Security Limitations of Spectral Amplitude Coding Based on Modified Quadratic Congruence Code Systems

Generally, communication network systems provide data transfer services for customers. Further requirements such as performance, security, and reliability characterize the quality of the transfer service. Network and information security refer to confidence that information and services existing on a network cannot be accessed by unauthorized users (eavesdropper). However, these service requirements affect each other such that a decision has to be made for cases in which all or some of these requirements are desired but cannot be fulfilled (Zorkadis 1994).


Introduction
Generally, communication network systems provide data transfer services for customers.Further requirements such as performance, security, and reliability characterize the quality of the transfer service.Network and information security refer to confidence that information and services existing on a network cannot be accessed by unauthorized users (eavesdropper).However, these service requirements affect each other such that a decision has to be made for cases in which all or some of these requirements are desired but cannot be fulfilled (Zorkadis 1994).
In secure communication networks, tradeoff considerations between system performance and security necessities have not been mentioned widely in many researches.Actually, it has been known that security is of main concern in both wireless and optical communications networks, security mechanisms employed often have implication on the performance of the system (Imai et al. 2005).For some application environments, such as military or enterprise networks, security and system capacity in communications transmission media could become a critical issue.Optical code-division multiple-access (optical CDMA) technology, a multiplexing technique adapted from the successful implementation in wireless networks, is an attractive solution for these applications because it presents security in the physical layer while providing significantly wide bandwidth (Chung et al. 2008).
Optical CDMA systems are getting more and more attractive in the field of all optical communications as multiple users can access the network asynchronously and simultaneously with high level of security (Salehi 1989, Salehi & Brackett 1989) compared to other multiplexing techniques such as Wavelength Division Multiplexing WDM and Time Division Multiplexing TDM.
The potential provided by optical CDMA for enhanced security is frequently mentioned in several studies using different techniques and approaches such as quantum cryptography and chaotic encryption systems (Castro et al. 2006).Other approaches to enhance security have been proposed using optical encoding techniques such as fiber bragg gratings (FBG) to implement optical CDMA systems (Shake 2005a(Shake ,2005b)).Their degree of security depends on code dimensions being used.
In this chapter, security limitations of spectral amplitude coding Optical CDMA are presented and investigated.The tradeoffs between security and system performance have been investigated for a specific eavesdropper interception situation.Section II briefly presents some network security services and assumptions required for optical CDMA confidentiality analysis in the physical layer.Security and performance tradeoffs, based on MQC code system, are presented in section III.Performance analysis is given in section IV.Finally, a conclusion is given in section V.

Optical CDMA physical layer networks
Due to the transparency increment in optical communications network components and systems, network management and maintenance have been faced additional security challenges.An evaluation on several existing physical security violates on optical communications network is presented in (Teixeira et al. 2008).There are four main threats that can be described in terms of how they affect the normal flow of information in the network, as shown in figure (1),they are: denial of service, interception, modification and creation.Table 1 summarized some of these attacks.

Attack method Realizes Means
In-Band Jamming Service Disruption An attacker injects a signal designed to reduce the ability of the receiver to interpret correctly the transmitted data Out-of-Band Jamming Service Disruption An attacker reduces communication signal component by exploiting leaky components or cross-modulation effects

Unauthorized Observation Eavesdropping
An attacker listens to the crosstalk leaking from an adjacent signal through a shared resource in order to gain information from the adjacent signal, the collection of signals by an attacker for whom they were not intended).
Table 1.Optical networks attack methods The security services of a network have four fundamental objectives designed to protect the data and the network's resources (Fisch & White 2000).These objectives are:  Confidentiality: ensuring that an unauthorized individual does not gain access to data contained on a resource of the network. Availability: ensuring that authorized users are not unduly denied access or use of any network access for which they are normally allowed. Integrity: ensuring that data is not altered by unauthorized individuals.Related to this is authenticity which is concerned with the unauthorized creation of data. Usage: ensuring that the resources of the network are reserved for use only by authorized users in appropriate manner.
In this chapter, ensuring confidentiality against eavesdropper interception strategies for optical CDMA aims to investigate the limitations and tradeoffs between security and performance.
There are various fiber optic tapping methods, of which fall into the following main categories (Oyster Optics 2008): splice (involves literally breaking the cable at some point and adding a splitter), splitter or coupler (involves bending the cable to a certain radius, which allows a small amount of the transmitted light to escape) and non-touching methods (passive and active), involve highly sensitive photo-detectors that capture the tiny amounts of light that emerge laterally from the glass fiber owing to a phenomenon known as Rayleigh scattering.

