Enhanced Security in Passive optical Networks using WDM PON

DOI : 10.17577/IJERTV3IS041395

Download Full-Text PDF Cite this Publication

Text Only Version

Enhanced Security in Passive optical Networks using WDM PON

Rajasekaran. V. L

Asst.Professor, Faculty of ECE,

St.Joseph College of Engineering, Tamil Nadu, India.

Abstract- Optically based technologies are currently being extensively investigated as a solution to the large bandwidth demand. The explosive growth in the demand has triggered the introduction of broadband access network. Passive Optical Network (PON) solves the bandwidth bottleneck issue as they extend optical network to homes and business. Time Division Multiplexed Passive Optical Network (TDM PON) was implemented using a point to multipoint network architecture that introduces the need for the inclusion of filtering or encryption scheme to maintain user security in the downstream direction. This possibility for security breaches introduces the need for an enhanced security mechanism in PONs. A secure PON can be obtained using Wavelength Division Multiplexed Passive Optical Network (WDM PON). The physical security enhancement can be obtained through inclusion of broadband light source in the Optical Line Terminal (OLT), to create a signal in which each data frame is transmitted at unique wavelength. Security features in PON structures has been studied by introducing eavesdropping. Further security enhancement has been accomplished by introducing tunable lasers in the OLT of the PON architecture. Simulation is done by using OPTISYSTEM ver.12 along with implementation.

Keywords: Access network, Fiber-to-the-x, Passive optical network, Tunable laser.


    Fiber to the home (FTTH) is currently experiencing technological advance that provides enormous band width and long reach offering Triple Play services (data, voice, and video) on a single fiber. FTTH is being the best solution for providing add-on services such as Video on demand; Online Gaming, High definition television (HDTV) etc. Among various FTTH implementations, Passive Optical Network (PON), which can provide very high bandwidths to the customers, appears to be an attractive solution to the access network. Instead only completely passive optical components are placed in the network transmission path to guide the traffic signals contained within specific optical wavelengths. A PON is a Point To Multi Point (P2MP) optical network, where an Optical Line Terminal (OLT) at the Central Office (CO) is connected to many Optical Network Units (ONUs) at Remote Nodes through one or multiple 1:N optical splitters. The network between the OLT and the ONU does not require any power supply. PONs use a single wavelength in each of the two directionsdownstream (CO to end users) and upstream (end users to CO). Other than offering high bandwidth, a PON

    Esther Sheeba Jasmine. H

    PG Scholar, Applied Electronics, Sathyabama University,Tamil Nadu, India.

    system also offers a large coverage area, reduced fiber deployment as the result of its P2MP architecture, and reduced cost of maintenance due to the use of passive components in the network.

    At present, most of the PON deployments utilize Time Division Multiplexing (TDM) technique, in which dedicated time slots are assigned to each subscriber connected to the PON. Time Division Multiplexed Passive Optical Network (TDM PON) was implemented using P2MP network architecture. The bandwidth provisioned by an optical channel and the hardware in the CO are, thus shared among all the users, which is highly desirable to reduce the cost of access networks. Due to its cost effectiveness, the TDM PON has emerged as the current generation PON. However it is quite likely that the TDM-PONs today cannot support the bandwidth-exhausting multimedia services like IP-television and HD-quality VOD. Besides, TDM-PONs are never economical from the network investment point of view, i.e., TDM-PONs has not fully taken advantage of the optical fiber bandwidth, which is actually infinite. Also there are several security vulnerabilities in TDM PONs. On the other hand, WDM-PON currently available offers enough bandwidth not only for present but also for future multimedia broadband services and fully utilize the optical fiber bandwidth. Incorporating Wavelength Division Multiplexing (WDM) in a PON allows one to support higher bandwidth since each wavelength is dedicated to a single subscriber. The WDM PON offers other advantages such as ease of management and upgradability, strong network security, high flexibility with data and protocol transparency, so that it has been considered as a future proof access technology.


