Upload
ha-na-nguyen
View
219
Download
0
Embed Size (px)
Citation preview
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
1/16
JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005 655
Security Performance of Optical CDMAAgainst Eavesdropping
Thomas H. Shake, Member, IEEE
AbstractEnhanced security has often been cited as an impor-tant benefit of optical CDMA (O-CDMA) signaling. However, thequality and degree of securityenhancement hasnot been closely ex-amined in the literature. This paper examines the degree and typesof security that may be provided by O-CDMA encoding. A quan-titative analysis of data confidentiality is presented for O-CDMAencoding techniques that use both time spreading and wavelengthhopping. The probability of successful data interception is calcu-lated as a function of several parameters, including signal-to-noiseratio and fraction of total available system capacity. For reason-able choices of system and encoding parameters, it is shown thatincreasing code complexity can increase the signal-to-noise ratio
(SNR) required for an eavesdropper to break the encoding byonly a few dB, while the processing of fewer than 100 bits by aneavesdropper can reduce the SNR required to break the encodingby up to 12 dB. The overall degree of confidentiality obtainablethrough O-CDMA encoding is also compared with that obtainablethrough standard cryptography. time-spreading/wavelength-hop-ping in particular, and O-CDMA in general, are found to provideconsiderably less data confidentiality than cryptography, and theconfidentiality provided is found to be highly dependent on systemdesign and implementation parameters.
Index TermsCode division multiaccess (CDMA), communica-tion system security, optical communication.
I. INTRODUCTION
ENHANCED security is a frequently cited benefit of optical
CDMA (O-CDMA) signaling techniques, and is often said
to be inherent in the technology [1][5]. However, most of the
literature discussing O-CDMA security relies on rather intuitive
and imprecise notions of security, and few papers present any
quantitative analysis of the degree of security that can be ex-
pected from O-CDMA techniques. Those papers that do present
quantitative results often consider only the most rudimentary
kinds of attacks on security, such as brute-force code-searching,
neglecting more sophisticated attacks which are typically more
effective. A systematic analysis of the types and degree of se-
curity that might be available from O-CDMA has, so far, been
lacking in the research literature.
This paper sets a framework for the security analysis of com-
munication waveforms and considers, within this framework,
the types of security that O-CDMA might provide. It then
presents a detailed theoretical evaluation of one specific type
Manuscript received May 10, 2004; revised September 9, 2004. This workwas supported by the Defense Advanced Research Projects Agency under AirForce Contract F19628-00-C-0002. Opinions, interpretations, recommenda-tions, and conclusions are those of the author and are not necessarily endorsedby the United States Government.
The author is with the Massachusetts Institute of Technology, Lincoln Labo-ratory, Lexington, MA 02420-9108 USA (e-mail: [email protected]).
Digital Object Identifier 10.1109/JLT.2004.838844
of securitydata confidentialitythat is provided by certain
representative types of O-CDMA signaling. This evaluation
includes quantitative results on the degree of confidentiality
that is provided. The degree of confidentiality obtainable by
O-CDMA techniques is also compared with that obtainable
from standard encryption techniques, which provide a familiar
and well-characterized benchmark of security.
The organization of this paper is as follows. Section II re-
views some general principles of security analysis, and estab-
lishes assumptions for the analysis presented in the paper. Sec-
tion III examines some basic security properties of O-CDMAencoding techniques. Section IV presents eavesdropping strate-
gies that will be used in the confidentiality analysis that follows.
Section V presents a quantitative analysis of the degree and type
of confidentiality that may be provided by time-spreading/wave-
length-hopping encoding. Section VI discusses the results of
this analysis, considering practical implementation limitations
and comparing O-CDMA encoding with cryptography as a se-
curity technique. Section VII presents a brief set of conclusions.
II. FRAMEWORK FORSECURITYANALYSIS
A. Types of Security
When evaluating the security of a communications technique,it is important to define the type of security under considera-
tion. Security in communications and computer networking is
traditionally divided into the categories of confidentiality, in-
tegrity, and availability [6]. O-CDMA could potentially provide
both confidentiality and availability protection. For example,
O-CDMA encoding could potentially enhance the availability
of a system by offering some degree of jamming resistance, be-
cause many of the O-CDMA techniques proposed in the liter-
ature involve significant spectrum-spreading of the transmitted
signals. Optical receiver structures differ from RF receiver struc-
tures. Consequently the degree and type of jamming protec-
tion that O-CDMA encoding can provide may differ signifi-cantly from the protection offered by traditional RF spread spec-
trum modulation [7]. O-CDMA encoding might conceivably
provide some degree of covertness of signal transmission, at
least for free-space optical transmissions. (Significant covert-
ness is unlikely to be obtained through O-CDMA signaling in
a fiber-based transmission system, since an interceptor is likely
to be able to detect relatively high power levels propagating in
the fiber.)
While forms of security such as protection against jamming
and transmission covertness may be provided by some types of
O-CDMA encoding, it is data confidentiality that has been the
primary focus of published proposals for secure O-CDMA
0733-8724/$20.00 2005 IEEE
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
2/16
656 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
(e.g., [3] and [4]). Furthermore, data confidentiality is probably
the best known and most commonly sought form of security in
communications. Therefore, the remainder of this paper focuses
on evaluating the degree of data confidentiality that may be pro-
vided by O-CDMA encoding techniques.
B. Evaluating Data Confidentiality1) Classes of Data Confidentiality: In theory there are two
distinct classes of data confidentiality. The most confidential
communication systems are called unconditionally secure if
they are theoretically unbreakable even with infinite computa-
tional resources [8], [9]. While unconditionally secure systems
do exist, they are not practical for most applications. A system
is called computationally secureif it requires a sufficiently large
amount of computational resources, applied over a sufficiently
long time, to break. Most practical cryptographic systems (most
good ones, anyway) fall into this category. Within the class of
computationally secure systems there can be different degrees
of confidentiality. If one system requires a large amount of
computational resources running for one hundred years to break
and another requires only ten years to break using the same
resources, then clearly the system requiring the longer time to
break is preferable, all other factors being equal.
2) Assumptions in Confidentiality Analysis: The assump-
tions used in a security analysis can strongly affect the degree
of security that the analysis shows. The analysis in this paper
assumes that potential adversaries are technologically sophisti-
cated, have significant resources, and know a great deal about
the signals being transmitted. (See [10, Ch. 2] for a discussion
of threat evaluation in the context of cryptography.) In partic-
ular, the eavesdropper knows what types of O-CDMA signals
are being sent: the data rate, the type of encoding, and thestructure of the codesbutnotthe particular code that an indi-
vidual user employs. These assumptions are made because it is
reasonably easy for a user to change codes in the event his code
is compromised. However, the other parameters mentioned,
such as the data rates, the types of codes, etc., are difficult to
change quickly, and might even require a hardware/software
redesign of the communication equipment in the event that they
were found out by an adversary. Depending on the secrecy of
hard-to-change parameters for data confidentiality is poor secu-
rity practice; one must assume, when doing a security analysis,
that an adversary knows them or may know them. These same
principles are applied in the analysis of cryptographic systems,and are often stated in the form ofKerckhoffsprinciple, which
essentially states that one should assume that the eavesdropper
knows everything about the cryptographic algorithm except for
the key that each user employs (see [10, p. 23]).
III. O-CDMA CONFIDENTIALITYBASICS
A. Code Space Size
It is worth briefly reviewing the basic reasons that lead to the
expectation that O-CDMA can provide some degree of data con-
fidentiality. Each O-CDMA transmitter/receiver pair is assumed
to use a specific code. The receiver uses the exact knowledge of
the code to separate the transmission from other users transmit-ting on different codes and from random channel and receiver
noise. It is difficult for an eavesdropper to correctly demodulate
the O-CDMA signal without knowing the code being used, es-
pecially if there are multiple users transmitting simultaneously
on different codes. If an O-CDMA coding scheme that has a
very large number of possible codes could be developed, then
an eavesdropper would have to perform a brute-force search
through half of them, on average, before finding the proper codeto demodulate a given users data.
