2005-security performance of optical cdma against eavesdropping.pdf

8/10/2019 2005-Security Performance of Optical CDMA Against Eavesdropping.pdf

1/16

JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005 655

Security Performance of Optical CDMAAgainst Eavesdropping

Thomas H. Shake, Member, IEEE

AbstractEnhanced security has often been cited as an impor-tant benefit of optical CDMA (O-CDMA) signaling. However, thequality and degree of securityenhancement hasnot been closely ex-amined in the literature. This paper examines the degree and typesof security that may be provided by O-CDMA encoding. A quan-titative analysis of data confidentiality is presented for O-CDMAencoding techniques that use both time spreading and wavelengthhopping. The probability of successful data interception is calcu-lated as a function of several parameters, including signal-to-noiseratio and fraction of total available system capacity. For reason-able choices of system and encoding parameters, it is shown thatincreasing code complexity can increase the signal-to-noise ratio

(SNR) required for an eavesdropper to break the encoding byonly a few dB, while the processing of fewer than 100 bits by aneavesdropper can reduce the SNR required to break the encodingby up to 12 dB. The overall degree of confidentiality obtainablethrough O-CDMA encoding is also compared with that obtainablethrough standard cryptography. time-spreading/wavelength-hop-ping in particular, and O-CDMA in general, are found to provideconsiderably less data confidentiality than cryptography, and theconfidentiality provided is found to be highly dependent on systemdesign and implementation parameters.

Index TermsCode division multiaccess (CDMA), communica-tion system security, optical communication.

I. INTRODUCTION

ENHANCED security is a frequently cited benefit of optical

CDMA (O-CDMA) signaling techniques, and is often said

to be inherent in the technology [1][5]. However, most of the

literature discussing O-CDMA security relies on rather intuitive

and imprecise notions of security, and few papers present any

quantitative analysis of the degree of security that can be ex-

pected from O-CDMA techniques. Those papers that do present

quantitative results often consider only the most rudimentary

kinds of attacks on security, such as brute-force code-searching,

neglecting more sophisticated attacks which are typically more

effective. A systematic analysis of the types and degree of se-

curity that might be available from O-CDMA has, so far, been

lacking in the research literature.

This paper sets a framework for the security analysis of com-

munication waveforms and considers, within this framework,

the types of security that O-CDMA might provide. It then

presents a detailed theoretical evaluation of one specific type

Manuscript received May 10, 2004; revised September 9, 2004. This workwas supported by the Defense Advanced Research Projects Agency under AirForce Contract F19628-00-C-0002. Opinions, interpretations, recommenda-tions, and conclusions are those of the author and are not necessarily endorsedby the United States Government.

The author is with the Massachusetts Institute of Technology, Lincoln Labo-ratory, Lexington, MA 02420-9108 USA (e-mail: [email protected]).

Digital Object Identifier 10.1109/JLT.2004.838844

of securitydata confidentialitythat is provided by certain

representative types of O-CDMA signaling. This evaluation

includes quantitative results on the degree of confidentiality

that is provided. The degree of confidentiality obtainable by

O-CDMA techniques is also compared with that obtainable

from standard encryption techniques, which provide a familiar

and well-characterized benchmark of security.

The organization of this paper is as follows. Section II re-

views some general principles of security analysis, and estab-

lishes assumptions for the analysis presented in the paper. Sec-

tion III examines some basic security properties of O-CDMAencoding techniques. Section IV presents eavesdropping strate-

gies that will be used in the confidentiality analysis that follows.

Section V presents a quantitative analysis of the degree and type

of confidentiality that may be provided by time-spreading/wave-

length-hopping encoding. Section VI discusses the results of

this analysis, considering practical implementation limitations

and comparing O-CDMA encoding with cryptography as a se-

curity technique. Section VII presents a brief set of conclusions.

II. FRAMEWORK FORSECURITYANALYSIS

A. Types of Security

When evaluating the security of a communications technique,it is important to define the type of security under considera-

tion. Security in communications and computer networking is

traditionally divided into the categories of confidentiality, in-

tegrity, and availability [6]. O-CDMA could potentially provide

both confidentiality and availability protection. For example,

O-CDMA encoding could potentially enhance the availability

of a system by offering some degree of jamming resistance, be-

cause many of the O-CDMA techniques proposed in the liter-

ature involve significant spectrum-spreading of the transmitted

signals. Optical receiver structures differ from RF receiver struc-

tures. Consequently the degree and type of jamming protec-

tion that O-CDMA encoding can provide may differ signifi-cantly from the protection offered by traditional RF spread spec-

trum modulation [7]. O-CDMA encoding might conceivably

provide some degree of covertness of signal transmission, at

least for free-space optical transmissions. (Significant covert-

ness is unlikely to be obtained through O-CDMA signaling in

a fiber-based transmission system, since an interceptor is likely

to be able to detect relatively high power levels propagating in

the fiber.)

While forms of security such as protection against jamming

and transmission covertness may be provided by some types of

O-CDMA encoding, it is data confidentiality that has been the

primary focus of published proposals for secure O-CDMA

0733-8724/$20.00 2005 IEEE


2/16

656 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 2, FEBRUARY 2005

(e.g., [3] and [4]). Furthermore, data confidentiality is probably

the best known and most commonly sought form of security in

communications. Therefore, the remainder of this paper focuses

on evaluating the degree of data confidentiality that may be pro-

vided by O-CDMA encoding techniques.

B. Evaluating Data Confidentiality1) Classes of Data Confidentiality: In theory there are two

distinct classes of data confidentiality. The most confidential

communication systems are called unconditionally secure if

they are theoretically unbreakable even with infinite computa-

tional resources [8], [9]. While unconditionally secure systems

do exist, they are not practical for most applications. A system

is called computationally secureif it requires a sufficiently large

amount of computational resources, applied over a sufficiently

long time, to break. Most practical cryptographic systems (most

good ones, anyway) fall into this category. Within the class of

computationally secure systems there can be different degrees

of confidentiality. If one system requires a large amount of

computational resources running for one hundred years to break

and another requires only ten years to break using the same

resources, then clearly the system requiring the longer time to

break is preferable, all other factors being equal.

2) Assumptions in Confidentiality Analysis: The assump-

tions used in a security analysis can strongly affect the degree

of security that the analysis shows. The analysis in this paper

assumes that potential adversaries are technologically sophisti-

cated, have significant resources, and know a great deal about

the signals being transmitted. (See [10, Ch. 2] for a discussion

of threat evaluation in the context of cryptography.) In partic-

ular, the eavesdropper knows what types of O-CDMA signals

are being sent: the data rate, the type of encoding, and thestructure of the codesbutnotthe particular code that an indi-

vidual user employs. These assumptions are made because it is

reasonably easy for a user to change codes in the event his code

is compromised. However, the other parameters mentioned,

such as the data rates, the types of codes, etc., are difficult to

change quickly, and might even require a hardware/software

redesign of the communication equipment in the event that they

were found out by an adversary. Depending on the secrecy of

hard-to-change parameters for data confidentiality is poor secu-

rity practice; one must assume, when doing a security analysis,

that an adversary knows them or may know them. These same

principles are applied in the analysis of cryptographic systems,and are often stated in the form ofKerckhoffsprinciple, which

essentially states that one should assume that the eavesdropper

knows everything about the cryptographic algorithm except for

the key that each user employs (see [10, p. 23]).

