1. Introduction

1.1 Background of optical network security issues

In the next-generation communication systems, a highly reliable infrastructure is urgently required to support mission-critical services, such as e-banking, e-government, and smart-grid services. Known for long reach and high capacity, optical networks have been regarded as one of the most promising transmission infrastructures. However, they are exposed to a variety of potentially malicious attacks due to physical-layer vulnerabilities [1]. For instance, in 2003, an illegal eavesdropping device was discovered in Verizon’s optical network, and it was suspected that someone was trying to illegally access financial information prior to its release by utilizing optical tap [2]. Optical networks are no longer as secure as it was often believed to be, and they are even suffering from sophisticated threats such as data leakage, service degradation, and line interruption. Such security issues have been receiving considerable attention from research communities and network providers.

Generally, optical networks are vulnerable to three types of attacks: optical eavesdropping, high-power jamming attack, and physical infrastructure attack [3], which are ranked according to their destructive levels. Among these attack methods, high-power jamming attacks (due to intra-channel crosstalk and inter-channel crosstalk) lead to significantly larger damage since they can propagate to the entire network and possibly affect a large number of lightpaths. The attacker, i.e., a malicious optical signal with higher power energy than normal signals (over 20 dB), can be injected at a network node and negatively affect the quality of normal signals that also traverse the node via crosstalk effects, eventually resulting in signal leaking energy – optical power energy from a signal at one input port is leaked to the output port of targeted lightpath. The attacked lightpath may acquire indirect attacking capabilities throughout the network, which is regarded as a secondary attacker, further affecting any other lightpaths that traverse at common nodes or links, and these lightpaths subsequently affect other lightpaths.

1.2 Motivation of security enhancement against crosstalk attacks

Optical networks promise greater capacity, flexibility, and scalability. Specifically, they have transparency characteristics for high data rate communications that signals can always stay in the optical domain and do not experience optical-to-electrical-to-optical (O/E/O) conversions at intermediate optical nodes. In this case, they are typically allowed to be routed and switched without any examination or modification, i.e., 3R regeneration ability (re-amplification, re-shaping, and re-timing). As a result, a malicious attacker will not diminish its attack capability after passing through an intermediate node, inversely converting it to a secondary attacker and affecting a large number of lightpaths in the network. Thus, crosstalk attacks have been one of the most serious security issues confronting optical networks, and they need to be efficiently suppressed in order to enhance network security.

Over the past decade, network traffic has increased exponentially due to the emergence of new applications. Elastic optical network (EON) has been regarded as one of the most promising technologies in optical transport networks, particularly when used in critical scenarios such as optical interconnection between data centers [4,5]. EONs set up lightpaths with sliceable bandwidth-variable transponders [5–7] and flexible optical cross-connect [8] that operate on a series of spectrally contiguous frequency slots (FSs), achieving higher spectral efficiency and more agile bandwidth allocation than traditional fixed-grid wavelength-division multiplexing (WDM) networks [9]. Although EONs have many advantages, they also lack effective solutions against crosstalk attacks and face significant potential security threats when assuming that EONs are transparent or translucent. As the critical direction of optical transport networks, EONs are envisioned to enhance network security against crosstalk attacks.

Nowadays, security will be a service provided by network providers. In [10], the authors strongly address the significance of fulfilling the security-varying demands in next-generation communication systems, particularly for these security-sensitive users that distribute a wealth of confidential information [11]. Furthermore, numerous confidential lightpaths (CLPs) are carried over EONs [12] to support these types of users, and they are more vulnerable to crosstalk attacks, which can result in data leakage or even spread throughout the network. Thus, it is critical to investigate security-enhanced approaches and plan CLPs against crosstalk attacks with a minimum leakage risk during the network planning phase.

1.3 Related work

This section summarizes the existing solutions against crosstalk attacks as follows. In order to mitigate the impact of crosstalk attacks, most studies focus on prevention approaches during the network planning or operational phase [13], which are regarded as the most cost-effective technique. Therefore, we are not going to discuss detection and reaction approaches here.

First, some works conducted on prevention solutions against crosstalk attacks via sparse placement techniques of optical performance monitoring equipment to limit the propagation of crosstalk attacks [14–18]. To achieve this, [14,15] developed a greedy algorithm to minimize the number of equalizers that were placed sparsely within the network, and [16] investigated a novel node architecture with equalization using optical attenuators with a feedback loop. Work in [17] combined the problem of sparse placement of optical performance monitoring equipment and attack-aware lightpath provisioning in WDM, and solved it via an integer linear programming (ILP) formulation and a genetic algorithm to minimize the crosstalk interactions.

Second, other works studied prevention solutions against crosstalk attacks via attack-aware lightpath provisioning techniques to reduce the potential security threats of crosstalk attacks [19–27]. The routing and wavelength assignment methods have been extensively studied to migrate the impact of crosstalk attacks [19–25]. For example, the work presented in [19] focused on developing an ILP formulation and a (tabu search) heuristic algorithm for the routing problem, in order to find paths such that the potential crosstalk was minimized. This work was extended in [20] to include intra-channel crosstalk attacks, and also extended in [21] to restrict secondary attackers. In [24], the authors solved the routing and wavelength assignment problem while also minimizing the inter-channel and intra-channel crosstalk interactions to limit the spread of attacks. In [26], the authors analyzed the potential attack scenarios to different routing and spectrum allocation (RSA) arrangements in EONs and formulated an ILP model with minimum potential crosstalk, and also found a time-efficient path in heuristic. To minimize the impact of crosstalk attacks, work in [27] considered lightpath provisioning in EONs with traffic demand variations, and solved the RSA problem to minimize the lightpath reallocations and the number of WSSs placed at nodes, and in [28], the maximal distance spectrum assignment between two lightpaths was discussed under limited spectral resources in EONs. Obviously, as a key function in EONs, RSA approaches can provide a promising solution against crosstalk attacks.

