AU2008255572B2 - Optical communications security device and system - Google Patents

Optical communications security device and system Download PDF

Info

Publication number
AU2008255572B2
AU2008255572B2 AU2008255572A AU2008255572A AU2008255572B2 AU 2008255572 B2 AU2008255572 B2 AU 2008255572B2 AU 2008255572 A AU2008255572 A AU 2008255572A AU 2008255572 A AU2008255572 A AU 2008255572A AU 2008255572 B2 AU2008255572 B2 AU 2008255572B2
Authority
AU
Australia
Prior art keywords
optical
module
signal
wavelength
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2008255572A
Other versions
AU2008255572A1 (en
Inventor
Saul Steve Carroll
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2007902970A external-priority patent/AU2007902970A0/en
Application filed by Individual filed Critical Individual
Priority to AU2008255572A priority Critical patent/AU2008255572B2/en
Publication of AU2008255572A1 publication Critical patent/AU2008255572A1/en
Application granted granted Critical
Publication of AU2008255572B2 publication Critical patent/AU2008255572B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Optical Communication System (AREA)

Abstract

An apparatus for detection of intrusion events on a first optical transmission line, the apparatus comprising: a first optical monitoring module (130) for sampling a first optical input signal (112) propagating on the optical transmission line (101), and including a plurality of first optical wavelength signals (120) to form a first sampled signal (114) for monitoring the first optical input signal (112), the first optical monitoring module (130) including a first wavelength selective module (135) and a first optical detection module (137), the first wavelength selective module (135) adapted to receive the first sampled signal (114) and direct one or more of the first optical wavelength signals (120) in the first sampled signal (114) to the first optical detection module (137), thereby to monitor the one or more of the first wavelength signal (112); and an analysing module (150) operatively coupled to the first optical monitoring module (130) for analysing the first sampled signal (114) for characteristics associated with a possible intrusion event on the first optical transmission line (101). When such an intrusion event is identified, the analysing module (150) generates an alarm signal to a network management system (121). The optical apparatus also includes optical encryption (410) and decryption (440) modules to accommodate encrypted optical signals on the communications link (101); and optical test input ports (571, 573) for connection to optical test devices (580, 590).