III. O-CDMA CONFIDENTIALITYBASICS

A. Code Space Size

It is worth briefly reviewing the basic reasons that lead to the

expectation that O-CDMA can provide some degree of data con-

fidentiality. Each O-CDMA transmitter/receiver pair is assumed

to use a specific code. The receiver uses the exact knowledge of

the code to separate the transmission from other users transmit-ting on different codes and from random channel and receiver

noise. It is difficult for an eavesdropper to correctly demodulate

the O-CDMA signal without knowing the code being used, es-

pecially if there are multiple users transmitting simultaneously

on different codes. If an O-CDMA coding scheme that has a

very large number of possible codes could be developed, then

an eavesdropper would have to perform a brute-force search

through half of them, on average, before finding the proper codeto demodulate a given users data.

Thus, thefirst measure of the degree of security potentially

available from O-CDMA encoding is the size of itscode space

(the number of different codes that might be used by an indi-

vidual user). This can vary greatly depending on the type of

O-CDMA and the parameters of the coding. Table I compares

the code space sizes of example codes taken from four common

categories of O-CDMA techniques. Code parameters used in

the examples were chosen in an attempt to represent chal-

lenging, but potentially implementable codes for high data rate

transmission. However, detailed consideration of the feasibility

of implementing these types of codes is beyond the scope of

this paper. It should also be noted that the different categoriesof codes considered here require different transmission band-

widths, have different cross-correlation properties, and may

have differing implementation complexities. The comparison

here focuses only on security properties.

The first category shown in Table I, time-spreading codes

(using a single wavelength), contains codes such as optical or-

thogonal codes [11], prime codes [12], and EQC codes [13].

These codes all have relatively small code spaces for a given

code length,1 and are not likely to produce large enough code

spaces to deter brute-force searching techniques for feasible im-

plementations at high data rates (e.g., 1 Gbits/s and above).

The second category, time-spreading/wavelength-hoppingcodes, can be viewed as an extension of time-spreading codes

into two dimensions (time and wavelength), and can also be

viewed as an analog to RF frequency-hopping [14]. These

codes can be designed to have a very much larger code space

size than the one-dimensional time-spreading codes (see [3],

for example). The resulting code space sizes can be large

enough to prevent a brute-force code space search from being

successful in any reasonable amount of time [3]. For example,

for 30 wavelengths and 1000 time slots, a code space size on

the order of possible codes can be obtained.

The third and fourth categories in Table I represent spectral

encoding techniquesspectral amplitude encoding and spec-

tral phase encoding, respectively. Spectral amplitude encoding

[15] relies on code sequences with particular properties to main-

tain a reasonable degree of orthogonality among different users

coded signals. The spectral amplitude codes in [15] require ei-

ther Hadamard sequences or maximal length sequences ( -se-

quences) as their basis, and these codes are still fairly limited

in code space size. While time spreading codes may be im-

plemented with code lengths of in the thousands or even tens

of thousands, depending on the data rate, implementation con-

straints for spectral coding masks limit feasible codes to lengths

of a few hundred or so. For a code length of 511 amplitude mask

1Code length, for these codes, is defined as the total number of code chips perinformation bit.


3/16

SHAKE: SECURITY PERFORMANCE OF OPTICAL CDMA 657

TABLE ICODESPACE SIZE FOR FOUR CATEGORIES OFO-CDMA CODING

elements, one can calculate that there are 48 different -se-

quences that could be used as codes [17], and each of these se-

quences can be shifted by one or more code elements to pro-

duce a distinct code. This produces a maximum of about 25 000

(48 511) possible codes. This is a considerably larger code

space than that produced by most time-spreading codes, but still

quite small compared with time-spreading/wavelength-hopping

codes.

Spectral phase encoding has similar code mask implemen-

tation constraints to spectral amplitude encoding. However,

analysis has shown that spectral phase encoding may be ableto support a reasonably large number of simultaneous users

at low bit-error-rates (BERs) by employing code word sets

that are chosen randomly [16]. Unlike time-spreading/wave-

length-hopping codes, the number ofones and zeros in a

spectral phase code does notaffect the amount of energy in the

transmitted signal, and hence does not affect the power balance

among a group of users. Thus, a central controller choosing

codes to assign to a group of, say, 100 users could choose

100 different random combinations of the code elements

in a spectral phase encoder, and each user would be assigned

one of these codes. Performance calculations in [16] show

that, on average, a reasonably large number of simultaneoususers can be supported with randomly chosen code word sets.

These calculations apply to average performance, though, and

it should be noted that a large portion of the many possible

code sets chosen randomly might have well below average

BER performance. In theory, though, a central controller could

select a set of randomly chosen codes for some desired number

of users, and could then pseudorandomly refine the set of codes

by discarding certain codes of the chosen set and randomly

choosing replacements until the overall performance of the

code set met the desired BER specifications. (This procedure

might be highly processing-intensive, and might need to be

pre-calculated before network operations begin.) The resulting

set of codes would still appear random to an eavesdroppertrying to guess which individual codes had been selected, and

Fig. 1. Linear system modeling of O-CDMA transmitter.

he would thus have to search a large fraction of the code space

before being successful. Random code choice allows the code

space to be very large indeed, with a 511 element phase mask

generating possible codes.Time-spreading/wavelength-hopping codes and spectral

phase codes appear to be two of the most promising code types

for generating code spaces that are large enough to prevent

successful brute-force code search attacks. However, a very

large code space is necessary, but not sufficient, for good data

confidentiality, as subsequent sections of this paper will show.

B. Code Interception

Brute-force searching for an individual users code is a very

inefficient attack strategy whenever the code space is large. In-

telligent eavesdroppers will seek other forms of attack if they

are available. For most, if not all, O-CDMA techniques cur-rently described in the literature, there is indeed another, more

efficient, form of attack. This attack is based on the observation

that many O-CDMA transmitter designs regularly broadcast the

very thing that is the key to keeping the users data confidential:

the code word itself. An intelligent eavesdropper can design

a listening device to detect this code word. Once a users code

word is detected by the eavesdropper, the eavesdropper has free

access to the users data until the users code is changed.

Consider the modeling of an O-CDMA transmitter. Most

every form of O-CDMA encoder in the literature, as far as

this author is aware, can be modeled as a linear time-invariant

(LTI) system for at least somefinite time that is large compared

with the code duration, as illustrated in Fig. 1. When drivenby an optical input waveform, , the output of the encoder


4/16


can be modeled as the convolution of the impulse response

of the encoder, , with . (Alternatively, the output can

be modeled in the frequency domain by the multiplication of

the Fourier transforms of the input waveform and the impulse

response.) If an eavesdropper can observe the transmitted

waveform, , in the channel, and if he knows the form of

the input waveform , he can use standard linear systemanalysis to solve for the impulse response of the encoder (or

its Fourier transform, the transfer function). This reveals the

code being used. Even if a transmitters code is reconfigured

frequently, the encoder can still be modeled as a piecewise LTI

system, with linear analysis techniques being applicable during

the period between code changes.

Using an LTI transfer function to encode data thus presents

a fundamental security problem. There are three possible ap-

proaches to solving this problem. The user could try to keep the

input waveform, , secret, preventing an eavesdropper from

being able to solve for the code even with accurate observations

of the output waveform, . However, this solution violates

Kerckoffs principle (Section II)if the input waveform wereever compromised, it would need to be changed to make the

system secure again, and this would probably be fairly difficult.

It is more realistic to assume that an interceptor knows the input

waveform(s) being used.

A second approach is to try to make it very difficult for an

eavesdropper to accurately detect in the channel, thus

making it difficult for him to accurately solve for the code.

This can be attempted by transmitting signals of relatively

low power, making it difficult for an eavesdropper to attain

sufficient signal-to-noise ratios to make accurate channel mea-

surements. The eavesdroppers ability to solve for the code can

also be decreased by increasing the code complexity, whichcan decrease the eavesdroppers signal-to-noise ratio per code

element. With this overall approach, the eavesdroppers ability

to solve for the code can be determined by classical detection

theory [18]. The degree of confidentiality produced by this

approach will depend on the SNR that an eavesdropper can

attain when attempting to detect the users coded signals.

