A secure free-space optical (S-FSO) communication system based on data fragmentation multipath transmission (DFMT) scheme is proposed and demonstrated for enhancing the security of FSO communications. By fragmenting the transmitted data and simultaneously distributing data fragments into different atmospheric channels, the S-FSO communication system can protect confidential messages from being eavesdropped effectively. A field experiment of S-FSO communication between two buildings has been successfully undertaken, and the experiment results demonstrate the feasibility of the scheme. The transmission distance is 50m and the maximum throughput is 1 Gb/s. We also established a theoretical model to analysis the security performance of the S-FSO communication system. To the best of our knowledge, this is the first application of DFMT scheme in FSO communication system.
© 2018 Optical Society of America under the terms of the OSA Open Access Publishing Agreement
With the emerging applications of high-definition contents, mass data transmission and cloud computing, the transmission bandwidth requirement has increased rapidly with demand for anytime, anywhere, any-situation communication [1–3]. The free-space optical (FSO) communication has many potential advantages, such as large transmission capacity, less power consumption, less mass, being license-free and immune to the electromagnetic interference [4–6]. However, in the transparent conventional FSO communication systems, complete data are carried by single laser carrier over long free space distance, which is with high risk of attacking and eavesdropping by unauthorized party .
Employing encryption algorithm at higher layer is one of common ways used in security mechanisms. However, it’s not a wise choice that implementing security on top of an insecure foundation . Recently, hardware-based security mechanisms have attracted a lot of attention in secure communication filed. Quantum optical communication is an absolute secure communication technology, which also faces the challenge of quantum entanglement generator not meeting the practical requirements for FSO communication . All-optical logic encryption is a typical hardware-based security mechanisms, which can operate at high speed and real-time. However, practical implementations of all-optical encryption are susceptible to the propagation of undesirable logic levels and noise accumulation . Chaotic optical communication has been proposed as a promising hardware-based encryption for its potential of providing a high level of robustness and privacy in data transmission [10, 11], where the messages are embedded within a chaotic optical carrier in the emitter. However, the parameters of the receiver should be matched with those of the transmitter to achieve chaotic synchronization, which is difficult to achieve in long distance communication system . Optical code-division multiple-access (OCDMA) is a new secure communication technology combined with code division multiple access and optical communication. By employing OCDMA, the security of information will be enhanced according to the spread of optical signals’ spectrum . However, it has been demonstrated that, the data can be detected by an eavesdropper through a simple energy detector without any knowledge of the spectral code . And the optical code can be cracked by analyzing the fine structure of encoded spectrum or waveform [15, 16].
Data fragmentation multipath transmission (DFMT) is a novel hardware-based security technique inspired by wireless frequency-hopping scheme, in which the messages are divided into small fragments, and transmitted through different channels randomly. The integrated transmitted data are destroyed into small data segments, and the data segments are hidden in other data segments or noise data. Therefor eavesdroppers cannot recover valid data even if channels are eavesdropped. By applying DFMT scheme into FSO communication system, data fragments propagate through different atmospheric channels to achieve secure FSO communication. In this work, we have proposed a secure FSO (S-FSO) communication system based on DFMT scheme, and secure prototypes have been built to construct a FSO communication system. With the prototypes, we demonstrate a field S-FSO communication between two buildings with 50 m transmission distance.
2. Experimental setup of S-FSO communications
In conventional FSO communication systems, complete transmitted data carried by a single carrier propagate in free space channel through a couple of acquisition tracking pointing (ATP) optical antennas. In this S-FSO communication system, complete transmitted data from two or more sources are divided into small data fragments, which are distributed into two or more atmospheric channels under the control of a commonly used noise-like sequence pseudo-random binary sequence (PRBS). Meanwhile, data fragments from one certain source are interference to other data fragments. Due to the difference between atmospheric channels, the data fragments propagating through different channels may not arrive at receiving part at the same time. To realize the synchronization between different channels, the transmitters transmit a unique character simultaneously at the beginning of data fragments, and elastic buffers in the receiver side are used as variable latency block to compensate the channels difference. In the receiving part of S-FSO communication system, the receiver can determine the difference between atmospheric channels and adjust the latency of elastic buffers through the inserted characters. In the receiving part of S-FSO communication system, the first step is the synchronization process of multiple channels. After synchronization, the difference of multiple channels are compensated, and the original data can be recovered from received data fragments according to the PRBS, which is the same with the sending part one. Pseudo-random sequence is one of common PRBS used in secure communication, which can be generated by linear feedback shifting register (LFSR) . The initial value of LFSR can be regarded as the cryptographic keys for encryption and decryption. Therefore, without knowing the encryption algorithm and encryption key, recovering original data from intercepted data fragments is impossible.