Recently, network providers are expected to provide users with on-demand services and differentiate planning decisions according to the security level required per service [1]. Security is no longer a capability but a provided service. In a practical scenario, users with important political, economic, and military ministries will accumulate more CLPs where attacks are more likely to happen [29], and their security requirements also change over time. However, when supporting those security-sensitive users, the aforementioned solutions are challenging to mitigate the impact of crosstalk attacks. From the network’s perspective, fiber nodes or links near these users have a greater probability of being injected by crosstalk attacks. Given the required confidentiality and uneven distribution of CLPs, if we do not analyze the potential leakage risks for CLPs against crosstalk attacks in EONs, the data leakage might be extremely severe or even degrade the overall network security. As a result, considering crosstalk-attack-aware CLP planning using RSA approaches in EONs is a promising work. Table 1 lists the comparisons of our work and other related literature using RSA approaches. In most works, there is no uncertainty associated with the traffic (security) demand against crosstalk attacks. However, this is not generally the case in real networks, since security demands vary with time and are distributed evenly.

Table 1. Comparison of This Work and Other Existing RSA Schemes against Crosstalk Attacks

View Table | View all tables in this article

Table 2. Acronyms^a

View Table | View all tables in this article

1.4 Contributions

In this paper, we propose a crosstalk-attack-aware RSA (CAAW-RSA) algorithm for planning CLPs with a minimum crosstalk leakage risk (CLR) in EONs. We first analyze intra-channel and inter-channel crosstalk characteristics in EONs. Based on this, two crosstalk attack models are presented to describe the leakage issues in the network. To address this issue, we propose a novel metric for quantifying CLR. According to the physical features of crosstalk attacks, the leakage risks are strongly related to RSA schemes. Specifically, it can be optimized by reducing lightpath interactions and limiting attack propagations. To this end, we can protect the CLPs against crosstalk attacks by optimizing RSA arrangements while considering security-varying demands. The main contributions of this paper can be summarized as follows:

The rest of the paper is organized as follows. Section II provides a brief review of crosstalk characteristics and introduces crosstalk attack modeling. The problem description is given in Section III, where we analyze the potential leakage risks to different RSA arrangements and define a quantified metric to measure it. In Section IV, we formulate the ILP model to solve the leakage risk problem, and a time-efficient heuristic algorithm is also proposed for large-scale networks in Section V. We describe the performance evaluation with simulations in Section VI. Finally, Section VII summarizes the paper.

2. Vulnerabilities on optical components in the physical layer

In this paper, we mainly focus on crosstalk attacks. Unlike other attacks, crosstalk attacks can not only affect those lightpaths that share links or nodes with them but also may induce attack capabilities to those affected lightpaths. This might result in data leakage or even service disruption in large segments of the network.

Crosstalk attacks occur mainly due to optical component vulnerabilities, such as non-ideal characteristics and sharing or spreading interactions. There are two basic forms of crosstalk attacks: 1) intra-channel attack and 2) inter-channel attack [26], which exploits intra-channel and inter-channel crosstalk effects that are leaked from shared optical components, respectively. A malicious attacker can leverage one or a combination of them to launch various degrees of crosstalk attacks and gain information from other lightpaths. Particularly, it will result in data leakage of CLPs and further deteriorate network security. In this section, we initially introduce the modeling of two crosstalk attacks in EONs.

2.1 Intra-channel crosstalk attack model

In the physical layer, intra-channel crosstalk basically originates from non-ideal port isolation of optical (de)multiplexers or switches, such as bandwidth-variable wavelength selective switches used in ROADM. As illustrated in Fig. 1(a), a malicious attacker is injected at a common network node by exploiting intra-channel crosstalk effects and interferes with the legitimate lightpath on the same wavelength or central nominal frequency, which might cause a large amount of data leakage inside the common node.

 

Fig. 1. Schematic of crosstalk: (a) Intra-channel crosstalk, (b) Intra-channel crosstalk [30].

Download Full Size | PDF

In EONs, a malicious lightpath can affect any other lightpaths on overlapped spectrum assignments that utilize the same or adjacent FSs at common network nodes. We model the topology of the network as an undirected graph $G({V,E} )$, where V represents the set of optical nodes and E represents the set of fiber links. Subsequently, an example of intra-channel crosstalk attack propagation is shown in Fig. 2(a). Intra-channel crosstalk happens at a common switch ${v_1}$, where lightpaths LP₀ (blue-rhombus arrows starting at ${v_0}$ and terminating at ${v_5}$) and LP₁ (red arrows) pass through both using ${f_i}$. Some energy (crosstalk attack) of LP₁ is coupled to LP₀. Then, the LP₀ gets attacked directly and acquires the secondary attack capability. In this case, the LP₀ can propagate the attack even to the lightpath LP₃ (green-cycle arrows starting at ${v_4}$ and terminating at ${v_0}$) at ${v_4}$ also using ${f_i}$, while the LP₂ (yellow-star arrows starting at ${v_2}$ and terminating at ${v_5}$) using ${f_j}$ can be skipped by the attacker and will not be affected. Note that, LP₀ cannot reversely affect the lightpaths at ${v_0}$, and the affected lightpaths are marked with red symbols along the routing path.