Thus, thefirst measure of the degree of security potentially
available from O-CDMA encoding is the size of itscode space
(the number of different codes that might be used by an indi-
vidual user). This can vary greatly depending on the type of
O-CDMA and the parameters of the coding. Table I compares
the code space sizes of example codes taken from four common
categories of O-CDMA techniques. Code parameters used in
the examples were chosen in an attempt to represent chal-
lenging, but potentially implementable codes for high data rate
transmission. However, detailed consideration of the feasibility
of implementing these types of codes is beyond the scope of
this paper. It should also be noted that the different categoriesof codes considered here require different transmission band-
widths, have different cross-correlation properties, and may
have differing implementation complexities. The comparison
here focuses only on security properties.
The first category shown in Table I, time-spreading codes
(using a single wavelength), contains codes such as optical or-
thogonal codes [11], prime codes [12], and EQC codes [13].
These codes all have relatively small code spaces for a given
code length,1 and are not likely to produce large enough code
spaces to deter brute-force searching techniques for feasible im-
plementations at high data rates (e.g., 1 Gbits/s and above).
The second category, time-spreading/wavelength-hoppingcodes, can be viewed as an extension of time-spreading codes
into two dimensions (time and wavelength), and can also be
viewed as an analog to RF frequency-hopping [14]. These
codes can be designed to have a very much larger code space
size than the one-dimensional time-spreading codes (see [3],
for example). The resulting code space sizes can be large
enough to prevent a brute-force code space search from being
successful in any reasonable amount of time [3]. For example,
for 30 wavelengths and 1000 time slots, a code space size on
the order of possible codes can be obtained.
The third and fourth categories in Table I represent spectral
encoding techniquesspectral amplitude encoding and spec-
tral phase encoding, respectively. Spectral amplitude encoding
[15] relies on code sequences with particular properties to main-
tain a reasonable degree of orthogonality among different users
coded signals. The spectral amplitude codes in [15] require ei-
ther Hadamard sequences or maximal length sequences ( -se-
quences) as their basis, and these codes are still fairly limited
in code space size. While time spreading codes may be im-
plemented with code lengths of in the thousands or even tens
of thousands, depending on the data rate, implementation con-
straints for spectral coding masks limit feasible codes to lengths
of a few hundred or so. For a code length of 511 amplitude mask
1Code length, for these codes, is defined as the total number of code chips perinformation bit.
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
3/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 657
TABLE ICODESPACE SIZE FOR FOUR CATEGORIES OFO-CDMA CODING
elements, one can calculate that there are 48 different -se-
quences that could be used as codes [17], and each of these se-
quences can be shifted by one or more code elements to pro-
duce a distinct code. This produces a maximum of about 25 000
(48 511) possible codes. This is a considerably larger code
space than that produced by most time-spreading codes, but still
quite small compared with time-spreading/wavelength-hopping
codes.
Spectral phase encoding has similar code mask implemen-
tation constraints to spectral amplitude encoding. However,
analysis has shown that spectral phase encoding may be ableto support a reasonably large number of simultaneous users
at low bit-error-rates (BERs) by employing code word sets
that are chosen randomly [16]. Unlike time-spreading/wave-
length-hopping codes, the number ofones and zeros in a
spectral phase code does notaffect the amount of energy in the
transmitted signal, and hence does not affect the power balance
among a group of users. Thus, a central controller choosing
codes to assign to a group of, say, 100 users could choose
100 different random combinations of the code elements
in a spectral phase encoder, and each user would be assigned
one of these codes. Performance calculations in [16] show
that, on average, a reasonably large number of simultaneoususers can be supported with randomly chosen code word sets.
These calculations apply to average performance, though, and
it should be noted that a large portion of the many possible
code sets chosen randomly might have well below average
BER performance. In theory, though, a central controller could
select a set of randomly chosen codes for some desired number
of users, and could then pseudorandomly refine the set of codes
by discarding certain codes of the chosen set and randomly
choosing replacements until the overall performance of the
code set met the desired BER specifications. (This procedure
might be highly processing-intensive, and might need to be
pre-calculated before network operations begin.) The resulting
set of codes would still appear random to an eavesdroppertrying to guess which individual codes had been selected, and
Fig. 1. Linear system modeling of O-CDMA transmitter.
he would thus have to search a large fraction of the code space
before being successful. Random code choice allows the code
space to be very large indeed, with a 511 element phase mask
generating possible codes.Time-spreading/wavelength-hopping codes and spectral
phase codes appear to be two of the most promising code types
for generating code spaces that are large enough to prevent
successful brute-force code search attacks. However, a very
large code space is necessary, but not sufficient, for good data
confidentiality, as subsequent sections of this paper will show.
B. Code Interception
Brute-force searching for an individual users code is a very
inefficient attack strategy whenever the code space is large. In-
telligent eavesdroppers will seek other forms of attack if they
are available. For most, if not all, O-CDMA techniques cur-rently described in the literature, there is indeed another, more
efficient, form of attack. This attack is based on the observation
that many O-CDMA transmitter designs regularly broadcast the
very thing that is the key to keeping the users data confidential:
the code word itself. An intelligent eavesdropper can design
a listening device to detect this code word. Once a users code
word is detected by the eavesdropper, the eavesdropper has free
access to the users data until the users code is changed.
Consider the modeling of an O-CDMA transmitter. Most
every form of O-CDMA encoder in the literature, as far as
this author is aware, can be modeled as a linear time-invariant
(LTI) system for at least somefinite time that is large compared
with the code duration, as illustrated in Fig. 1. When drivenby an optical input waveform, , the output of the encoder
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
4/16
658 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
can be modeled as the convolution of the impulse response
of the encoder, , with . (Alternatively, the output can
be modeled in the frequency domain by the multiplication of
the Fourier transforms of the input waveform and the impulse
response.) If an eavesdropper can observe the transmitted
waveform, , in the channel, and if he knows the form of
the input waveform , he can use standard linear systemanalysis to solve for the impulse response of the encoder (or
its Fourier transform, the transfer function). This reveals the
code being used. Even if a transmitters code is reconfigured
frequently, the encoder can still be modeled as a piecewise LTI
system, with linear analysis techniques being applicable during
the period between code changes.
Using an LTI transfer function to encode data thus presents
a fundamental security problem. There are three possible ap-
proaches to solving this problem. The user could try to keep the
input waveform, , secret, preventing an eavesdropper from
being able to solve for the code even with accurate observations
of the output waveform, . However, this solution violates
Kerckoffs principle (Section II)if the input waveform wereever compromised, it would need to be changed to make the
system secure again, and this would probably be fairly difficult.
It is more realistic to assume that an interceptor knows the input
waveform(s) being used.
A second approach is to try to make it very difficult for an
eavesdropper to accurately detect in the channel, thus
making it difficult for him to accurately solve for the code.
This can be attempted by transmitting signals of relatively
low power, making it difficult for an eavesdropper to attain
sufficient signal-to-noise ratios to make accurate channel mea-
surements. The eavesdroppers ability to solve for the code can
also be decreased by increasing the code complexity, whichcan decrease the eavesdroppers signal-to-noise ratio per code
element. With this overall approach, the eavesdroppers ability
to solve for the code can be determined by classical detection
theory [18]. The degree of confidentiality produced by this
approach will depend on the SNR that an eavesdropper can
attain when attempting to detect the users coded signals.
A third approach is for each transmitter to change its code
very frequentlymore frequently than an eavesdropper could
detect the channel waveform and solve for the code. This ap-
proach may be combined with the previous approach of mini-
mizing transmitted power. The required rate of code reconfigu-
ration depends on the time required for an eavesdropper to ac-
curately detect the channel waveform and solve for the code.
This time depends, in turn, on the SNR that the eavesdropper
is able to obtain, and on the code complexity. The effectiveness
of code reconfiguration thus depends on how difficult the trans-
mitter can make it for the eavesdropper to detect codes by ob-
serving the channel. The remainder of this paper concentrates
on evaluating this degree of difficulty.