Description

WO 2008/144844 PCT/AU2008/000783 1 OPTICAL COMMUNICATIONS SECURITY DEVICE AND SYSTEM FIELD OF THE INVENTION The present invention relates generally to communications using optical fibres and, in particular, to arrangements that afford enhanced security for transmissions. 5 BACKGROUND TO THE INVENTION Network security and encryption have attracted a great deal of attention in recent years due to the rapid expansion and use of telecommunications networks for information exchange and the global use of the internet for communications. The recent development of high speed optical networks for use by companies within Metropolitan Area Networks (MANs) has highlighted a problem with 10 security. There are two main methods currently in use to manage the security of data communications over the MAN: encryption of data via hardware or software; and access control via a firewall or other security device. Both methods are adequate for low speed networks and internet protocol (IP) specific traffic, however, one of the main advantages in using optical networks is the speed of data transmission available and protocol independence, both vital for Mainframe 15 Connectivity, storage area networks (SANs) and quality of service (QoS) on converged voice, video and data networks. The high speed of transmission inherent in optical networks means that current forms of hardware encryption are not able to encrypt the data fast enough to take full advantage of the available transmission speeds - presently ranging between 1.25 Gigabits per second (Gb/s) and 10 Gb/s. 20 Accordingly, traditional methods of encryption over such links are prohibitive as the data transmission rate is considerably reduced. In addition, Access Control methods are dependent upon interpreting user information and comparing it to a list, usually in the form of an IP address. This is of no concern to IP transmission that uses Internet Protocol Security (IPSec) architecture, although there is a large number of alternative communication protocol's that cannot be encrypted 25 for security over optical links. Of particular interest are mainframe and storage area network WO 2008/144844 PCT/AU2008/000783 2 protocols such as Enterprise Systems Connection (ESCON), Fiber Connector (FICON) and fibre channel standard protocols. The implications of the above to government and military agencies, research institutions and large enterprise organisations - the primary users of optical networks - is that any data sent over an 5 optical network may be physically tapped from the fibre relatively easily and recorded without the knowledge of either the sender or the recipient. Recent research into optical cryptography and encryption shows some promising results using quantum cryptography (QC), however, this will require many years of research before commercially available systems and methods for use on non-propriety systems is available. Furthermore, QC and encryption is likely to be applied only for 10 specific uses and to short distance links for encryption key exchange. One method of ameliorating this security risk is the use of intrusion detection devices which monitor network links to detect if any other resources are tapping into the link to eavesdrop on the information being transmitted. For optical networks, typically the total power levels of the light within the optical link are monitored for any evidence of intrusion or tapping on the physical fibre. 15 Current technology typically samples the total optical signal power at either end of an optical communications link periodically, converting that reading to a voltage using a suitable optical detector, and examining any changes in the power level from one reading to another. Once a significant drop in light level is detected, an alarm is triggered on a Network Management System (NMS) and the network support staff must then determine whether this is indeed a security breach, 20 or whether there is a fault (for example a break in the optical fibre) on the communications link. There are however other forms of intrusion that are difficult, if not impossible, to detect using the method above. For example, in a multi-wavelength communications network, intruder signals maliciously inserted for sniffing network information or stowaway signals tapped into a multi customer network most often appear at only particular wavelength channels and therefore do not 25 significantly affect the total optical signal power level. For this reason current intrusion detection systems which measure the total optical power are unable to reliably detect such intruder or stowaway signals.
WO 2008/144844 PCT/AU2008/000783 3 Moreover, current systems are based on technology that does not integrate well with modern optical and computer networks, particularly NMSs. This is an obstacle in their effective use. For example, systems currently available require a direct connection to a locally situated workstation over an RS232 serial link. To report the data collected by the device, the local workstation then 5 must provide communications across the network to the NMS, resulting in a complex system. SUMMARY OF THE INVENTION According to one aspect of the present invention, there is provided an apparatus for detection of intrusion events on a first optical transmission line, the apparatus comprising: a first optical monitoring module for sampling a first optical input signal propagating on the 10 first optical transmission line and including a plurality of first optical wavelength signals to form a first sampled signal for monitoring the first optical input signal, the first optical monitoring module including a first wavelength selective module and a first optical detection module, the first wavelength selective module adapted to receive the first sampled signal and direct one or more of the first optical wavelength signals in the first sampled signal to the first optical detection module, 15 thereby to monitor the one or more of the first optical wavelength signals; and an analysing module operatively coupled to the first optical monitoring module for analysing the first sampled signal for characteristics associated with a possible intrusion event on the first optical transmission line. Preferably the first wavelength selective module includes a wavelength selective element for 20 selecting any one of the first optical wavelength signals, and a directional element for directing the selected first wavelength signal to the first optical detection module. More preferably the wavelength selective element is a tunable wavelength selective element and adapted to sequentially select a plurality of selected first wavelength signals. Even more preferably the first optical detection module is adapted for sequentially monitoring the plurality of the selected first 25 wavelength signals, thereby to monitor the first optical input signal. Preferably the tunable wavelength selective element is a tunable fibre Bragg grating. Preferably the directional element is an optical circulator.
WO 2008/144844 PCT/AU2008/000783 4 Alternatively the first wavelength selective module includes a wavelength dependent separator for spatially separating the first optical wavelength signals in the first sampled signal and directing the spatially separated wavelength signals to the first optical detection module. More preferably the first optical detection module includes a plurality of optical detectors, each detector substantially aligned 5 with one of the spatially separated wavelength signals for receiving the one of the spatially separated wavelength signals, thereby to facilitate simultaneous monitoring of each of the first optical wavelength signals and the first optical input signal. Preferably the wavelength dependent separator is an arrayed waveguide grating or a wavelength division demultiplexer. 10 Preferably the first optical monitoring module is adapted to monitor optical characteristics of the first wavelength signals, thereby monitoring optical characteristics of the first sampled signal and optical characteristics of the first optical input signal. More preferably the optical characteristics being monitored include optical power. Alternatively or additionally the optical characteristics being monitored include optical phase. 15 Preferably the apparatus also comprises a first optical input port for receiving the first optical input signal. Preferably the apparatus further comprises a first optical output port for outputting an optical output signal which is a substantial portion of the first optical input signal. More preferably optical power of the first optical output signal is greater than 90% of optical power of the first optical input signal. 20 Even more preferably the optical power of the first optical output signal is greater than 95% of the optical power of the first optical input signal. Preferably the first optical input signal is a first encrypted optical signal and the apparatus includes an optical decryption module for decrypting the first encrypted optical signal. More preferably the optical decryption module is intermediate the first optical input port and the first optical output port. 25 Even more preferably the optical decryption module is intermediate the first optical input port and the first optical monitoring module.
