise in the distributed and localized MZIs according to [28], and quantitatively compare the key generation rate of these two MZIs. In this model, the optical fiber on the MZI arms is divided into $I$ sections. $\delta \varphi ^{ij}_\tau$ is the environment induced phase noise at the $i$th section at time $t_j =j\tau$, where $\tau$ is the time spacing between the sampled signal. Considering the phase as noise, $\delta \varphi ^{ij}_\tau$ obeys Gaussian distribution with a mean value of zero and standard deviation of $\sigma$. In a distributed MZI, $\delta \varphi ^{i}_\tau$ at different fiber sections is independent. While in a localized MZI, $\delta \varphi ^{i}_\tau$ is identical for all fiber sections. The phase noise in the $i$th fiber section will be added to that in the $i-1$th fiber section. While the phase noise generated at $j\tau$ will be added to that generated at the previous time slot $(j-1)\tau$. Therefore, the total phase shift at the MZI output at time $J\tau$ is given by

(8)$$\Delta\theta(J\tau) = \sum_{j=1}^{J}\sum_{i=1}^{I} \delta\varphi^{ij}_\tau$$

Simulation parameters: We simulate the temporal waveform at the MZI output by substituting Eq. (8) into Eq. (4). The signal sample rate is 20 KSample/s, which is consistent with our experiment. Due to the lack of resource to install a distributed MZI in the optical network, we refer to the results in [28] obtained from a field-trial experiment, and estimate that the phase noise variance $\sigma ^2$ is approximately 36 $\times$ $10^{-4}$ rad$^2$km$^{-1}$. The length of the MZI arm is 26 km. The arm is divided into 37 sections to match the simulated signal frequency with that measured from Fig. 2 and [28].

Simulation result: Fig. 4(a) and (b) show the temporal phase in the distributed and localized MZI respectively. Within 100 ms, in the localized MZI, the phase varies from $\sim$ -20 to $\sim$ 70 rad. While in the distributed MZI, the phase changes only from $\sim$ -11 rad to $\sim$ 2 rad. As a result, the signal waveform generated in the localized MZI is significantly faster than that in the distributed MZI (as shown in Fig. 4(c) and (d)). We characterize the waveform generation rate by analyzing the waveform bandwidth. As shown in Fig. 4(e) and (f), the key bandwidth in the distributed and localized MZI is 416 Hz and 2330 Hz (this number is approximately equal to the key bandwidth obtained from Fig. 2), respectively. This result indicates that the localized MZI can effectively improve the key generation by a factor of 5.7. It is worth mentioning that these two MZIs are compared at the same fiber length and phase deviation. The localized MZI improves the implementation in [20,21], leading to significantly enhanced key generation efficiency at a negligible additional cost and system complexity.

Fig. 4. Temporal phase in (a) a distributed MZI and (b) a localized MZI; temporal waveforms in (c) a distributed MZI and (d) a localized MZI; frequency spectra of the signal generated in (e) a distributed MZI and (f) a localized MZI. The two MZIs are compared at the same fiber length and phase deviation. The bandwidth of the signal in the localized MZI is 5.7 times higher than that in the distributed MZI.

Download Full Size | PDF

4. System security analysis

In our security analysis, we assume that the MZI arm length $L_{MZI}$ is secure against the eavesdropper. The eavesdropper does not have access to the MZIs installed at users’ local offices. Nevertheless, we recognize that the eavesdropper is capable of acquiring any state-of-the-art optical and electronic equipment for signal capture. We also recognize that the eavesdropper has the capability of accessing the transmission link via fiber tapping, but can only obtain a small amount of signal power ($\sim$ 1$\%$). Otherwise, the cable monitor system will detect the eavesdropping [29].

We hereby analyze the system security under different attacks and demonstrate the difficulties of (1) detecting the existence of the keys. We show that, due to the wide bandwidth of the ASE source, it is fundamentally difficult for the eavesdropper to identify the keys using the state-of-the-art optoelectronic devices; (2) capturing and recovering the keys in the digital domain. Due to ultra-wide bandwidth of the ASE source, the eavesdropper cannot remove the ASE phase noise, and thus cannot recover the key in the digital domain; (3) searching for the secret parameter length $L_{MZI}$ without prior knowledge. We show that, to remove the ASE phase noise, the eavesdropper needs to physically build an MZI identical to that of legitimate users. The eavesdropper has to randomly guess the system parameters and physically adjust his MZI with a low success rate of $10^{-9}$ and with millisecond reconfiguration rate; (4) reconstructing the key in the optical domain even when the eavesdropper knows $L_{MZI}$. We point out that the eavesdropper still cannot reconstruct the key from his measurements after he builds the identical MZIs at the transmission link; (5) conducting an active traffic jamming attack by modifying or controlling the key generation process without being detected.