IV. O-CDMA EAVESDROPPINGSTRATEGIES
A. Signal Tapping
An eavesdropper in an O-CDMA network may tap signals
from various locations within the network. He may commandeeran authorized user terminal, or may tap signals from network
Fig. 2. Potential locations for taps that allow an eavesdropper to isolateindividual user signals.
fibers. For the purposes of code interception it is advantageous
to tap isolated user signals, avoiding the multiple user interfer-
ence (MUI) that is characteristic of CDMA systems. Since each
authorized terminal in an all-to-all O-CDMA network receives
signals from all transmitters simultaneously (as shown in Fig. 2
for a broadcast star topology), commandeering an authorized
user terminal does not give an eavesdropper an isolated signal
for code interception. If the eavesdropper is interested in a spe-cific, identifiable user, tapping afiber in the network infrastruc-
ture is more advantageous for the eavesdropper, since it can give
the eavesdropper access to the isolated user signal. For example,
as Fig. 2 shows, a typical broadcast star LAN carries individual
user signals over approximately 50% of its total fiber length (the
user-to-star coupler links). Even if a single fiber is used to con-
nect each user to the star coupler (implying bidirectional signal
propagation in the fiber),fiber taps can easily separate signals
propagating in opposing directions. This gives an eavesdropper
much opportunity to tap into individual user signals.
B. Vulnerability of OnOff Keyed O-CDMA
The majority of published O-CDMA techniques rely on
onoff keying (OOK) for data modulation [1]. Typically, a
coded transmission is sent during a bit interval to represent a
one, and no energy is sent during a bit interval to represent
a zero. While this allows the implementation of relatively
simple optical transmitters and receivers, it is also highly
vulnerable to relatively simple eavesdropping techniques. As
has been noted in [5], if an eavesdropper can isolate individual
users signals as in Fig. 2, he can use a simple energy detector
to detect whether energy is present or not in each bit interval.
(Acquiring bit interval synchronization from a coded OOK
stream should be fairly straightforward given knowledge of the
data rate and type of encoding, although the accuracy of syn-chronization would depend on the SNR at the eavesdroppers
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
5/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 659
receiver.) In this case, there is no need for the eavesdropper
to break the coding scheme or steal the code; the energy
detector output contains the users data stream.
There are several possible solutions to this problem. First,
vulnerablefibers could be physically made secure against tap-
ping, or each users data could be encrypted. However, nei-
ther of these solutions has anything to do with O-CDMA tech-niquesO-CDMA security might not be necessary at all if they
were used. Since this paper deals with the strength of O-CDMA
encoding, these solutions will not be considered.
A workable solution that relies solely on the properties of the
encoding would be to either use a constant envelope modula-
tion technique such as phase shift keying (PSK), or to force the
modulation technique to send a constant amount of energy for
each transmitted bit by transmitting one code sequence for a
one and a different code sequence for azero. We will call
this latter approach2-code keying. 2-code keying would require
distribution of twice as many codes for a given set of users. It
would produce significantly more MUI for a given number of si-
multaneous transmitters compared with OOK-based O-CDMA,although it would also increase the receivers average energy
per data bit, since energy would be transmitted for both zeros
andones.It would work with most proposed O-CDMA tech-
nologies, and would remove the vulnerability to eavesdroppers
with simple energy detectors.
(This approach can be generalized by assigning code
words to each user and having each user transmit one code word
for each data bits, which denies the eavesdropper the ability
to detect data using a simple energy detector. Choosing
may make the eavesdroppers task slightly more complicated, as
discussed in Section V.B, though a full analysis of the trade-offs
involved is beyond the scope of this paper.)Some form of constant energy-per-bit modulation is neces-
sary if O-CDMA is to provide significant confidentiality for an
individual user. However, while it is necessary, such modulation
is not sufficient for complete confidentiality. Eavesdroppers may
mount other, albeit more difficult, attacks, such as trying to in-
tercept the transmitted code words themselves. The next section
presents an analysis of the effectiveness of this type of attack.
V. QUANTIFYINGO-CDMA CONFIDENTIALITY
A. Code Word Interception
Detecting exactly which code word a particular transmitteris using would allow an eavesdropper to demodulate all of that
transmitters data until the code word were changed. Since most,
if not all, currently proposed O-CDMA coding structures can be
modeled by LTI transfer functions, as discussed above,an eaves-
dropper could (theoretically, at least) detect the coded transmis-
sions of a particular user and derive the code from this infor-
mation. This type of attack is quite general in its applicability
to various types of O-CDMA encodingthe author is unaware
of any type of O-CDMA encoding to which it would not apply.
Therefore, quantifying the effectiveness of this type of attack
yields information with broad implications for the security of
O-CDMA.
The exact techniques required for code detection depend onthe type of code being transmitted; therefore it is necessary to
Fig. 3. Simplified time-spreading encoded waveform (single wavelength).
choose a particular type of code to quantify the effectiveness
of this type of attack. This section examines the detection per-
formance of one of the most promising classes of O-CDMA
encoding for providing confidentialitytime-spreading/wave-
length-hopping encoding [3], [14]. (We consider time spreadingencoding on a single wavelength [11], [19] as a special case
of time-spreading/wavelength-hopping.) A separate paper will
deal with an analysis of the confidentiality performance of spec-
tral encoding techniques, particularly spectral phase encoding
[29].
The analysis presented here treats the eavesdroppers code
interception problem as a problem in classical detection theory
[18]. The eavesdropper taps a coded transmission of a particular
user and performs the necessary calculations to derive the trans-
mitters code word from these transmissions. The resulting code
will have some probability of error, which will depend strongly
on the signal-to-noise ratio at the eavesdroppers receiver.This analysis is primarily theoretical, and assumes idealized
transmission components (e.g., fiber, couplers, and receiver
components). Receiver implementation losses are also not
modeled. The results described thus represent a near worst
case performance assessment, although a slightly suboptimum
receiver structure is analyzed because of its higher likelihood
of implementation.
We now consider the structure of a code intercepting receiver
for time-spreading/wavelength-hopping encoding. Consider
first the case of time-spreading on a single wavelength. Fig. 3
shows a simplified depiction of a time-spreading encoded
signal. Each data bit to be encoded is divided into possible
code chips, of them containing an energy pulse for any
given code. ( is theweightof the code, and is thelength.)
Each code pulse contains energy . Thus, the total energy
transmitted per data bit is WE .
In theory, an eavesdropper can use a receiver that is highly
similar to a radar receiver to intercept this type of signal and
determine the code. The eavesdropper can divide each data bit
duration into time intervals, orbins(Fig. 3), and determine
whether an energy pulse is present or not in each one. This can
be done by implementing a filter that is matched to an individual
code pulse and sampling the output of the filter once per time
bin. The performance of this type of receiver can be determined
using the mathematics of classical radar detection theory (see,for example, [18] and [20]).
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
6/16
660 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
Fig. 4. Coherent receiver with matchedfilter for code interception.
Fig. 5. Envelope detector structure for code intercepting detector.
The optimum implementation of this type of receiver would
be a coherent detection receiver and an exact matched filter, as
shownin Fig.4 (see[24, pp. 257262]), where the matched filter
can be implemented by the combination of the bandpass and
lowpassfilters illustrated. However, a simpler and more likelyimplementation would be an optical amplifier, followed by an
opticalfilter that is approximately matched to the code pulses,
with a square law envelope detector such as a photodiode used
to detect the output of the optical matchedfilter [21], [22], [24].
The output of the electronic detector is then time sampled. Such
a code interceptor is shown in Fig. 5.
This code interception strategy generalizes to time-
spreading/wavelength hopping coding in a straightforward
way. Given a code using time chips and wavelengths,
the receiver structure in Fig. 5 can be replicated times. If
is too large for this to be practical, a reasonable number
of wavelength channels can be implemented and scanned
sequentially over the different wavelength bands covered by
the coded signal. This would produce a tradeoff between the
number of wavelength channels implemented in the code inter-
cepting receiver and the time required to detect the code with a
given degree of statistical reliability. (The statistics of reliable
detection are quantified later.)