WO 2008/144844 PCT/AU2008/000783 5 Preferably the first optical monitoring module includes a first optical coupling device for sampling a portion of the first optical input signal. More preferably the first optical coupling device is a 2x2 optical coupler or a 1 x2 optical coupler. Preferably the analysing module analyses the first sampled signal for variations in the optical 5 characteristics of the first sampled signal, such variations being associated with an occurrence of a possible intrusion event. More preferably, upon the occurrence of a possible intrusion event, the analysing module transmits an alarm signal to a communications network management system. Even more preferably the alarm signal is transmitted to the management system using a standard communication protocol. Still more preferably the communication protocol is Internet Protocol. Still 10 even more preferably the communication protocol is Simple Network Management Protocol . Preferably the apparatus further comprises: a second optical monitoring module for sampling a second optical input signal propagating on a second optical transmission line and including a plurality of second optical wavelength signals to form a second sampled signal for monitoring the second optical input signal, the second optical 15 monitoring module including a second wavelength selective module and a second optical detection module, the second wavelength selective module adapted to receive the second sampled signal and direct one or more of the second optical wavelength signals in the second sampled signal to the second optical detection module, thereby to monitor the one or more of the second optical wavelength signals. 20 Preferably the analysing module is operatively coupled to the second optical monitoring module for analysing the second sampled signal for characteristics associated with a possible intrusion event on the second optical transmission line. Preferably the second optical monitoring module has any one or more of attributes of the first optical monitoring module, wherein the attributes are directed to the second optical input signal, the 25 second sampled signal and the plurality of second optical wavelength signals, instead of the first optical input signal, the first sampled signal and the plurality of first optical wavelength signals, respectively.
WO 2008/144844 PCT/AU2008/000783 6 Preferably the second wavelength selective module has any one or more of attributes of the first wavelength selective module, wherein the attributes are directed to the second optical input signal, the second sampled signal and the plurality of second optical wavelength signals, instead of the first optical input signal, the first sampled signal and the plurality of first optical wavelength signals, 5 respectively. Preferably the second optical detection module has one or more of attributes of the first optical detection module, wherein the attributes are directed to the second optical input signal, the second sampled signal and the plurality of second optical wavelength signals, instead of the first optical input signal, the first sampled signal and the plurality of first optical wavelength signals, 10 respectively. Preferably the apparatus also comprises a second optical input port for receiving the second optical input signal. Preferably the apparatus also comprises a second optical output port for outputting a substantial portion of the second optical input signal. 15 Preferably, the apparatus further comprises an optical encryption module for encrypting the substantial portion of the second optical input signal to form a second encrypted optical signal. More preferably, the optical decryption module is intermediate the second optical input port and the second optical output port. Even more preferably, the optical encryption module is intermediate the second optical monitoring module and the second optical output port. 20 Preferably, the apparatus further comprises at least one optical test port for facilitating connection with at least one corresponding optical test device. More preferably, the apparatus includes first and second optical test ports and first and second optical test devices connected respectively to the first and second test ports, the apparatus including optical transmission paths such that the first test device tests optical characteristics of the first optical transmission line external to the first 25 optical input port and the second test device test optical characteristics of a third optical transmission line external to the second optical output port. More preferably still, the first and second optical test devices are each an optical time domain reflectometer.
WO 2008/144844 PCT/AU2008/000783 7 According to a further aspect of the present invention, there is provided a communications system comprising: first optical transceiver equipment for transmitting and receiving an optical signal including a plurality of first optical wavelength signals; 5 a first apparatus adapted to couple the optical signal between the first optical transceiver equipment and an optical communications network. said first apparatus comprising a first optical monitoring module for sampling the optical signal to form a first sampled signal for monitoring the optical signal, the first optical monitoring module including a first wavelength selective module and a first optical detection module, the first wavelength selective 10 module adapted to receive the first sampled signal and direct one or more of the first optical wavelength signals in the first sampled signal to the first optical detection module, thereby to monitor the one or more of the first optical wavelength signals; and a first analysing module operatively coupled to the first optical monitoring module for analysing the first sampled signal for characteristics associated with a possible intrusion event on 15 the optical communications network; a second apparatus for coupling said signals from the network, said second apparatus comprising a second optical monitoring module for sampling the optical signal to form a second sampled signal for monitoring the optical signal, the second optical monitoring module including a 20 second wavelength selective module and a second optical detection module, the second wavelength selective module adapted to receive the second sampled signal and direct one or more of the second optical wavelength signals in the second sampled signal to the second optical detection module, thereby to monitor the one or more of the second optical wavelength signals; and 25 a second analysing module operatively coupled to the second optical monitoring module for analysing the second sampled signal for characteristics associated with a possible intrusion event on the optical communications network; and second optical transceiver equipment for receiving and transmitting optical signals to the second apparatus.
WO 2008/144844 PCT/AU2008/000783 8 Preferably, the first optical transceiver equipment and the first apparatus are associated in a first location separate from a second location at which the second optical transceiver equipment and the second apparatus are located. Disclosed is a photonics-based apparatus for integration into existing modern network 5 infrastructure which provides security for current and future optical network systems. The arrangement provides for active real-time monitoring of optical communications networks, as well as providing security for the data transmitted over the communications link by users. In addition to this the apparatus is able to identify which wavelengths are being used on a multi-wavelength optical communications system - examples include coarse and dense wavelength division 10 multiplexing networks (CWDM and DWDM respectively) - and at what capacity. This is of particular use for telecommunications carriers monitoring individual wavelength channels for customers on a multi-customer multi-wavelength optical network. Specific implementations also include optical encryption and decryption modules for transmission and receipt of encrypted optical signals over the optical communications link, and functionality for optical testing of the 15 communication link. For optical communications networks, the described arrangements provide: " real-time active monitoring and reporting of individual wavelength channel usage over the optical link in CDWM and DWDM systems; " security of data transmitted over the optical communications link; 20 * trouble shooting and fault detection functionality for the optical link; * encryption and decryption functionality for increased security of data transmission; and * historical network usage monitoring and reporting. The specific implementations of the apparatus described herein are envisaged as the next generation of intrusion detection equipment. They have been designed specifically to utilise all 25 optical components for data acquisition and is capable of processing 32 wavelengths each running at 2.5 Gb/s. It will be apparent, however, that the apparatus may be modified to accommodate other optical communication network specifications. For example, networks having a larger wavelength channel count (channel counts of at least 160 channels are available under the ITU T WO 2008/144844 PCT/AU2008/000783 9 G.694.1 frequency grid standard) and faster data transmission rates of 10 Gb/s and greater may utilise modified forms of the apparatus. This satisfies the need for monitoring on both current and future optical communications networks. The efficiency provided by component reduction and optical connectivity in utilising photonic components over electronic components is a major 5 advantage, as is the use of all-optical components to circumvent the problem of the speed of data transmission affecting present encryption methods. The preferred embodiments of the present invention further provide for communication with a NMS utilising common network communications protocols such as Simple Network Management Protocol (SNMP) over a standard TCP/IP link to provide expedient action on potential network 10 problems and/or intrusion. Other network communications protocols can be utilised including Internet Protocols and any other proprietary signalling protocol, such as those based on RS232 standards. The innovative use of modern photonic technology, combined with SNMP for data communication to the NMS, all provided at a low cost, provide a superior solution in its field than existing intrusion 15 detection devices. BRIEF DESCRIPTION OF THE ACCOMPANYING FIGURES Preferred and other embodiments of the present invention will now be described with reference to the accompanying drawings in which: 20 Fig. 1 is a schematic block diagram representation of a communications system with an intrusion detection apparatus installed at each end of a communications link; Fig. 2 is a schematic block diagram of representation of an embodiment of the intrusion detection apparatuses used in the communications system of Fig. 1; Fig. 3 shows a more detailed schematic block diagram representation of an embodiment of the 25 optical monitoring module of the apparatus of Fig. 2; WO 2008/144844 PCT/AU2008/000783 10 Fig. 4 is a schematic block diagram representation of an embodiment of the optical monitoring module of Fig. 3; Fig. 5 is a schematic block diagram representation of another embodiment of the optical monitoring module of Fig. 3; 5 Fig. 6 is a schematic block diagram representation of another embodiment of the intrusion detection apparatus; Fig. 7 is a schematic block diagram representation of yet another embodiment of the intrusion detection apparatus; and Fig. 8 is a schematic block diagram representation of a still another embodiment of the intrusion 10 detection apparatus. Where reference is made in any one or more of the accompanying drawings to features having the same reference numerals, those features have for the purposes of this description the same function(s) or operation(s), unless the contrary intention appears. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION 15 The arrangements to be described provide a modern intrusion detection system utilising state of the art photonic technology and are designed to be seamlessly integrated into the existing network infrastructure of all organisations, ranging from telecommunications carriers to individual companies utilising optical communications networks. The arrangements detect physical security breaches in the fibre, on any wavelength transmitted or 20 received in the optical communications network, via real-time monitoring of each wavelength channel in an optical transmission line, such as an optical fibre or an optical communications link. Data collected by the system is then transmitted to the organisation's Network Management System (NMS) using common network communications protocols such as Simple Network Management Protocol (SNMP) or Internet Protocol (IP).
WO 2008/144844 PCT/AU2008/000783 11 Fig. 1 shows a communications system 1 in which an intrusion detection apparatus 100 is connected into an existing or new optical fibre communications link 101 at both ends of the link, interposed with transmission/receiving (transceiver) equipment 103. The connection typically occurs within the users premises 105, thereby providing a level of physical security. By having an 5 intrusion detection apparatus 100 at each or either end of the communications link 101 monitoring the signals coming into a location and going out from the same location, it is possible to accurately pinpoint the physical location of any fault or security breach events. It can then be determined whether the events are caused by equipment within the user's premises 105, or on the external network link 101. Although not shown in Fig. 1, the communications network 1 may have an 10 apparatus 100 at only one end of the communications link 101. Referring to Fig. 2, an embodiment of the intrusion detection apparatus 100 includes a first optical input port 111 for receiving a first optical input signal 112 propagating on the optical fibre 113 of the communications link 101. A first optical monitoring module 130 samples the input signal 112 by redirecting a first portion 114 of the first optical input signal 112 for monitoring by components 118. 15 The redirected and monitored first portion 114 is analysed in an analysing module 150 for characteristics in the signal associated with a possible intrusion event on the optical communications link 101. This embodiment of the apparatus 100 also includes a first optical output port 115 and a data output port 117. The first optical output port 115 retransmits the remaining portion 116 of the input signal 112 onto the optical fibre 119 of the communications link, whereas 20 data output port 117 is used to communicate with a network management system (NMS) 121 over network link 123. Fig. 2 only illustrates a single input of apparatus 100. Not shown is a second optical input port and a second optical output port for connection to optical fibres 126 and 128 of the communications system of Fig. 1; and a second optical monitoring module and a second analysing module for monitoring and analysis of optical signals on fibre 126 prior to transmission 25 onto the communications link 101. The network link 123 may use a network communications protocol such as Simple Network Management Protocol (SNMP) over a standard TCP/IP link. Other common or future protocols such as internet or wireless communications protocols may alternatively be used.
WO 2008/144844 PCT/AU2008/000783 12 As seen in Fig. 3, which shows a more detailed schematic block diagram representation of an embodiment of the optical monitoring module 130 of the apparatus of Fig. 2, the first optical monitoring module 130 is a photonics module including an optical coupling device 131 for sampling the input signal 112 by redirecting a first monitored input signal portion 114 of the input signal 112 5 propagating on an optical waveguide 133. The optical waveguide 133 may be an optical fibre or a suitable planar waveguide. In other arrangements, optical signals 112, 114 and 116 may travel through free space (e.g. air) within module 130. The optical components 118 of the first optical monitoring module 130 include a wavelength selective module 135 for selecting a desired wavelength from the input signal 112 and an optical detection module 137 for monitoring optical 10 characteristics such as power level and/or phase of the first monitored input signal 114. An electronic control module 139 is further included for powering and control of the wavelength selective module 135 and the detection module 137 as required. One arrangement of the optical monitoring module 130 is illustrated in Fig. 4. The optical coupling device 131 is embodied as a 2x2 coupler for splitting a small portion 114 of the input signal 112 15 from optical waveguide 133 into the wavelength selection module 135. Typically approximately 1%-5% of the optical power on the communications link is redirected by the coupler 131, although this coupler can be replaced with a 1x2 coupler or a coupler of a different splitting ratio. The detection module 135 in this arrangement includes an optical circulator 141 which directs all or most of the light from the coupler 131 to a tunable fibre Bragg grating (TFGB) 143. The TFBG is 20 electronically tunable for selection of a desired wavelength channel in the monitored input signal 114 and is controlled by control module 139 via cable 144. The TFBG reflects the selected wavelength channel or signal 120 back to circulator 141 which in turn directs it to the detection module 137 via optical waveguide 122. The detection module 137 in this arrangement is a single optical detector 138, for example a high bandwidth, high speed photodiode. The detector 138 25 converts the amount of optical power of the selected wavelength channel 120 incident on the detector 138 into a voltage level or such data. The detector 138 is powered and controlled by the control module 139 via cable 142. The control module 139 collects the data from detector 138 also via cable 142 and transmits this data via cable 146 to the analysing module 150 for storage and further analysis. In a preferred implementation, it is not necessary to monitor each wavelength WO 2008/144844 PCT/AU2008/000783 13 channel constantly. This may even be undesirable in some instances due to security concerns. In another preferred implementation, it is sufficient to sample each wavelength channel in the input signal 112 periodically or sequentially. To achieve this, the TFBG 143 can be configured to poll sequentially across the entire array of wavelength channels included in the input signal 112 at 5 desired intervals. In this way, the monitoring module 130 collects data for each wavelength channel on the communications link 101 that is desired to be monitored, including the power of the signal and the specific wavelength, at the TFBG polling cycle rate. The monitoring module 130 is also able to be configured for continuous monitoring of a single wavelength channel 120 if desired. In some embodiments, the data received from control module 139 is transmitted via cable 146 to 10 the analysing module 150, which both stores the data locally as well as transmits the data via SNMP over a TCP/IP link to the NMS 121. The data may be presented in the form of a graph showing power levels per wavelength against time, although other data representation methods are also possible. Data-dependent alarms can be set to alert NMS support staff of events on the communications link 101. The events for which an alarm may be appropriate include a sudden 15 change in power levels for: * all wavelengths (which may indicate a break in the optical fibre of the communications link, or a possible intrusion event on the communications link such as an intruder physically disjoining and rejoining the optical fibre for eavesdropping); or * a specific wavelength (which may indicate a fault in the network transmission equipment of 20 the optical communications link, or a possible intrusion event on the communications link such as an intruder inserting signals at the specific wavelength channel to sniff network information or tap into resources of the network). Key design requirements for the monitoring module 130 include the utilisation of all-optical components in the apparatus prior to the physical detection of the desired signal at the detection 25 module 137, and the redirection of only a small portion 114 from the optical input signal 112. The use of all-optical components allows the device to operate at speeds compatible with optical networks operating at channel speeds of 1.25 to 10 Gb/s and beyond.