    1. PON Security

      TDM PONs are susceptible to two types of security concerns: eavesdropping and theft of service. The point-to- multipoint downstream nature of TDM PONs is the source of potential eavesdropping occurrences. Figure 1 shows how potential eavesdropping can be achieved in the downstream of a TDM PON. A conventional PON uses a filter to prevent users from accessing frames not intended for them. Eavesdropping can be implemented by disabling the filter at the first ONU. Once the filter has been disabled, the user will

      have access to all frames that are being transmitted on the network.

      Figure 1: Eavesdropping in a TDM PON

      For eavesdropping to occur in the upstream of the PON, the eavesdropper would need to have physical access to either the other users ONU or to that users input to the splitter. This situation arises due to the multipoint-to-point nature of a PON, which is inherently more secure than the downstream. Because eavesdropping is possible in TDM PONs, encryption techniques are implemented as a deterrent to potential eavesdroppers. The implementation of encryption occurs in or above the MAC layer in order to create a point- to-point link between each OLT and user in the network. However, implementation of an encryption scheme above or in the MAC layer still allows ONUs to discover neighbouring MAC addresses, and the use of an encryption key is not a foolproof security measure.

    2. Physical Security Enhancement

      A preferable approach to security implementation in PON has been accomplished through the use of WDM-PON. A WDM-PON scheme allow for creation of point to point link at unique wavelength between OLT and ONU. A schematic view of the WDM- PON is shown in Figure 2. Data from the different transmitters are multiplexed and then circulated with the help of Broadband Light Source (BLS). The Broadband Light Source injects the signal to lock the OLT and allow the single wavelength to move from input port to the output port.

      Figure 2: Physical Security in WDM-PON

      In order to verify the physical operation of WDM PON, a

      2.5 Gbps data source was configured in the Optical Line Terminal using Optisystem. Data from the OLT is then circulated with help of the Broadband Light Source (BLS) and

      transmitted onto a 20 km length of single mode fiber (SMF), at that point data was de-multiplexed and then transmitted to each destination ONU through 5 km single mode fiber (SMF).

      The secure nature of the WDM-PON design is verified by attempting the eavesdrop information intended for ONU1. In this eavesdropping attempt the optical filter used after demultiplexer to filter out the 1 wavelength of first ONU then low power frequency is pass through the filter and further amplified by a Erbium Doped Fiber Amplifier (EDFA) to increase the power level of the signal that is intercepted. This setup is done in order to attempt to access the wavelength intended for the second ONU at the input of the first ONU. A schematic of the eavesdropping configuration is shown in Figure 3.

      Figue 3: Eavesdropping attempt at first ONU

      Further enhanced PON architecture can be designed by the use of matched Tunable Lasers (TLs) in the OLT. This allows the PON to perform as a secure point-to-point (P2P) optical network in the downstream direction. In a WDM PON with tunable laser configuration, an OLT controller is connected to TLs coupled into a common output fiber. Data frames are broadcast by the OLT controller to the TLs. Each frame has a unique destination identity encoded in order to identify a corresponding unique ONU by the OLT controller. A unique wavelength is also assigned to each ONU. This configuration results in the emulation of a WDM PON configuration without the need for a matching transmitter receiver pair for each user in the network. When the data frames are passed by the OLT controller to the TLs, the control ID of each of the frames is read in order to identify which TL will switch the data. Initially the TL will send the first frame of data which is destined for ONU 1. While the first TL is sending the first frame, the second TL is preparing to transmit the second frame which is destined for ONU 2. This switching process repeats until ¸n is transmitted and creates a data stream of WDMTDM packet. This technique results in a reduction of transmitter idle time as well as a reduction in wasted bandwidth.

    3. Fiber Fault Monitoring

    Passive Optical Network (PON) monitoring is very important in order to reduce the operational expense. For Wavelength Division Multiplexing

    Passive Optical Network (WDM-PON), the reliability might be more critical as the aim is to transport high capacity services. A conventional Optical Time Domain Reflectometer (OTDR) which operates at single wavelength is not able to detect branches beyond the wavelength selective component of the

    Remote Node (RN) of a WDM-PON. In this study, a simple and robust method to detect optical fiber cut in Passive Optical Network (PON) has been proposed. The unique reflection spectrum from Fiber Bragg Grating (FBG) that is located in each Optical Network Unit (ONU) is manipulated in order to detect the fault network.