We assume for the purposes of security performance calcula-
tions that the eavesdropper is able to synchronize to the trans-
mitted signal. Given synchronization, the eavesdropper can then
locate the beginning and end of a data bit, and can sample the
detector output precisely at the end of each code chip time. This
assumption is not strictly necessary for either the operation or
the analysis of the code intercepting detector. It is made becauseit is the worst case assumption from a security perspective (it
yields the best possible performance for the eavesdropper), and
it is better to overestimate an eavesdroppers capability than to
underestimate it. In reality, an eavesdropper will not have perfect
synchronization with the transmitted signal, and some perfor-
mance loss will result. However, it is quite plausible, especiallyunder high SNR conditions, that an eavesdropper could attain
reasonably accurate code chip synchronization by correlating
the pulse stream with a replica of an individual pulse. Data bit
synchronization should also be fairly easy to attain if the trans-
mitter is using OOK O-CDMA, and could probably be attained
by processing multiple bits of a non-OOK encoded stream.
Thefigure of merit that will be used here for code intercep-
tion performance calculations is the probability that the eaves-
dropper can detect the users entire code word with no errors,
denoted by . This probability will depend on the type
of detection processing and on the amount of time the eaves-
dropper observes the users signal for each detection; it can be
calculated from two quantities that are staples of classical de-tection analysisthe probability of missing a transmitted pulse
in a given time bin, , and the probability of falsely detecting
a pulse in a bin where none was transmitted, . If the code
interceptor makes a code word decision based on observing the
transmitted signal for a single data bit interval, the overall prob-
ability of error-free code word detection is given by
(1)
Thefirst term represents the probability of not missing any of
the pulses that are transmitted during a data bit. The second
term is the probability of not falsely detecting pulses in any of
the time bins where pulses are not transmittedduring a data bit.
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
7/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 661
and are determined by the SNR at the eavesdropper
and by the eavesdropping detectors performance in noise. As-
suming that the dominant form of noise can be modeled as addi-
tive white Gaussian noise, the EDFA/optical matchedfilter re-
ceiver structure in Fig. 5 can be shown to give [22]
(2)
(3)
where is the ratio of the peak pulse energy to the noise
power spectral density, is the detection threshold, and
is the Marcum Q-function defined as [23, p. 147]
(4)
where denotes a zeroth order modified Bessel function of
thefirst kind.
Fig. 6 plots versus for a time-spreading/wave-
length-hopping code and for both this type of receiver and the
coherently detected matched filter receiver. (Derivation of the
performance of the coherent receiver with matched filter detec-
tion can be found in standard texts [24], [25], [18]). The code
parameters used for this sample calculation were , and
, and , corresponding to a prime hop code
with 961 time slots and 31 wavelengths [28], for example. Note
that the numerator in the plotted here refers to the en-
ergy in an individual code pulse, not the energy received during
an entire data bit. In both the cases plotted, the eavesdropper
is assumed to be able to set the detection threshold to its op-timum value. This requires knowing or estimating such param-
eters as , and the SNR; the optimal threshold at each
SNR value for the envelope detector was determined by a search
algorithm for these calculations. As thefigure shows, the loss in
performance of the optical matched filter with envelope detec-
tion relative to the optimum coherent matchedfilter detection is
relatively small, especially at higher SNRs.
The basic form of the result shown in Fig. 6 has strong impli-
cations for the degree of confidentiality that may be attained by
O-CDMA encoding. (While the results in Fig. 6 are for a par-
ticular type of time domain encoding with certain coding pa-
rameters, the same general results can be shown for differenttypes of O-CDMA encoding [29].) Since the eavesdroppers
ability to correctly detect user code words is strongly dependent
on the SNR at the intercepting receiver, it follows that the de-
gree of confidentiality provided is also a strong function of this
SNR. Since the eavesdroppers SNR is a function of a number
of system design and operation parameters, this means that the
degree of confidentiality provided by O-CDMA techniques will
also be a function of these system design and operation param-
eters.
Since the degree of confidentiality of user data is dependent
on the SNR at the eavesdropper, it is important to quantify how
low this SNR could be made through intelligent system design.
This design is not completely straightforward, though, becauseit must involve a tradeoff between communication performance
Fig. 6. Code intercepting detector performance curves for coherent detectionand optical matched filter with envelope detection.
and confidentiality for the authorized users. This can be seen asfollows.
In CDMA networks (optical or electronic), the total number
of simultaneous users that can be supported with acceptable
BER performance is typically limited by interference among
the user signals, rather than by receiver noise. Assuming that
all users transmit at the same data rate, the total system data
carrying capacity is proportional to the maximum number of
simultaneous users the system can support. A theoretical max-
imum number of simultaneous users can be calculated by as-
suming that receiver noise is negligible compared to the MUI in
BER performance calculations. (This maximum number of si-
multaneous users is primarily a function of the type of encoding,
which determines the degree of orthogonality among differentcodes; see, for example, [11], [16], and [19].) By specifying a
maximum acceptable BER and a particular type of encoding,
one can calculate a specific maximum number of simultaneous
users, and hence, the total capacity of the network.
To improve security in the network, the system design should
minimize the amount of energy that an eavesdropper can re-
ceive by tapping fiber signals. This requires that each transmitter
minimize the power it sends into the network. This minimiza-
tion cannot be done without affecting the BER performance
of the system, however. An authorized receivers BER perfor-
mance will be a function of the received SNR. The authorized
receivers SNR is given by
(5)
where represents the total noise spectral density contribu-
tionof the MUI and representsthe spectraldensityof the re-
ceiver noise2. is proportional to both the number of active
transmitters and to the transmitted power of each user (we as-
sume all users transmit equal powers, when transmitting), while
isfixed for a given receiver implementation.
2Strictly speaking, the spectral densities
and
exist only for wide-sense stationary noise processes,and are, in general, functions of frequency. The
heuristic explanation given here assumes the noise processes may be approxi-mated by white Gaussian noise, in which case and may be treated asconstant scalar values. See [25] for more details.
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
8/16
662 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
Consider the situation with the theoretical maximum number
of simultaneous users all transmitting. If is negligible com-
pared to , the resulting SNR atan authorizedusers receiver
will be sufficient to maintain the specified BER. If each trans-
mitter reduces its power level sufficiently to increase confiden-
tiality, though, will also be reduced and will become
significant compared to . While the ratio will re-main constant no matter what power level each user transmits,
the ratio is what determines BER, and this will be re-
duced, increasing the BER. If the transmitted power is reduced
arbitrarily, the only way to keep the BER from exceeding a spec-
ified value is to reduce the term as well (again assuming
is fixed by the implementation). The only way to do this
is to reduce the number of active users. Thus the total number
of simultaneous users that can be supported at a specified BER
must be reduced to allow each transmitter to reduce its power
level.
Using certain modeling approximations, Appendix A quanti-
fies the aforementioned argument, and derives the relationship
between required user SNR and the eavesdroppers availableSNR per code chip as
(6)
In this equation, is the eavesdroppers fiber tapping efficiency,
is the number of taps in the broadcast star coupler that dis-
tributes user signals, is the ratio of the eavesdroppers re-
ceiver noise density to the authorized users receiver noise den-
sity, is the authorized user receivers multichip energy com-
bining efficiency, is the maximum theoretical number of si-
multaneous users at a specified maximum BER,is the required user SNR (per data bit) to maintain the speci-
fied BER, is the actual number of simultaneous users sup-
ported, and is the eavesdroppers effective SNR per
code chip.
Equation (6) represents a fundamental, if approximate, rela-
tionship between the total system data capacity and the SNR
that an eavesdropper may obtain using a code detector of the
type shown in Fig. 5 for time-spreading/wavelength-hopping
O-CDMA. Analysis of this equation provides a great deal of in-
sight into the limitations on attainable confidentiality of this type
of O-CDMA encoding, and on the tradeoff between system data
capacity and confidentiality. Since (1)(3) establish that the de-gree of confidentiality is a strong function of the eavesdroppers
SNR as represented by , any of the factors in (6) that
change this SNR will affect confidentiality.
