8,103 research outputs found
O-Band Differential Phase-Shift Quantum Key Distribution in 52-Channel C/L-Band Loaded Passive Optical Network
A cost-effective QKD transmitter is evaluated in a 16km reach, 2:16-split PON
and yields 5.10-7secure bits/pulse. Co-existence with 20 down-and 1 upstream
channel is possible at low QBER degradation of 0.93% and 1.1%
Field test of quantum key distribution in the Tokyo QKD Network
A novel secure communication network with quantum key distribution in a
metropolitan area is reported. Different QKD schemes are integrated to
demonstrate secure TV conferencing over a distance of 45km, stable long-term
operation, and application to secure mobile phones.Comment: 21 pages, 19 figure
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
Floodlight Quantum Key Distribution: A Practical Route to Gbps Secret-Key Rates
The channel loss incurred in long-distance transmission places a significant
burden on quantum key distribution (QKD) systems: they must defeat a passive
eavesdropper who detects all the light lost in the quantum channel and does so
without disturbing the light that reaches the intended destination. The current
QKD implementation with the highest long-distance secret-key rate meets this
challenge by transmitting no more than one photon per bit [Opt. Express 21,
24550-24565 (2013)]. As a result, it cannot achieve the Gbps secret-key rate
needed for one-time pad encryption of large data files unless an impractically
large amount of multiplexing is employed. We introduce floodlight QKD (FL-QKD),
which floods the quantum channel with a high number of photons per bit
distributed over a much greater number of optical modes. FL-QKD offers security
against the optimum frequency-domain collective attack by transmitting less
than one photon per mode and using photon-coincidence channel monitoring, and
it is completely immune to passive eavesdropping. More importantly, FL-QKD is
capable of a 2 Gbps secret-key rate over a 50 km fiber link, without any
multiplexing, using available equipment, i.e., no new technology need be
developed. FL-QKD achieves this extraordinary secret-key rate by virtue of its
unprecedented secret-key efficiency, in bits per channel use, which exceeds
those of state-of-the-art systems by two orders of magnitude.Comment: 18 pages, 5 figure
Securing passive optical network against signal injection attack
Passive Optical Network (PON) is a promising solution to the last-mile problem in access networks. Security is a very crucial aspect to be considered especially in the current environments that are characterized by much larger data transport capacity. Moreover, securing the physical layer requires urgent attention as it will become more critical in future PON that has much longer distance with the involvement of more users. Thus, it is vulnerable to a variety of attacks, including denial of service (DoS) which jams a network, eavesdropping and masquerade. DoS attack can take place when a continuous upstream signal is transmitted from Optical Network Unit (ONU) to Optical Line Terminal (OLT) with high enough power, causing the OLT to receive the data with high bit error rate. This research proposes a method to secure PON from high power injection attack. The solution is based on the idea of deploying an optical attenuator in the upstream communication towards the splitter to prevent any high signal power injection attack and restrict it up to an acceptable power level. One of the most important benefits of the proposed work is its straightforward implementation in the existing GPON network with minimum cost and effort. The GPON network under studied that focuses on the upstream communication based on standard ITU-T G.984 ( data rate of 1.25 Gbps) examined the effects of varied optical fiber distances and number of ONUs. The performance of the proposed method is evaluated using Optisystem to determine the feasibility of the concept. Findings from the simulation results revealed that the optical attenuator compensated the jamming degradation attack up to eight ONUs and maximum distance of 20 km. The proposed system design also found that the method has limitation to reduce the attack at higher ONU numbers e.g. 16 and 32 due to high insertion loss. The overall performance confirms that this method is useful to protect the GPON system and minimize the high power for low insertion loss power splitter
Relay Selection for Wireless Communications Against Eavesdropping: A Security-Reliability Tradeoff Perspective
This article examines the secrecy coding aided wireless communications from a
source to a destination in the presence of an eavesdropper from a
security-reliability tradeoff (SRT) perspective. Explicitly, the security is
quantified in terms of the intercept probability experienced at the
eavesdropper, while the outage probability encountered at the destination is
used to measure the transmission reliability. We characterize the SRT of
conventional direct transmission from the source to the destination and show
that if the outage probability is increased, the intercept probability
decreases, and vice versa. We first demonstrate that the employment of relay
nodes for assisting the source-destination transmissions is capable of
defending against eavesdropping, followed by quantifying the benefits of
single-relay selection (SRS) as well as of multi-relay selection (MRS) schemes.
More specifically, in the SRS scheme, only the single "best" relay is selected
for forwarding the source signal to the destination, whereas the MRS scheme
allows multiple relays to participate in this process. It is illustrated that
both the SRS and MRS schemes achieve a better SRT than the conventional direct
transmission, especially upon increasing the number of relays. Numerical
results also show that as expected, the MRS outperforms the SRS in terms of its
SRT. Additionally, we present some open challenges and future directions for
the wireless relay aided physical-layer security.Comment: 16 pages, IEEE Network, 201
Resilient networking in wireless sensor networks
This report deals with security in wireless sensor networks (WSNs),
especially in network layer. Multiple secure routing protocols have been
proposed in the literature. However, they often use the cryptography to secure
routing functionalities. The cryptography alone is not enough to defend against
multiple attacks due to the node compromise. Therefore, we need more
algorithmic solutions. In this report, we focus on the behavior of routing
protocols to determine which properties make them more resilient to attacks.
Our aim is to find some answers to the following questions. Are there any
existing protocols, not designed initially for security, but which already
contain some inherently resilient properties against attacks under which some
portion of the network nodes is compromised? If yes, which specific behaviors
are making these protocols more resilient? We propose in this report an
overview of security strategies for WSNs in general, including existing attacks
and defensive measures. In this report we focus at the network layer in
particular, and an analysis of the behavior of four particular routing
protocols is provided to determine their inherent resiliency to insider
attacks. The protocols considered are: Dynamic Source Routing (DSR),
Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing
(RWR)
- âŠ