Fig. 1. Pattern of network attacks
Communication between authorized users in a network can be implemented by two approaches; point-to-point and broadcast.In the point-to-point, approach each user transmits to another specific one whereas in a broadcast approach users transmit in common to the medium accessible to all other users.Therefore, when just a single user is active, optical CDMA system cannot guarantee physical layer security any more.In certain time, this situation can be existed even in a multiuser active optical CDMA network as reported in current theoretical analyses (Shake 2005a(Shake ,2005b)).

Security and performance tradeoffs
In security environments, it is believed that an inherent tradeoffs between networks performance and security are existed which lead many network designers to seek a balance between both of them.Depending on the confidentiality measurement required between communicating networks, different sets of optimizations can be considered (Jin-Hee & Ing-Ray 2005).In (Wolter & Reinecke 2010), the relationship of performance and security has been investigated in model-based evaluation.Their approach is illustrated based on the premise that there are significant similarities between security and reliability.
The combination of security and performance poses interesting tradeoffs that have high relevance especially in modern systems that are subject to requirements in areas, performance and security.In this chapter, ensuring confidentiality against eavesdropper interception strategies for optical CDMA is conducted to investigate limitations and tradeoffs between security and performance.
Using the modeling approximations of (Shake 2005b), per signature chip SNR of the eavesdropper is related to the per data bit signal-to-noise ratio (SNR) of the user by the following relationship: W is the code weight of the code being used, T M is the maximum theoretical number of simultaneous users at a specified maximum BER, u E / 0u N is the required user SNR (per data bit) to maintain the specified BER, T M is the actual number of simultaneous users supported, and ed E / 0ed N is the eavesdropper's effective SNR per code chip.Where  represents several system design parameters as following: In this equation, t e is the eavesdropper's fiber tapping efficiency, u n is the number of taps in the broadcast star coupler that distributes user signals, ed  is the ratio of the eavesdropper's receiver noise density to the authorized user's receiver noise density, u e is the authorized user receiver's multichip energy combining efficiency.(Zou,Shalaby et al. 2001) codes.However, as broad-band thermal sources are used in such system, the phase-induced intensity noise (PIIN) that is due to the intensity fluctuation of thermal source severely affects the system performance (Smith et al. 1998).Commonly, these codes are represented by (N, w, λ) notation where N, w, and λ are code length, code weight, and in-phase cross correlation, respectively.

