The invention relates generally to communications systems for secure transmission of analog signals. More particularly, the invention relates to an analog optical system using non-predictable time and wavelength scrambling to preserve the confidentiality of transmitted signals.
Transmission of signals over optical fiber has become more common in part due to high signal capacity of the fiber. For example, dense wavelength division multiplexing (DWDM) systems use multiple optical wavelengths to transmit a large number of signals over a single optical fiber. Long haul optical systems allow transmission over large distances to provide signals to geographically remote locations. High value analog channels such as premium cable channels and pay-per-view can be distributed by cable providers to subscriber locations over such systems by analog modulation of the optical carriers at the different wavelengths. No digitization of the analog signals is required. Security measures are generally not employed and the opportunity for theft of the analog signals is significant.
Physical access to the optical fiber at any point along its length allows a motivated attacker to tap the fiber and eavesdrop on the transmitted channels. To tap the optical fiber, the attacker removes at least some of the cladding and bends the fiber to gain access to a portion of the optical signals that escape through the disturbed cladding. If the optical power of the tapped optical signals is sufficient, an optical receiver and associated optical and electronic components can be used to capture, or copy, a transmitted optical signal. Moreover, depending on the complexity of the equipment used by the intruder, multiple channels can be stolen. If the tapped optical signal power is small relative to the total optical signal power, subscribers are unaffected and the distribution company cannot readily detect the theft. Long haul systems are particularly vulnerable as the optical fiber length provides more opportunity for physical access.
Mechanisms currently exist to protect analog signals for transmission over an optical fiber. The analog signal can be digitized and conventional encryption techniques can be applied to the resulting data stream. Conventional encryption technology includes the use of encryption protocols such as advanced encryption standard (AES) and digital encryption standard (DES or triple-DES). Encryption protocols are generally complex and require significant processing power. Moreover, extensive hardware is required because the analog signals are converted from analog to digital format and encrypted at the transmitter and then converted from digital to analog format and decrypted at the receiver. This complexity eliminates the current advantage of simplicity and low cost enjoyed by a pure analog optical distribution scheme.
What is needed is a method for preserving the confidentiality of analog optical signals without using complex processing and expensive hardware. The present invention satisfies this need and provides additional advantages.
In one aspect, the invention features a secure communications system for transmitting a plurality of analog signals. The communications system includes a plurality of analog communications channels each adapted to conduct an analog modulation of a respective one of a plurality of carrier signals. Each carrier signal has a unique frequency. The communications system also includes an analog multiplexer, an analog demultiplexer, a first sequence logic module and a second logic sequence module. The analog multiplexer has a plurality of multiplexer input terminals each accepting one of the analog signals and a plurality of multiplexer output terminals each in communication with one of the communications channels. The analog demultiplexer has a plurality of demultiplexer input terminals each in communication with one of the communications channels and a plurality of demultiplexer output terminals. The first sequence logic module communicates with the analog multiplexer to provide a channel selection signal responsive to a shared key. The second sequence logic module communicates with the analog demultiplexer to provide the channel selection signal. The channel selection signal controls the switching of the multiplexer input terminals to the multiplexer output terminals and the switching of the demultiplexer input terminals to the demultiplexer output terminals. Each analog signal provided at one of the multiplexer input terminals is reproduced at a respective one of the demultiplexer output terminals.
In another aspect, the invention features a secure optical communications system for transmitting a plurality of analog signals. The optical communications system includes an optical link having a plurality of transmitters at a first end and a plurality of receivers at a second end. Each transmitter is configured to generate an analog optical signal at a respective one of a plurality of wavelengths in response to an analog electrical signal. Each receiver is adapted to detect one of the analog optical signals at the respective wavelength. The optical communications system also includes an analog multiplexer, an analog demultiplexer, a first sequence logic module and a second logic sequence module. The analog multiplexer has a plurality of multiplexer input terminals to accept one of the analog electrical signals and a plurality of multiplexer output terminals each in communication with one of the transmitters. The analog demultiplexer has a plurality of demultiplexer input terminals each in communication with one of the receivers and a plurality of demultiplexer output terminals. The first sequence logic module communicates with the analog multiplexer to provide a channel selection signal responsive to a shared key. The second sequence logic module communicates with the analog demultiplexer to provide the channel selection signal. The channel selection signal controls the switching of the multiplexer input terminals to the multiplexer output terminals and the switching of the demultiplexer input terminals to the demultiplexer output terminals. Each analog electrical signal provided at one of the multiplexer input terminals is reproduced at a respective one of the demultiplexer output terminals.