The factors in the first set of brackets in (6) can all cause
a direct increase or decrease in this SNR and a corresponding
decrease or increase in confidentiality. Confidentiality is de-
creased by an increase in the eavesdroppers tapping efficiency;
by an increase in the number of taps in the star coupler (which
reduces the fraction of transmitted power that reaches each au-
thorized user and requires each user to transmit more power);
or by a decrease in the eavesdroppers receiver noise level rela-
tive to the authorized users receiver noise level. Confidentiality
is increased by an increase in the combining efficiency of theuser receivers (allowing an overall decrease in transmitted user
Fig. 7. Approximate tradeoff between system data capacity andconfidentiality.
power to maintain an acceptable BER); or by an increase inthe weight of the code words (which divides the energy per bit
into more, hence lower energy, code pulses). Equation (1) also
implies a further increase in confidentiality if the length of the
code, , is increased.
The second bracketed term in (6) relates to the trade between
confidentiality and system capacity. As the number of active
users approaches the maximum theoretical number of
simultaneous users of the system , this term increases
without bound, implying very high SNRs for the eavesdropper.
Conversely, when only a single user is allowed , the
eavesdroppers SNR is minimized, but at the expense of system
capacity, assumingfixed BER performance.3
Finally, the third bracketed term in (6) shows that confiden-
tiality can be increased by decreasing the SNR required by the
authorized users for acceptable BER performance. Confiden-
tiality can be increased by allowing a higher BER. For afixed
BER specification, however, can still be de-
creased by using error correcting coding on user transmissions
and by using the most power-efficient modulation technique
possible. (Both power-efficient modulation and error correction
coding are typically used in cellular telephone CDMA systems
[26], [27].)
Fig. 7 shows an example of confidentiality performance
versus system capacity for a straw man set of system design
parameters. It plots the eavesdroppers approximate probability
of error-free code detection (integrating signal energy over one
data bit period) versus the fraction of theoretical system ca-
pacity, , that can be attained for a specified maximum
BER.
The straw man design specifies 100 potential users connected
to a broadcast star network with taps. The users each
employ time-spreading/wavelength-hopping codes with
timeslots, wavelengths, and code pulses
per data bit. These parameters would be produced by a 31, 31
Prime Hop Code as specified in [28], although they may apply
3
If the number of active users exceeds the number calculated by (6), the BERmust go above the specified maximum for all activeusers, or else each user musttransmit more power, raising the eavesdroppers SNR.
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
9/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 663
to other types of codes as well. Users are assumed to use inco-
herent detection, modeled here by assuming that each code pulse
is optically matchedfiltered and envelope detected (much as in
Fig. 5), and combined after the envelope detection. The resultant
incoherent combining of 31 code pulses produces a combining
efficiency of approximately (see [23, p. 178]). The
maximum acceptable system BER is assumed to be . Errorcorrection codes used in commercial high-rate optical telecom-
munication equipment can produce this BER with a raw detector
BER of approximately . An optical matchedfilter receiver
followed by envelope detection theoretically requires a (peak)
SNR of dB [22] to produce the required
raw detector BER of . The eavesdropper for this example
is assumed to tap one percent of the energy from a
fiber carrying a single user signal, and to have a receiver that is
equal in sensitivity to the authorized usersreceivers .
The solid curve, labeledbaseline example, shows the per-
formance of the straw man system. For this particular example,
if the authorized users transmit sufficient power so that 95% or
more of the theoretical system capacity is attained, the eaves-
dropper has a high enough SNR to detect the code without errors
with a probability of virtually one. To reduce the eavesdroppers
probability of effectiveness below , for example, each user
must reduce its transmit power to the extent that only about 75%
of the theoretical system capacity can be attained.
Variations in system design parameters can strongly affect
this performance trade, as shown by the other three curves in
Fig. 7. A change in any combination of the factors in the first
bracket of (6) can result in a higher or lower SNR for the eaves-
dropper. If for example, the eavesdroppers receiver is 3 dB more
sensitive than the authorized users receivers (i.e., )
then the dotted performance curve (baseline 3 dB) in Fig. 7 isobtained. If, in addition, the eavesdropper taps the fiber with 2%
efficiency rather than 1%, then the dash-dotted curve (baseline
6 dB) is obtained, and so on.
Depending on the type of encoding that is used, an eaves-
dropper may be able to improve on the performance specified
by (1)(3) and (6), and illustrated by Figs. 6 and 7. Most en-
coding schemes for O-CDMA use code words that are rela-
tively far apart in Hamming distance; this allows relatively good
orthogonality properties among multiple users transmitting si-
multaneously. However, if the eavesdropper knows the struc-
ture of the code (e.g., that Prime Hop Codes are being used),
then an intercepted code wordwhich may contain detectionerrorscan be compared with the set of allowable code words.
The allowable code word nearest in Hamming distance to the
intercepted code word would then be chosen. In this case, the
coding structuredesigned primarily for good orthogonality
propertieswill function much like an error-correcting code for
the eavesdropper, possibly allowing the eavesdropper to take an
intercepted code word with errors and correct the errors. Calcu-
lating the degree of improvement in the eavesdroppers ability to
intercept code words through this technique is beyond the scope
of this paper; still, the better the orthogonality properties of the
encoding scheme, the larger the minimum Hamming distance
between the codes is likely to be, producing a greater poten-
tial improvement in interception performance by making use ofthe code structure in the interception process. This performance
improvement is, of course, only obtainable when the eaves-
dropper knows the set of allowable code words, as in well known
codes with well-established structures. If a completely random
coding scheme were employed, where any possible combination
of code chips could represent a users code word, then an eaves-
dropper could not improve its interception performance in this
way. In time-spreading/wavelength-hopping coding schemes,however, such random coding would lead to variable weight
codes, which is problematic for maintaining good cross-correla-
tion properties among multiple user codes. (Random codes are
more feasible with encoding schemes such as spectral phase en-
coding [16].)
B. Multiple Bit Combining
A further, and more dramatic, improvement in the eaves-
droppers code interception performance can be obtained by
processing and combining code transmissions from multiple
data bits. The eavesdropper can use exactly the same detector
structure as shown in Fig. 5 (with multiple channels if ),
but can accumulate samples in each of bins (Fig. 3) over
multiple data bits. (There will be total bins if .)
The eavesdropper must maintain bit synchronization so that
the same bins can be sampled repeatably on multiple data bits,
but this has already been assumed for the worst-case scenario
analysis.
The case of greatest interest for multiple bit combining
is where the transmitter uses 2-code keying, as described in
Section IV.B. Accumulating multiple bits from a 2-code keyed
O-CDMA data stream using time-spreading/wavelength-hop-
ping encoding produces the superposition of the two code
words C1 and C2 in the eavesdroppers detector. Since the
codes are designed to be as mutually orthogonal as possible, itis almost certainly possible for most codes to separate the two
individual code words from their superposition. For example,
it is quite simple to examine the superposition of two Prime
Codes and determine the individual code words, especially if
the two code words are synchronized in time (see examples on
[12, p. 46]). Note that the eavesdroppers detected superposition
of C1 and C2 will always be synchronized if they are from a
single transmitter using 2-code keying and the eavesdropper
has attained bit synchronization.
(If 2-code keying is generalized so that each user transmits
one of code words for each data bits, as mentioned
in Section IV.B, the eavesdroppers task can be made a bit morecomplicated. Choosing forces the eavesdropper to sepa-
rate several code words from a single multiple bit receiver detec-
tion rather than just two. Nevertheless, assuming that the eaves-
dropper knows the general structure of the codes in use, separa-
tion of multiple codes is almost certainly still possible in theory.
A number of variables affect a trade-off analysis of the security
of such a scheme, such as the increased energy per code word
that must be transmitted to maintain an acceptable BER with
multiple bit encoding, the increased number of code words that
must be assigned to each user, etc. A full analysis is beyond the
scope of this paper; here, we calculate the performance for the
example case of .)