Security Limitations of Spectral Amplitude Coding Based on Modified Quadratic Congruence Code Systems 85
The establishment of MQC codes was proposed in (Zou,Shalaby et al. 2001).The proposed code families with the odd prime number p > 1 and represented by (p2+p, p+1, 1), have the following properties: i. there are p2 sequences.ii. each code sequence has N = (p2+p) chip component that can be splitted into w = (p+1) sets, and each set consists of one "1" and (p-1) "0 s".iii.Between any two sequences cross correlation λ is exactly equal to 1.
According to (Zou,Shalaby et al. 2001), MQC code families can be constructed in two steps as following: Step 1: Let GF (p) represents a finite field of p elements.A number sequence , () y k  is assembled with elements of GF (p) over an odd prime by using the following expression: where d {0, 1, 2, …, p-1} and b, ,  {0, 1, 2, …, p-1}.
Step 2: a sequence of binary numbers , () si  is constructed based on each generated number sequence , () y k  by using the following mapping method: Table 2 shows MQC basic code matrix for p = 3.Thus, the code length N = 12, code weight w = 4, and in-phase cross correlation is 1.The upper bound of the number of codes that can be produced is p2 = 9 code sequences.
In the analysis of spectral-amplitude coding system, PIIN, shot noise and thermal noise are three main noises that should be taken into consideration.To simplify the analysis, the distribution of intensity noise and shot noise are approximated as Gaussian for calculating the bit-error-rate (BER).The analysis performance of optical CDMA system based on MQC codes in the existence of PIIN, the photodiode shot noise and the thermal noise are presented in (Zou,Shalaby et al. 2001).Based on the complementary detection scheme the average signal to noise ratio has been expressed as: Code sequences (users) The system performance is shown in figure (6) for different MQC code size for two data rates.Data rate of 155 Mb/s shows good performance compared to 622 Mb/s.In communication systems, there is a trade-off between data bit rate and the provided system number of channels.Data bit rate x sequence code length = encoded chip rate.Generally, in optical CDMA analysis, in order to reduce the MAI limitations the data bit rate should be reduced.
Increasing the bit rate will decrease the required average SNRs to maintain low BERs values, making the signal to be more sensitive to fiber dispersion and receiver circuitry noise.
The per code chip eavesdropper's SNRs as a function of the theoretical system capacity are shown in figure (7).If the authorized users transmit sufficient power so that 50%, 75%, 82%, and 85% of the theoretical system capacity is attained for MQC codes that have prime number p of 3, 7, 11, and 13 respectively, the eavesdropper has SNR of 15 dB.An optical matched filter receiver followed by envelope detection theoretically requires a peak SNR of approximately 15 dB to produce the required raw detector BER of 10 -4 .Error correction codes used in commercial high-rate optical telecommunication equipment can produce the maximum acceptable system BER 10 -9 .
www.intechopen.comSecurity Limitations of Spectral Amplitude Coding Based on Modified Quadratic Congruence Code Systems 87 Fig. 6.BER versus number of simultaneous users.10 sr P   dBm.
The figure above shows a contradiction between network system performance and security.Increasing the network system capacity will lead the eavesdropper to detect high SNRs.
Another limitation can be shown in figure ( 8), where high specified SNRs will increase the eavesdropper possibility of attacks.
Thus, for secure firms, a network designer should take these limitations under consideration.If 50% of the system capacity is provided, specified authorized SNRs between 10 dB to 15 dB are suitable for eavesdropper to get encoded pulse SNRs between 10 dB and 15 dB, respectively.Their corresponding bit error rates BERs are nearly 10 -5 and 10 -2 , respectively as shown in figure (9).The eavesdropper performance of detecting spectral encoding chip bandwidth pulses form spectral amplitude optical CDMA code word that has been investigated in (Bakarman et al. 2009).The basic MQC code denoted by (12, 4, 1), has been considered to demonstrate the performance for both authorized user and eavesdropper.
Wide bandwidth enhances SNRs for both authorized user and eavesdropper, which increases the possibility of eavesdropping.Therefore, from the security viewpoint, one should minimize the eavesdropper ability to detect code word pulses by controlling the authorized performance to reasonable throughput.This leads to security impact over system performance as shown in figure (10).The solid and dashed lines represent theoretical results for authorized user and eavesdropper, respectively using MQC (12, 4, 1).Whereas, triangle and rectangle symbols represent results for authorized user and eavesdropper, respectively using M. sequence code (7,4,2).Fig. 10.Security impact over system performance for MQC code system Thus, to improve the degree of security, we have to reduce the bandwidth of the encoding chip bandwidth pulses.This reduction should not affect the system performance.For example, if a spectral chip is reduced from 50 GHz to 25 GHz, the authorized user and eavesdropper could obtain SNRs of 23 dB and 12 dB respectively.These values correspond to bit error rate BERs of nearly 10 -12 and 10 -4 respectively.The maximum acceptable system BER is assumed to be 10 -9 .Decreasing spectral chip, below than 25 GHz, will affect the authorized user performance forcing him to use error correction codes techniques used in commercial optical communications.
The results show that using unipolar optical CDMA codes schemes based on MQC and modified double weight MDW (Aljunid et al. 2004) code system enhance the security with a low cost implementation in comparison to the bipolar ones based on modified pseudorandom noise (PN) code (Chung et al. 2008), see also figure (10).MQC (12, 4, 1) code has 5 dB security preferences over PN (7,4,2) code.For the authorized users, bipolar codes would show high performance in comparison to unipolar codes because the bipolar signaling has a 3-dB signal-to-noise ratio (SNR) advantage over the on-off keying system with high cost implementation because each transmitter sends energy for both "0" and "1" bit (Nguyen et al. 1995).From the security viewpoint, one should minimize the eavesdropper ability to detect code word pulses by controlling the authorized performance to reasonable throughput.
Further security enhancement can be obtained by increasing the code dimension as shown in figure (11).With large value of prime number p, the main parameter to construct MQC codes, the eavesdropper ability to detect single encoded pulses becomes difficult even with wideband spectral chip.The eavesdropper BER will be higher than 10 -3 .