A third approach is for each transmitter to change its code

very frequentlymore frequently than an eavesdropper could

detect the channel waveform and solve for the code. This ap-

proach may be combined with the previous approach of mini-

mizing transmitted power. The required rate of code reconfigu-

ration depends on the time required for an eavesdropper to ac-

curately detect the channel waveform and solve for the code.

This time depends, in turn, on the SNR that the eavesdropper

is able to obtain, and on the code complexity. The effectiveness

of code reconfiguration thus depends on how difficult the trans-

mitter can make it for the eavesdropper to detect codes by ob-

serving the channel. The remainder of this paper concentrates

on evaluating this degree of difficulty.

IV. O-CDMA EAVESDROPPINGSTRATEGIES

A. Signal Tapping

An eavesdropper in an O-CDMA network may tap signals

from various locations within the network. He may commandeeran authorized user terminal, or may tap signals from network

Fig. 2. Potential locations for taps that allow an eavesdropper to isolateindividual user signals.

fibers. For the purposes of code interception it is advantageous

to tap isolated user signals, avoiding the multiple user interfer-

ence (MUI) that is characteristic of CDMA systems. Since each

authorized terminal in an all-to-all O-CDMA network receives

signals from all transmitters simultaneously (as shown in Fig. 2

for a broadcast star topology), commandeering an authorized

user terminal does not give an eavesdropper an isolated signal

for code interception. If the eavesdropper is interested in a spe-cific, identifiable user, tapping afiber in the network infrastruc-

ture is more advantageous for the eavesdropper, since it can give

the eavesdropper access to the isolated user signal. For example,

as Fig. 2 shows, a typical broadcast star LAN carries individual

user signals over approximately 50% of its total fiber length (the

user-to-star coupler links). Even if a single fiber is used to con-

nect each user to the star coupler (implying bidirectional signal

propagation in the fiber),fiber taps can easily separate signals

propagating in opposing directions. This gives an eavesdropper

much opportunity to tap into individual user signals.

B. Vulnerability of OnOff Keyed O-CDMA

The majority of published O-CDMA techniques rely on

onoff keying (OOK) for data modulation [1]. Typically, a

coded transmission is sent during a bit interval to represent a

one, and no energy is sent during a bit interval to represent

a zero. While this allows the implementation of relatively

simple optical transmitters and receivers, it is also highly

vulnerable to relatively simple eavesdropping techniques. As

has been noted in [5], if an eavesdropper can isolate individual

users signals as in Fig. 2, he can use a simple energy detector

to detect whether energy is present or not in each bit interval.

(Acquiring bit interval synchronization from a coded OOK

stream should be fairly straightforward given knowledge of the

data rate and type of encoding, although the accuracy of syn-chronization would depend on the SNR at the eavesdroppers


5/16


receiver.) In this case, there is no need for the eavesdropper

to break the coding scheme or steal the code; the energy

detector output contains the users data stream.

There are several possible solutions to this problem. First,

vulnerablefibers could be physically made secure against tap-

ping, or each users data could be encrypted. However, nei-

ther of these solutions has anything to do with O-CDMA tech-niquesO-CDMA security might not be necessary at all if they

were used. Since this paper deals with the strength of O-CDMA

encoding, these solutions will not be considered.

A workable solution that relies solely on the properties of the

encoding would be to either use a constant envelope modula-

tion technique such as phase shift keying (PSK), or to force the

modulation technique to send a constant amount of energy for

each transmitted bit by transmitting one code sequence for a

one and a different code sequence for azero. We will call

this latter approach2-code keying. 2-code keying would require

distribution of twice as many codes for a given set of users. It

would produce significantly more MUI for a given number of si-

multaneous transmitters compared with OOK-based O-CDMA,although it would also increase the receivers average energy

per data bit, since energy would be transmitted for both zeros

andones.It would work with most proposed O-CDMA tech-

nologies, and would remove the vulnerability to eavesdroppers

with simple energy detectors.

(This approach can be generalized by assigning code

words to each user and having each user transmit one code word

for each data bits, which denies the eavesdropper the ability

to detect data using a simple energy detector. Choosing

may make the eavesdroppers task slightly more complicated, as

discussed in Section V.B, though a full analysis of the trade-offs

involved is beyond the scope of this paper.)Some form of constant energy-per-bit modulation is neces-

sary if O-CDMA is to provide significant confidentiality for an

individual user. However, while it is necessary, such modulation

is not sufficient for complete confidentiality. Eavesdroppers may

mount other, albeit more difficult, attacks, such as trying to in-

tercept the transmitted code words themselves. The next section

presents an analysis of the effectiveness of this type of attack.

V. QUANTIFYINGO-CDMA CONFIDENTIALITY

A. Code Word Interception

Detecting exactly which code word a particular transmitteris using would allow an eavesdropper to demodulate all of that

transmitters data until the code word were changed. Since most,

if not all, currently proposed O-CDMA coding structures can be

modeled by LTI transfer functions, as discussed above,an eaves-

dropper could (theoretically, at least) detect the coded transmis-

sions of a particular user and derive the code from this infor-

mation. This type of attack is quite general in its applicability

to various types of O-CDMA encodingthe author is unaware

of any type of O-CDMA encoding to which it would not apply.

Therefore, quantifying the effectiveness of this type of attack

yields information with broad implications for the security of

O-CDMA.

The exact techniques required for code detection depend onthe type of code being transmitted; therefore it is necessary to

Fig. 3. Simplified time-spreading encoded waveform (single wavelength).

choose a particular type of code to quantify the effectiveness

of this type of attack. This section examines the detection per-

formance of one of the most promising classes of O-CDMA

encoding for providing confidentialitytime-spreading/wave-

length-hopping encoding [3], [14]. (We consider time spreadingencoding on a single wavelength [11], [19] as a special case

of time-spreading/wavelength-hopping.) A separate paper will

deal with an analysis of the confidentiality performance of spec-

tral encoding techniques, particularly spectral phase encoding

[29].

The analysis presented here treats the eavesdroppers code

interception problem as a problem in classical detection theory

[18]. The eavesdropper taps a coded transmission of a particular

user and performs the necessary calculations to derive the trans-

mitters code word from these transmissions. The resulting code

will have some probability of error, which will depend strongly

on the signal-to-noise ratio at the eavesdroppers receiver.This analysis is primarily theoretical, and assumes idealized

transmission components (e.g., fiber, couplers, and receiver

components). Receiver implementation losses are also not

modeled. The results described thus represent a near worst

case performance assessment, although a slightly suboptimum

receiver structure is analyzed because of its higher likelihood

of implementation.

We now consider the structure of a code intercepting receiver

for time-spreading/wavelength-hopping encoding. Consider

first the case of time-spreading on a single wavelength. Fig. 3

shows a simplified depiction of a time-spreading encoded

signal. Each data bit to be encoded is divided into possible

code chips, of them containing an energy pulse for any

given code. ( is theweightof the code, and is thelength.)

Each code pulse contains energy . Thus, the total energy

transmitted per data bit is WE .

In theory, an eavesdropper can use a receiver that is highly

similar to a radar receiver to intercept this type of signal and

determine the code. The eavesdropper can divide each data bit

duration into time intervals, orbins(Fig. 3), and determine

whether an energy pulse is present or not in each one. This can

be done by implementing a filter that is matched to an individual

code pulse and sampling the output of the filter once per time

bin. The performance of this type of receiver can be determined

using the mathematics of classical radar detection theory (see,for example, [18] and [20]).


6/16


Fig. 4. Coherent receiver with matchedfilter for code interception.

Fig. 5. Envelope detector structure for code intercepting detector.

