Research And Implementation On Security Of Epon System Based On Time Function

EPON is an ideal choice for FTTx during the implementation of triple play. However,due to its P2MP broadcasting features in the downstream, it has potential security threats.Meanwhile, the diversity of users’ demands requires multi-service instead of data-only service,which results in different requirements for security and real-time. Existing encryptionmethods couldn’t meet the need of multi-service. Therefore, it has practical meaning to studyits security issue and large-scale application.The system structure, principle, hierarchy model and frame format of EPON and MPCPare simply introduced first, then three kinds of security threats, which are eavesdropping,denial of service and impersonation, are explicitly discussed. To solve these problems, amethod combining authentication with encryption is presented. On the basis of analyzing andcomparing with the existing authentication way, a bidirectional authentication way isintroduced, which uses ECC to verifying the legality of the OLT and ONU, and the simulationresults prove the validity of this method. It is important that we take the security and real-timeinto consideration according to the difference of multi-service in encryption. Multi-service isdivided into three levels based on their features. And a module is added between MACsublayer and RS sublayer to implement division and encryption. The first level includes voiceand video using DES to guarantee real-time transport. The second level includes normal dataservice using AES to guarantee its security. The most important third level includesconfidential service such as MAC frame and OAM frame, a new encryption scheme based ontime function is proposed, which is combining AES with timestamp to generate a timefunction to encrypt and decrypt. And the update and synchronization of timestamp and keyare studied. Finally, the time function encryption method is simulated by OPNET and C++,the performance changes and keys updates can be observed from the results, the validity andsafety of this scheme are proved.The innovations in this thesis are:(1) presenting an encryption method based on timefunction and combining AES with timestamp to update keys dynamically;(2) adding a servicedivision encryption/decryption module between MAC sublayer and RS sublayer tocompleting divide and encryption operation;(3) adding EIB and UIB in the fifth byte in thepreamble to keep keys synchronization.