    Figure 4: Block diagram of PON monitoring system

    Figure 4 shows the block diagram of Passive Optical Network (PON). The laser source used is the Distributed Feedback (DFB) laser. The wavelength of the downstream signals is 1490 and 1550 nm while the upstream signal is 1310 nm. The monitoring signal wavelength is 1625 nm. The optical link distance for this PON system is 20 km. The downstream signals and the monitoring signal will pass through the 20 km optical fiber length. Using a splitter the signals will be separated to each Optical Network Unit (ONU). The optical coding unit consists of a Fiber Bragg Grating (FBG). Each ONU will have a unique FBG reflection signal to differentiate each network. The unique reflected signal from each network will distinguish the network. In real application, only the Optical Spectrum Analyzer (OSA) is required to analyze the reflected signal from the FBG


    To verify the proposed physical security implementation scheme, a 2.5 Gb/s single data source was configured in the OLT using OptiSystem ver.12. Figure 5 shows the simulation layout of WDM PON with BLS. The WDM PON consists of a WDM transmitter, multiplexer, demultiplexer and a circulator to seed the broadband light source to the single mode fiber. Light Emitting Diode (LED) provide broadband light source here. At the users premises four ONUs are assigned. The demultiplexer directs each wavelength to its corresponding ONUs The four wave lengths with 100GHz channel spacing is used in this simulation. The design of the PON is such that the OLT generates a transmission spectrum consisting of eight wavelengths with 100 GHz spacing between adjacent wavelengths.

    Figure 5: Simulation layout of WDM PON with BLS

    The transmission spectrum of the PON at the input to the demultiplexer is shown in Figure 6. The 100 GHz spacing is sufficient to avoid disturbances to an acceptable level from adjacent frequencies.

    Figure 6: Transmission spectrum at demultiplexer input

    At the demultiplexer, the data stream is divided into its component frequencies, each of which is routed to its corresponding ONU. The transmission spectrum verifying that only the wavelengths intended for each of the first ONUs is received at their inputs is shown in Figure 7.

    Figure 7: Optical spectrum at ONU 1,2,3 and 4

    Inorder to show the secure nature of WDM PON both the PONs simulation results are compared. Figure 8 shows the simulation results of tdm pon with and without filter.

    Figure 8: Eye diagram of TDM PON with and without filter

    From the first eye diagram in Figure 8 we can state that if one of the filter in the ONU section damages the user at that ONU will not receive the correct data.

    Figure 9: Eye diagram of WDM PON with and without filter

    In a WDM PON absence or damage of the filters does not affect the data output at the ONU. To illustrate, the filter at the ONU 1 is removed and data is transmitted. Figure 9 shows the eye diagram of WDM PON with and without the Bessel filter at the ONU. And we obtain a clear eye diagram indicating that almost full data is present at the ONU. We obtain a maximum Q factor of 7.7539 and minimum bit error rate of 3.5e-015 at the users unit of WDM PON with broadband light source.

    Table 1: Comparison of TDM PON and WDM PON

    The Q factor, bit error rate and eye height of the PON structures are compared in Table 1. It is inferred that WDM PON has no effect on the removal of filter from the ONU. So even if the filter at the ONU of the WDM PON damages or malfunctions there is no chance of security breach in the structure of WDM PON. Thus it provides a better security than that of TDM PON if the filter fails. To study the security enhancement in WDM PON eavesdropping attempt is done in the PON structure. By incorporating the filter of ONU 2 in

    ONU 1 an attempt of eavesdropping is induced in the first ONU. An amplifier can be placed to amplify the weak signal at the ONU. Figure 10 shows the setup of eavesdropping in the first ONU.