 

Fig. 2. Propagation of crosstalk attacks in the network ((a) Intra-channel, (b) Inter-channel crosstalk attacks [30]).

Download Full Size | PDF

2.2 Inter-channel crosstalk attack model

Inter-channel crosstalk is generated from fibers or nodes in Fig. 1(b). In fibers, long distances and high-power signals can introduce nonlinearities causing inter-channel crosstalk between lightpaths. A malicious attacker is injected by exploiting the intra-channel or inter-channel crosstalk effects on the same fiber, and affects the lightpaths on adjacent wavelengths or adjacent spectrum slots (in EONs), that are co-propagating with the attacker. In nodes, non-ideal port isolation of optical (de) multiplexers or switches also make the lightpaths interfered in a shared manner, just like the attacking scenarios described as intra-channel crosstalk.

Similarly, Fig. 2(b) illustrates a case of inter-channel crosstalk attacker LP₁ (red arrows), which is injected at a common switch ${v_1}$ using adjacent ${f_{i + 1}}$. The lightpath LP₀ (blue-rhombus arrows) on ${f_i}$ will be initially affected by the attacker LP₁ since they use adjacent slots on the same fiber link. Clearly, the attacked LP₀ will spread the network as a “secondary attacker”, further affecting the lightpath LP₂ (yellow-star arrows) which is also on the adjacent ${f_{i - 1}}$, while the lightpath LP₃ (green-cycle arrows) with ${f_{i + 2}}$ starts at ${v_4}$ is unaffected.

3. Problem description in the EON layer

In this section, we describe the network model for realizing the CAAW-RSA scheme, analyze the potential leakage scenarios for different CLP arrangements using RSA techniques, and define the quantified CLR for CLPs. Considering the network model’s generalization, we do not specify optical node architecture while different node architectures or WSS placements may provide different security-enhanced capabilities.

3.1 Network model

In EONs, we use $G({V,E} )$ to represent the network topology as mentioned above. There are F FSs on each link $l \in E$, and each FS has a bandwidth of 12.5 GHz. We assume that the fiber link is bi-directionally asymmetric in the network. Here, we use ${l_{mn}}$ to denote the fiber link between ${v_m}$ and ${v_n}$ (${v_m},{v_n} \in V$), which includes links ${l_{m - n}}$ and ${l_{n - m}}$ from two directions. Network requests $LR({s,d,n,\phi } )$ can be categorized into two security types in terms of confidentiality requirements, i.e., CLPs and OLPs, which are represented by the notation $\phi $ ($\phi = 1$ for CLPs, $\phi = 0$ for OLPs). We use $s \in V$ to represent the source node, $d \in V$ represents the destination node, n is the bandwidth requirement in FSs. Additionally, we assume all signal transmissions inside $G({V,E} )$ are established all-optically for cost savage, thus crosstalk attacks can be launched from arbitrary parts in $G({V,E} )$ and will not be eliminated without O/E/O conversions.

3.2 Potential leakage scenarios for CLPs to RSA arrangements

According to the crosstalk attack models discussed in Section 2, the leakage risks of CLPs are strongly related to their common nodes and links. From the network’s perspective, there are three scenarios potentially suffering leakage risks caused by crosstalk attacks, on the basis of three factors, 1) attacking threats (ATs) due to common components, 2) leakage threats (LTs) due to CLP arrangements, and 3) spreading threats (STs) due to node degrees. To minimize the CLRs, we first analyze the potential leakage scenarios to different RSA arrangements. Basically, the RSA schemes can be divided into two sub-problems, i.e., the routing allocation (RA) and spectrum allocation (SA), thus there are several leakage scenarios according to different RA and SA combinations. Fig. 3 shows examples, where a natively malicious lightpath LP2 whose power is much higher than others, is injected at node 2 and destines for node 4. The LP1 is an existing legitimate lightpath from node 5 to node 2.

 

Fig. 3. CLP leakage scenarios in EONs: (a) RA arrangements, (b) SA arrangements, (c) CLP and OLP arrangements.

Download Full Size | PDF

For LP2, Fig. 3(a) and (b) show three RA schemes (r1, r2, r3) and three SA schemes (s1, s2, s3), respectively. They represent different AT levels.

To further analyze the LTs, Fig. 3(c) presents three CLP and OLP arrangements for LP2. Here, three examples of CLP arrangements that pose different LT levels, are described as follows.