The eavesdroppers detection performance against a 2-codekeying transmitter is derived in Appendix B, which shows that
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
10/16
664 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
Fig. 8. Eavesdroppers detection performance for two different codes.Example parameters are the same as those used for Fig. 7.
the overall probability of error-free code word detection by aneavesdropper combining the energy from data bits can be
approximated, for reasonably large , by
(7)
where is the normalized cross-correlation between different
code words (i.e., the number of bins where pulses from two code
words overlap), and and are given by
(8)
and(9)
and where is the Generalized Marcum -function,
defined as [25, p. 44]
(10)
and where denotes an th-order modified Bessel
function of thefirst kind.These results are illustrated in Figs. 8 and 9. Fig. 8 shows
the eavesdroppers detection performance against two different
codes as a function of its SNR. (Values of that produce
negligibly small values of are included in this graph to
illustrate the large degree of improvement that can be obtained
by combining relatively few bits, as discussed in the next para-
graph.) Both curves use all the same parameters as straw man
design example illustrated by thebaseline performancecurve
in Fig. 7. The solid line in Fig. 8 uses the same code used in the
straw man example, i.e., , and .
The dashed line assumes a more complex (and more difficult to
implement) code using , and .
When the more complex code is used, the user must combine101 separate detectionsincoherently, we assumeand thus
Fig. 9. Performance of multiple bit combining eavesdropper against two typesof codes.
the user combining efficiency factor decreases to about 15%.
The more complex code improves confidentiality performance
by requiring the eavesdropper to attain a higher SNR to attain a
given level of code detection performance.
Unfortunately, this improvement in confidentiality can be
overcome by the eavesdropper (at least in theory) by multiple
bit combining, as shown in Fig. 9. Fig. 9 assumes that the
eavesdropper is able to obtain an SNR of dB,
which renders its probability of correctly detecting the code
word using a single data bit negligibly low for either code
shown in Fig. 8. By combining the energy from less than 100
bits, however, the eavesdropper can attain a probability of
error-free code word detection of essentially unity, even for the
more complex code.
The results in Fig. 9 are approximate (see Appendix B), al-
though these results can, in theory, be attained when the number
ofonestransmitted by the user during the eavesdroppers col-
lection interval is exactly equal to the number ofzerostrans-
mitted in the same interval. The larger the number of bits com-
bined, the more likely this is to be true, and the closer the ap-
proximation. Thus Fig. 9 should give a reasonable, if somewhat
optimistic, estimate of the code interception performance that
could be attained by an eavesdropper with an ideal detector im-
plementation.
Table II summarizes the results from this section. It lists thevalues of per code chip required at the eavesdropper to
attain for codes of different complexities and for
different levels of bit combining.
C. Code Detection With Multiple User Signals
The preceding analysis has assumed the best case for the
eavesdropper (and worst case for the targeted user). The eaves-
dropper simply pulls off a small fraction of the user signal. The
following analysis is for a slightly different problem where the
eavesdropper receives all of the OCDMA signals simultane-
ously. One might think that the obscuration of the targeted signal
in this scenario would significantly increase the level of confi-dentiality. However, the resulting degree of confidentiality is not
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
11/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 665
TABLE IIREQUIRED
PERCODE CHIP FOR
Fig. 10. Eavesdropping with multiple user signals.
as high as it mayfirst appear, as can be seen from the following
analysis.
Consider an eavesdropper that only has access to fibers con-
taining the superposed signals from all active users. This would
be the case if the eavesdropper commandeered an authorized
user terminal, as shown in Fig. 10.
A key observation is that ifat any timethere is only one user
transmitting, then the eavesdropper can use exactly the same
code detection techniques described in previous sections. Thus
user transmissions are only confidential if there are always other
signals being transmitted simultaneously.
The situation is even less secure if transmissions use on-off
keying. For on-off keying, at any given time, it is possible that
one user will transmit a one (using its code word) and all
other users will transmitzeros(no energy). During this time,
an eavesdropper can effectively isolate the signal of the one
user transmitting and use the same techniques described above.
Furthermore, the eavesdropper could easily monitor the overall
power level received on each bit to estimate when a single useris transmitting energy, since the level of energy in the channel
is directly proportional to the number of users. (In a broadcast
star topology, power is likely to be controlled to achieve roughly
equal powers among users at the input to the coupler. If this is
not the case, an eavesdropper could still monitor overall power
and attempt detections when relatively low total power is de-
tected. Some of these detections may contain multiple signals,
but these could be tested and discarded, and the remaining de-
tections would still contain valid code words for a single user.)
This situation is simple to quantify. Consider a number of si-
multaneous transmissions, , each of which is O-CDMA en-
coded and modulated using OOK. Each operates at data rate
bits/s. The simpler calculation is when all users transmit syn-
chronously (i.e., the beginning and ending time for transmis-
sion of each bit is the same for all users). In this case, assumingequally likelyonesandzeros, the probability that a specific
user transmits aone during a given bit period is , and the
probability that all other users transmit zeros during the
same bit period is . Assuming that the value of each data
bit is independent of other data bits and independent of other
usersbits, the probability that a specific user transmits aone
while all others transmitzeroson any particular bit is simply
the product of these two probabilities, or . Thus, for each
user, the expected amount of time that the eavesdropper must
wait between isolated transmissions of that users code word is
.
A similar calculation can be done for nonsynchronized user
transmissions. In this case, when one user transmits a one,all
other users may transmit fractions of two consecutive bits
during the transmission time of theonebit due to the lack of
synchronization among users. For the eavesdropper to isolate a
singleuser, the other users musteach transmittwoconsec-
utivezerosduring the period of overlap with the single users
one bit. At any given point in time, the probability that a single
user will be transmitting aoneis , and the probability that
all other users transmit zeros for the two overlapping bits is
. The probability of these two events occurring simul-
taneously is the product of these two probabilities, or ,
and the expected time that an eavesdropper would have to wait
between isolations for a particular user is . The ex-pected time for an eavesdropper to hear each users code word
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
12/16
666 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
Fig. 11. Code word isolation rates for OOK transmitters at 100 Mbps.
transmitted alone once vs. the number of simultaneous transmit-
ters is shown in Fig. 11 for an example data rate of
Mbits/s.
Since the users are not synchronized among themselves,
an eavesdropper probably cannot attain either bit or code pulse
synchronization for a particular user, which was assumed in
the analysis in previous sections. However, neither bit nor code
pulse synchronization is strictly required for detecting a users
code (although assuming synchronization greatly simplifies
the quantitative calculation of code detection performance).
Bit sync is not required because, under the aforementioned
assumptions, one data bit duration is guaranteed to contain
the entire code, albeit starting from an unknown point in the
code. This makes the eavesdroppers task more difficult, butnot impossible, since the eavesdropper may detect code pulses
over one bit duration and then sequentially search through
all possible time shifts over a single bit time to find the right
code word. The number of possible time shifts is not likely
to be a significant obstacle to a brute force search. Similarly,
code pulse synchronization is not strictly required, since the
eavesdropper could employ techniques similar to those radar
pulse detection (where the time of return of the radar pulse is
unknown). These techniques generally entail faster sampling of
the signal by a factor of 2 or 3 over the approach quantified in
previous sections, again making the eavesdroppers job more
difficult, but not, theoretically at least, impossible.
D. Code Reconfiguration
As mentioned in Section III-B, a transmitter could attempt to
increase confidentiality by changing its code words frequently.
The preceding analysis shows that the reconfiguration rate re-
quired to insure that a code-detecting eavesdropper could not
detect long strings of data depends on the SNR at the eaves-
dropper. If the eavesdropper could attain a relatively high SNR,
then he could, in theory, detect the new codes by processing a
single data bit, and could use the detected code to demodulate
every subsequent bit until the code were changed again. In thiscase, strong confidentiality could only be attained by changing
the code on every single bit in a random way, such that the eaves-
dropper would not know, on a given data bit, whether the de-
tected code word represented aoneor azero.