    Figure 10: Simulation layout of eavesdropping attempt at first ONU

    The eye diagram display at one of the ONU and eavesdropped ONU of WDM PON is shown in Figure 11. From the second eye diagram it is clear that the original information of the particular ONU cannot be reconstructed from the adjacent ONU. The eavesdropped eye diagram has a maximum Q factor of only 3.97902, minimum bit error rate of 0.0001508 and eye height of 3.03e-005.

    Figure 11: Eye diagram of errorless ONU and eavesdropped ONU

    Fiber break is yet another problem associated with PON structures. Restoration of the fiber break can be done if proper monitoring is done. Here a monitoring system with FBG is designed. The Figure 12 shows the simulation of the monitoring system that has been developed. All the reflected signals from each network will be analyzed in Optical Spectrum Analyzer. Each ONU will have a unique reflected signal from the Fiber Bragg Grating (FBG).

    Figure 12: Simulation layout of monitoring system

    In this simulation, the grating length of the FBG is manipulated in order to obtain a unique reflected signal from the FBG. Figure 13 shows the result from OSA when there is no cut in the optical network. This is the accumulated reflected spectrum from the FBGs from each network.

    Figure 13: Optical Spectrum which shows that there is no fiber cut in the

    PON system

    Figure 14 shows the result when there is a cut in ONU. In order to detect the cut, one can compare the result in Figure 13 with Figure 14. It can be seen that there is no signal in Figure 14 in the circle. That indicates that there is a cut in that ONU.

    Figure 14: Optical Spectrums which shows that there is fiber cut in the PON system at ONU 1, 2, 3 and 4

    Based on the comparison with the Figures 13 and 14, the status of the cale connected to the ONU can be determined. The fiber break restoration can be done using a new optical device model named as an optical cross add and drop multiplexer (OXADM) which has potential use in CWDM metro area networks. OXADM is capable to restore the network during the failure condition by means of ring protection and linear/multiplex protection. If there is a fiber breaks in working line, the protection mechanism uses neighbouring line protection to provide an alternative path for the working line.


PON system offers a large coverage area, reduced fiber deployment as the result of its point-to-multipoint (P2MP) architecture, and reduced cost of maintenance due to the use of passive components in the network. The first phase of the project was to design TDM PON, WDM PON with broadband light source and WDM PON with tunable laser source as the seed light and its simulation using the software OptiSystem. TDM PON is designed and simulated and the eye diagram is obtained with a maximum Q factor of 3.34305 and bit error rate of 0.0004143 The eye diagram of WDMPON with BLS has a maximum Q factor of 7.753 and bit error rate of 3.53e-

015. The Q factor of the WDM PON is improved by using tunable laser source as seed light. From the eye diagram of TDM PON it is observed that if one of the filters in the ONU section damages the user at that ONU will not receive the correct data. In the PON structures eavesdropping attempt is carried out and it is observed that due to the reflections from optical distribution network eavesdropping occurs in a TDM PON whereas WDM PON is secured from eavesdropping. Thus WDM PON provides improved performance and better security than TDM PON.


  1. Naveen Gupta, Divya Dhawan, Piyush Jain,A Novel Physical Security in Wavelength Division Multiplexing Passive Optical Network (WDM-PON) Using Broadband Light Source, International Journal of Scientific & Engineering Research, Volume 4, Issue 5, 2229-5518, May 2013.

  2. A. H. Gnauck, R. W. Tkach, A. R. Chraplyvy, and T. Li, High- capacity optical transmission systems, IEEE Journal of Lightwave Technology, vol. 26, pp. 1032-1045, 2008.

  3. C. Lee, W. V. Sorin, and B. Y. Kim, Fiber to the home using a PON infrastructure,IEEE J. Lightwave Technol., vol. 24, no. 12, pp. 4568- 4583, Dec 2006.

  4. G. Chang, A. Chowdhury, Z. Jia, H. Chien, M. Huang, J. Yu, and G. Ellinas, Key technologies of WDM-PON for future converged optical broadband access networks, J.Opt. Commun.Netw., vol. 1, no. 4, pp. c35c50, Sep. 2005.

