Multi-layered Optical Network Security

Hwajung Lee

Department of Information Technology

Radford University

Contents

BackgroundResearch Goal and Three Main Results

Survivable Optical Layer Design Survivable IP Layer Design Reconfiguration preserving Survivability

Concluding Remarks

Regeneration/AdaptationO-E-O

SONETTerminal

IP Router

All Optical

Networks

All Optical

Networks

All Optical

Networks

All Optical Networks

Extremely high data rate

AON Security Characteristics

• 1.6 Terabits per second is equivalent to 320 million

Pages/sec of informationIf eavesdropping attack lasts only 1 second, 320 million

page of classified information could be compromised.

• 1.6 Terabits per second is 25 million simultaneous

telephone conversation.If a link failure lasts only 1 second, 25 million

simultaneous telephone conversation could be disrupted.

Short and infrequent attacks or failures can result in loss of large amounts of data.

Any Security Solutions?

ConfidentialityIntegrity

Cryptography (PKI, Digital Signature…)

Availability

We have a security hole to fill in.

:by guaranteeing the network survivability.

Network Model: lP over WDM Network

More layers in an overlay modelsCons More Redundant

functions Large header data

Thus, getting simpler.

ATM

ATM

IP

IP

IP IP

WDM Optical Network

SONET/SDH

SONET/SDH

Terminology

WDM : Wavelength Division MultiplexingLightpath : Transfer Path from Source to Sink

in Optical NetworkFault Propagation : Failure from a layer

propagates into other network layers.Logical Topology : IP layerPhysical Topology : WDM layerLogical topology (Upper Layer) is called

survivable if it remains connected under an impact of fault propagation in the presence of a single optical link (Lower Layer) failure.

What is WDM?

Mux Demux

R

R

R

R

R

End User End UserEnd User

End UserEnd UserEnd User

End User

C

A B

C

A B

EmbeddingFault Propagation

Cons of WDM Protection1. Requires to reserve extra resources.2. Can be failed.

Not Survivable

LogicalTopology

R

R

R

R

R

End User End UserEnd User

End UserEnd UserEnd User

C

A B

C

A B

Example of a Survivable Logical Topology

SurvivableR

R

R

R

R

End U ser End U serEnd U ser

End U serEnd U serEnd U ser

End User

CA B

End User

LogicalTopology

Sometimes, there is no way to have a Survivable

Logical Topology Embedding on a Physical Topology.

Survivable Logical Topology

e1

e2

…

…a

c

b

d …

…

…

…

d

b

c

a

Electronic Layer= Logical Topology

Optical Layer= Physical Topo.

2-Edge Connected

Research Goal

Logical topology

Physicaltopology

Support Survivability in IP over WDM network against a single link failure in an WDM network.

1st Problem : Design of Survivable IP over WDM Ring Networks

Main Result 1

LemmaFour Nodes

a b

c d

G rightG left e i

e j

a

c ...

... b

d...

...a

c ...

... b

d...

...

e i

e j

a b

c

a b

c d d

Lemma (Cont.) Three Nodes

a b

c

e i

e j

G rightG left a

c ...

... b

...

...

e i

e j

a b

c

a b

c

Lemma (Cont.)

Suppose G is 2-edge-connected and G0 is a ring. For any edge cut of size two {(a, b), (c, d)} in G, nodes f(a), f(c), f(b), f(d), in this order, may not be lay out in G0 in the clockwise or counterclockwise direction.

Embedding Algorithm

a

gh

f

ecd

b

kl

j

ia

gh

f

ecd

b

kl

j

i

G le ft G right

G lle ft

G rle ft

a

cd

b

a

cd

b

G le ft G right

d

a b

a

cd

b

cd

a b

a

gh

f

ecd

b

kl

j

i

G le ft G right

G lle ft

G rle ft

e

fg

h

a

gh

f

ecd

b

kl

j

i

e c d

ab

fg h

j

kl

i

a

gh

f

ecd

b

kl

j

i

G le ft G right

G lle ft

G rle ft

cd

a b

e

fg

h

Theorem

Given a 2-edge-connected IP topology G and a ring network G0 as the WDM optical network topology, there exists a mapping of G into G0 such that G is tolerant to the failure of any single link in G0.

Main Result 2

Logical topology

Physicaltopology

2nd Problem : Design of Survivable Virtual Topology in IP over WDM

Does Survivable Embedding

Exist?