The optimum implementation of this type of receiver would

be a coherent detection receiver and an exact matched filter, as

shownin Fig.4 (see[24, pp. 257262]), where the matched filter

can be implemented by the combination of the bandpass and

lowpassfilters illustrated. However, a simpler and more likelyimplementation would be an optical amplifier, followed by an

opticalfilter that is approximately matched to the code pulses,

with a square law envelope detector such as a photodiode used

to detect the output of the optical matchedfilter [21], [22], [24].

The output of the electronic detector is then time sampled. Such

a code interceptor is shown in Fig. 5.

This code interception strategy generalizes to time-

spreading/wavelength hopping coding in a straightforward

way. Given a code using time chips and wavelengths,

the receiver structure in Fig. 5 can be replicated times. If

is too large for this to be practical, a reasonable number

of wavelength channels can be implemented and scanned

sequentially over the different wavelength bands covered by

the coded signal. This would produce a tradeoff between the

number of wavelength channels implemented in the code inter-

cepting receiver and the time required to detect the code with a

given degree of statistical reliability. (The statistics of reliable

detection are quantified later.)

We assume for the purposes of security performance calcula-

tions that the eavesdropper is able to synchronize to the trans-

mitted signal. Given synchronization, the eavesdropper can then

locate the beginning and end of a data bit, and can sample the

detector output precisely at the end of each code chip time. This

assumption is not strictly necessary for either the operation or

the analysis of the code intercepting detector. It is made becauseit is the worst case assumption from a security perspective (it

yields the best possible performance for the eavesdropper), and

it is better to overestimate an eavesdroppers capability than to

underestimate it. In reality, an eavesdropper will not have perfect

synchronization with the transmitted signal, and some perfor-

mance loss will result. However, it is quite plausible, especiallyunder high SNR conditions, that an eavesdropper could attain

reasonably accurate code chip synchronization by correlating

the pulse stream with a replica of an individual pulse. Data bit

synchronization should also be fairly easy to attain if the trans-

mitter is using OOK O-CDMA, and could probably be attained

by processing multiple bits of a non-OOK encoded stream.

Thefigure of merit that will be used here for code intercep-

tion performance calculations is the probability that the eaves-

dropper can detect the users entire code word with no errors,

denoted by . This probability will depend on the type

of detection processing and on the amount of time the eaves-

dropper observes the users signal for each detection; it can be

calculated from two quantities that are staples of classical de-tection analysisthe probability of missing a transmitted pulse

in a given time bin, , and the probability of falsely detecting

a pulse in a bin where none was transmitted, . If the code

interceptor makes a code word decision based on observing the

transmitted signal for a single data bit interval, the overall prob-

ability of error-free code word detection is given by

(1)

Thefirst term represents the probability of not missing any of

the pulses that are transmitted during a data bit. The second

term is the probability of not falsely detecting pulses in any of

the time bins where pulses are not transmittedduring a data bit.


7/16


and are determined by the SNR at the eavesdropper

and by the eavesdropping detectors performance in noise. As-

suming that the dominant form of noise can be modeled as addi-

tive white Gaussian noise, the EDFA/optical matchedfilter re-

ceiver structure in Fig. 5 can be shown to give [22]

(2)

(3)

where is the ratio of the peak pulse energy to the noise

power spectral density, is the detection threshold, and

is the Marcum Q-function defined as [23, p. 147]

(4)

where denotes a zeroth order modified Bessel function of

thefirst kind.

Fig. 6 plots versus for a time-spreading/wave-

length-hopping code and for both this type of receiver and the

coherently detected matched filter receiver. (Derivation of the

performance of the coherent receiver with matched filter detec-

tion can be found in standard texts [24], [25], [18]). The code

parameters used for this sample calculation were , and

, and , corresponding to a prime hop code

with 961 time slots and 31 wavelengths [28], for example. Note

that the numerator in the plotted here refers to the en-

ergy in an individual code pulse, not the energy received during

an entire data bit. In both the cases plotted, the eavesdropper

is assumed to be able to set the detection threshold to its op-timum value. This requires knowing or estimating such param-

eters as , and the SNR; the optimal threshold at each

SNR value for the envelope detector was determined by a search

algorithm for these calculations. As thefigure shows, the loss in

performance of the optical matched filter with envelope detec-

tion relative to the optimum coherent matchedfilter detection is

relatively small, especially at higher SNRs.

The basic form of the result shown in Fig. 6 has strong impli-

cations for the degree of confidentiality that may be attained by

O-CDMA encoding. (While the results in Fig. 6 are for a par-

ticular type of time domain encoding with certain coding pa-

rameters, the same general results can be shown for differenttypes of O-CDMA encoding [29].) Since the eavesdroppers

ability to correctly detect user code words is strongly dependent

on the SNR at the intercepting receiver, it follows that the de-

gree of confidentiality provided is also a strong function of this

SNR. Since the eavesdroppers SNR is a function of a number

of system design and operation parameters, this means that the

degree of confidentiality provided by O-CDMA techniques will

also be a function of these system design and operation param-

eters.

Since the degree of confidentiality of user data is dependent

on the SNR at the eavesdropper, it is important to quantify how

low this SNR could be made through intelligent system design.

This design is not completely straightforward, though, becauseit must involve a tradeoff between communication performance

Fig. 6. Code intercepting detector performance curves for coherent detectionand optical matched filter with envelope detection.

and confidentiality for the authorized users. This can be seen asfollows.

In CDMA networks (optical or electronic), the total number

of simultaneous users that can be supported with acceptable

BER performance is typically limited by interference among

the user signals, rather than by receiver noise. Assuming that

all users transmit at the same data rate, the total system data

carrying capacity is proportional to the maximum number of

simultaneous users the system can support. A theoretical max-

imum number of simultaneous users can be calculated by as-

suming that receiver noise is negligible compared to the MUI in

BER performance calculations. (This maximum number of si-

multaneous users is primarily a function of the type of encoding,

which determines the degree of orthogonality among differentcodes; see, for example, [11], [16], and [19].) By specifying a

maximum acceptable BER and a particular type of encoding,

one can calculate a specific maximum number of simultaneous

users, and hence, the total capacity of the network.

To improve security in the network, the system design should

minimize the amount of energy that an eavesdropper can re-

ceive by tapping fiber signals. This requires that each transmitter

minimize the power it sends into the network. This minimiza-

tion cannot be done without affecting the BER performance

of the system, however. An authorized receivers BER perfor-

mance will be a function of the received SNR. The authorized

receivers SNR is given by

(5)

where represents the total noise spectral density contribu-

tionof the MUI and representsthe spectraldensityof the re-

ceiver noise2. is proportional to both the number of active

transmitters and to the transmitted power of each user (we as-

sume all users transmit equal powers, when transmitting), while

isfixed for a given receiver implementation.

2Strictly speaking, the spectral densities

and

exist only for wide-sense stationary noise processes,and are, in general, functions of frequency. The

heuristic explanation given here assumes the noise processes may be approxi-mated by white Gaussian noise, in which case and may be treated asconstant scalar values. See [25] for more details.


8/16


Consider the situation with the theoretical maximum number

of simultaneous users all transmitting. If is negligible com-

pared to , the resulting SNR atan authorizedusers receiver

will be sufficient to maintain the specified BER. If each trans-

mitter reduces its power level sufficiently to increase confiden-

tiality, though, will also be reduced and will become

significant compared to . While the ratio will re-main constant no matter what power level each user transmits,

the ratio is what determines BER, and this will be re-

duced, increasing the BER. If the transmitted power is reduced

arbitrarily, the only way to keep the BER from exceeding a spec-

ified value is to reduce the term as well (again assuming

is fixed by the implementation). The only way to do this

is to reduce the number of active users. Thus the total number

of simultaneous users that can be supported at a specified BER

must be reduced to allow each transmitter to reduce its power

level.