4.1 Key eavesdropping at the transmission link

Before conducting any attack, Eve should first identify whether the key is being transmitted in the fiber link. We demonstrate that Eve cannot observe any signal using the state-of-the-art detection system. We experimentally emulate the attack that the signal in the transmission fiber is tapped out and detected. In the experiment, we measure the signal at the transmission fiber output (point B in Fig. 1). The optical signal is converted to electrical signals using a PD with a bandwidth of 20 GHz, and then sampled and digitized by an oscilloscope (Tektronix DPO4034) at a sample rate of 20 KSample/s.

The signal waveform obtained by Eve is shown in Fig. 5(a). And the signal waveform obtained by Bob is shown in Fig. 5(b) for comparison (replicated from Fig. 2(b)). Figure 5(a) shows a constant signal power over time, meaning that the detection system erases the key information. This result indicates that the key is distributed in a steganographic manner, in which the existence of the keys is concealed from Eve [30]. Steganographic key distribution reduces the probability that the keys can be intercepted in the first place.

Fig. 5. (a) the signal tapped from point A at the transmission link by Eve; (b) the signal waveform received by Bob.

Download Full Size | PDF

The Steganographic key distribution is attributed to the wide bandwidth of the ASE sources and the fundamental bandwidth limitation of the detection system. As indicated in Eq. (7), the key information is buried under the ASE phase noise, and the intensity fluctuation is averaged by Eve’s detection system. This is valid not only in our experiment system, but also in any state-of-the-art detection system with a bandwidth (< 100 GHz) significantly less than that of the ASE source (up to 4 THz).

4.2 Remove the ASE phase noise

As indicated in Eq. (1) and (7), Eve must first remove the ASE phase noise before he can observe key transmission in the fiber link. Removing the ASE phase noise from the key signal (i.e., $E^A(t)$ in Eq. (1)) is analogous to removing the carrier phase noise from a coherent communication signal. However, the optical carrier of the key signal is ASE sources, while the carrier of coherent communication signals is narrow-linewidth lasers. Here, we assume that Eve uses two approaches to remove the ASE phase noise and analyze the feasibilities. One approach is conducted in the digital domain using digital signal processing (DSP) [31,32], and the other approach is conducted in the optical domain by physically constructing an MZI [33].

4.2.1 Remove the ASE phase noise in the digital domain:.

To remove the ASE phase noise using DSP, Eve needs to extract the electrical field of the key signal and fully digitize its electrical field. We assume Eve is equipped with a coherent detection system consisting of a coherent receiver and an analog-to-digital converter (ADC), which allows Eve to store and process the signal off-line. Ideally, Eve can obtain the electrical field of the signal by beating it with a local oscillator, and remove the carrier’s phase noise using DSP approaches [31,32]. However, the bandwidth of the carrier’s (ASE) phase noise in the key signal (THz) is 9 orders of magnitude larger than that in coherent communication signals (KHz). This wide bandwidth of the ASE source leads to two-fold challenges.

Key signal digitization challenge: The start-of-the-art coherent detection system cannot fully digitize the key signal with sufficient sampling rate. In DSP, a full digitalization and restoration of the signal’s electrical field is the prerequisite for an accurate carrier phase noise estimation and compensation. Since the electrical field of key signal has a bandwidth over THz, Eve cannot digitize the signal at Nyquist sampling rate using state-of-the-art ADCs [34].