Based on the analysis above, we can classify the RSA schemes according to their potential leakage risks, which are determined by three factors such as AT, LT, and ST. When placing a new arriving lightpath LP2, we assume the ATs for three routing schemes (r1, r2, r3) are ${\alpha _1}$, ${\alpha _2}$, and ${\alpha _3}$. Apparently, we should have ${\alpha _1} \ge {\alpha _2} > {\alpha _3}$. The ATs for three spectrum schemes (s1, s2, s3) are ${\beta _1}$, ${\beta _2}$, and ${\beta _3}$, where ${\beta _1} \ge {\beta _2} > {\beta _3}$. The LTs for CLP arrangements (l1, l2, l3) are ${\gamma _1}$, ${\gamma _2}$, and ${\gamma _3}$, where ${\gamma _1} > {\gamma _2} > {\gamma _3}$. Finally, the STs usually remain constant and have a positive correlation with the total number of node degrees along the routing path. In the following section, we establish a novel metric to measure and quantify the potential leakage risks for different RSA arrangements based on AT, LT, and ST.

3.3 Crosstalk leakage risk definition

In order to minimize the overall leakage risks inside $G({V,E} )$, we investigate the solutions to the CAAW-RSA problem using different RSA schemes. For each arrival $LR$, we need to find a feasible RSA arrangement that provides the lowest leakage risks with every pair of lightpaths in the network. Ideally, the leakage risks could be zero if we try to make sure the CLP arrangements are with (r3). However, this is not practical when considering network constraints, such as spectrum capacity and consistency. Hence, for RA schemes, we try to arrange all the lightpaths interlaced with each other as possible, and for SA schemes, we ensure the CLPs are isolated from others by spaced Gbs. We also analyze the tradeoff between CLRs and BP.

To describe the leakage risks of different RSA schemes, we introduce a quantified metric named CLR, which is determined by the AT, LT, and ST mentioned previously. The ATs are measured by the total number of common nodes and links, because the overlapped or adjacent spectrum assignments will generate the crosstalk effects that can be exploited by a malicious attacker. The LTs depend on the CLP and OLP arrangements, since only CLPs are sensitive to leakage risks caused by crosstalk attacks. Furthermore, the STs are up to the total number of node degrees along the selected path, since crosstalk attacks can propagate throughout the network, and only reducing the intermediate nodes will be beneficial to migrate the STs’ impacts. To address the relative importance of three criteria, we present three coefficients ${\mu _1}$, $\textrm{}{\mu _2}$, $\textrm{}{\mu _3}$ accordingly, and also discuss their different combinations based on AHP model [32]. A couple types of path CLR and network CLR are defined as follows.

Notations:

The $CL{R_{{l_{mn}}}}$ value indicates the leakage risks caused by crosstalk attacks on link ${l_{mn}}$. The larger $CL{R_{{l_{mn}}}}$ is, the greater leakage possibility that the attacks may affect the existing lightpaths on link ${l_{mn}}$. It is noted that the RSA schemes differ for each direction since network requests are served over bi-directional fiber links. Fig. 4 shows an example of calculating $CL{R_{{l_{mn}}}}$. Take ${l_{12}}$ for example, $L{p_{ol}}$ is 2 (AE and CG), $L{p_{ad}}$ is 1 (BF), $L{p_l}$ is 8 (A∼H), ${N_{CC}}$ is 1 (AE), and ${N_{CO}}$ is 1 (BF). Besides, ${D_s}$, ${D_e}$ and ${D_G}$ in the six-node topology are 2, 3, and 16, respectively. We set $Gb$ as 1 FS. Hence, the $CL{R_{{l_{12}}}}$ is 0.875. Similarly, the $CL{R_{{l_{34}}}}$ is 1.0625 and is larger than $CL{R_{{l_{12}}}}$ as it provides more CLPs and overlapped lightpaths. Note that, the lightpaths on ${l_{12}}$ are unrelated to those on ${l_{34}}$, and we separate them by a solid and dotted line.

 

Fig. 4. An example of link crosstalk leakage risk.

Download Full Size | PDF

4. ILP formulation for CAAW-RSA

We provide solutions for the CAAW-RSA problem in small-scale networks and relatively large-scale networks, respectively. Firstly, we formulate an ILP model to solve the CAAW-RSA problem exactly in the six-node topology. For each node pair in $G({V,E} )$, we pre-calculate K shortest paths as the input to the ILP. The output is the optimal RSA arrangements with the minimum leakage risks between $L{R_i}({{s_i}, {d_i},{n_i},{\phi_i}} )$ and all existing $L{R_j}({{s_j}, {d_j},{n_j},{\phi_j}} )$. We use $L{R_i}$ and $L{R_j}$ to briefly describe them in the following section.

Parameters:

The objective is to minimize the $CL{R_{i,j\textrm{}}}$ for all pairs of $L{R_i}$ and existing allocated $L{R_j}$ in $G({V,E} )$. We define it as follows and obviously, the overall leakage risks increase with $CL{R_{i,j}}$.

Minimize

Equation (7) ensures that there is one and only one path selected for each lightpath.

Equation (8) ensures that all links ${l_{mn}}$ on path p, which is selected for $\textrm{}L{R_i}$, are identified correctly.

Equation (9) ensures that all nodes v on path p, which is selected for $L{R_i}$, are identified correctly.

Equation (10) and (11) ensure that all FS-blocks s on link ${l_{mn}}$ along the path p, which is selected for $L{R_i}$, are identified correctly.

Equation (12) ensures that each request is offered with enough FSs. Eq. (13) - (14) ensure the variables are within specific ranges and the maximum index of used FSs is obtained correctly.