WO 2008/144844 PCT/AU2008/000783 14 Fig. 5 shows an alternative arrangement 230 of an optical monitoring module. In this arrangement, the wavelength selective module 235 is a single wavelength selective component that is capable of spatially separating different wavelength channels and directing them to different spatial locations. Examples of possible components able to be employed as module 235 include Arrayed Waveguide 5 Gratings (AWG) or a wavelength division demultiplexer such as a CWDM or DWDM demultiplexer based on thin film designs. Use of other components for decomposing an optical input signal into its constituent wavelength channels and spatially separating those wavelength channels for independent access such as diffraction gratings or prisms is also possible. After the sampled signal 114 is processed by the wavelength selective module 235, the now 10 spatially separated plurality of individual wavelength channels 120 are each directed to detection module 237 consisting in this arrangement a plurality of optical detectors 138 - for example high bandwidth, high speed photodiodes. Detectors 138 are each spatially aligned with one of the now spatially separated wavelength channels or signals 120 to enable continuous and/or simultaneous monitoring of each wavelength channel in real-time. As in the previous arrangement, electronic 15 -control module 239 collects data for each wavelength monitored, including the power and/or phase of the signal and the specific wavelength. This data is transmitted via cables 142 from detectors 138 to the electronic control module 239, then transmitted via cable 146 to the analysing module 150 for storage and further analysis. The analysed data is then transmitted to the NMS 121 via network link 123. Again, the control module 239 is adapted to power and control the wavelength 20 selective module 235 and the detection module as required. As an example, where a DWDM demultiplexer is employed as wavelength selective module 235 requiring temperature control functions, the control module 239 is adapted to provide these functions. It will be appreciated that in the arrangement of Fig. 5, the apparatus 100 is capable of continuous and/or simultaneous monitoring of all wavelength channels 120 in the input signal 112. When an 25 event such as a drop in power is observed on any wavelength channel individually, or over all channels simultaneously, an alarm signal is transmitted to the NMS where the nature of the event can be ascertained.
WO 2008/144844 PCT/AU2008/000783 15 In further arrangements of the apparatus, the optical monitoring module (135 or 235) is configured to detect and monitor the phase of the input signal 112 - either the phase of the input signal as a whole or of an individual wavelength channel contained in the input signal. Suitable phase sensitive components such as optical polarising elements (eg. polarisers, polarisation/phase 5 sensitive crystals), phase rotating components, (eg. Faraday rotators) and other phase sensitive components (eg. liquid crystal devices) are substituted as required. It will be appreciated that to facilitate bi-directional communications between two sites, the optical communications link 101 includes the capability for optical propagation in both forward and backward directions of the link. In most cases, at least two optical fibres are employed for each of 10 the directional links, although with suitable components in the optical network (for example optical circulators and couplers), a single optical fibre can be used. To accommodate monitoring of both incoming and outgoing data communications on the communications link 101, Fig. 6 illustrates an alternate arrangement of an optical intrusion detection apparatus 300. The apparatus 300 includes a first optical monitoring module 310 and a 15 second optical monitoring module 320. Both modules 310 and 320 are similar to that of either module 130 or 230. Furthermore, in a given arrangement of the apparatus, module 320 is typically similar to module 310 in both construction and mode of operation. In the present arrangement, the apparatus 300, including a first optical input port 111 and a first optical output port 115 as in the apparatus 100 in Fig.1, further includes second optical input and output ports 301 and 303 for 20 connection to optical waveguides 126 and 128 respectively. Waveguides 126 and 128 are optical fibre communications links of the communications network 1. Optical fibre 126 typically supports an optical input signal 312 containing a plurality of wavelength channels 320 in a similar manner to that of the first optical input signal 112 and wavelength channels 120. The second monitoring module 320 samples a portion 314 of optical input signal 312 for detection and directs the 25 remaining portion 316 of optical signal 312 to output port 303. The apparatus 300 also includes an analysing module 330 similar to analysing module 150, however, with modifications to enable module 330 to: receive data from both the first and second WO 2008/144844 PCT/AU2008/000783 16 monitoring modules 310 and 320; analyse the data received from each module; and transmit the data from both modules to the NMS 121 over network link 123. Similarly to the previously described arrangements, the analysing module 330 receives data from individual control modules (not shown) contained within optical monitoring module 310 for analysis 5 of the first monitored optical signal 114, and also from monitoring module 320 for analysis of the second monitored optical signal 314. The parameter analysed in the present arrangement is the optical power level of the individual wavelength channels 120 in the optical input signals 112 and 312 respectively. The total power level of the optical input signals 112 and 312 across all wavelength channels in each signal is also monitored. The analysing module 330 thereby 10 analyses the monitored optical signals 114 and 314 for unexpected, suspicious, or unusual incidences of power loss, such incidences being associated with a possible intrusion event. Optical parameters other than the power level may be alternatively or concurrently employed by the analysing module 330 for analysis of the optical signals and identification of a possible intrusion event. For example, by making suitable substitutions in the optical components of the optical 15 monitoring modules 310 and 320, unexpected variations in phase of the monitored optical signal either the phase of the signal as a whole or on any particular individual wavelength channel - may indicate a possible intrusion event. The analysing modules (150 and 330) of the arrangements described above perform two primary functions: to control and collect data from the optical monitoring modules of the apparatus and to 20 communicate this data to the NMS 121. In a typical arrangement of the apparatus, the analysing module includes a fast computer processor such as an Intel CPU operating with a clock speed in the range of 2 to 3 GHz or greater, a motherboard, and both volatile and non-volatile memory. Typical memory storage requirements of the present arrangement are approximately 120 Gigabytes, although this is dependent upon a range of factors including the number of wavelength 25 channels being monitored at any time, the amount and type of data that is monitored, and the precision at which that data is recorded. Accordingly, it will be appreciated that more or less storage capacity may be necessary as required. In some situations, a fast processor is required to keep up with the high data rates of the optical signal (2.5 to 10 Gb/s or greater).
WO 2008/144844 PCT/AU2008/000783 17 Furthermore, the analysing module of the described arrangements may also include software routines required for both control of the various modules of the apparatus, and analysis of the data recorded from the optical monitoring modules. As one of the main functions of the system is the ability to operate remotely to an NMS host 121, the operating system and control software for the 5 analysing module must be compatible with those communications protocols. In addition, due to the high data rates of optical networks and the subsequent high processing speed, efficient software routines that can cope with the optical data rates of the communications link 101 are required. Accordingly, the requirements for the controlling software in the preferred embodiments include: " TCP/IP stack control for remote operation. 