Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-02-27
2002-08-27
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C714S057000, C709S224000
Reexamination Certificate
active
06442694
ABSTRACT:
RELATED APPLICATIONS
Not applicable.
FIELD OF THE INVENTION
This invention relates generally to communication networks and more particularly to localizing attacks or failures in communications networks.
BACKGROUND OF THE INVENTION
As is known in the art, there is a trend to provide communication networks which operate with increasing information capacity. This trend has led to the use of transmission media and components capable of providing information over relatively large signal bandwidths. One type of transmission media capable of providing such bandwidths is an optical carrier transmission media such as glass fibers which are also referred to as optical fibers or more simply fibers.
As is also known, an all-optical network (AON) refers to a network which does not contain electronic processing components. AONs utilize all-optical switching components which afford network functionality and all-optical amplification components which counteract attenuation of the optical signals through the network. Since AONs do not contain electronic processing components, AONs avoid network bottlenecks caused by such electronic processing elements.
Because AONs support delivery of large amounts of information, there is a trend to utilize AONs in those network applications which require communications rates in the range of 1 terabit per second and greater. While network architectures and implementations of AONs vary, substantially all of the architectures and implementations utilize devices or components such as optical switches, couplers, filters, attenuators, circulators and amplifiers. These building block devices are coupled together in particular ways to provide the AONs having particular characteristics.
The devices which perform switching and amplification of optical signals have certain drawbacks. In particular, owing imperfections and necessary physical tolerances associated with fabricating practical components, the components allow so-called “leakage signals” to propagate between signals ports and signal paths of the devices. Ideal device signal paths are ideally isolated from each other. Such leakage signals are often referred to as “crosstalk signals” and components which exhibit such leakage characteristics, are said to have a “crosstalk” characteristic.
The limitations in the isolation due to the physical properties of switches and amplifiers can be exploited by a nefarious user. In particular, a nefarious user on one signal channel can affect or attack other signal channels having signal paths or routes which share devices with the nefarious user's channel. Since signals flow unchecked through the AON, the nefarious user may use a legitimate means of accessing the network to effect a service disruption attack, causing a quality of service degradation or outright service denial. The limitations in the operating characteristics of optical components in AONs thus have important security ramifications.
One important security issue for optical networks is that service disruption attacks can propagate through a network. Propagation of attacks results in the occurrence of failures in portions of the network beyond where the attack originated. This is in contrast to failure due to component fatigue. Failures due to component fatigue generally will not propagate through the network but will affect a limited number of nodes and components in the network. Since the mechanisms and consequences of a service disruption attack are different from those of a failure, it is necessary to provide different responses to attacks and failures. Thus, it is important to have the ability to differentiate between a failure and an attack and to have the ability to locate the source of an attack.
Referring to
FIG. 1
, an example of an attack which propagates through a switch
10
and an amplifier
16
is shown. The switch
10
includes switch ports
10
a
-
10
d
with a first switch channel
12
a
provided between switch ports
10
a
and
10
c
and a second switch channel
12
b
provided between switch ports
10
b
and
10
d
. The switch
10
has a finite amount of isolation between the first and second switch channels
12
a
,
12
b
. Owing to the finite isolation characteristics of the switch
10
, a portion of a signal propagating along the first switch channel
12
a
can be coupled to the second switch channel
12
b
through a so-called “leakage” or “crosstalk” signal path or channel
14
. Thus, a crosstalk signal
15
propagates from the first switch channel
12
a
through the crosstalk channel
14
to the second switch channel
12
b.
The output of the second switch channel
12
b
is coupled through switch port
10
d
to an input port
16
a
of a two-channel amplifier
16
. The amplifier receives a second channel
12
c
at a second amplifier input port
16
b
. If the crosstalk signal
15
on channel
12
b
is provided having a particularly high signal level, the crosstalk signal
15
propagating in channel
12
b
of the amplifier
16
couples power from the signal propagating on the second amplifier channel
12
c
thereby reducing the signal level of the signal propagating on the channel
12
c
. This is referred to as a gain competition attack. It should thus be noted that a signal propagating on the first channel
12
a
can be used to affect the third channel
12
c
, even though the channels
12
a
and
12
c
are routed through distinct components (i.e. channel
12
a
is routed through the switch
10
and channel
12
c
is routed through the amplifier
16
).
It should also be noted that in this particular example, the gain competition attack was executed via a signal inserted into the channel
12
b
via the crosstalk channel
14
existent in the switch
10
. Thus, a user with a particularly strong signal can couple power from the signals of other uses without directly accessing an amplifier component. With this technique, a nefarious user can disrupt several users who share amplifiers which receive a gain competition signal from the nefarious user via a different component propagating on the channel
12
c.
FIG. 2
illustrates one scenario for the necessity to differentiate an attack carried out by the network traffic from a physical failure and when it is important to be able to localize the source of the attack. In
FIG. 2
, a portion of a network includes a first network node
17
a
provided by a first element which here corresponds to a switch
10
and a second network node
17
b
provided by a second element which here corresponds to a second switch
18
. It should be noted that the nodes
17
a
,
17
b
are here shown as switches for purposes of illustration only and that in other embodiments, the nodes
17
a
,
17
b
may be provided from elements other than switches. In this example, it is assumed that each of the nodes
17
a
,
17
b
guards against jamming attacks by pinpointing any channel on which is propagating a signal having a signal level higher than a predetermined threshold level and then disconnecting the channel on which the high level signal propagates.
In
FIG. 2
, the switch
10
includes switch ports
10
a
-
10
d
with a first switch channel
12
a
provided between switch ports
10
a
and
10
c
and a second switch channel
12
b
provided between switch ports
10
b
and
10
d
. The switch
10
has a finite amount of isolation between the first and second switch channels
12
a
,
12
b
. Channels
12
a
,
12
b
both propagate through the node
17
a
, which in this particular example corresponds to the switch
10
a
, and both channels
12
a
,
12
b
propagate signals having the same carrier signal wavelength. Owing to the finite isolation characteristics between channels
12
a
,
12
b
in the switch
10
, a portion of a signal propagating along the first switch channel
12
a
can be coupled to the second switch channel
12
b
through a crosstalk channel
14
. Thus, the crosstalk signal
15
propagates from the first switch channel
12
a
through the crosstalk channel
14
to the second switch channel
12
b.
If an excessively powerful signal (e.g. one having a signal level
Bergman Ruth
Medard Muriel
Daly, Crowley & Mofford LLP
Hayes Gail
Massachusetts Institute of Technology
Revak Christopher A.
LandOfFree
Fault isolation for communication networks for isolating the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Fault isolation for communication networks for isolating the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Fault isolation for communication networks for isolating the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2906425