  5. IEEE 802.16 ,The Working Group for WLAN Standards, Wireless Metropolitan Area Networks, 2005.

  6. ITU-T Recommendation G.993.2, Very high speed digital subscriber line transceivers 2 (VDSL2), 2006.

  7. Keiser, Gerd (2006). FTTX concepts and applications, John Wiley & Sons, Inc.

  8. Koonen, Tom. Fiber to the Home/Fiber to the Premises: What, Where, and When? Proceedings of the IEEE. May 2006, pp. 911- 934.

  9. Prat, Josep, et al. Fiber-to-the-Home Technologies. Boston : Kluwer Academic Publishers, 2002.

  10. Janjua,Kashif and Shahzada A,A Comparative Economic Analysis of different FTTH Architectures ,Wireless Communications, Networking and Mobile Computing. WiCom 2007. International Conference,2007, pp. 4979-4982.

  11. M. Yano et al. Global Optical Access Systems Based on ATM-PON

    , Sci-tech.J.35, pp.56-70, July 1999.

  12. Yoshino.M et al., A dynamic bandwidth assignment algorithm for B-

    PON , Global telecomm conf, IEEE, vol 2, 1502-1506, Nov 2002

  13. G.Kramer and G. Pesavento, Ethernet Passive Optical Network (EPON): Building a Next-Generation Optical Access Network ,IEEE Communications, vol. 40, no. 2, pp. 66-73, February 2002.

  14. Yunchan Yi et al. Upstream experiments on the gigabit PON physical medium layer , Optical fiber Communication Conf. OFC/NFOEC, vol 5, March 2005.

  15. K.Amandeep et al. Performance Analysis of 10G/2.5G Asymmetric XGPON , International Journal of Computer Applications (0975 8887),Volume 70 No.15, May 2013.

  16. Wen-Kang Jia and Yaw-Chung Chen, Performance Evaluation of Ethernet Frame Burst Mode in EPON Downstream Link , ETRI Journal, Volume 30, Number 2, April 2008..

  17. A. Banerjee, Y. Park, F. Clarke, H. Song, S. Yang, G. Kramer, K. Kim, and B.Mukherjee,Wavelength-division-multiplexed passive optical network (WDM-PON) technologies for broadband access: a review, J. Opt. Netw., vol. 4, no. 11, pp. 737758, Nov. 2009

  18. Application note, Understanding Data Eye Diagram Methodology for Analyzing High Speed Digital Signal , Semiconductor Components Industries, March 2012

  19. B. Mukherjee et al. Ethernet PON ( EPON): Design and Analysis of an Optical Access Network , Photonic Network Communications, Vol. 3, No 3, July 2001.

  20. J. Zheng and H. T. Mouftah, Media access control for Ethernet passive optical networks: An overview, IEEE Commun. Mag., vol. 2, no. 2, pp.145 150, Feb. 2005.

  21. David Gutierrez, Jinwoo Cho and Leonid G. Kazovsky, TDM-PON Security Issues: Upstream Encryption is Needed Optical Fiber Communication and the National Fiber Optic Engineers Conference, 2007. OFC/NFOEC, March 2007.

  22. Mouhamad Al Akkoumi et al. A comparison of passive optical networks.Proc. SPIE conference, vol 7344, April 2009.

  23. Alan Harris, Andres Sierra, Stamatios V. Kartalopoulos and James J. Sluss, Jr. Security Enhancements in Novel Passive Optical Networks, IEEE 2007.

  24. Byoung-Wook Kang and Chul Han Kim. An Amplified WDM-PON Using Broadband Light Source Seeded Optical Sources and a Novel Bidirectional Reach Extender,Journal of the Optical Society of Korea

    ,Vol. 15, No. 3, September 2011, pp. 222-226

  25. Harris et al. A Novel Wavelength Hopping Passive Optical Network (WH-PON) for Provision of Enhanced Physical Security Opt. Commn. Netw ,Vol. 4, No. 3, March 2012.

Leave a Reply