10 0 Network communications protocol support eg. SNMP. " Speed of processing. * Suitable security handling support. " A suitable user interface eg. HTML/Internet interface. By way of example, a suitable operating system is the OpenBSD Operating System, with all control 15 and analysis software routines written in the C++ programming language. An internet interface for configuration and control may also be included within the analysing module to allow authorised users to log in remotely (from within the customer premises 105 via the internal computer network) to perform configuration and support functions as required. Encryption and decryption capabilities may be selectively added to any of the arrangements of the 20 intrusion detection apparatus and it is envisaged that each of the arrangements are able to provide such capabilities by way of an expansion modules that can be installed in the apparatus as required. Fig. 7 illustrates an alternate arrangement of an optical intrusion detection apparatus 400 where encryption and decryption capabilities have been installed. In this arrangement, the first input optical signal 401 received on optical fibre 113 is an encrypted optical input signal. Encrypted 25 optical signal 401 is received in the apparatus 400 at optical input port 111 and transmitted to an optical decryption module 410 for decryption. The optical decryption module 410 decrypts the encrypted optical signal 401 whilst retaining it in the optical domain. Thus, the conversion and reconversion between the electrical and optical domains is avoided so that the decryption process WO 2008/144844 PCT/AU2008/000783 18 occurs at the data transmission rate of the communications link 101. Decrypted input signal 412 is then transmitted to the first optical monitoring module 420 which samples a portion 414 of the decrypted input signal 412 for monitoring and detection as previously described with reference to the optical monitoring module 310. The remaining portion 416 of the decrypted input signal 412 is 5 transmitted via optical the first output port 115 onto optical fibre 119 and to the (transceiver) equipment 103 within the user's premises 105, and subsequently to an intended recipient. Additionally, the arrangement 400 includes an optical encryption module 440. An unencrypted second optical input signal 422 is received at the second optical input port 125 from optical fibre 126 and transmitted to a second optical monitoring module 430 which samples a portion 424 of the 10 input signal 422 for monitoring and subsequent analysis as previously described with reference to the optical monitoring module 320. The remaining portion 426 of the second input signal 422 is next transmitted to the optical encryption module 440 for encryption. Similarly to the optical decryption module 410, the optical encryption module 440 performs the encryption process in the optical domain so that the process occurs at the data transmission rate of the communications link 15 101. The now encrypted optical signal 428 is transmitted to the second output port 127 and onto optical fibre 128 of the communications link 101. As illustrated in Fig. 7, the first optical signal 416 exits the first output port 115 in an unencrypted state. If required, an additional encryption module (not shown) similar to module 440 may be inserted into the apparatus 400 intermediate monitoring module 420 and output port 115 for re 20 encryption of the signal before exiting the apparatus 400 onto optical fibre 119. Furthermore, as illustrated, the second optical signal 422 enters the apparatus 400 as an un-encrypted optical signal. If the second optical input signal 422 was instead an encrypted optical input signal, a second decryption module (not shown) similar to module 410 may be inserted intermediate input port 125 and monitoring module 430 for initial decryption of optical input signal 422. 25 The inclusion of optical encryption/decryption capability into the apparatus significantly enhances the security features that can be readily accessed by the individual users of optical communications links, particularly over a metropolitan area network (MAN). Methods for the encryption of optical data at rates equivalent to the capability of the optical communications link need to be performed in WO 2008/144844 PCT/AU2008/000783 19 the optical domain by photonic devices. The arrangements described herein each include the capability of inserting suitable encryption/decryption modules into an existing arrangement as desired, and as such may be considered to be 'encryption ready'. Various encryption methodologies and techniques for high-speed optical encryption, including a 5 technique called Quantum Key Distribution (QKD), are envisioned for this encryption/decryption capability, although the arrangements described herein are not restricted to the use of such methods. Additional optical encryption/decryption methods may be used as required by the individual communications network used and the needs of individual users. To accommodate inspection of the optical fibre links of the communications link 101 using standard 10 methods such as an optical time domain reflectometer (OTDR), Fig. 8 illustrates an alternate arrangement of an optical intrusion detection apparatus 500. In this arrangement, the electronic control modules (corresponding to, for example, the electronic control module 139 of Fig. 4) of optical monitoring modules 520 and 530 that control the wavelength selection and detection components for both the receiving and transmission paths have been combined into a single 15 electronic control module 550. The electronic control module 550 is connected via cable 146 to analysing module 560 (similar in construction and operation to the analysing modules 150 and 330) which is in communication with NMS 121 via network link 123. The arrangement of Fig. 8 further includes first and second optical test ports 571 and 573 for connection of the optical test instrumentation devices 580 and 590, e.g OTDRs, for checking the 20 receiving and transmission paths of the optical communications link 113 and 128, respectively. Optical coupling devices such as 2x2 couplers 131 and 575 are used to couple the test light from the test devices 580 and 590 onto respective optical fibres 128 and 113. The same 2x2 couplers 131 and 575 also direct the backscattered test light containing information on the communications link back to the test instrument devices 580 and 590 for analysis. For the receiving path (optical 25 fibre 113), an additional 2x2 coupler 575 is used in the present arrangement although for the transmission path (optical fibre 128), the previously unused port of optical coupler 131 within monitoring module 530 can be used. Other methods of coupling the test devices 580 and 590 to the optical fibres of communications link 101 may also be employed. Alternate arrangements of WO 2008/144844 PCT/AU2008/000783 20 the apparatus (not shown) may also incorporate the test instrumentation devices 580 and/or 590 within the apparatus itself, with the control and analysis operations associated with the test devices being performed either by the existing analysing module 560 or by an additional analysis/control module. 5 The addition of the optical test ports 571 and 573 allow for ongoing real-time monitoring of the integrity of the optical communications link, and also for identification of the location of a possible intrusion or break in the communications link 101. After installation and commissioning of the communications link and/or one of the preferred arrangements of the intrusion detection apparatus' described herein, a baseline trace of the optical fibre of the link 101 is performed using OTDRs 580 10 and 590. Each OTDR provides an exact profile of the length of the monitored fibre of the link 101, and shows such events as splice points, connections and any points of degradation. The OTDR achieves this by launching laser test light down the monitored optical fibre and receiving both backscattered test light from the fibre itself and reflections from various different events along the fibres length (for example, where two fibres are connected at a splice point there will be a very 15 small reflection of the light). Any unidentifiable events on the baseline trace are ideally clarified with the telecommunications carrier providing the fibre at the time of commissioning the link 101 or the intrusion detection apparatus. A further baseline trace should be undertaken periodically to track any long-term degeneration of the optical fibre link 101. In a preferred arrangement, the intrusion detection apparatus (eg. apparatus 500) installed in the 20 communications system 1 is then allowed to run autonomously, until the occurrence of an event which triggers an alarm to be sent to the NMS operator showing that there has been a drop in light level within the communications system 1. Ideally a network support engineer then perform a fault trace using test device 580 and/or 590, to determine the physical location of the event which triggered the alarm signal i.e. on the communications link 101 or within equipment on the customer 25 premises 105. Once this fault trace is obtained, it is compared to the baseline trace. If any extra splice points or connections are apparent on the fault trace that are not on the baseline trace, then the network may be assumed to be subject to an intrusion event and the communications link 101 has been compromised. At this stage, all network traffic should be prevented from traversing the 21 compromised link 101 and the network traffic moved to a back-up communications link if available, until such time as the network provider is able to confirm the cause of the new event observed on the communications link 101, and whether the link is secure. If the drop in light level has occurred due to a break in the fibre, then a subsequent baseline trace needs to be undertaken for 5 comparison against future possible intrusion events. It will be appreciated that the present apparatus is also able to provide both telecommunications network providers and their customers the capability to monitor dark fibre communications links for the verification of service agreements between the network provider and customer. It will be further appreciated that the optical intrusion detection apparatus described in connection 10 with the arrangements above are understood to be illustrative and the subject matter herein contained is not to be limited to those specific arrangement. On the contrary, it is intended for the subject matter of the current invention to include all alternatives, modifications and equivalents as can be included within the spirit and full scope of the following claims. For example, the intrusion detection apparatus may be situated between two communication links, instead of between a 15 communication link and a user premises. The discussion of the background to the invention included herein including reference to documents, acts, materials, devices, articles and the like is intended to explain the context of the present invention. This is not to be taken as an admission or a suggestion that any of the material referred to was published, known or part of the common general knowledge in Australia as at the 20 priority date of any of the claims.