Equation (15) - (16) ensure that the assigned FSs of any two lightpaths satisfy spectrum non-overlapping constraint if the lightpaths are spectrum-spaced, and the spectrum assignments also obey bandwidth capacity constraint. Eq. (17) - (18) ensure that a guard-band of $Gb > 0$ FSs between $L{R_i}$ and $L{R_j}$ can be applied if either $L{R_i}$ or $L{R_j}$ belongs to $CLP$, and the lightpaths of them are spectrum-spaced. If the lightpaths are spectrum-adjacent, the same constraints should be ensured for $s{a_{i,j}}$ as $s{s_{i,j}}$. The details are not presented here for space saving (Referring to Eq. (15)-(18), the same constraints can be obtained by simply replacing $s{s_{i,j}}$ with $s{a_{i,j}}$).

Equation (19) ensures that the spectrum assignments obey the bandwidth capacity constraint. Eq. (20) - (21) ensure that the assigned FSs do not overlap, if $L{R_i}$ belongs to $CLP$ or $L{R_j}$ is a $CLP$, and the lightpaths of $L{R_i}$ and $L{R_j}$ are spectrum-overlapped.

Equation (22) - (24) ensure that all common links and nodes between $L{R_i}$ and $L{R_j}$ are handled.

Equation (25) - (28) obtain the $CLR$ of any pair of lightpaths.

5. Heuristic algorithm for CAAW-RSA

Since ILP solution often has a long run time, it is only feasible for small networks. To solve the CAAW-RSA problem in relatively large-scale networks, we propose a time-efficient heuristic algorithm, i.e., the CAAW-RSA algorithm.

Algorithm  1 outlines detailed procedures of the proposed CAAW-RSA algorithm, which chooses the least-CLR RSA scheme for request set $LR$. Furthermore, the CLR calculation process is shown in the attached Algorithm  2. To improve both CLR and SU performance, we do not block the requests unless their leakage risks exceed the threshold. In Algorithm  1, Lines 1-2 make the preparations for request set $LR({s,d,n,\phi } )$ to be preserved in the network topology $G({V,E} )$. The $LR$ requests belonging to CLPs or OLPs are determined by the security type $\phi $. The for-loop that covers Lines 3-27 processes all $LR\textrm{s}$ to guarantee a minimal CLR in each step with the critical assistance of CAAW-RSA. Here, we consider two sets, i.e., $\mathrm{\Delta }$ stores all k-candidate paths and their corresponding $CL{R_p}$ in Lines 4-7, and $\mathrm{\Omega}$ includes the available FS-blocks along one path and their segmented link $CL{R_{{l_{mn}}}}$ (in Line 17). Note that, the k-candidate paths are calculated once a new request arrives in the network. The inner for-loop covering Lines 8-26 checks each candidate path to find a feasible RSA scheme for $L{R_i}$ and calculates the corresponding $CL{R_p}$ in Algorithm  2 for the selected path. The largest available FS-blocks in Line 10 are selected correctly following physical constraints, such as spectrum continuity constraints, spectrum consistency constraints, spectrum non-overlapping constraints and capacity constraints (${n_i}$). We demonstrate an FS-block as f from set $\{{[{{s_s},{s_e}} ]} \}$, where ${s_s}$ and ${s_e}$ are the start and end index of slots. Lines 11-24 check each FS-block assignment to obtain the $CL{R_{{l_{mn}}}}$ between $L{R_i}$ and other existing $L{R_j}$ along the path and also update the total $CL{R_p}$. If the Gb is guaranteed or neither of the requests belongs to CLP, $CL{R_p}$ stays unchanged. Line 17 obtains the $CL{R_{{l_{mn}}}}$ value by counting the number of overlapped or adjoined spectrum assignments and the CLP arrangements to the RSA scheme referred as Eq. (4) in Algorithm  2. Lines 25-26 guarantee the minimum $CL{R_p}$ of the selected RSA scheme.

Algorithm 1. CAAW-RSA algorithm

View Table | View all tables in this article

As the critical part of Algorithm  1, Algorithm  2 describes the calculation process of $CL{R_{{l_{mn}}}}$ between $L{R_i}$ and all existing $L{R_j}$ on a selected link $l_{mn}^i$ and assigned FS-block ${f_i}$. Lines 1-3 are for the initialization. The for-loop that covers Lines 4-19 check all lightpaths {$L{R_j}$} on link $l_{mn}^i$. The inner for-loop covering Lines 5-16 consider all FS-blocks ${f_j}$ of $L{R_j}$ and count the number of overlapped or adjoined FSs, security types and node degrees to calculate the $CLR$ value referred as Eq. (4). After checking all the FS-blocks ${f_j}$ of $L{R_j}$, we return the $CL{R_{{l_{mn}}}}$ value and store all the feasible FS-blocks ${f_j}$ in $\mathrm{\Omega}$.

Algorithm 2. Processing for CLR calculation

View Table | View all tables in this article

As Algorithm  2 is included in Algorithm  1, we first analyze the complexity of Algorithm  2. In Algorithm  2, the for-loop covering Lines 4-19 run $({|{L{R_i}} |- 1} )$ times at most, where $|{L{R_i}} |$ is the total number of requests. Hence, the complexity of Algorithm  2 can be $O({|{L{R_i}} |} )$. In Algorithm  1, Lines 3-27 run $K\cdot|F |\cdot({|{L{R_i}} |\cdot|E |+ 1} )$ times at most, where K denotes the number of routing paths pre-calculated for each node pair, $|F |$ is the number of FSs on each link, and $|E |$ is the number of links on a candidate routing path. Finally, the overall time complexity of the CAAW-RSA algorithm is $O({K\cdot|F |\cdot({|{L{R_i}} |\cdot|E |+ 1} )\cdot|{L{R_i}} |} )$. Since the K, $|F |$, and $|E |$ are always constant in EONs, we can simplify the overall complexity as $O({{{|{L{R_i}} |}^2}} )$.