Using certain modeling approximations, Appendix A quanti-

fies the aforementioned argument, and derives the relationship

between required user SNR and the eavesdroppers availableSNR per code chip as

(6)

In this equation, is the eavesdroppers fiber tapping efficiency,

is the number of taps in the broadcast star coupler that dis-

tributes user signals, is the ratio of the eavesdroppers re-

ceiver noise density to the authorized users receiver noise den-

sity, is the authorized user receivers multichip energy com-

bining efficiency, is the maximum theoretical number of si-

multaneous users at a specified maximum BER,is the required user SNR (per data bit) to maintain the speci-

fied BER, is the actual number of simultaneous users sup-

ported, and is the eavesdroppers effective SNR per

code chip.

Equation (6) represents a fundamental, if approximate, rela-

tionship between the total system data capacity and the SNR

that an eavesdropper may obtain using a code detector of the

type shown in Fig. 5 for time-spreading/wavelength-hopping

O-CDMA. Analysis of this equation provides a great deal of in-

sight into the limitations on attainable confidentiality of this type

of O-CDMA encoding, and on the tradeoff between system data

capacity and confidentiality. Since (1)(3) establish that the de-gree of confidentiality is a strong function of the eavesdroppers

SNR as represented by , any of the factors in (6) that

change this SNR will affect confidentiality.

The factors in the first set of brackets in (6) can all cause

a direct increase or decrease in this SNR and a corresponding

decrease or increase in confidentiality. Confidentiality is de-

creased by an increase in the eavesdroppers tapping efficiency;

by an increase in the number of taps in the star coupler (which

reduces the fraction of transmitted power that reaches each au-

thorized user and requires each user to transmit more power);

or by a decrease in the eavesdroppers receiver noise level rela-

tive to the authorized users receiver noise level. Confidentiality

is increased by an increase in the combining efficiency of theuser receivers (allowing an overall decrease in transmitted user

Fig. 7. Approximate tradeoff between system data capacity andconfidentiality.

power to maintain an acceptable BER); or by an increase inthe weight of the code words (which divides the energy per bit

into more, hence lower energy, code pulses). Equation (1) also

implies a further increase in confidentiality if the length of the

code, , is increased.

The second bracketed term in (6) relates to the trade between

confidentiality and system capacity. As the number of active

users approaches the maximum theoretical number of

simultaneous users of the system , this term increases

without bound, implying very high SNRs for the eavesdropper.

Conversely, when only a single user is allowed , the

eavesdroppers SNR is minimized, but at the expense of system

capacity, assumingfixed BER performance.3

Finally, the third bracketed term in (6) shows that confiden-

tiality can be increased by decreasing the SNR required by the

authorized users for acceptable BER performance. Confiden-

tiality can be increased by allowing a higher BER. For afixed

BER specification, however, can still be de-

creased by using error correcting coding on user transmissions

and by using the most power-efficient modulation technique

possible. (Both power-efficient modulation and error correction

coding are typically used in cellular telephone CDMA systems

[26], [27].)

Fig. 7 shows an example of confidentiality performance

versus system capacity for a straw man set of system design

parameters. It plots the eavesdroppers approximate probability

of error-free code detection (integrating signal energy over one

data bit period) versus the fraction of theoretical system ca-

pacity, , that can be attained for a specified maximum

BER.

The straw man design specifies 100 potential users connected

to a broadcast star network with taps. The users each

employ time-spreading/wavelength-hopping codes with

timeslots, wavelengths, and code pulses

per data bit. These parameters would be produced by a 31, 31

Prime Hop Code as specified in [28], although they may apply

3

If the number of active users exceeds the number calculated by (6), the BERmust go above the specified maximum for all activeusers, or else each user musttransmit more power, raising the eavesdroppers SNR.


9/16


to other types of codes as well. Users are assumed to use inco-

herent detection, modeled here by assuming that each code pulse

is optically matchedfiltered and envelope detected (much as in

Fig. 5), and combined after the envelope detection. The resultant

incoherent combining of 31 code pulses produces a combining

efficiency of approximately (see [23, p. 178]). The

maximum acceptable system BER is assumed to be . Errorcorrection codes used in commercial high-rate optical telecom-

munication equipment can produce this BER with a raw detector

BER of approximately . An optical matchedfilter receiver

followed by envelope detection theoretically requires a (peak)

SNR of dB [22] to produce the required

raw detector BER of . The eavesdropper for this example

is assumed to tap one percent of the energy from a

fiber carrying a single user signal, and to have a receiver that is

equal in sensitivity to the authorized usersreceivers .

The solid curve, labeledbaseline example, shows the per-

formance of the straw man system. For this particular example,

if the authorized users transmit sufficient power so that 95% or

more of the theoretical system capacity is attained, the eaves-

dropper has a high enough SNR to detect the code without errors

with a probability of virtually one. To reduce the eavesdroppers

probability of effectiveness below , for example, each user

must reduce its transmit power to the extent that only about 75%

of the theoretical system capacity can be attained.

Variations in system design parameters can strongly affect

this performance trade, as shown by the other three curves in

Fig. 7. A change in any combination of the factors in the first

bracket of (6) can result in a higher or lower SNR for the eaves-

dropper. If for example, the eavesdroppers receiver is 3 dB more

sensitive than the authorized users receivers (i.e., )

then the dotted performance curve (baseline 3 dB) in Fig. 7 isobtained. If, in addition, the eavesdropper taps the fiber with 2%

efficiency rather than 1%, then the dash-dotted curve (baseline

6 dB) is obtained, and so on.

Depending on the type of encoding that is used, an eaves-

dropper may be able to improve on the performance specified

by (1)(3) and (6), and illustrated by Figs. 6 and 7. Most en-

coding schemes for O-CDMA use code words that are rela-

tively far apart in Hamming distance; this allows relatively good

orthogonality properties among multiple users transmitting si-

multaneously. However, if the eavesdropper knows the struc-

ture of the code (e.g., that Prime Hop Codes are being used),

then an intercepted code wordwhich may contain detectionerrorscan be compared with the set of allowable code words.

The allowable code word nearest in Hamming distance to the

intercepted code word would then be chosen. In this case, the

coding structuredesigned primarily for good orthogonality

propertieswill function much like an error-correcting code for

the eavesdropper, possibly allowing the eavesdropper to take an

intercepted code word with errors and correct the errors. Calcu-

lating the degree of improvement in the eavesdroppers ability to

intercept code words through this technique is beyond the scope

of this paper; still, the better the orthogonality properties of the

encoding scheme, the larger the minimum Hamming distance

between the codes is likely to be, producing a greater poten-

tial improvement in interception performance by making use ofthe code structure in the interception process. This performance

improvement is, of course, only obtainable when the eaves-

dropper knows the set of allowable code words, as in well known

codes with well-established structures. If a completely random

coding scheme were employed, where any possible combination

of code chips could represent a users code word, then an eaves-

dropper could not improve its interception performance in this

way. In time-spreading/wavelength-hopping coding schemes,however, such random coding would lead to variable weight

codes, which is problematic for maintaining good cross-correla-

tion properties among multiple user codes. (Random codes are

more feasible with encoding schemes such as spectral phase en-

coding [16].)

B. Multiple Bit Combining

A further, and more dramatic, improvement in the eaves-

droppers code interception performance can be obtained by

processing and combining code transmissions from multiple

data bits. The eavesdropper can use exactly the same detector

structure as shown in Fig. 5 (with multiple channels if ),

but can accumulate samples in each of bins (Fig. 3) over

multiple data bits. (There will be total bins if .)