Carrier phase estimation challenge: Here we show that, even if the coherent system is assumed to be able to accurately digitize the key signal, estimating and removing the carrier phase noise by DSP is still extremely challenging. There are several DSP approaches to assess the carrier phase noise in coherent communication systems. In these approaches, carrier phase estimation is performed under two circumstances: 1) modulation-format-aided phase estimation: the signal of interest is modulated with regular formats [31]; or 2) data-aided phase estimation: part of the data needs to be decoded and pre-shared between the transmitter and receiver [32]. In our case, the keys come from environmental noise, and are modulated on the optical carrier in an analog form, instead of in a particular modulation format. Moreover, the key signal has a random and unpredicted waveform, so the transmitters (Alice or Bob) will not and cannot pre-share any data with Eve. Therefore, Eve cannot use either modulation-format-aided or data-aided DSP algorithms to remove the carrier (ASE) phase noise from the key signal.

4.2.2 Remove the ASE phase noise in the optical domain.

Due to the fundamental difficulty in removing the ASE phase noise in the digital domain, Eve is forced to remove the noise in the optical domain by physically building MZIs that can accurately compensate the arm length imbalance $L_{MZI}$. However, $L_{MZI}$ is the secret parameter only shared between Alice and Bob. It is well known that $\theta ^A_e(t)$ and $\theta ^A_e(t+t_{MZI})$ in Eq. (1) become independent if $L_{MZI}$ is longer than the coherent length of $E^A(t)$. The coherent length approximately equals to $c/n\Delta v$, where $\Delta v$ is the signal bandwidth, and $n$ is the refractive index of optical fibers. The ASE sources used in our system has a bandwidth over 4 THz. Therefore, the coherent length of the key signal is $\sim$ 50 $\mu m$, which is negligible compared to the $L_{MZI}$ (26 km). This indicates that Eve must identify $L_{MZI}$ within a range of tens of kilometers and with an error tolerance of $\sim$ 50 $\mu m$ [21]. Without having prior knowledge of $L_{MZI}$, Eve can only launch a brute force attack to search for $L_{MZI}$.

Searching for the secret parameter $L_{MZI}$: Eve conducts a brute force attack by scanning $L_{MZI}$ with an error tolerance of $\sim$ 50 $\mu m$. Eve has to physically build an MZI and adjust the MZI length using tunable delay lines until the interference can be achieved. Before the interference happens, Eve cannot know whether his MZI arm length has approached $L_{MZI}$ or is approaching $L_{MZI}$ from the right direction. Eve can observe the signal intensity fluctuation only until his guessed value is within $\sim$ 50 $\mu m$ difference between the right $L_{MZI}$. The success rate is $10^{-9}$ (50 $\mu m /$tens of kilometers). To demonstrate the effect, we evaluate the cross-correlation coefficient when scanning the mismatch of the two MZIs. As shown in Fig. 6, the cross-correlation is the largest when the length of two MZI are matched, and decreases rapidly when the mismatch is outside of the coherent length of the ASE source. As the mismatch increases, the cross-correlation degradation is caused by the reduction of signal visibility [21,28].

Fig. 6. The measurement of cross-correlation coefficient against the MZI mismatch.

Download Full Size | PDF

Potential challenges: Unlike at the upper layers of communication systems, performing the brute force attack at the physical layer faces additional challenges: (1) Eve must physically build an MZI and adjust the arm length. Therefore, matching the right $L_{MZI}$ is extremely costly and time-consuming. The reconfiguration speed of the state-of-the-art tunable delay lines is very limited ($100 ms$). Considering the system with a key space of $10^{9}$, it will take a few hours for Eve to crack the system. Then our system can easily defend this attack by frequently updating $L_{MZI}$. Synchronizing $L_{MZI}$ between Alice and Bob can be achieved by using a pseudo-random function with a fixed seed and time slot and without having two parties communicating over a physical channel. (2) Due to the lack of efficient optical buffers (compared to their electronic counterparts), Eve has to find $L_{MZI}$ right at the moment the key signal is received. Otherwise, the data will be lost. This indicates that the brute-force attack in the optical domain has to be conducted in real time.

