Epon Systems Security Solutions

Compared to the great development of the backbone network technology, the access network technology still stays in the level of low transfer rate and becomes the new bottleneck of the whole network. The Ethernet Passive Optical Network (EPON) comes forth in this situation. It is considered as the one of the best technology for the next access network, because of the convenience of maintenance, low cost, high bandwidth and the support of integrated service. It stands for the international development tendency of broadband access network technology. So EPON is expected to be one of the best solutions for the FTTH. Nevertheless, there are threats to EPON security due to its point-to-multipoint topology and its data transmission way (broadcasting) in the downstream direction. There are several key problems to resolve such as security problem, if EPON is operated as a commerce access network.This thesis analyses the insecurity of EPON in reference to the 802.3ah protocol and related advices of 802.3EFM Task Force and puts forward a new detail solution based on the different demand of security level and delay of various data stream. Different encryption algorithm are used in the system ,according to the various needs (Triple churning algorithm for real time business which is time delay sensitive and has lower level of security requires. High level encryption standard AES algorithm for data business which is not time delay sensitive and has higher level of security requires). A relevant authentication and key exchange protocol is introduced .So the systematic security has been strengthened.Some measures have been proposed to diminish defect that brought by the encryption and deciphering process and satisfy the system's security level, delay, efficiency and cost.These measures include:1. Optimize the AES algorithm, and choose the right working pattern to make the algorithm work effiently.2. Introduce production line technology, employ Field-Programmable Gate Array(FPGA) and use Very-High-Speed Integrated Circuit Hardware Description Language(VHDL) to realize data encryption and deciphering. 3. Inroduce a effient key exchange protocol based on the form of EPON frame.The main body of this thesis is based on this solution.Firstly,it analyses the insecurity of the system in detail,and puts forward the security demand of the system ;then based on the security need ,it designs some measures ,like introducing authentication and key exchange protocol,and realizes the encryption and decryption module in the system. The introduction focuses on the description of the port and state machine of the function module. The simulation result and the detail analysis of the result are presented and the correctness of design is validated.