New Security Improvements in Next-Generation Passive Optical Networks Stage 2
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F19%3APU133725" target="_blank" >RIV/00216305:26220/19:PU133725 - isvavai.cz</a>
Nalezeny alternativní kódy
RIV/63839172:_____/19:10133195 RIV/61989100:27740/19:10243821
Výsledek na webu
<a href="https://www.mdpi.com/2076-3417/9/20/4430" target="_blank" >https://www.mdpi.com/2076-3417/9/20/4430</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.3390/app9204430" target="_blank" >10.3390/app9204430</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
New Security Improvements in Next-Generation Passive Optical Networks Stage 2
Popis výsledku v původním jazyce
Passive optical networks are currently the most promising solution for access networks. These networks rely on broadcast signal distribution in the downstream direction and unicast signal transmission in the upstream direction. The upstream direction is controlled by optical line termination (OLT). The broadcast transmission method increases security vulnerability because the attacker is able to connect his/her modified optical network unit (ONU) to the free port of the splitter (commonly in the basement). We present the concept for the activation process of ONUs based on physical unclonable function (PUF) for next-generation passive optical networks stage 2 (NG-PON2). The use of PUF increases security in the NG-PON2. Furthermore, the registration identifier (ID) is not stored in a nonvolatile memory, in comparison with the common solution defined by the International Telecommunication Union (ITU) recommendation G.989.3. An attacker cannot perform a reverse engineering attack to obtain the registration ID. For this reason, the attacker cannot clone an ONU. We proposed security improvements that involve authentication, encryption, integrity protection, and data origin verification methods in the NG-PON2. Our model uses the standard implementation of the transmission convergence layer of NG-PON2 with the new physical layer operations, administration, and maintenance (PLOAM) messages. The recommendation G.989.3 allows specifying own PLOAM messages since not all IDs are used in the current specification.
Název v anglickém jazyce
New Security Improvements in Next-Generation Passive Optical Networks Stage 2
Popis výsledku anglicky
Passive optical networks are currently the most promising solution for access networks. These networks rely on broadcast signal distribution in the downstream direction and unicast signal transmission in the upstream direction. The upstream direction is controlled by optical line termination (OLT). The broadcast transmission method increases security vulnerability because the attacker is able to connect his/her modified optical network unit (ONU) to the free port of the splitter (commonly in the basement). We present the concept for the activation process of ONUs based on physical unclonable function (PUF) for next-generation passive optical networks stage 2 (NG-PON2). The use of PUF increases security in the NG-PON2. Furthermore, the registration identifier (ID) is not stored in a nonvolatile memory, in comparison with the common solution defined by the International Telecommunication Union (ITU) recommendation G.989.3. An attacker cannot perform a reverse engineering attack to obtain the registration ID. For this reason, the attacker cannot clone an ONU. We proposed security improvements that involve authentication, encryption, integrity protection, and data origin verification methods in the NG-PON2. Our model uses the standard implementation of the transmission convergence layer of NG-PON2 with the new physical layer operations, administration, and maintenance (PLOAM) messages. The recommendation G.989.3 allows specifying own PLOAM messages since not all IDs are used in the current specification.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
20203 - Telecommunications
Návaznosti výsledku
Projekt
<a href="/cs/project/VI20172019072" target="_blank" >VI20172019072: Detekce bezpečnostních hrozeb na aktivních prvcích kritických infrastruktur</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2019
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Applied Sciences - Basel
ISSN
2076-3417
e-ISSN
—
Svazek periodika
9
Číslo periodika v rámci svazku
20
Stát vydavatele periodika
CH - Švýcarská konfederace
Počet stran výsledku
16
Strana od-do
1-16
Kód UT WoS článku
000496269400233
EID výsledku v databázi Scopus
2-s2.0-85074207887