Impact of $L_{MZI}$ on the system performance: $L_{MZI}$ is the critical system parameter that determines the key distribution distance and error rate. Here we conduct simulations to evaluate the impact of $L_{MZI}$ on the system performance and the trade-off in choosing $L_{MZI}$. The simulation setup is identical to that described in Sec. 3.2. We first evaluate the cross-correlation coefficient under different MZI arm lengths (the fiber transmission length is fixed at 10 km). Cross-correlation coefficient is used to estimate the key exchange error rate, since cross-correlation coefficient measures the similarity between the keys received by Alice and Bob. As shown in Fig. 7(a), the cross-correlation coefficient decreases with the MZI arm length, implying that the error rate increases with the length. The simulation is verified by our experimental result as indicated in Fig. 7. The decrease in the correlation coefficient is caused by two factors: first, the transmission time increases with the MZI arm length; second, longer MZI is more sensitive to the environmental noise, and thus the decorrelation time decreases. The two effects result in an increased optical phase difference between the two transmission directions, therefore leading to a decreased correlation coefficient and increased key exchange error rate. We also simulate the supported transmission length under different MZI arm lengths as shown in Fig. 7(b). In this case, the cross-correlation coefficient is fixed at 0.86 which is the value achieved in the experiment. Reducing the MZI arm length can increase the key distribution distance; however, it is at the expense of reducing the key generation rate and key space (the key space is proportional to the MZI arm length).

Fig. 7. The relation between the MZI arm length and (a) cross-correlation coefficient of the keys received by Alice and Bob; and (b) the supported transmission distance (defined as the transmission distance when the cross-correlation coefficient is 0.86)

Download Full Size | PDF

4.3 Reconstruct the key from measurements

Here we assume a very unfavorable situation that Eve knows the secret $L_{MZI}$. Now Eve needs to reconstruct the key $\cos [\Delta \theta ^B_e(t)-\Delta \theta ^A_e(t)]$ from his measurements. It is worth noting that $\Delta \theta ^A_e(t)$ and $\Delta \theta ^B_e(t)$ are generated after the ASE source propagates in the MZIs of both Alice and Bob. Even if Eve builds a MZI at the transmission link, he is still in asymmetric position to Alice and Bob. Instead, Eve needs to construct two MZIs to receive the key signal from the opposite directions as shown in Fig. 8. Assuming that the MZIs made by Eve can be isolated from any noise [35], the received signals by Eve are given by

(9)$$\begin{aligned} I_{AE}(t) &= \frac{1}{2}|A^A_{0}|^2[\cos(\Delta\theta^A_e(t))+1]\\ I_{BE}(t) &= \frac{1}{2}|A^B_{0}|^2[\cos(\Delta\theta^B_e(t))+1] \end{aligned}$$

In [20], Wu et al. suggest an approach to estimate $\Delta \theta ^A_e(t)$ and $\Delta \theta ^B_e(t)$ from his measurements $\cos (\Delta \theta ^A_e(t))$ and $\cos (\Delta \theta ^B_e(t))$ by apply a fast phase dithering between 0 and $\pi$. Here we point out that there are still two-fold of challenges in compromising the system, even when Eve knows the MZI parameter.

Fig. 8. Illustration of the attack model of tapping the fiber link and recovering the key signal.

Download Full Size | PDF

First, the phase fluctuation in the Eve’s MZI will generate errors in his measurement. Eve needs to stabilize his MZIs before the measurements are taken. Interferometers stabilization, particularly for one consisting long fibers, usually requires costly feedback control of the interferometer length [36]. The difficulty in stabilizing the Eve’s MZI increases with the MZI length. Second, under the cable monitor system, Eve only obtain a small amount of signal power ($\sim$1%). Otherwise, the cable monitor system will detect the eavesdropping. With such as small received power, the SNR of the received signal is reduced more than 20 dB, which can result in significant key errors.

4.4 Active intrusion attack

Here we assume only a particular active intrusion attack that Eve attempts to control the key generation. The previous approaches using transmission fibers as MZIs are very vulnerable to such an attack [20,21], since the key generation component, i.e., MZI is exposed to the public. Eve can easily control the key generation by installing an artificial noise source around the transmission link. Moreover, it is difficult for legitimate users to detect whether the received keys are from the true noise in the environment or the artificial noise generated by Eve.

In contrast, in our approach, the keys are robust the disturbance from the transmission link. The disturbance on the transmission fiber cannot alter the intensity of the key signal, because the MZIs in our system are well protected in the local offices of the legitimate users, and cannot be accessed by Eve. We also assume that the transmission link is protected by the cable monitor system [29]. In this case, inserting a jamming signal also becomes challenging. The jamming signal can be easily detected by the monitoring system, because the key signal at the transmission link is supposed to have constant power.