Fig. 11. Code dimension effects on eavesdropper performance
In communication systems, there is a tradeoff between data bit rate and the provided system number of channels.Data bit rate x sequence code length = encoded chip rate.Generally, in optical CDMA analysis, in order to reduce the MAI limitations, the data bit rate should be reduced.Figure (12) shows the impact of data bit rates on the eavesdropper performance.
Increasing the bit rate will decrease the eavesdropper SNR, making the signal to be more sensitive to fiber dispersion and receiver circuitry noise.

Conclusion
Improving the degree of security or enhancing the performance of optical CDMA networks have their impacts on each other such that a decision has to be made for cases in which all or some of these requirements are desired but cannot be fulfilled.The tradeoffs between security and the performance in optical CDMA, based on Modified Double Weight (MQC) system, are presented.From the security viewpoint, optical CDMA designer should minimize the eavesdropper ability to detect code word pulses by controlling the authorized performance to reasonable throughput.Otherwise, error correction codes techniques used in commercial optical communications would be the solution to obtain the maximum acceptable system BER.

Acknowledgment
This work was carried out at the Photonics Technology Laboratory (PTL), Institute of Micro Engineering and Nanoelectronics (IMEN),Universiti Kebangsaan Malaysia (UKM), under the supervision of professor Sahbudin Shaari.I would like to express my gratitude to him for providing a conductive enviroment for performing this research at this institute.
Figure (2) shows a common topology found in point-to-point networks.Figure (3) shows two topologies established in broadcast networks.

Figure ( 4
Figure (4)  shows the possible positions, within the network, to tap a signal from the user.Therefore, when just a single user is active, optical CDMA system cannot guarantee physical layer security any more.In certain time, this situation can be existed even in a multiuser active optical CDMA network as reported in current theoretical analyses(Shake 2005a(Shake ,2005b)).
Fig. 4. Places for an eavesdropper to attack and tap optical CDMA encoded pulses figure (4), is u n = 100 with a tapping efficiency of t e = 0.01.Since, u e is equal to one and between zero and one for coherent and incoherent detection respectively(Mahafza & Elsherbeni 2003 ), coherent detection with combining signals shows better confidentiality than the incoherent one.

Fig. 5 .
Fig. 5. Effect of combining multiple code pulses for both coherent and incoherent detection schemes the floor function of x.
effective power of a broadband source at the receiver and  is the photodiode responsivity

Fig. 7 .
Fig. 7. Per chip code SNR as a function of theoretical system capacity

Table 2 .
MQC basic code matrix for p = 3