Claims (20)

1. An apparatus for detection of intrusion events on a first optical transmission line, the apparatus comprising: a first optical monitoring module for sampling a first optical input signal propagating on 5 the first optical transmission line and including a plurality of first optical wavelength signals to form a first sampled signal for monitoring the first optical input signal, the first optical monitoring module including a first wavelength selective module and a first optical detection module, the first wavelength selective module adapted to receive the first sampled signal and direct one or more of the first optical wavelength signals in the first sampled signal to the first 10 optical detection module, thereby to monitor the one or more of the first optical wavelength signals; and an analysing module operatively coupled to the first optical monitoring module for analysing the first sampled signal for characteristics associated with a possible intrusion event on the first optical transmission line. 15
2. An apparatus as claimed in claim 1 wherein the first wavelength selective module includes a wavelength selective element for selecting any one of the first optical wavelength signals, and a directional element for directing the selected first wavelength signal to the first optical detection module.
3. An apparatus as claimed in claim 2 wherein the wavelength selective element is a tunable 20 wavelength selective element and adapted to sequentially select a plurality of selected first wavelength signals.
4. An apparatus as claimed in claim 3 wherein the first optical detection module is adapted for sequentially monitoring the plurality of the selected first wavelength signals, thereby to monitor the first optical input signal. 25
5. An apparatus as claimed in claim 3 or 4 wherein the tunable wavelength selective element is a tunable fibre Bragg grating. 23
6. An apparatus as claimed in any one of the preceding claims wherein the first wavelength selective module includes a wavelength dependent separator for spatially separating the first optical wavelength signals in the first sampled signal and directing the spatially separated wavelength signals to the first optical detection module. 5
7. An apparatus as claimed in claim 6 wherein the first optical detection module includes a plurality of optical detectors, each detector substantially aligned with one of the spatially separated wavelength signals for receiving the one of the spatially separated wavelength signals, thereby to facilitate simultaneous monitoring of each of the first optical wavelength signals and the first optical input signal. 10
8. An apparatus as claimed in any one of the preceding claims wherein the first optical monitoring module is adapted to monitor optical characteristics of the first wavelength signals, thereby monitoring optical characteristics of the first sampled signal and optical characteristics of the first optical input signal.
9. An apparatus as claimed in claim 8 wherein the optical characteristics being monitored include 15 optical power and/or optical phase.
10. An apparatus as claimed in any one of the preceding claims wherein the first optical input signal is a first encrypted optical signal and the apparatus includes an optical decryption module for decrypting the first encrypted optical signal.
11. An apparatus as claimed in any one of the preceding claims wherein the first optical monitoring 20 module includes a first optical coupling device for sampling a portion of the first optical input signal.
12. An apparatus as claimed in either claim 8 or 9 wherein the analysing module analyses the first sampled signal for variations in the optical characteristics of the first sampled signal, such variations being associated with an occurrence of a possible intrusion event. 24
13. An apparatus as claimed in claim 12 wherein upon the occurrence of a possible intrusion event, the analysing module transmits an alarm signal to a communications network management system.
14. An apparatus as claimed in any one of the preceding claims wherein the apparatus further 5 comprises: a second optical monitoring module for sampling a second optical input signal propagating on a second optical transmission line and including a plurality of second optical wavelength signals to form a second sampled signal for monitoring the second optical input signal, the second optical monitoring module including a second wavelength selective module 10 and a second optical detection module, the second wavelength selective module adapted to receive the second sampled signal and direct one or more of the second optical wavelength signals in the second sampled signal to the second optical detection module, thereby to monitor the one or more of the second optical wavelength signals.
15. An apparatus as claimed in any one of the preceding claims wherein the apparatus further 15 comprises at least one optical test port for facilitating connection with at least one corresponding optical test device.
16. An apparatus as claimed in claim 15 wherein the at least one optical test device includes an optical time domain reflectometer.
17. A communications system comprising: 20 first optical transceiver equipment for transmitting and receiving an optical signal including a plurality of first optical wavelength signals; a first apparatus adapted to couple the optical signal between the first optical transceiver equipment and an optical communications network. said first apparatus comprising: a first optical monitoring module for sampling the optical signal to form a first sampled 25 signal for monitoring the optical signal, the first optical monitoring module including a first wavelength selective module and a first optical detection module, the first wavelength selective module adapted to receive the first sampled signal and direct one or more of the 25 first optical wavelength signals in the first sampled signal to the first optical detection module, thereby to monitor the one or more of the first optical wavelength signals; and a first analysing module operatively coupled to the first optical monitoring module for analysing the first sampled signal for characteristics associated with a possible intrusion 5 event on the optical communications network; a second apparatus for coupling said signals from the network, said second apparatus comprising: a second optical monitoring module for sampling the optical signal to form a second sampled signal for monitoring the optical signal, the second optical monitoring module 10 including a second wavelength selective module and a second optical detection module, the second wavelength selective module adapted to receive the second sampled signal and direct one or more of the second optical wavelength signals in the second sampled signal to the second optical detection module, thereby to monitor the one or more of the second optical wavelength signals; and 15 a second analysing module operatively coupled to the second optical monitoring module for analysing the second sampled signal for characteristics associated with a possible intrusion event on the optical communications network; and second optical transceiver equipment for receiving and transmitting optical signals to the second apparatus. 20
18. A communications system as claimed in claim 17 wherein the first optical transceiver equipment and the first apparatus are associated in a first location separate from a second location at which the second optical transceiver equipment and the second apparatus are located.
19. An apparatus for detection of intrusion events, the apparatus being substantially as herein described with reference to the accompanying figures. 25
20. A communication system substantially as herein described with reference to the accompanying figures.
AU2008255572A 2007-06-01 2008-05-30 Optical communications security device and system Active AU2008255572B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2008255572A AU2008255572B2 (en) 2007-06-01 2008-05-30 Optical communications security device and system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2007902970 2007-06-01
AU2007902970A AU2007902970A0 (en) 2007-06-01 Optical communications security device and system
AU2008255572A AU2008255572B2 (en) 2007-06-01 2008-05-30 Optical communications security device and system
PCT/AU2008/000783 WO2008144844A1 (en) 2007-06-01 2008-05-30 Optical communications security device and system