6. Performance evaluation

This section presents the performance evaluation of the proposed ILP model and CAAW-RSA algorithm. The simulations run on a server equipped with an Intel Core i5-11400(F) CPU @3.40 GHz, an RTX3060 12 G LHR, and 8GB RAM. We use PuLP to solve the ILP model and implement the CAAW-RSA algorithm with Optical Network Simulator [33]. We set the link capacity as 320 FSs to ensure it is large enough to accommodate all the lightpaths. It is assumed that each FS is 12.5 GHz and Gb is set to be 25 GHz (2 FSs). Between two lightpaths in the same direction, the spectrum-spaced Gb should be strictly kept following 2FSs. Note that, a larger Gb can suppress crosstalk effects (a smaller CLR), but other network performances may be affected (we have discussed it in the following simulations). For each request, the source and destination nodes are randomly generated from network nodes described in Section III, the bandwidth requirement is uniformly distributed within [1,20] FSs [26], and the security types $\phi $ are initially provided according to a specific ratio of CLPs and OLPs as input. The specific ratios can be varied within the set range, denoting the security-vary demands of the requests. The arrival of generated requests follows the Poisson process, and BPSK is applied as the modulation format. We obtained the results from 100000 requests and 50 independent simulations. To reflect the confidence level, we illustrated the simulation results with a 95% confidence interval represented by the black lines in each figures, which indicates a 95% probability that the true mean of samples falling within this range.

We adopt the K shortest-path load-balanced best-fit (KSP-LB-BF), the K shortest-path load-balanced first-fit (KSP-LB-FF), the K shortest-path best-fit (KSP-BF), and the K shortest-path first-fit (KSP-FF) as benchmarks, and they are all not aware of crosstalk attacks. The LB strategy chooses routing paths according to the number of common nodes, while others are based on distance. The FF strategy selects the first index of available FS-blocks, and the term ‘best’ means the most match size of FSs with bandwidth requirements. The CAAW-RSA algorithm provides an improvement in the CLR and SU performances. For fair consideration, we also compare the CAAW-RSA algorithm with two spectrum strategies, i.e., CAAW-BF and CAAW-FF. The performances of all algorithms are demonstrated in the following discussions. In addition, these performance indicators are considered for analysis: (1) CLR, (2) average leaked points, (3) BP, (4) SU, (5) Gbs, and (6) weighted criteria.

6.1 ILP performances

ILP is supposed to be the best solution for minimizing CLRs described in Section VI. Hence, we try to solve the ILP model on the six-node topology and evaluate the ILP performances compared to the heuristic algorithm under different CLP ratios (50% - 90%).

Table 3 shows the experimental results, where CLR is the average crosstalk leakage risk defined in Eq. (5), SU represents the spectrum efficiency (in %) in EONs, and running time (in seconds) is also obtained. A better performance can be obtained from a smaller CLR and a larger SU. As expected, the ILP provides the smallest CLR and largest SU for all algorithms, thus it solves the optimization in Eq. (6) in the best way. Our proposed crosstalk-attack-aware approach, i.e., the CAAW-RSA algorithm, follows ILP and performs better than the non-crosstalk-attack-aware benchmarks in terms of a balanced CLR and SU. In this section, the best-fit strategy is mainly adopted on the spectrum assignments, i.e., CAAW-BF and KSP-LB-BF. Specifically, the CAAW-BF algorithm obtains a smaller CLR and a higher SU than the KSP-LB-BF. Due to high time complexity, ILP consumes the longest running time and becomes almost intractable when the number of requests is over 25, while the proposed CAAW-BF algorithm is much more time-efficient compared to ILP. Note that, we just list two compared algorithms for space savage.

Table 3. ILP and heuristic’ performances on the six-node topology.

View Table | View all tables in this article

6.2 CAAW-RSA performances on CLR

In this section, we evaluate the proposed CAAW-RSA algorithm in larger network topologies, i.e., NSFNET topology and US Backbone topology, and they are compared to the other five benchmarks in the following discussion.

A. CLR under different CLP ratios

Figure 5 shows the performances in form of graph for each algorithm under various CLP ratios (horizontal axis), which refers to the ratio of CLP numbers to total number of requests in the network, practically indicating different security requirements for the network. Fig. 5(a) presents the performance graph of obtained results in terms of CLR in the US Backbone topology. All curves of six algorithms increase at full CLP ratios from 50% to 90%, because the leakage is more likely to happen when more CLPs are provided. It is also demonstrated that more served CLPs will expose the network to a higher leakage risk. Thus, critically arranging CLPs in an effective way could reduce such security threats. Along the CLP ratios, the CAAW-RSA algorithm with a 50% CLP ratio achieves the lowest CLR, totally providing an enhancement of 23% than that with a 90% CLP ratio. Given that the CAAW-RSA algorithm with a 50% CLP ratio is most beneficial to reduce the CLR, a 60% CLP ratio is actually considered for achieving a balanced CLR and BP performance (discussed in next section), and 60% is also validated in [11]. Note that, we do not consider the CLP ratio below 50% because OLPs cover most of the spectrum resources, and the link capacity is secure enough to accommodate CLPs.