Lower SNRs would require the eavesdropper to process mul-
tiple data bits to correctly detect the code. If the transmitter
changed the code words more frequently than they could be cor-
rectly detected, then confidentiality could be significantly in-creased. However, code reconfiguration rates would probably
need to approach the data rate to achieve a strong assurance of
confidentiality, since the eavesdroppers advantage from com-
bining multiple data bits increases quite rapidly, as shown in
Fig. 9. In addition, the transmitters codes would need to be
changed in a way that could not be predicted or guessed by
an eavesdropper. In other words, the code reconfiguration gen-
erator would need to have characteristics much like those of a
cryptographic keystream generator.
VI. DISCUSSION
A. Practical Implementation Considerations
The practical degree of confidentiality provided by
time-spreading/wavelength-hopping encoding will depend
on both the users ability to implement complex codes and the
eavesdroppers ability to implement the described interceptor
structure or similar ones. Since each data bit must be subdi-
vided into time slots, the complexity of such codes is clearly
limited for high data rate systems. Assuming a desired user
data rate of 1 Gbit/s, the codes assumed in Figs. 69 require
individual code pulse durations of roughly 1 ps
and 100 fs . These must be correspondingly
shorter for higher data rates. Implementing codes this complex
is taxing given the current state of the art. Similarly, a code withwavelengths may be implementable, but may prove
cumbersome at the least from a practical point of view.
The implementability of the required detector structures for
the eavesdropper is also a significant issue. Reasonable approx-
imations to the required optical matched filters are currently
available, and should not pose great difficulty for modest num-
bers of different encoding wavelengths. But time-sampling the
envelope-detected outputs of these filters quickly and accurately
enough is quite difficult. For example, if sampling were done in
real time for a user signal at 1 Gbit/s and , each wave-
length channel would have to be sampled at a rate of nearly 1
THz. Real-time sampling technology is currently available atrates of 20 GHz (for 8-bit samples) in commercial, off-the-shelf
oscilloscopes. This is well short of the required THz rate for the
previous example.
A number of possibilities exist for increasing the effective
sampling rate, however. The technique of equivalent time
sampling is currently used in high-bandwidth sampling os-
cilloscopes, and allows very high effective sampling rates.
Optical means for equivalent time sampling have also been
demonstrated [30]. These techniques require good time syn-
chronization and moderately large numbers of input sampling
passes (each sample would be taken from a different data bit,
in the code interception context). This would significantly
increase the time required to process and detect a given codeword.
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
13/16
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
14/16
668 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
assuming that a single data bit is processed. Each sample is com-
pared with a threshold to decide whether or not a code pulse is
present in the corresponding bin.
Assuming the energy transmitted per code pulse is , the
total energy transmitted per data bit is . The au-
thorized users receiver is assumed to produce additive white
Gaussian thermal noise of double-sided spectral density .The eavesdropper has an equivalent receiver noise of spectral
density , which is also assumed to be white and Gaussian.
Let represent the ratio of the eavesdroppers
receiver noise density to the authorized users receiver noise
density.
The total effective energy per data bit received at the autho-
rized users receiver from the desired user signal is given by
(A1)
where represents the users efficiency for combining the en-
ergy from multiple code pulses. for coherent detectionand combining, and is between zero and one for incoherently
detected and combined signals.
As described previously, the eavesdropper must make deci-
sions in each time/wavelength bin as to whether or not a code
pulse was transmitted. Given that a code pulse is transmitted in
a particular bin, the amount of energy received by the eaves-
dropper in that bin is given by
(A2)
where the second equality makes use of (A1).
The eavesdroppers effective SNR for an individual
time/wavelength bin detection decision is . Com-
bining all factors defined so far gives
(A3)
If a particular maximum BER level is specified for the au-
thorized users in the network, the eavesdroppers received SNR
(per code pulse) can be related to the required SNR (per bit) of
the authorized users as follows. Since the BER of an authorized
user is some monotonically decreasing function of the
given in (5), setting a maximum BER specification is equivalentto setting a minimum value of . We denote this value by
.
The eavesdroppers SNR can be related to as
a function of the relative levels of the MUI noise term and the
receiver noise term (5). Defining the parameter as the ratio of
the receiver noise to the total noise gives
(A4)
We can then write either
(A5)
or, alternatively
(A6)
Substituting the result of (A6) into (A3) and rearranging terms,
we get
(A7)
which directly relates the eavesdroppers SNR to the minimum
SNR that the authorized users must have to meet some BER
specification.
The parameter may vary between zero and one. (Arbi-
trarily setting to a value outside this range requires that one
of the spectral densities in (A4) be negative, which is not al-
lowed by the definition of power spectral density.) For a fixed
value of , and assuming that is fixed by the
receiver implementation, (A6) implies that must increase as
the total transmitted energy per data bit decreases. Minimizing
each users transmitted power thus implies maximizing . Set-
ting thus gives the minimum possible value of the eaves-
droppers SNR for a given maximum BER specification. Since
the eavesdroppers probability of correctly detecting a users
code word is a function of this SNR, this implies that for a given
there isa limit to the degreeof confidentiality that
can be obtained [for a given set of the system design and coding
parameters in thefirst term of (A7)].
Atthe other end ofthe range,setting produces the case
where receiver noise is completely negligible compared with the
MUI noise term (A4). This situation can be approached if each
user transmits at high power levels. Note that the eavesdroppersSNR becomes arbitrarily large as approaches zero.
The form of the trade between system capacity and confiden-
tiality can be made plain by introducing one further approxima-
tion. Assuming that the MUI noise from each interfering user
adds incoherently in an authorized users receiver and is roughly
proportional to the number of active transmitters, we obtain
(A8)
where is the number of active users and is the equiva-
lent noise spectral density contributed by each user. Substituting
(A8) into (A5) gives
(A9)
Let be the theoretical maximum number (assuming
, i.e., that ) of simultaneous users that
can be active and still maintain a BER that meets the system
performance specification. The maximum data carrying ca-
pacity of the network is multiplied by the data rate of an
individual user. Setting in (A9) and replacing with
gives the relationship between and for
ideal, noiseless receivers as
(A10)
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
15/16
SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 669
Combining (A9) and (A10), solving for , and substituting the
result in (A7) yields
(A11)
This equation relates all the various system design factors (the
first bracketed term), the number of active users relative to the
maximum theoretical number (the second term), and the SNRs
of both the eavesdropper and the authorized users. Its interpre-
tation is discussed in the main body of the paper.
APPENDIX B
This Appendix derives the statistics of the decision variables
for a code detecting eavesdropper combining the energy from
multiple transmitted data bits. Assume that the eavesdropper in-
coherently5 combines the energy from data bits for each code
word detection. As described in Appendix A, time samples from
an envelope-detected optical matched filter output are taken ineach of the time bins illustrated in Fig. 3. For each transmitted
data bit, the eavesdropper collects total samples. Let the
sample from the th bin of the th data bit be denoted by .
For each of the bins, the eavesdropper forms the statistic
(B1)
For each transmission of data bits, of the bits will rep-
resent ones (codeword C1) and of them will rep-
resentzeros (codeword C2), where is a binomially dis-
tributed random variable whose expected value is . The
probability distribution of each sample, , will thus depend on
the valueof . For relativelylargevalues of , wecan approx-
imate by its expected value and determine the probability
distributions of . First, assume that the codewords C1 and
C2 overlapi.e., both have energy pulses in the same binin
locations. ( must be small for acceptable orthogonality
among different users.) There will then be
bins in which no code pulses are transmitted, and whose sta-
tistics reflect noise only. For these bins, has a Chi-square
distribution with degrees of freedom. There will also be
bins where C1 and C2 overlap. These bins will have signal en-
ergy on each transmitted data bit, and will have a noncen-
tral Chi-square distribution with degrees of freedom andnoncentrality parameter of . There will be bins
that have signal energy only on bits where C1 is transmitted.
