# 2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Integrating Security in the MAC Layer of WDM Optical Networks*

Abstract

Abstract. We introduce a new technique for providing security in a broadcast-and-select, wavelength-division-multiplexed (WDM) optical network. The approach provides privacy of communications by employing a novel challenge-response scheme and exploiting the tuning delay inherent in optical receivers. The proposed technique can be integrated easily into any existing WDM media-access-control (MAC) protocol that employs tunable receivers. The modi®ed protocol would require every idle user, who is not scheduled to receive data, to tune in to a channel that does not contain sensitive data. A violation of the protocol can be detected with very high probability, and appropriate measures can be taken against the violator. The technique provides features that cannot be achieved with cryptography alone. Signi®cant bene®ts of the proposed approach include the ability to detect security violations as they occur, and an ef®cient mechanism to provide privacy for multicast transmissions. We develop two simple solutions to deal with different levels of attack: (1) eavesdroppers working alone, and (2) eavesdroppers working in collaboration. We also introduce a dynamic channel allocation scheme that can further reduce the number of required overhead channels, with minimal loss in the capability to detect eavesdropping violations