 

Fig. 5. Crosstalk leakage risks of all algorithms under different CLP ratios in ((a) US Backbone topology (b) NSFNET topology).

Download Full Size | PDF

Figure 5(a) also shows that the proposed CAAW-RSA algorithm (both CAAW-BF and CAAW-FF) has the best CLR compared to benchmarks, and all of them increase along with CLR ratios. The CAAW-BF obtains the least improvement of 33% over KSP-BF in terms of CLR. This is because the CAAW-RSA algorithm always ensures that the CLPs are separated from others and tries to choose the path where a crosstalk attack is unlikely to occur, while the benchmarks do not conduct this consideration in their RSA schemes as they treat all the candidate paths equally in terms of CLR. This also validates the feasibility of CLR measurement referred as Eq. (4) that it can enhance the security against crosstalk attacks by providing smaller CLPs. Among four benchmarks, the KSP algorithm (both KSP-BF and KSP-FF) achieves a lower CLR than those of KSP-LB algorithm (both KSP-LB-BF and KSP-LB-FF). This attributes the fact that the KSP-LB algorithm tries to find a load-balanced path to serve more requests, while failing to meet the security requirements of CLPs in the RSA process. When comparing different spectrum strategies, the CAAW-BF algorithm performs better than the CAAW-FF algorithm. This is because the best-fit strategy gives priority to the FS-blocks with the best match size in terms of CLR. In the same way, the benchmarks with BF strategy, i.e., KSP-LB-BF and KSP-BF algorithms, also obtain a lower CLR than those of KSP-LB-FF and KSP-FF algorithms.

We further evaluate the CAAW-RSA algorithm in NSFNET topology as shown in Fig. 5(b). We observe that the results in the NSTNET topology exhibit similar trends as those in the US Backbone topology. Note that, the CLR in the US Backbone topology is lower than that of in NSFNET topology. This attributes to the fact that US Backbone topology is more connected, and hence CAAW-RSA algorithm has more relatively disjoint node candidates to select from in lower-leaking.

B. Leaked points under different CLP ratios

Figs. 6 and 7 show the performances related to the number of leaked points in US Backbone topology and NSFNET topology, respectively. We assume that a node is regarded as a leaked point when over 50% of spectrum slots are occupied by CLPs and is more likely to be attacked. The performance results in Figs. 6(a) and (b) depict that more leaked points will be obtained, either as the CLP ratio or traffic load increases. As expected, the proposed CAAW-RSA algorithm shows a smaller number of leaked points. This is because CLPs are relatively distributed being aware of crosstalk attacks, which limits the centralization of CLPs on a common node from a long-term perspective. Meanwhile, Figs. 6(a) and (c) show the relationship between CLR and leaked points performances under 60% CLP ratio (an example), where a lower CLR presents fewer leaked points, further proving that the CLR measurement can effectively reflect the network leakage risks. Since CLRs can be correctly indicated by leaked points, we can obtain loose-CLP distribution through the CLR process. Then, a lower leakage risk to the network is achieved. The results in NSFNET topology are shown in Figs. 7(a), (b) and (c). The results also perform similar trends as those in US Backbone topology.

 

Fig. 6. Average leaked points of all algorithms under different ((a) CLP ratios, (b) traffic loads, (c) CLR correlation) in US Backbone topology.

Download Full Size | PDF

 

Fig. 7. Average leaked points of all algorithms under different ((a) CLP ratios, (b) traffic loads, (c) CLR correlation) in NSFNET topology.

Download Full Size | PDF

6.3 CAAW-RSA performances on BP and SU

The BP and SU performances are plotted in Fig. 8 and Fig. 9. The results in US Backbone topology are shown in Figs. 8(a) and (b). The results perform similar trends as those in NSFNET topology. However, since the network becomes more connected, the BP is lower in US Backbone topology than that of in NSFNET topology. This is because the CAAW algorithm can load-balance the compatible requests better.

 

Fig. 8. Network performances ((a) BP, (b) SU) of all algorithms under different traffic loads in US Backbone topology.

Download Full Size | PDF

 

Fig. 9. Network performances ((a) BP, (b) SU) of all algorithms under different traffic loads in NSFNET topology.

Download Full Size | PDF

In Fig. 8(a), we can observe that all BP curves are rising with the increased traffic load. In addition, the KSP-LB algorithm shows the lowest BP (average 8%) among other algorithms. This is because KSP-LB algorithm finds a RSA scheme primarily to adopt more requests in the network, thus there is less congestion likely to happen during the process. However, the BP performance is a tradeoff as KSP-LB algorithm obtains the worst CLR performance than other algorithms. Besides, our proposed CAAW algorithm follows and performs better than KSP algorithm. The reason is that we do not consider blocking the requests, although the candidate paths do not meet the demands for a minimal CLR. We just find a way to balance the network performance, i.e., security and efficiency. When comparing spectrum strategies, the CAAW-FF gets a much better performance (a lower BP) than the CAAW-BF, and the other four benchmarks perform similarly. This attributes that the BF strategy results in more spectrum fragments in order to fit the required slot size, which causes more congestion.