The eavesdropper must maintain bit synchronization so that

the same bins can be sampled repeatably on multiple data bits,

but this has already been assumed for the worst-case scenario

analysis.

The case of greatest interest for multiple bit combining

is where the transmitter uses 2-code keying, as described in

Section IV.B. Accumulating multiple bits from a 2-code keyed

O-CDMA data stream using time-spreading/wavelength-hop-

ping encoding produces the superposition of the two code

words C1 and C2 in the eavesdroppers detector. Since the

codes are designed to be as mutually orthogonal as possible, itis almost certainly possible for most codes to separate the two

individual code words from their superposition. For example,

it is quite simple to examine the superposition of two Prime

Codes and determine the individual code words, especially if

the two code words are synchronized in time (see examples on

[12, p. 46]). Note that the eavesdroppers detected superposition

of C1 and C2 will always be synchronized if they are from a

single transmitter using 2-code keying and the eavesdropper

has attained bit synchronization.

(If 2-code keying is generalized so that each user transmits

one of code words for each data bits, as mentioned

in Section IV.B, the eavesdroppers task can be made a bit morecomplicated. Choosing forces the eavesdropper to sepa-

rate several code words from a single multiple bit receiver detec-

tion rather than just two. Nevertheless, assuming that the eaves-

dropper knows the general structure of the codes in use, separa-

tion of multiple codes is almost certainly still possible in theory.

A number of variables affect a trade-off analysis of the security

of such a scheme, such as the increased energy per code word

that must be transmitted to maintain an acceptable BER with

multiple bit encoding, the increased number of code words that

must be assigned to each user, etc. A full analysis is beyond the

scope of this paper; here, we calculate the performance for the

example case of .)

The eavesdroppers detection performance against a 2-codekeying transmitter is derived in Appendix B, which shows that


10/16


Fig. 8. Eavesdroppers detection performance for two different codes.Example parameters are the same as those used for Fig. 7.

the overall probability of error-free code word detection by aneavesdropper combining the energy from data bits can be

approximated, for reasonably large , by

(7)

where is the normalized cross-correlation between different

code words (i.e., the number of bins where pulses from two code

words overlap), and and are given by

(8)

and(9)

and where is the Generalized Marcum -function,

defined as [25, p. 44]

(10)

and where denotes an th-order modified Bessel

function of thefirst kind.These results are illustrated in Figs. 8 and 9. Fig. 8 shows

the eavesdroppers detection performance against two different

codes as a function of its SNR. (Values of that produce

negligibly small values of are included in this graph to

illustrate the large degree of improvement that can be obtained

by combining relatively few bits, as discussed in the next para-

graph.) Both curves use all the same parameters as straw man

design example illustrated by thebaseline performancecurve

in Fig. 7. The solid line in Fig. 8 uses the same code used in the

straw man example, i.e., , and .

The dashed line assumes a more complex (and more difficult to

implement) code using , and .

When the more complex code is used, the user must combine101 separate detectionsincoherently, we assumeand thus

Fig. 9. Performance of multiple bit combining eavesdropper against two typesof codes.

the user combining efficiency factor decreases to about 15%.

The more complex code improves confidentiality performance

by requiring the eavesdropper to attain a higher SNR to attain a

given level of code detection performance.

Unfortunately, this improvement in confidentiality can be

overcome by the eavesdropper (at least in theory) by multiple

bit combining, as shown in Fig. 9. Fig. 9 assumes that the

eavesdropper is able to obtain an SNR of dB,

which renders its probability of correctly detecting the code

word using a single data bit negligibly low for either code

shown in Fig. 8. By combining the energy from less than 100

bits, however, the eavesdropper can attain a probability of

error-free code word detection of essentially unity, even for the

more complex code.

The results in Fig. 9 are approximate (see Appendix B), al-

though these results can, in theory, be attained when the number

ofonestransmitted by the user during the eavesdroppers col-

lection interval is exactly equal to the number ofzerostrans-

mitted in the same interval. The larger the number of bits com-

bined, the more likely this is to be true, and the closer the ap-

proximation. Thus Fig. 9 should give a reasonable, if somewhat

optimistic, estimate of the code interception performance that

could be attained by an eavesdropper with an ideal detector im-

plementation.

Table II summarizes the results from this section. It lists thevalues of per code chip required at the eavesdropper to

attain for codes of different complexities and for

different levels of bit combining.

C. Code Detection With Multiple User Signals

The preceding analysis has assumed the best case for the

eavesdropper (and worst case for the targeted user). The eaves-

dropper simply pulls off a small fraction of the user signal. The

following analysis is for a slightly different problem where the

eavesdropper receives all of the OCDMA signals simultane-

ously. One might think that the obscuration of the targeted signal

in this scenario would significantly increase the level of confi-dentiality. However, the resulting degree of confidentiality is not


11/16


TABLE IIREQUIRED

PERCODE CHIP FOR

Fig. 10. Eavesdropping with multiple user signals.

as high as it mayfirst appear, as can be seen from the following

analysis.

Consider an eavesdropper that only has access to fibers con-

taining the superposed signals from all active users. This would

be the case if the eavesdropper commandeered an authorized

user terminal, as shown in Fig. 10.

A key observation is that ifat any timethere is only one user

transmitting, then the eavesdropper can use exactly the same

code detection techniques described in previous sections. Thus

user transmissions are only confidential if there are always other

signals being transmitted simultaneously.

The situation is even less secure if transmissions use on-off

keying. For on-off keying, at any given time, it is possible that

one user will transmit a one (using its code word) and all

other users will transmitzeros(no energy). During this time,

an eavesdropper can effectively isolate the signal of the one

user transmitting and use the same techniques described above.

Furthermore, the eavesdropper could easily monitor the overall

power level received on each bit to estimate when a single useris transmitting energy, since the level of energy in the channel

is directly proportional to the number of users. (In a broadcast

star topology, power is likely to be controlled to achieve roughly

equal powers among users at the input to the coupler. If this is

not the case, an eavesdropper could still monitor overall power

and attempt detections when relatively low total power is de-

tected. Some of these detections may contain multiple signals,

but these could be tested and discarded, and the remaining de-

tections would still contain valid code words for a single user.)

This situation is simple to quantify. Consider a number of si-

multaneous transmissions, , each of which is O-CDMA en-

coded and modulated using OOK. Each operates at data rate

bits/s. The simpler calculation is when all users transmit syn-

chronously (i.e., the beginning and ending time for transmis-

sion of each bit is the same for all users). In this case, assumingequally likelyonesandzeros, the probability that a specific

user transmits aone during a given bit period is , and the

probability that all other users transmit zeros during the

same bit period is . Assuming that the value of each data

bit is independent of other data bits and independent of other

usersbits, the probability that a specific user transmits aone

while all others transmitzeroson any particular bit is simply

the product of these two probabilities, or . Thus, for each

user, the expected amount of time that the eavesdropper must

wait between isolated transmissions of that users code word is

.

A similar calculation can be done for nonsynchronized user

transmissions. In this case, when one user transmits a one,all

other users may transmit fractions of two consecutive bits

during the transmission time of theonebit due to the lack of

synchronization among users. For the eavesdropper to isolate a

singleuser, the other users musteach transmittwoconsec-

utivezerosduring the period of overlap with the single users

one bit. At any given point in time, the probability that a single

user will be transmitting aoneis , and the probability that

all other users transmit zeros for the two overlapping bits is

. The probability of these two events occurring simul-

taneously is the product of these two probabilities, or ,

and the expected time that an eavesdropper would have to wait

between isolations for a particular user is . The ex-pected time for an eavesdropper to hear each users code word


12/16


Fig. 11. Code word isolation rates for OOK transmitters at 100 Mbps.

transmitted alone once vs. the number of simultaneous transmit-

ters is shown in Fig. 11 for an example data rate of

Mbits/s.