The general architecture of S-FSO communication system is an N × N network with N atmospheric channels. Figure 1 shows the data fragmentation process and data recovery progress in a 4 × 4 S-FSO communication system. A noise-like sequence generator (NSG), which can generate control sequence as the cryptographic key for encryption and decryption according to the externally entered key, is implemented in the field programmable gate array (FPGA) chip. The algorithm of data fragments distribution is optional, in the case described in Fig. 1, the addresses of signal sources and channels are represented by serial number: 00, 01, 10, and 11 respectively. In the process of encryption, the addresses of distributed channels of data segments can be obtained by executing XOR operation on the addresses of signal sources and two bits of pseudo-random sequences. In the receiving part, the valid data can be recovered from received data segments under the control of same pseudo-random sequences. When the decryption key is the same with the encryption key, the recovery processing is the converse progress of fragmentation processing.
A field experiment of 1 × 2 network S-FSO communication system was demonstrated between two buildings. As shown in Fig. 2(a), a personal computer (PC) was used as the source of valid data, and another PC was used as the receiver. The process of encryption and decryption were achieved by two DFMT apparatuses (DFMTA), which were mostly consisted of a FPGA chip, a small form-factor pluggable (SFP) optical module with 850nm wavelength and two SFP + optical modules with 1550nm wavelength. Two optical switches were used to achieve the photo to electric and electric to photo conversion between PCs and DFMTAs. Due to the parallel processing character of FPGA chip, 16 groups of different 100 + rank M sequence generators with different initial value were implemented for process of 16 bits wide user data.
On the transmitted side, valid data from the user were fragmented and mixed up with digital noise data generated by interference signal generator and carried by two optical carriers with different wavelengths. Two optical waves, of which the optical power was 2.5 dBm, transmitted and received through ATPs. The divergence effects of communication lights was focused and minimized by passing through ATP. On the receiver side, two communication optical waves, of which the power attenuation after propagation of 50 m atmospheric channel and a couple of ATPs was about 8 dB, were received through two ATPs separately. The receiving optical power was −8 dBm which fell into the range of the sensitivity of photon detector (PD). In the synchronous process, the chip kept searching the headers until they were founded, and two atmospheric channels were aligned according to the synchronous headers. After synchronization, the recovery process was in progress under the control of PRBS generated by the NSG. Finally, the recovered messages were sent to PC to complete the secure communication. The specifications and parameters of this S-FSO communication system are listed in Table 1.
3. Results and discussion
As shown in Fig. 3(a), the performance of an outdoor 1 Gb/s S-FSO communication system was examined by a Gigabit Ethernet Tester (CMA 3000). The frame lost rate of network was measured. As shown in Fig. 3(b), the frame loss rates for different line loads are in the range of 0 to 1.0 × 10−4. It is necessary to explain that frame loss occurs once the frame structure is corrupted, therefore the actual bit error rate is lower than measured frame loss rate. Considering the atmospheric channels’ sensitivity to atmospheric effects, such as turbulence-induced scintillation, the outdoor S-FSO communication system had a relatively good performance.
Figure 4 is the eye diagram of a 1 Gb/s data rate transmissions S-FSO communication system, which is obtained by a PD of SFP with a bandwidth of 10GHz and a 70GHz sampling oscilloscope.
A new concept of intercept possibility is proposed to quantify the security of S-FSO communication system, which is defined as the probability that the unauthorized party correctly acquire the least information element. In practical applications, the least information element refers to a character or a pixel. Assume that a least information element is composed of M bits data. Only if the M bits data are all acquired by eavesdropper can the least information element be recovered. Mathematically, the intercept possibility is linked with another two coefficients n and Pe, which are the size of data fragments and the bit error rate of unauthorized parties get information from channels through illegal means, respectively. The atmospheric channels occupied by related data fragments decrease with the size of data fragments. And the more atmospheric channels in the S-FSO communication system, the more discrete the distribution of data fragments. In an N-channel S-FSO communication system, the intercept possibility of eavesdroppers get a least information element through one eavesdropping can be expressed asFig. 5, we can find out that P1 decreases with the number of channels. And the P1 increases with the size of data fragments, which is negatively correlated with the bit rate of PRBS. Therefore, the security of S-FSO system can be enhanced by adding channels in system and raising the bit rate of PRBS.
Without knowing the encryption algorithm and encryption key, the eavesdropper can only use brute force attack for data recovery. In an 16-channel S-FSO communication system, if the minimum size of data fragments is 1 bit, P1 is about 2.33 × 10−10 according to Eq. (1). Due to the high transmission speed, the eavesdropper need complete the brute force attack in 8 nanoseconds through multiple eavesdropping. If the eavesdropping times is T, the intercept possibility can be expressed as
We have proposed, theoretically analyzed and experimentally demonstrated an S-FSO communication system using DFMT scheme to achieve high bandwidth and secure FSO communication. The security of the S-FSO communication system benefit from that incomplete data transmitted through single atmospheric channel. The S-FSO communication system is a specific application of DFMT scheme in FSO communication system. In principle, the number of atmospheric channel involved can be upgraded to support more users and to further improve the security performance. PRBS is one of commonly used noise-like sequence, and it can be replaced by other code systems such as Golden code. The size of data fragment is decided by the rate of control sequence and limited by the chip. The communication system can support higher transmission speed by changing the code loaded into the FPGA chip.