As shown in Fig. 8(b), SU increases as traffic load grows. A greater SU indicates better performance. It is observed that the proposed CAAW-RSA algorithm achieves comparable or even higher SU performance than other benchmarks, even up to a maximum improvement of 10%. This is attributed to the fact that the CAAW-RSA algorithm can manipulate the RSA arrangements for better spectrum isolation and pack the requests in a compact manner. Here, the CAAW-FF algorithm exhibits a much better performance than the CAAW-BF, since the FF strategy can provide more candidate paths with fewer constraints.

6.4 Impacts of Gb numbers

When assigning spectrum slots, the Gbs are set to separate lightpaths from their neighbors, thus they are usually discussed in specific scenarios. From the CLR definition, different Gb numbers play significant impacts on the performance results. This section evaluates the applicability of the proposed CAAW algorithm (including both CAAW-FF and CAAW-BF) with different Gb numbers in terms of CLR. The results in US Backbone topology are shown in Figs. 10(a) and (b). The results also perform similar trends as those in NSFNET topology (Figs. 11). As shown in Fig. 10(a), we consider the condition as $\textrm{Gb} = 1, 2, 3, 4$. Among all settings, the CLR increases slowly at full CLP ratios, and the larger of Gb numbers, the lower CLR is obtained. The reason is that a larger Gb creates larger spectrum isolation. It reserves more split spaces to arrange CLP and OLP, thus achieving a lower CLR. Also, we compare the BP performance among CAAW algorithms with different Gb numbers, and a smaller Gb achieves a lower BP. This is because a larger Gb may lead to more isolated spectrum slots that cannot be fully utilized, which results in more congestion. To this end, Gb2 is applicable for our network scenarios for its lower CLR and higher BP.

 

Fig. 10. Network performance ((a) CLR under CLP ratios, (b) BP under traffic loads) of CAAW-RSA algorithm with different Gbs in US Backbone topology.

Download Full Size | PDF

 

Fig. 11. Network performances ((a) CLR under CLP ratios, (b) BP under traffic loads) of CAAW-RSA algorithm with different Gbs in NSFNET topology.

Download Full Size | PDF

6.5 Impacts of weighted criteria

The CLR is calculated referred as Eq. (4), and we set the coefficients as ${\mu _1} = {\mu _2} = {\mu _3} = 1$. However, different weights of each criterion may present different performances. In Fig. 12, we associate a certain (normalized) weight with each criterion in such a way that the sum of total weights is 1. These assigned weights determine the degree to which a specific criterion can influence the RSA schemes. We provide a definite weight (equaled to 0.1) for the third criterion ST as it is decided by node degrees, which are relatively fixed. We discuss the impacts on CLR performance of the CAAW algorithms when assigning different proportions of AT and LT. Here, we assign the weights to each criterion as {(${\mu _1} = 0.6, {\mu _2} = 0.3, {\mu _3} = 0.1$), (${\mu _1} = 0.7, {\mu _2} = 0.2,\; {\mu _3} = 0.1$), (${\mu _1} = 0.8,\; {\mu _2} = 0.1,\; {\mu _3} = 0.1$)} and it can be observed that the normalization with (${\mu _1} = 0.6,\; {\mu _2} = 0.3,\; {\mu _3} = 0.1$) achieves the best CLR with a maximum improvement of 11%, indicating that there is a balanced performance by following a certain weighted assignment of coefficients and the CLR performance is sensitive to coefficients ${\mu _1}$ and ${\mu _2}$. As ${\mu _3}$ is fixed, the coefficient ${\mu _2}$ has a greater influence on CLR than ${\mu _1}$, which addresses more importance of LT than AT. Thus, it is crucial to arrange CLPs effectively (associated with LT) for achieving lower CLRs. As expected, the BP performance of the CAAW algorithm is worse than other algorithms as a trade-off for achieving a better CLR. Similarly, the results in US Backbone topology perform similar trends as those in NSFNET topology.

 

Fig. 12. Network performances ((a) CLR under CLP ratios, (b) BP under traffic loads) of CAAW-RSA algorithm with different weighted criteria in different topologies.

Download Full Size | PDF

7. Conclusion

In this paper, we propose the CAAW-RSA algorithm to protect CLPs from data leakage against crosstalk attacks based on the joint optimization of AT, LT and ST arrangements in EONs. We first introduced two crosstalk attack models to describe leakage issues in the network. To address this issue, we defined a metric named CLR to measure the quantified leakage risks caused by crosstalk attacks. Based on this, we formulated an ILP model to solve the CAAW-RSA problem exactly and designed a time-efficient heuristic algorithm, i.e., the CAAW-RSA algorithm, separately for diverse applicability. These proposed approaches were evaluated in terms of CLR, BP, SU, and the performances on diverse Gbs and weighted criteria were also discussed. We conducted the simulations in the six-node topology and NSFNET topology, respectively. Simulation results demonstrated that in small-scale networks, the ILP achieved the optimal solutions (for a minimum CLR and a larger SU) than the CAAW-RSA algorithm. While in a relatively large-scale network, the CAAW-RSA algorithm provided the maximum enhancement of 23% in CLR and 10% in SU than benchmarks but led to an average increment of 8% in terms of BP. Moreover, the feasibility of CLR measurement was also validated by the performances of average leaked points, which performed positively correlated with CLRs.