Passive Optical Network Physical Layer Security Prevention Strategy

With the Large-scale commercial of PON in access network, the security and reliability ofPON must have appropriate protection. Information security is also taken into account during theformulation of the standard, and to develop a data encryption standard. Because of there are variouskinds of threads and hazards exist in the access network at all levels, just consider the informationsecurity of data link level can not guarantee the security of the access network. The security ofapplication layer is guaranteed by the high-level encryption and authentication, but the physicallayer security has not been given due attention and research.Through the study of physical layer threads in the access network environment, it is found thatthe flooding attacks in the access network which is prone to appear can easily cause paralysis of theentire network which is convergent by the OLT. The reason is the PON tree structure characteristics,a passive technical characteristics and the lack of network management integrated result.According to the causes of flooding attacks and against lack of management of the network,this paper proposes a scheme to enhance the network management capabilities by increasing aremote monitoring module. The scheme can achieve positioning and blocking the flooding attacksand eventually restoring the network communication by the on/off control of the optical paths in theconditions of not changing the property of passive.The structure of the scheme is constituted by remote module and office module. Remotemodule located within the optical distribution frame (box), including five functional modules,communication module, main control module, optical switch array and drive modules, powermodules and signal conditioning modules. Office module is responsible for interacting with OAMsystem and controlling the remote module. In the realization of the remote modules using matureIPC μC/OS-II-based embedded systems, integrated TCP/IP communication protocol and Ethernetinterfaces. Office module is embedded in the OAM system and will interact with the OAM systemthrough an internal protocol.Finally to verify the effectiveness of the scheme this paper simulates the function of the officemodule on a PC to realize optical switch control data transmission and other functions.