National Natural Science Foundation of China (NSFC) (61405187); Strategic Leading Science & Technology Programme of CAS (XDA06010305)
References and links
2. P. T. Dat, A. Bekkali, K. Kazaura, K. Wakamori, T. Suzuki, M. Matsumoto, T. Higashino, K. Tsukamoto, and S. Komaki, “Studies on characterizing the transmission of RF signals over a turbulent FSO link,” Opt. Express 17(10), 7731–7743 (2009). [CrossRef] [PubMed]
3. A. Jurado-Navas, T. R. Raddo, J. M. Garrido-Balsells, B. H. Borges, J. J. Olmos, and I. T. Monroy, “Hybrid optical CDMA-FSO communications network under spatially correlated gamma-gamma scintillation,” Opt. Express 24(15), 16799–16814 (2016). [CrossRef] [PubMed]
4. C. W. Liu, S. Q. Zhai, J. C. Zhang, Y. H. Zhou, Z. W. Jia, F. Q. Liu, and Z. G. Wang, “Free-space communication based on quantum cascade laser,” J. Semicond. 36(9), 094009 1–4 (2015).
5. L. C. Andrews, R. L. Phillips, and C. Y. Hopen, Laser beam scintillation with applications (SPIE, 2001), Chap. 7.
6. A. K. Majumder and J. C. Ricklin, Free-Space Laser Communications: Principles and Advances (Springer, 2008), Chap.1.
7. F. J. Lopez-Martinez, G. Gomez, and J. M. Garrido-Balsells, “Physical-layer security in free-space optical communications,” IEEE Photonics J. 7(2), 7901014 (2015). [CrossRef]
8. M. P. Fok, Z. X. Wang, Y. H. Deng, and P. R. Prucnal, “Optical Layer Security in Fiber-Optic Networks,” IEEE Trans. Inf. Foren. Sec. 6(3), 725–736 (2011). [CrossRef]
9. H. G. Song and C. B. Xie, “Analysis and discussion on practical quantum communication,” China Basic Science 13(3), 21–25 (2011).
10. A. Argyris, D. Syvridis, L. Larger, V. Annovazzi-Lodi, P. Colet, I. Fischer, J. García-Ojalvo, C. R. Mirasso, L. Pesquera, and K. A. Shore, “Chaos-based communications at high bit rates using commercial fibre-optic links,” Nature 438(7066), 343–346 (2005). [CrossRef] [PubMed]
12. Q. C. Zhao and H. X. Yin, “Performance analysis of dense wavelength division multiplexing secure communications with multiple chaotic optical channels,” Opt. Commun. 285(5), 693–698 (2012). [CrossRef]
13. S. J. B. Yoo, J. P. Heritage, V. J. Hernandez, V. J. Hernandez, R. P. Scott, W. Cong, N. K. Fontaine, R. G. Broeke, J. Cao, S. W. Seo, J. H. Baek, F. M. Soares, Y. Du, C. Yang, W. Jiang, K. Aihara, Z. Ding, B. H. Kolner, A. V. Pham, S. Lin, F. Olsson, S. Lourdudoss, K. Y. Liou, S. N. G. Chu, R. A. Hamm, B. Patel, W. S. Hobson, J. R. Lothian, S. Vatanapradit, L. A. Gruezke, W. T. Tsang, M. Shearn, and A. Scherer, “Spectral phase encoded time spread optical code division multiple access technology for next generation communication networks,” J. Opt. Net. 6(10), 1210–1227 (2007). [CrossRef]
14. Z. Jiang, D. E. Leaird, and A. M. Weiner, “Experimental Investigation of Security Issues in OCDMA,” in Proceedings of Optical Fiber Communication Conference, OSA Technical Digest Series (Optical Society of America, 2006), paper OThT2. [CrossRef]
15. Z. Jiang, D. S. Seo, S. D. Yang, D. E. Leaird, R. V. Roussev, C. Langrock, M. M. Fejer, and A. M. Weiner, “Four-user, 2.5-Gb/s, spectrally coded OCDMA system demonstration using low-power nonlinear processing,” J. Lightwave Technol. 23(1), 143–158 (2005). [CrossRef]
16. Z. Si, F. Yin, M. Xin, H. Chen, M. Chen, and S. Xie, “Code extraction from encoded signal in time-spreading optical code division multiple access,” Opt. Lett. 35(2), 229–231 (2010). [CrossRef] [PubMed]
17. R. Hamza, “A novel pseudo random sequence generator for image-cryptographic applications,” J. Info. Secu. Appl. 35, 119–127 (2017).