Add Additional links on

the Logical Topology

Yes No

Done

Survivable LT design possible Completely connected (i.e., (n-1)-edge connected)

NO survivable LT design when logical topology G is 2-edge connected 3-edge connected 4-edged connected

Degree Constraints Survivable LT design possible when min. degree >= No survivable LT design for min. degree <= ( -1)

Experimental Results – Near Optimal

2n 3

n 2

Problem Complexity

1

43

525

3 4

2

1

Complete Graph: Survivable

k

a 2

b 1

f

e h

b 2

i

a 1

d 1

c 1

g

c 2

l

jd 2

C 1

C 2

C 3C 4

a 1

f

b 2

a 2

e

b 1

k

3-edge Connected Graph: not Survivable

b1

b3

b2

b4

c1

c3

c2

c4

d1

d3

d2

d4

e1

e3

e2

e4

a1

a3

a2

a4

C1

C2

C3

C4

a1

a4

a2

a3

e2

e1

e4

e3

c4

c2

c3

c1

b4

b3b2

b1

d3

d1

d4

d2

4-edge Connected Graph: not Survivable

n-10

n/4+1

n/3-1

n/4

n/2n/2-1 2n/3

n/2+j

L R

Number of Nodes = b Number of Nodes = b

j n-j-1...

... ...

.... . .

...

...

...

si +i (L); si - I + n -1(R)

t: highest index in L smallest_component4 cases: t -1; t ; t -2; t= -1

n 6

n 6

n 4

n 3

n 4

n 3

n 3

Shortest Path Routing: Survivable if (minimum d ) 2n

3

: Vodd

: Veven

Kn/2-1 Graphn-1Kn/2-1 Graph 0

0 n-1

... .........

...

Shortest Path Routing: not Survivable if (minimum d -1 )

n 2

Heuristic Algorithmbased on Shortest Path Routing

Embed logical links to lightpaths.

Cut each optical linkand Calculate

the # of Components.

Find an optical link (x,y)with the maximum # of

components.

optical link (x,y)# of components

sets of components={C1, C2, …}

Max # = 1 Done

Add an additional lightpathconnecting a node

from Ci to a node from Cj

without using (x,y).No

No

Yes

Numerical Results# of Simulations = 1000

n = 100

0

5

10

15

20

25

0.02

80.

040.

060.

08 0.1

0.2

link probability p

aver

age

# o

f ad

dit

ion

al l

igh

tpat

hs

2 edge-connected

arbitrary

22.953

7.037

1.8611.938

0.0080.0023.357

Numerical Results# of Simulations = 1000

n = 200

0123456789

10

0.02

80.

040.

060.

08 0.1

0.2

link probability p

aver

age

# o

f ad

dtio

nal

lig

htp

ath

s

2 edge-connected

arbitrary

8.889

0.4940.549 0.023

0.027

4.632

Numerical Results# of Simulations = 1000

n = 300

-1

1

3

5

7

9

11

0.02

80.

050.

070.

090.

110.

130.

15

link probability p

aver

age

# o

f ad

dti

on

al l

igh

tpat

hs

2 edge-connected

arbitrary

10.293

0.533

5.585

0.814

0.0270.027

Main Result 3

Physicaltopology

3rd Problem : Reconfiguration of Virtual Topologies Preserving Survivability

Survivable Embedding has been done.

Logical topology

NewLogical

topology

New Survivable Embedding

Reconfiguration of Survivable Logical Topologies

0 1

23

0 1

23

0 1

23

Survivable Logical Topology = G1 Survivable Logical Topology = G2

Physical Topology = Gp# of Ports = 3

Add G2\G1 to form G1 G2

Delete G1\G2

# of Wavelength = 3

What if # of Wavelength < 3 or # of Ports < 3

Problem Complexity

Sometimes, we need to… Modify the current embedding of some

lightpaths in G1 G2 . Temporarily delete and reestablish some

lightpaths in G1 G2 due to the wavelenth constraint.

Temporarily add some lightpaths not in G1 G2 and delete to guarantee the survivability during the reconfiguration.

Simple Reconfiguration Approach

add a lightpath btw each pair of adjacent nodes,

delete all lightpaths in G1 except the above, and

establish all lightpaths in G2 based on its survivable embedding.

If the current lightpath setup uses W-1 wavelength

in each optical link and upto p-2 ports at each node,

1

2

3 4

5

6

W = 4, p = 6

Limitation of Simple Reconfiguration Approach

1

42

n

3

...n -k + 2

n -kn -k + 1

......

W = n- k + 1

MinCostReconfiguration Cost = # of add * UnitCostadd + # of delete * UnitCostdelete

Given Input : M1, M2, Gp

Output : Wadd,

Wadd = Wreconfig – max{WM1, WM2

}

Constraintsthe number of port p, the number of wavelength W

Objectives(1) To minimize Wreconfig while reconfiguration cost is

preserved minimum.(2) During the entire period of reconfiguration,

(1) The logical topology remains survivable (2) The port p and wavelength W constraints are satisfied.