In yet another aspect, the invention features a method for transmitting analog optical signals in a wavelength division multiplexing optical system. Portions of analog signals from a plurality of analog signals are selectively combined over a plurality of optical channels in accordance with a channel selection signal. Each optical channel has a unique wavelength. The channel selection signal is defined by a shared key. The combined portions of analog signals are transmitted and detected for each optical channel. The detected portions of analog signals are selectively combined in accordance with the channel selection signal to reproduce the analog signals.
The above and further advantages of this invention may be better understood by referring to the following description in conjunction with the accompanying drawings, in which like numerals indicate like structural elements and features in the various figures. For clarity, not every element may be labeled in every figure. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
In brief overview the present invention relates to a secure communications system for transmitting analog signals. The analog signals are scrambled over multiple carrier signals. Each carrier signal has a unique frequency. The carrier sequence and the time period during which each analog signal is applied to a carrier signal are non-predictable. A secret key used at the transmit end of the transmission media sets the scrambling algorithm sequence. The analog signals are recovered at the receive end of the transmission media using the same secret key. An attacker attempting to tap the analog signals does not have possession of the specific key. Consequently, the attacker cannot recover the analog signals.
Referring to
In the illustrated optical system 10, an attacker having access to the optical fiber 14 can tap one or more optical signals OSIG by removing cladding and bending the fiber 14 to cause some of the optical signal power to escape. A tapped optical signal OSIG at a particular wavelength λ can be detected by positioning an optical receiver adapted for that wavelength near the bend in the fiber 14. Multiple optical signals OSIG can be tapped if optical demultiplexing hardware is used to direct optical signals OSIG at different wavelengths to corresponding detectors. If the tapped optical signal power is sufficiently low, maintenance personnel are unable to detect the intrusion and subscriber service is not affected.
The table of
During time interval 1, analog electrical signals ESIG1 to ESIG4 are used to modulate optical carrier signals at wavelengths λ1, to λ4, respectively. With one exception, the optical carrier signal modulated by each analog electrical signal ESIG is changed at times t1, t2 and t3. The exception includes analog electrical signal ESIG4 which continues to modulate the optical carrier signal at wavelength λ4 for consecutive intervals 1 and 2. Similar changes in modulation of the optical carrier signals occur after time t4.
According to the method, portions of the analog electrical signals that are not coincident in time (i.e., not temporally overlapping) are selectively combined in the four analog optical channels and transmitted over an optical link to a plurality of optical detectors. This selective combination, or scrambling, is performed according to a pseudorandom and non-predictable sequence such that the original analog electrical signals are securely transmitted as optical signals in the optical channels. Each optical detector generates an analog electrical signal responsive to the combined portions of the original analog optical signals ESIG transmitted in a single optical channel. Portions of the four detector-generated electrical signals are selectively combined to descramble the analog electrical signals and reproduce the original analog electrical signals ESIG.
The time interval during which each analog electrical signal ESIG modulates an optical channel varies. In the tabulated example, interval 3 has the longest duration and interval 4 has the shortest duration. The duration of subsequent time intervals (not shown) can vary in a similar manner to the depicted time intervals. The pseudorandom and non-predictable variations in duration provide an additional layer of security for the transmitted analog signals.
In operation, the optical system 40 permits secure transmission of a multitude of analog signals over an optical fiber 14. Each analog electrical signal ESIG is applied to a respective one of the multiplexer input terminals 56. A channel selection signal CSSIG generated by one of the sequence logic modules 52A controls the switching (or mapping) of the analog electrical signals ESIG from the multiplexer input terminals 56 to the multiplexer output terminals 60. The switching changes over time in response to the channel selection signal CSSIG. Moreover, the time interval during which the switches remain mapped in a particular configuration also changes over time in response to the channel selection signal CSSIG.
For example, an analog electrical signal ESIG1 applied to a multiplexer input terminal 56A is routed to any one of the multiplexer output terminals 60 for a first time interval. For the duration of a next time interval, the analog electrical signal ESIG1 is routed to a different multiplexer output terminal 60. For subsequent time intervals, the analog electrical signal ESIG1 is routed to still other multiplexer output terminals 60. Over an extended time, the routing can “re-use” a multiplexer output terminal 60 that was previously mapped to the multiplexer input terminal 56A. Similar switching occurs for the other analog electrical signals ESIG applied to the other multiplexer input terminals 56B to 56N. There can also be one or more consecutive time intervals for which at least one of the analog electrical signals ESIG remains mapped to the same multiplexer output terminal 60.
The switched analog electrical signals ESIG at the multiplexer output terminals 60 are processed by the filter and level conversion modules 18, and applied to the optical transmitters 22. The analog optical signal OSIG generated by each transmitter 22 is an analog modulation of a single wavelength λ and is responsive to a particular analog electrical signal ESIG only for the duration when that analog electrical signal ESIG is coupled to the transmitter 22. Over an extended time each analog optical signal OSIG includes contributions from different analog electrical signals ESIG as determined by the channel selection signal CSSIG. Although an attacker having access to the optical fiber 14 may be able to separately detect optical signals at different wavelengths, the pseudorandom nature of the switching in space and in time prevents the attacker from retrieving the analog electrical signals ESIG from the optical fiber 14.