For these bins, will have a noncentral Chi-square distribu-
tion with degrees of freedom and noncentrality parameter of
. Finally, therewillbe binsthat have signal energy
only when C2 is transmitted, and these have a noncentral
Chi-square distribution with degrees of freedom and non-
centrality parameter . (See [25] and [22] for more
detailed discussion on these probability distributions and how
5
The structure of Fig. 5 implies that the combining will be incoherent. If a co-herent matchedfilter detector were implemented, more efficient coherent com-bining of the energy from multiple bits could be accomplished.
they apply to the envelope detected output of optical matched
filters.) Using the previous approximation that for
large , the distributions of the bins with signal energy
from C1 only and the bins with signal energy from C2
only are the same.
Each variable is compared to a decision threshold, , to
determine whether or not a code pulse is present in bin . Thethreshold is assumed to be optimized to minimize the overall
probability of error, making use of the approximation that
. The probability of error given that no pulse was actually
transmitted in bin is
noise (B2)
The probability of error given that signal energy from either
C1 or C2, but not both, have accumulated in bin is
C1orC2 (B3)
where and is the Generalized Marcum -function,
defined as [25, p. 44]
(B4)
where denotes an th order modified Bessel
function of thefirst kind.
The probability of error given that signal energy from both
C1 and C2 have accumulated in bin is
C1andC2 (B5)
Following the notation of (1)(3), we have
noise (B6)
The probability of error in (B5) will generally be much lower
than the probability of error from (B3), in which case, we have
C1orC2 (B7)
The eavesdroppers overall probability of detecting an error-
free code word is then given by
(B8)
since there are total bins where some signal energy
has accumulated and total bins where only
noise has been accumulated.
Note that if is significantly different from , the
signal noisebins where energy has been accumulated from
one code word will have a significantly higher thanthesignal noise bins where energy has accumulated from
8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf
16/16
670 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005
the other code word, since moreone bits were accumulated
thanzerobits (orvice versa). In this case, the probability of
error-free code word detection would be somewhat lower than
that given by (B8).
ACKNOWLEDGMENT
The author would like to acknowledge the many usefuldiscussions concerning this work with other staff members
at Lincoln Laboratorys Communications and Information
Technology Division, most especially Dr. P. A. Schulz, who
has had a substantial influence on the work reported here.
REFERENCES
[1] N. Karafolasand D. Uttamcandani, Optical fiber code division multipleaccess networks: A review, Optical Fiber Technol., vol. 2, pp. 149168,1996.
[2] K. Iverson and D. Hampicke,Comparison and classification of all-op-tical CDMA systems for future telecommunication networks,in Proc.SPIE, vol. 2614, 1995, pp. 110121.
[3] L. Tancevski, I. Andonovic, and J. Budin, Secure optical network ar-
chitectures utilizing wavelength hopping/time spreading codes, IEEEPhoton. Technol. Lett., vol. 7, no. 5, pp. 573575, May 1995.
[4] P. Torres, L. C. G. Valente, and M. C. R. Carvalho,Security system foroptical communication signals with fiber bragg gratings,IEEE Trans.
Microwave Theory Tech., vol. 50, no. 1, pp. 1316, Jan. 2002.[5] D. D. Sampson, G. J. Pendock, and R. A. Griffin, Photonic code-di-
vision multiple-access communications, Fiber Int. Opt., vol. 16, pp.129157, 1997.
[6] W. Ford, Computer Communications Security. Upper Saddle River,NJ: Prentice-Hall, 1994, ch. 2.
[7] M. K. Simon, J. K. Omura, R. A. Scholtz, and B. K. Levitt, SpreadSpectrum Communications. Rockville, MD: Computer Science Press,1985.
[8] D. R. Stinson,Cryptography. Boca Raton, FL: CRC, 1995, ch. 2.[9] B. Schneier,Applied Cryptography, 2nd ed. New York: Wiley, 1996,
pp. 89.
[10] N. Ferguson and B. Schneier, Practical Cryptography. Indianapolis,IN: Wiley, 2003.[11] J. A. Salehi,Code division multiple-access techniques in optical fiber
networksPart I: Fundamental principles,IEEE Trans. Commun., vol.37, no. 8, pp. 824833, Aug. 1989.
[12] G.-C. Yang and W. C. Kwong,Prime Codes. Belmont, MA: ArtechHouse, 2003.
[13] S. V. Marhic, Z. I. Kostic, and E. L. Titlebaum,A new family of op-tical code sequences for use in spread spectrum fiber-optic local areanetworks,IEEE Trans. Commun., vol. 41, no. 8, pp. 12171221, Aug.1993.
[14] H. Fathallah, L. A. Rusch, and S. LaRochelle,Passive optical fast fre-quency-hop CDMA communications system, J. Lightwave Technol.,vol. 17, no. 3, pp. 397405, Mar. 1999.
[15] M. Kavehrad and D. Zaccarin,Optical code-division-multiplexed sys-tems based on spectral encoding of noncoherent sources,J. LightwaveTech., vol. 13, no. 3, pp. 534545, Mar. 1995.
[16] J. A. Salehi, A. M. Weiner, and J. P. Heritage, Coherent ultrashortpulse code-division multiple access communication systems,J. Lightw.Technol., pp. 478491, Mar. 1990.
[17] T. Ojanpera and R. Prasad, Eds.,Wideband CDMA for Third GenerationMobile Communications . Belmont, MA: Artech House, 1998, p. 110.
[18] C. W. Helstrom,Statistical Theory of Signal Detection, 2nd ed. NewYork: Pergamon, 1968.
[19] W. C. Kwong, P. A. Perrier, and P. R. Prucnal, Performance comparison
of asynchronous and synchronous code-division multiple-access tech-niques forfiber-optic local area networks,IEEE Trans. Commun., vol.39, no. 11, pp. 16251634, Nov. 1991.
[20] M. I. Skolnick, Introduction to Radar Systems, 3rd ed. Boston, MA:McGraw-Hill, 2001.
[21] P. A. Humblet, Design of optical matched filters, in Proc. IEEEGLOBECOM91, vol. 2, Dec. 25, 1991, pp. 12461250.
[22] P. A. Humblet and M. Azizoglu,On the bit error rate of lightwave sys-tems with optical amplifiers, J. Lightw. Technol., vol. 9, no. 11, pp.15761582, Nov. 1991.
[23] B. R. Mahafza, Radar Systems Analysis and Design UsingMATLAB. Boca Raton, FL: Chapman Hall/CRC, 2000.
[24] S. B. Alexander, Optical Communication Receiver De-sign. Bellingham, WA: SPIE Opt. Eng. Press, 1997.
[25] J. G. Proakis,Digital Communications, 3rd ed. Boston, MA: McGraw-Hill, 1995.
[26] A. J. Viterbi, CDMA: Principles of Spread Spectrum Communica-
tion. Reading, MA: Addison-Wesley, 1995.[27] T. Ojanpera and R. Prasad, Eds.,Wideband CDMA for Third Generation
Mobile Communications . Belmont, MA: Artech House, 1998.[28] L. Tancevski and I. Andonovic,Wavelength hopping/time spreading
code division multiple access systems,Elect. Lett., vol. 30, no. 17, pp.13881390, Aug. 1994.
[29] T. H. Shake,Confidentiality performance of spectral phase encodedoptical CDMA,J. Lightw. Technol., 2005, to be published.
[30] Y. Han and B. Jalali, Photonic time-stretched analog-to-digital con-verter: Fundamental concepts and practical considerations, J. Lightw.Technol., vol. 21, no. 12, pp. 30853103, Dec. 2003.
Thomas H. Shake (M94) wasborn in Syracuse,NY,in 1957. He received the B.S. degree from SyracuseUniversity in 1980 and the M.S. degree from the Uni-
versity of California, Berkeley, in 1981, both in elec-trical engineering.
He has been a Member of the Technical Staffat Massachusetts Institute of Technology, LincolnLaboratory, Lexington, MA, since March 1982. Heis currently assigned to the Advanced Networks andApplications Group. His work at Lincoln Laboratoryhas included research and development in various
aspects of communication systems and data networks, including militarysatellite system analysis and design, interactions between space-based andterrestrial communication networks, and network security in heterogeneous
environments. His current research interests include optical network architec-ture, network and communications security, high-precision network timing,and optical communication waveform design.