MinCostReconfiguration Survivable Embedding, M2,

Of G2 to GP

Compare M2 with the currentsurvivable embedding M1

and Generate ADD set andDELETE set

Add lightpaths in ADDas long as

not violate W constraint

Delete lightpaths in DELETEas long as not violatesurvivability constraint

Wreconfig=max{WM1,WM2

}

ADD = ø andDELETE = ø

Any Additionand Deletion

Wreconfig = Wreconfig + 1

Done

Yes

Yes

No

No

Numerical Results # of Simulations per each case = 500

n = 8

Max Min Avg Max Min Avg Max Min Avg10% 1 0 0.008 8 4 5.784 8 3 5.464 1.091 1.40020% 2 0 0.068 8 3 5.770 7 3 5.388 2.375 2.80030% 2 0 0.100 8 3 5.692 8 3 5.380 3.762 4.20040% 2 0 0.122 8 4 5.806 8 3 5.282 5.420 5.60050% 2 0 0.076 8 4 5.800 8 3 5.368 6.710 7.00060% 2 0 0.062 8 3 5.796 8 3 5.180 8.212 8.40070% 2 0 0.092 8 3 5.772 7 3 5.086 9.433 9.80080% 2 0 0.064 8 3 5.772 8 3 4.850 10.869 11.20090% 1 0 0.066 8 4 5.750 7 3 4.736 12.099 12.600

Average 8 3.4 5.771 7.7 3 5.193

# of Diff Conn Req. (from Simulation)

Expected # of Diff Conn Req.(Calculated)

<WADD> <WM1> <WM2>

DiffFactor = (# of different conn. Req.) (total # of possible conn. Req.)

Wadd = Wreconfig – max{WM1, WM2

}

Numerical Results# of Simulations per each case = 500

n = 16

Max Min Avg Max Min Avg Max Min Avg10% 3 0 0.034 21 10 14.588 19 8 13.360 5.971 6.00020% 1 0 0.008 20 11 14.668 20 7 13.026 12.155 12.00030% 2 0 0.012 21 9 14.698 20 7 14.330 17.790 18.00040% 4 0 0.064 22 10 14.726 19 9 14.586 24.118 24.00050% 5 0 0.076 20 10 14.528 19 9 14.536 29.923 30.00060% 3 0 0.046 21 10 14.610 20 9 14.426 35.977 36.00070% 2 0 0.020 21 10 14.624 19 6 14.182 42.221 42.00080% 1 0 0.008 22 10 14.594 19 7 13.158 47.889 48.00090% 1 0 0.008 21 10 14.506 20 9 13.332 54.062 54.000

Average 21 10.0 14.616 19.4 7.9 13.882

# of Diff Conn Req. (from Simulation)

Expected # of Diff Conn Req.(Calculated)

<WADD> <WM1> <WM2>

Max Min Avg Max Min Avg Max Min Avg10% 3 0 0.104 52 34 42.742 52 34 42.802 24.904 24.80020% 3 0 0.114 52 33 42.988 54 32 42.716 49.400 49.60030% 4 0 0.140 54 35 43.100 52 35 42.916 74.557 74.40040% 2 0 0.074 52 34 43.020 52 34 42.802 98.931 99.20050% 3 0 0.094 53 34 42.896 56 34 42.896 124.731 124.00060% 4 0 0.086 52 34 42.714 52 36 42.634 148.447 148.80070% 3 0 0.084 52 35 42.710 56 34 42.468 173.743 173.60080% 3 0 0.046 53 34 42.834 53 34 42.614 198.260 198.40090% 7 0 0.056 54 34 42.824 53 33 42.822 223.142 223.200

Average 53 34.1 42.870 53.3 34 42.741

# of Diff Conn Req. (from Simulation)

Expected # of Diff Conn Req.(Calculated)

<WADD> <WM1> <WM2>

Numerical Results# of Simulations per each case = 500

n = 32

Numerical ResultsDiffFactor = 2(|E(G1)-E(G2)|+|E(G2)-E(G1)|)/n(n-1)

500 Simulations for Each Case

0.008

0.068

0.100

0.122

0.076

0.062

0.092

0.064 0.066

0.034

0.0080.012

0.064

0.076

0.046

0.020

0.008 0.008

0.104

0.114

0.140

0.074

0.094

0.086 0.084

0.046

0.056

0.000

0.020

0.040

0.060

0.080

0.100

0.120

0.140

0.160

10% 20% 30% 40% 50% 60% 70% 80% 90%

Difference Factor

# o

f A

dd

itio

na

l Wa

ve

len

gth

s

Avg (n=8)

Avg (n=16)

Avg (n=32)

Concluding Remarks

Sometimes, there is no way to have a Survivable

Logical Topology Embedding

on a Physical Topology.However, the results say that we can always find

a way to have a survivable embedding by carefully designing a WDM topology or an IP topology.

Moreover, by using a small number of additional lightpath, we can always preserve survivability while the reconfiguration is being proceeded.

Thank you