Publications (2)

Publication Number Publication Date
AU2008255572A1 AU2008255572A1 (en) 2008-12-04
AU2008255572B2 true AU2008255572B2 (en) 2012-07-26

Family

ID=40074475

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2008255572A Active AU2008255572B2 (en) 2007-06-01 2008-05-30 Optical communications security device and system

Country Status (4)

Country Link
EP (1) EP2168273A4 (en)
AU (1) AU2008255572B2 (en)
NZ (1) NZ581578A (en)
WO (1) WO2008144844A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9083456B2 (en) * 2012-12-04 2015-07-14 Adva Optical Networking Se Method and apparatus for detecting uncharacteristic power level changes of an optical signal
CN110346304B (en) * 2019-06-26 2020-10-02 华中科技大学 Optical fiber polarization spectrum analysis system based on time slot multiplexing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5680104A (en) * 1996-05-31 1997-10-21 Volution Fiber optic security system
US20040151496A1 (en) * 2003-02-03 2004-08-05 Texas Instruments Incorporated Dynamic gain equalizer-monitor
US7184553B2 (en) * 2002-02-07 2007-02-27 Eci Telecom Ltd. Method and system for encryption of optical signals
US20070086694A1 (en) * 2005-08-03 2007-04-19 Murphy Cary R Monitoring individual fibers of an optical cable for intrusion
US20070086693A1 (en) * 2003-07-18 2007-04-19 Murphy Cary R Intrusion detection system for a multimode optical fiber using a bulk optical wavelength division multiplexer for maintaining modal power distribution

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4973169A (en) * 1987-06-24 1990-11-27 Martin Marietta Corporation Method and apparatus for securing information communicated through optical fibers
US6603112B1 (en) * 1998-02-25 2003-08-05 Massachusetts Institute Of Technology Method and apparatus for detecting malfunctions in communication systems
US20020131106A1 (en) * 2001-03-16 2002-09-19 Peter Snawerdt Secure wave-division multiplexing telecommunications system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5680104A (en) * 1996-05-31 1997-10-21 Volution Fiber optic security system
US7184553B2 (en) * 2002-02-07 2007-02-27 Eci Telecom Ltd. Method and system for encryption of optical signals
US20040151496A1 (en) * 2003-02-03 2004-08-05 Texas Instruments Incorporated Dynamic gain equalizer-monitor
US20070086693A1 (en) * 2003-07-18 2007-04-19 Murphy Cary R Intrusion detection system for a multimode optical fiber using a bulk optical wavelength division multiplexer for maintaining modal power distribution
US20070086694A1 (en) * 2005-08-03 2007-04-19 Murphy Cary R Monitoring individual fibers of an optical cable for intrusion

Also Published As

Publication number Publication date
WO2008144844A1 (en) 2008-12-04
NZ581578A (en) 2012-07-27
AU2008255572A1 (en) 2008-12-04
EP2168273A4 (en) 2013-12-04
EP2168273A1 (en) 2010-03-31

Similar Documents

Publication Publication Date Title
US6727490B2 (en) Method and apparatus for detecting malfunctions in communication systems
Iqbal et al. Optical fiber tapping: Methods and precautions
US7376293B2 (en) Remote location of active section of fiber in a multimode intrusion detection system
Rejeb et al. Fault and attack management in all-optical networks
JPH02119329A (en) Device and method of detecting optical fiber system
Dahan et al. Security threats and protection procedures for optical networks
US9553881B2 (en) Security monitoring for optical network
US11789206B2 (en) Secured fiber link system
US20240137133A1 (en) Secured fiber link system
US9780868B2 (en) Security monitoring for optical network
EP2540013B1 (en) Optical monitoring in a communications network element
Médard et al. Node wrappers for QoS monitoring in transparent optical nodes
US7739561B2 (en) Method and apparatus for monitoring an optical network signal
AU2008255572B2 (en) Optical communications security device and system
US20130347112A1 (en) Method for a fine optical line monitoring in communication lines through qkd systems
RUGHINIŞ et al. Optimization of performance monitoring and attack detection in all optical networks
WO2022103288A1 (en) Device for quantum communication on side frequencies
Chang et al. Attacks and detection methods in all-optical networks
Liaw et al. Real-time monitoring implementation in a remote-pumped WDM PON

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)