Since the users are not synchronized among themselves,

an eavesdropper probably cannot attain either bit or code pulse

synchronization for a particular user, which was assumed in

the analysis in previous sections. However, neither bit nor code

pulse synchronization is strictly required for detecting a users

code (although assuming synchronization greatly simplifies

the quantitative calculation of code detection performance).

Bit sync is not required because, under the aforementioned

assumptions, one data bit duration is guaranteed to contain

the entire code, albeit starting from an unknown point in the

code. This makes the eavesdroppers task more difficult, butnot impossible, since the eavesdropper may detect code pulses

over one bit duration and then sequentially search through

all possible time shifts over a single bit time to find the right

code word. The number of possible time shifts is not likely

to be a significant obstacle to a brute force search. Similarly,

code pulse synchronization is not strictly required, since the

eavesdropper could employ techniques similar to those radar

pulse detection (where the time of return of the radar pulse is

unknown). These techniques generally entail faster sampling of

the signal by a factor of 2 or 3 over the approach quantified in

previous sections, again making the eavesdroppers job more

difficult, but not, theoretically at least, impossible.

D. Code Reconfiguration

As mentioned in Section III-B, a transmitter could attempt to

increase confidentiality by changing its code words frequently.

The preceding analysis shows that the reconfiguration rate re-

quired to insure that a code-detecting eavesdropper could not

detect long strings of data depends on the SNR at the eaves-

dropper. If the eavesdropper could attain a relatively high SNR,

then he could, in theory, detect the new codes by processing a

single data bit, and could use the detected code to demodulate

every subsequent bit until the code were changed again. In thiscase, strong confidentiality could only be attained by changing

the code on every single bit in a random way, such that the eaves-

dropper would not know, on a given data bit, whether the de-

tected code word represented aoneor azero.

Lower SNRs would require the eavesdropper to process mul-

tiple data bits to correctly detect the code. If the transmitter

changed the code words more frequently than they could be cor-

rectly detected, then confidentiality could be significantly in-creased. However, code reconfiguration rates would probably

need to approach the data rate to achieve a strong assurance of

confidentiality, since the eavesdroppers advantage from com-

bining multiple data bits increases quite rapidly, as shown in

Fig. 9. In addition, the transmitters codes would need to be

changed in a way that could not be predicted or guessed by

an eavesdropper. In other words, the code reconfiguration gen-

erator would need to have characteristics much like those of a

cryptographic keystream generator.

VI. DISCUSSION

A. Practical Implementation Considerations

The practical degree of confidentiality provided by

time-spreading/wavelength-hopping encoding will depend

on both the users ability to implement complex codes and the

eavesdroppers ability to implement the described interceptor

structure or similar ones. Since each data bit must be subdi-

vided into time slots, the complexity of such codes is clearly

limited for high data rate systems. Assuming a desired user

data rate of 1 Gbit/s, the codes assumed in Figs. 69 require

individual code pulse durations of roughly 1 ps

and 100 fs . These must be correspondingly

shorter for higher data rates. Implementing codes this complex

is taxing given the current state of the art. Similarly, a code withwavelengths may be implementable, but may prove

cumbersome at the least from a practical point of view.

The implementability of the required detector structures for

the eavesdropper is also a significant issue. Reasonable approx-

imations to the required optical matched filters are currently

available, and should not pose great difficulty for modest num-

bers of different encoding wavelengths. But time-sampling the

envelope-detected outputs of these filters quickly and accurately

enough is quite difficult. For example, if sampling were done in

real time for a user signal at 1 Gbit/s and , each wave-

length channel would have to be sampled at a rate of nearly 1

THz. Real-time sampling technology is currently available atrates of 20 GHz (for 8-bit samples) in commercial, off-the-shelf

oscilloscopes. This is well short of the required THz rate for the

previous example.

A number of possibilities exist for increasing the effective

sampling rate, however. The technique of equivalent time

sampling is currently used in high-bandwidth sampling os-

cilloscopes, and allows very high effective sampling rates.

Optical means for equivalent time sampling have also been

demonstrated [30]. These techniques require good time syn-

chronization and moderately large numbers of input sampling

passes (each sample would be taken from a different data bit,

in the code interception context). This would significantly

increase the time required to process and detect a given codeword.


13/16


14/16


assuming that a single data bit is processed. Each sample is com-

pared with a threshold to decide whether or not a code pulse is

present in the corresponding bin.

Assuming the energy transmitted per code pulse is , the

total energy transmitted per data bit is . The au-

thorized users receiver is assumed to produce additive white

Gaussian thermal noise of double-sided spectral density .The eavesdropper has an equivalent receiver noise of spectral

density , which is also assumed to be white and Gaussian.

Let represent the ratio of the eavesdroppers

receiver noise density to the authorized users receiver noise

density.

The total effective energy per data bit received at the autho-

rized users receiver from the desired user signal is given by

(A1)

where represents the users efficiency for combining the en-

ergy from multiple code pulses. for coherent detectionand combining, and is between zero and one for incoherently

detected and combined signals.

As described previously, the eavesdropper must make deci-

sions in each time/wavelength bin as to whether or not a code

pulse was transmitted. Given that a code pulse is transmitted in

a particular bin, the amount of energy received by the eaves-

dropper in that bin is given by

(A2)

where the second equality makes use of (A1).

The eavesdroppers effective SNR for an individual

time/wavelength bin detection decision is . Com-

bining all factors defined so far gives

(A3)

If a particular maximum BER level is specified for the au-

thorized users in the network, the eavesdroppers received SNR

(per code pulse) can be related to the required SNR (per bit) of

the authorized users as follows. Since the BER of an authorized

user is some monotonically decreasing function of the

given in (5), setting a maximum BER specification is equivalentto setting a minimum value of . We denote this value by

.

The eavesdroppers SNR can be related to as

a function of the relative levels of the MUI noise term and the

receiver noise term (5). Defining the parameter as the ratio of

the receiver noise to the total noise gives

(A4)

We can then write either

(A5)

or, alternatively

(A6)

Substituting the result of (A6) into (A3) and rearranging terms,

we get

(A7)

which directly relates the eavesdroppers SNR to the minimum

SNR that the authorized users must have to meet some BER

specification.

The parameter may vary between zero and one. (Arbi-

trarily setting to a value outside this range requires that one

of the spectral densities in (A4) be negative, which is not al-

lowed by the definition of power spectral density.) For a fixed

value of , and assuming that is fixed by the

receiver implementation, (A6) implies that must increase as

the total transmitted energy per data bit decreases. Minimizing

each users transmitted power thus implies maximizing . Set-

ting thus gives the minimum possible value of the eaves-

droppers SNR for a given maximum BER specification. Since

the eavesdroppers probability of correctly detecting a users

code word is a function of this SNR, this implies that for a given

there isa limit to the degreeof confidentiality that

can be obtained [for a given set of the system design and coding

parameters in thefirst term of (A7)].

Atthe other end ofthe range,setting produces the case

where receiver noise is completely negligible compared with the

MUI noise term (A4). This situation can be approached if each

user transmits at high power levels. Note that the eavesdroppersSNR becomes arbitrarily large as approaches zero.