5. Discussion

Our analysis indicates that, the wideband ASE source ensures not only secure but also steganographic key exchange. The ASE bandwidth is the key parameter that determines the security of the system. Here, we discuss the system performance of two cases, where optical filters in the transmission links reduce the ASE bandwidth. The system reliability and security are addressed.

In the first case, ASE bandwidth is reduced in the networks where multiple add-drop filters are implemented for traffic routing. In a static point-to-point link, the spectrum and the power of the key exchange channel can be planned and pre-assigned at the transmitter. To optimize the performance of both the key exchange and the public channels, one should maximize the bandwidth of the stealth channel, while avoiding the interference between the stealth and the public channels. Our previous work has demonstrated that the ASE carried signal can be transmitted with the public signal with negligible interference [37]. In a dynamic optical network where reconfigurable optical add-drop multiplexers (ROADM) are actively used, implementing our system, unfortunately, becomes much more challenging. In this network, the spectral allocation is highly dynamic. Every node needs to be aware of the existence of the key exchange channel, and avoid channel adding or dropping at the spectra where the key exchange channel exists. This increases the risk of node compromise attack in which the vicious node leaks the existence of the key exchange channels to Eve [38]. It is worth noting that even Eve knows the existence of the key exchange channel, it is still extremely challenging for him to crack the proposed system and recover the key according to our analysis.

In the second case, the eavesdropper inserts an optical filter after the optical tapping. This attack reduces the massive demand for the bandwidth and sampling rate of the coherent detection system. Assuming that the eavesdropper limits the noise bandwidth to that of a typical DWDM channel (e.g., 50 GHz), his detection system will be able to observe the power fluctuation from ASE noise (Eq. 6) and be aware of the existence of key exchange channel. Besides, narrowing down the ASE bandwidth also makes the secret parameter $L_{MZI}$ search much easier. For example, the coherent length of 50 GHz ASE channel is 6 mm. The key space is reduced from $\sim$ $10^9$ to $\sim$ $10^7$. This indicates legitimate users have to update $L_{MZI}$ more frequently.

It should be noted that, despite that optical filters reduce the required bandwidth and sampling rate of a detection system, they simultaneously reduce the received power by the eavesdropper. For example, assuming that Eve filters out 50 GHz spectrum from a 4 THz stealth signal, the filtered signal will be 19 dB lower than that of the tapped signal. With the additional tapping loss ($\sim$20 dB), the signal power received by Eve will be $\sim$40 dB lower than that received by the legitimate users. This significant power loss can potentially lead to a very poor signal to noise ratio (SNR) that buries the signal in the noise of a receiver. Therefore, for security consideration, the system designer must maximize the ASE bandwidth while minimizing its power density.

6. Conclusion

In this paper, we proposed and experimentally demonstrated a secret key generation and distribution approach based on localized and asymmetric fiber MZIs. By combining the use of wideband optical noise and asymmetric MZI structures, the keys are hidden in the wideband noise, thus enabling them to be securely exchanged over public channels. We first experimentally demonstrate that the proposed system can provide reliable performance: keys are generated at 502 bit/s, and are exchanged over a $\sim$ 10 km optical fiber with a bit error of $\sim$ 0.3%. We then present an experimentally-validated theoretical model, and show that, compared to the previously proposed distributed MZI schemes, the key generation rate can be increased by a factor of 5.7 at a negligible additional cost. We also qualitatively validate the system security, and show that our system can protect the key distribution in the public channel under different attacks. We point out that the security is attributed to the wideband optical noise and the asymmetric MZI structures. Our proposed system is a cost-effective and reliable solution for key establishment, and is compatible with the existing optical fiber communication infrastructure. It can be used in conjunction with other security methods in the higher network layers to enhance communication security.

Funding

National Science Foundation (EARS under Grant 1642962).

References

1. A. Salomaa, Public-Key Cryptography (Springer Science & Business Media, 2013).

2. J. Pieprzyk, T. Hardjono, and J. Seberry, Fundamentals of Computer Security (Springer Science & Business Media, 2013).

3. M. Bloch and J. Barros, Physical-Layer Security: From Information Theory to Security Engineering (Cambridge University, 2011).

