Research On Security Defense Technology For Optical And Radio Converged Access Networks

In the era of internet of everything,the emerging mobile services are becoming diverse with different bandwidth,latency and security requirements.This trend makes optical and radio converged networks as the key infrastructures evolve toward large capacity,low latency,flexibility and customizability.Its openness and compatibility are getting reinforced,but the resulting vulnerabilities pose great challenges to security defense technologies at the background of increasing complexity and diversity of network attacks.The challenges are mainly reflected in the following two aspects:Firstly,at fiber-optic transmission layer,existing security defense technologies are hard to defend the eavesdropping attack with high-rate and low-overhead processing capability.Secondly,at the radio functions processing layer,there is lack of security defense technologies to deal with the cross virtual machine attack threats in the distributed and virtualized environment,in order to realize the trade-off between flexibility and security of customized slice deployment of optical and radio converged networks.Aiming at the challengges in the above two layers,this dissertation studies the attack-defense model,high-speed and low overhead built-in security defense at fiber-optic transmission layer,and secure and efficient virtualized radio function deployment at radio functions processing layer to form a holistic security product for optical and radio converged access networks.The main works and contributions are as follows.(1)A Stackelberg game-based interaction model between active eavesdropping attack and security defense at fiber-optic transmission layer is constructed.When the eavesdropping mothods have been changed from the traditional "passive" mode to the advanced "active" mode,aiming at the uncertainty problem of physical layer security defense performance,this dissertation puts forward a Stackelberg game-based interaction model between active eavesdropping and security defense at fiber-optic transmission layer.Firstly,the active optical eavesdropping method is analyzed in detail.Then,based on the above active eavesdropping method,the Stackelberg game framework is utilized to model the interaction process between legitimate party and eavesdropper,and the equilibrium strategies are obtained for both sides.Finally,the performance of information-theoretic security technology is analyzed and discussed based on the game equilibrium outputs.Results show that the active eavesdropping can suppress 0.6 bits/Hz more secrecy capacity,compared to the common passive eavesdropping,and its maximal interception probability can reach to 0.01 at three typical settings of channel coding length,which reveals the current physical layer information-theoretic security defense technology still has some deficiencies.The proposed model can lay a foundation for the subsequent research on the security defense technology at the optical fiber transmission layer.(2)A high-speed and low-overhead optical transport oriented built-in security defense method for optical and radio converged networks is proposed.Aiming at the high-security defense problem of optical and radio converged access networks under high-speed and low-overhead transport requirements,this dissertation proposes a FlexE over WDM based built-in secure transport method.FlexE over WDM as one of the key bearing technologies for optical and radio converged networks has advantages of flexibility,high transmission rate and low latency.The proposed built-in secure transport method leverages the mapping mechanism from data blocks to physical layer interfaces(PHYs),and adopts universal hash algorithm to achieve the random permutation of data blocks on PHYs.Furthermore,optical layer routing and multi-fiber parallel transmission are combined to map the PHYs to different wavelengths in order to achieve information hiding.Simulation results show that the security indicator of universal hash mapping based built-in secure transport method can reach 1022,which is improved by 103 with guaranteeing the resource effiency,compared to the common Round-Robin based First-Fit transport method.(3)A virtualized radio function deployment based secure isolation strategy for optical and radio converged network slicing is proposed.At the background of coustomized bearing for diverse edge services,aiming at the trade-off between end-to-end slicing secure isolation and flexible deployment of optical and radio converged access networks,this dissertation proposes a virtual radio functions deployment based secure isolation strategy for optical and radio converged access network slicing.Firstly,considering the constraints of bandwidth,latency,security defense level and etc.,an integer linear programming model which is also called secure isolation and resource efficiency oriented multi-objective optimization model is built to explore the optimal results of the trade-off between secure isolation and network resources utilization.Furthermore,to adapt to the online processing requirement in the real world,a deep reinforcement learning based secure isolation and resource-efficcient slicing strategy for optical and radio converged access networks is proposed to achieve near-optimal secure deployment and routing of virtual radio functions through self-learning mechanism.Simulation results demonstrate that the deep reinforcement learning based secure isolation strategy for optical and radio converged network slicing can approach to the near-optimal performance of mathematical model,with only 6%target deviation on average,and it also outperforms the greedy baseline algorithm by 14.5%.In conclusion,this dissertation mainly researches optical and radio converged network security technology to resist the attack threats from fiber-optic transmission layer and radio functions processing layer.The research is carried out from three aspects including the attack-defense interaction model at fiber-optic transmission layer,high-speed and lowoverhead built-in secure transport method,and secure isolation strategy of optical and radio converged access network slicing.This study takes fiber transmission property,diversity of mobile services,transport latency and bandwidth limitations into full consideration,and the secure bearing is realized with low network resources consumption.The extensive simulations are carried out to demonstrate that the security technologies proposed by this dissertation can make optical and radio converged access networks form a comprehensive capability for defending against external security threats.