Each optical receiver 26 generates an electrical signal responsive to the analog modulation imparted on a respective wavelength λ. The electrical signals are processed by filter and level conversion modules 30, and applied to the demultiplexer input terminals 68. The channel selection signal CSSIG provided by one of the sequence logic modules 52B controls the switching of the electrical signals from the demultiplexer input terminals 68 to the demultiplexer output terminals 72 in a manner complementary to the switching achieved at the analog multiplexer 44. Consequently, each analog electrical signal ESIG applied to a multiplexer input terminal 56 is reproduced at the corresponding demultiplexer output terminal 72.
The channel selection signal CSSIG generated by the sequencer logic modules 52 is applied to each multiplexer 44, 48. Synchronization of the application channel selection signal CSSIG at the multiplexer 44 and the demultiplexer 48 ensures that the signal switching is synchronized. As a result, the mapping of the multiplexer input terminals 56 to the multiplexer output terminals 60 is the same as the mapping of the demultiplexer output terminals 72 to the demultiplexer input terminals 68. Consequently, an analog electrical signal ESIG applied at a multiplexer input terminal 56 is reproduced at the matching demultiplexer output terminal 72.
Ideally, the scrambling of the analog electrical signals in wavelength and time occurs in an unpredictable and unrepeatable manner.
The initial state of the shift register 80 is set according to a 128 bit secret key applied to the input set terminals 88. Each synchronization modules 84 supplies a synchronization signal SYNC to the associated shift register 80 to ensure that the analog multiplexer 44 and the analog demultiplexer 48 receive the channel selection signal CSSIG at the same time. More specifically, the synchronization modules 84 ensure that the stream of digits generated by the shift registers 80 starts at the same sequence. Synchronization can be achieved by sending a known sequence over all wavelengths, for example, by sending a constant frequency analog signal over all wavelengths. Detecting the constant frequency analog signal at the opposite synchronization module 84 would restart the synchronization of the bit stream according to the 128 bit secret key.
An external timing source provides a timing signal CLOCK to the shift register 80. The frequency of the timing signal CLOCK is selected so that the period of repetition is great enough that an attacker cannot take advantage of the repeatability of the channel selection signal CSSIG. Some of the output terminals 92 of the shift register 80 are configured to feedback to input terminals 96 to create the pseudorandom output bit stream CSSIG.
In other embodiments, shift registers and secret keys of other lengths are used. For example, a 256 bit shift register provides a longer period without repetition if the frequency of the timing signal CLOCK remains unchanged. The length of the secret key should be sufficiently great so that the probability that an attacker can guess or otherwise generate the secret key even with significant computational power is negligible.
A limited number of the output terminals 92 are used to select the time sequence and to select the wavelength. For example, a sequence of eight bits can be used with three of the bits controlling the time sequence and the other five bits controlling the wavelength selection. Other bit configurations are possible. The sequence is set with a 128 bit secret key shared between the two sequencer logic modules 52. The potential attacker has no way of setting how the shift register output begins as the shift register output appears as a random set of ones and zeroes.
The 128 bit secret key is made available to both ends of the optical link. The synchronization logic modules 84 ensure that the analog multiplexer 44 and analog demultiplexer 48 are synchronized. The secret key can be shared in a variety of ways. For example, the secret key can be passed “out of band” via telephone communication, email and the like. Alternatively, a password can be sent and used with a hash function to generate the shared key. In another example, the shared key is hardwired into each sequencer logic module 52.
A cryptographic key exchange can be used implement the shared key. For example, a Diffie-Hellman technique can be employed so that a secret key is shared without direct transmission of the secret key. According to this technique, a private and a public key are generated at or provided to each sequencer logic module 52 according to a specified protocol. The public keys are exchanged between the two sequencer logic modules 52. Independent calculations are performed at each module 52 using the retained private key and the received public key. The results of the two calculations are identical and represent the shared key applied to the shift registers 80.
While the invention has been shown and described with reference to specific embodiments, it should be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Number | Name | Date | Kind |
---|---|---|---|
4276652 | McCalmont et al. | Jun 1981 | A |
7272319 | Piccirilli et al. | Sep 2007 | B1 |
20040042796 | Con-Carolis et al. | Mar 2004 | A1 |
20040081471 | Lee | Apr 2004 | A1 |
20060245470 | Balachandran et al. | Nov 2006 | A1 |
Number | Date | Country | |
---|---|---|---|
20060285848 A1 | Dec 2006 | US |