4. Y.-S. Shiu, S. Y. Chang, H.-C. Wu, S. C.-H. Huang, and H.-H. Chen, “Physical layer security in wireless networks: A tutorial,” IEEE Wireless Commun. 18(2), 66–74 (2011). [CrossRef]

5. W. Trappe, “The challenges facing physical layer security,” IEEE Commun. Mag. 53(6), 16–20 (2015). [CrossRef]

6. N. Skorin-Kapov, M. Furdek, S. Zsigmond, and L. Wosinska, “Physical-layer security in evolving optical networks,” IEEE Commun. Mag. 54(8), 110–117 (2016). [CrossRef]

7. M. P. Fok, Z. Wang, Y. Deng, and P. R. Prucnal, “Optical Layer Security in Fiber-Optic Networks,” IEEE Transactions on Inf. Forensics Secur. 6(3), 725–736 (2011). [CrossRef]

8. H.-K. Lo, M. Curty, and K. Tamaki, “Secure quantum key distribution,” Nat. Photonics 8(8), 595–604 (2014). [CrossRef]

9. B. Korzh, C. C. W. Lim, R. Houlmann, N. Gisin, M. J. Li, D. Nolan, B. Sanguinetti, R. Thew, and H. Zbinden, “Provably secure and practical quantum key distribution over 307 km of optical fibre,” Nat. Photonics 9(3), 163–168 (2015). [CrossRef]

10. M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quantum key distribution without quantum repeaters,” Nature 557(7705), 400–403 (2018). [CrossRef]

11. W.-Y. Hwang, “Quantum Key Distribution with High Loss: Toward Global Secure Communication,” Phys. Rev. Lett. 91(5), 057901 (2003). [CrossRef]

12. E. Diamanti, H.-K. Lo, B. Qi, and Z. Yuan, “Practical challenges in quantum key distribution,” npj Quantum Inf. 2(1), 16025 (2016). [CrossRef]

13. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]

14. J. Zhang, T. Q. Duong, A. Marshall, and R. Woods, “Key Generation From Wireless Channels: A Review,” IEEE Access 4, 614–626 (2016). [CrossRef]

15. C. Ye, S. Mathur, A. Reznik, Y. Shah, W. Trappe, and N. B. Mandayam, “Information-Theoretically Secret Key Generation for Fading Wireless Channels,” IEEE Trans. Inform. Forensic Secur. 5(2), 240–254 (2010). [CrossRef]

16. N. Patwari, J. Croft, S. Jana, and S. K. Kasera, “High-Rate Uncorrelated Bit Extraction for Shared Secret Key Generation from Channel Measurements,” IEEE Transactions on Mob. Comput. 9(1), 17–30 (2010). [CrossRef]

17. Y. Bromberg, B. Redding, S. M. Popoff, and H. Cao, “Remote Key Establishment by Mode Mixing in Multimode Fibres and Optical Reciprocity,” arXiv:1506.07892 [physics, physics:quant-ph] (2015). ArXiv: 1506.07892.

18. A. A. E. Hajomer, X. Yang, A. Sultan, and W. Hu, “Key Distribution Based on Phase Fluctuation Between Polarization Modes in Optical Channel,” IEEE Photonics Technol. Lett. 30(8), 704–707 (2018). [CrossRef]

19. I. U. Zaman, A. B. Lopez, M. A. Al Faruque, and O. Boyraz, “Polarization mode dispersion-based physical layer key generation for optical fiber link security,” in Optical Sensors, (Optical Society of America, 2017), pp. JTu4A–20

20. B. Wu, Y.-K. Huang, S. Zhang, B. J. Shastri, and P. R. Prucnal, “Long range secure key distribution over multiple amplified fiber spans based on environmental instabilities,” in CLEO: Science and Innovations (Optical Society of America, 2016), pp. SF1F–4.

21. K. Kravtsov, Z. Wang, W. Trappe, and P. R. Prucnal, “Physical layer secret key generation for fiber-optical networks,” Opt. Express 21(20), 23756–23771 (2013). [CrossRef]

22. B. Colombier, L. Bossuet, V. Fischer, and D. Hély, “Key reconciliation protocols for error correction of silicon puf responses,” IEEE Trans. Inform. Forensic Secur. 12(8), 1988–2002 (2017). [CrossRef]

23. G. Brassard and L. Salvail, “Secret-key reconciliation by public discussion,” in Workshop on the Theory and Application of of Cryptographic Techniques, (Springer, 1993), pp. 410–423.

24. C. H. Bennett, G. Brassard, and J.-M. Robert, “Privacy amplification by public discussion,” SIAM J. Comput. 17(2), 210–229 (1988). [CrossRef]

25. L. Trevisan and S. Vadhan, “Extracting randomness from samplable distributions,” in Proceedings 41st Annual Symposium on Foundations of Computer Science, (IEEE, 2000), pp. 32–42.

26. X. Ma, F. Xu, H. Xu, X. Tan, B. Qi, and H.-K. Lo, “Postprocessing for quantum random-number generators: Entropy evaluation and randomness extraction,” Phys. Rev. A 87(6), 062327 (2013). [CrossRef]

27. R. Raz, O. Reingold, and S. Vadhan, “Extracting all the randomness and reducing the error in trevisan’s extractors,” J. Comput. Syst. Sci. 65(1), 97–128 (2002). [CrossRef]

28. J. Minář, H. de Riedmatten, C. Simon, H. Zbinden, and N. Gisin, “Phase-noise measurements in long-fiber interferometers for quantum-repeater applications,” Phys. Rev. A 77(5), 052325 (2008). [CrossRef]

29. M. Z. Iqbal, H. Fathallah, and N. Belhadj, “Optical fiber tapping: Methods and precautions,” in High Capacity Optical Networks and Enabling Technologies (HONET), 2011 (IEEE, 2011), pp. 164–168.

30. C. Huang, P. Y. Ma, B. J. Shastri, P. Mittal, and P. R. Prucnal, “Robustness of optical steganographic communication under coherent detection attack,” IEEE Photonics Technol. Lett. 31(4), 327–330 (2019). [CrossRef]

31. M. G. Taylor, “Phase Estimation Methods for Optical Coherent Detection Using Digital Signal Processing,” J. Lightwave Technol. 27(7), 901–914 (2009). [CrossRef]

32. S. Zhang, P.-Y. Kam, C. Yu, and J. Chen, “Decision-Aided Carrier Phase Estimation for Coherent Optical Communications,” J. Lightwave Technol. 28(11), 1597–1607 (2010). [CrossRef]

33. J. Du, Y. Dai, G. K. Lei, W. Tong, and C. Shu, “Photonic crystal fiber based mach-zehnder interferometer for dpsk signal demodulation,” Opt. Express 18(8), 7917–7922 (2010). [CrossRef]

34. C. Laperle and M. O’Sullivan, “Advances in high-speed dacs, adcs, and dsp for optical coherent transceivers,” J. Lightwave Technol. 32(4), 629–643 (2014). [CrossRef]

35. V. V. Krishnamachari, E. R. Andresen, S. R. Keiding, and E. O. Potma, “An active interferometer-stabilization scheme with linear phase control,” Opt. Express 14(12), 5210–5215 (2006). [CrossRef]

36. Y. Liu, T.-Y. Chen, L.-J. Wang, H. Liang, G.-L. Shentu, J. Wang, K. Cui, H.-L. Yin, N.-L. Liu, and L. Li, “Experimental measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 111(13), 130502 (2013). [CrossRef]

37. B. Wu, Z. Wang, B. J. Shastri, M. P. Chang, N. A. Frost, and P. R. Prucnal, “Temporal phase mask encrypted optical steganography carried by amplified spontaneous emission noise,” Opt. Express 22(1), 954–961 (2014). [CrossRef]

38. H. Song, L. Xie, S. Zhu, and G. Cao, “Sensor node compromise detection: the location perspective,” in Proceedings of the 2007 international conference on Wireless communications and mobile computing, (ACM, 2007), pp. 242–247.

Accelerated secure key distribution based on localized and asymmetric fiber interferometers

Abstract

1. Introduction

2. System description

2.1 System overview

2.2 System operation principle

3. System implementation and performance

3.1 Experimental demonstration of key generation and distribution

3.2 Characterization of localized MZI: expedite key generation rate

4. System security analysis

4.1 Key eavesdropping at the transmission link

4.2 Remove the ASE phase noise

4.2.1 Remove the ASE phase noise in the digital domain:.

4.2.2 Remove the ASE phase noise in the optical domain.

4.3 Reconstruct the key from measurements

4.4 Active intrusion attack

5. Discussion

6. Conclusion

Funding

References

Cited By

Figures (8)

Equations (9)

Optics Express