The form of the trade between system capacity and confiden-

tiality can be made plain by introducing one further approxima-

tion. Assuming that the MUI noise from each interfering user

adds incoherently in an authorized users receiver and is roughly

proportional to the number of active transmitters, we obtain

(A8)

where is the number of active users and is the equiva-

lent noise spectral density contributed by each user. Substituting

(A8) into (A5) gives

(A9)

Let be the theoretical maximum number (assuming

, i.e., that ) of simultaneous users that

can be active and still maintain a BER that meets the system

performance specification. The maximum data carrying ca-

pacity of the network is multiplied by the data rate of an

individual user. Setting in (A9) and replacing with

gives the relationship between and for

ideal, noiseless receivers as

(A10)


15/16


Combining (A9) and (A10), solving for , and substituting the

result in (A7) yields

(A11)

This equation relates all the various system design factors (the

first bracketed term), the number of active users relative to the

maximum theoretical number (the second term), and the SNRs

of both the eavesdropper and the authorized users. Its interpre-

tation is discussed in the main body of the paper.

APPENDIX B

This Appendix derives the statistics of the decision variables

for a code detecting eavesdropper combining the energy from

multiple transmitted data bits. Assume that the eavesdropper in-

coherently5 combines the energy from data bits for each code

word detection. As described in Appendix A, time samples from

an envelope-detected optical matched filter output are taken ineach of the time bins illustrated in Fig. 3. For each transmitted

data bit, the eavesdropper collects total samples. Let the

sample from the th bin of the th data bit be denoted by .

For each of the bins, the eavesdropper forms the statistic

(B1)

For each transmission of data bits, of the bits will rep-

resent ones (codeword C1) and of them will rep-

resentzeros (codeword C2), where is a binomially dis-

tributed random variable whose expected value is . The

probability distribution of each sample, , will thus depend on

the valueof . For relativelylargevalues of , wecan approx-

imate by its expected value and determine the probability

distributions of . First, assume that the codewords C1 and

C2 overlapi.e., both have energy pulses in the same binin

locations. ( must be small for acceptable orthogonality

among different users.) There will then be

bins in which no code pulses are transmitted, and whose sta-

tistics reflect noise only. For these bins, has a Chi-square

distribution with degrees of freedom. There will also be

bins where C1 and C2 overlap. These bins will have signal en-

ergy on each transmitted data bit, and will have a noncen-

tral Chi-square distribution with degrees of freedom andnoncentrality parameter of . There will be bins

that have signal energy only on bits where C1 is transmitted.

For these bins, will have a noncentral Chi-square distribu-

tion with degrees of freedom and noncentrality parameter of

. Finally, therewillbe binsthat have signal energy

only when C2 is transmitted, and these have a noncentral

Chi-square distribution with degrees of freedom and non-

centrality parameter . (See [25] and [22] for more

detailed discussion on these probability distributions and how

5

The structure of Fig. 5 implies that the combining will be incoherent. If a co-herent matchedfilter detector were implemented, more efficient coherent com-bining of the energy from multiple bits could be accomplished.

they apply to the envelope detected output of optical matched

filters.) Using the previous approximation that for

large , the distributions of the bins with signal energy

from C1 only and the bins with signal energy from C2

only are the same.

Each variable is compared to a decision threshold, , to

determine whether or not a code pulse is present in bin . Thethreshold is assumed to be optimized to minimize the overall

probability of error, making use of the approximation that

. The probability of error given that no pulse was actually

transmitted in bin is

noise (B2)

The probability of error given that signal energy from either

C1 or C2, but not both, have accumulated in bin is

C1orC2 (B3)

where and is the Generalized Marcum -function,

defined as [25, p. 44]

(B4)

where denotes an th order modified Bessel

function of thefirst kind.

The probability of error given that signal energy from both

C1 and C2 have accumulated in bin is

C1andC2 (B5)

Following the notation of (1)(3), we have

noise (B6)

The probability of error in (B5) will generally be much lower

than the probability of error from (B3), in which case, we have

C1orC2 (B7)

The eavesdroppers overall probability of detecting an error-

free code word is then given by

(B8)

since there are total bins where some signal energy

has accumulated and total bins where only

noise has been accumulated.

Note that if is significantly different from , the

signal noisebins where energy has been accumulated from

one code word will have a significantly higher thanthesignal noise bins where energy has accumulated from


16/16


the other code word, since moreone bits were accumulated

thanzerobits (orvice versa). In this case, the probability of

error-free code word detection would be somewhat lower than

that given by (B8).

ACKNOWLEDGMENT

The author would like to acknowledge the many usefuldiscussions concerning this work with other staff members

at Lincoln Laboratorys Communications and Information

Technology Division, most especially Dr. P. A. Schulz, who

has had a substantial influence on the work reported here.

REFERENCES

[1] N. Karafolasand D. Uttamcandani, Optical fiber code division multipleaccess networks: A review, Optical Fiber Technol., vol. 2, pp. 149168,1996.

[2] K. Iverson and D. Hampicke,Comparison and classification of all-op-tical CDMA systems for future telecommunication networks,in Proc.SPIE, vol. 2614, 1995, pp. 110121.

[3] L. Tancevski, I. Andonovic, and J. Budin, Secure optical network ar-

chitectures utilizing wavelength hopping/time spreading codes, IEEEPhoton. Technol. Lett., vol. 7, no. 5, pp. 573575, May 1995.

[4] P. Torres, L. C. G. Valente, and M. C. R. Carvalho,Security system foroptical communication signals with fiber bragg gratings,IEEE Trans.

Microwave Theory Tech., vol. 50, no. 1, pp. 1316, Jan. 2002.[5] D. D. Sampson, G. J. Pendock, and R. A. Griffin, Photonic code-di-

vision multiple-access communications, Fiber Int. Opt., vol. 16, pp.129157, 1997.

[6] W. Ford, Computer Communications Security. Upper Saddle River,NJ: Prentice-Hall, 1994, ch. 2.

[7] M. K. Simon, J. K. Omura, R. A. Scholtz, and B. K. Levitt, SpreadSpectrum Communications. Rockville, MD: Computer Science Press,1985.

[8] D. R. Stinson,Cryptography. Boca Raton, FL: CRC, 1995, ch. 2.[9] B. Schneier,Applied Cryptography, 2nd ed. New York: Wiley, 1996,

pp. 89.

[10] N. Ferguson and B. Schneier, Practical Cryptography. Indianapolis,IN: Wiley, 2003.[11] J. A. Salehi,Code division multiple-access techniques in optical fiber

networksPart I: Fundamental principles,IEEE Trans. Commun., vol.37, no. 8, pp. 824833, Aug. 1989.

[12] G.-C. Yang and W. C. Kwong,Prime Codes. Belmont, MA: ArtechHouse, 2003.

[13] S. V. Marhic, Z. I. Kostic, and E. L. Titlebaum,A new family of op-tical code sequences for use in spread spectrum fiber-optic local areanetworks,IEEE Trans. Commun., vol. 41, no. 8, pp. 12171221, Aug.1993.

[14] H. Fathallah, L. A. Rusch, and S. LaRochelle,Passive optical fast fre-quency-hop CDMA communications system, J. Lightwave Technol.,vol. 17, no. 3, pp. 397405, Mar. 1999.

[15] M. Kavehrad and D. Zaccarin,Optical code-division-multiplexed sys-tems based on spectral encoding of noncoherent sources,J. LightwaveTech., vol. 13, no. 3, pp. 534545, Mar. 1995.

[16] J. A. Salehi, A. M. Weiner, and J. P. Heritage, Coherent ultrashortpulse code-division multiple access communication systems,J. Lightw.Technol., pp. 478491, Mar. 1990.

[17] T. Ojanpera and R. Prasad, Eds.,Wideband CDMA for Third GenerationMobile Communications . Belmont, MA: Artech House, 1998, p. 110.

[18] C. W. Helstrom,Statistical Theory of Signal Detection, 2nd ed. NewYork: Pergamon, 1968.

[19] W. C. Kwong, P. A. Perrier, and P. R. Prucnal, Performance comparison

of asynchronous and synchronous code-division multiple-access tech-niques forfiber-optic local area networks,IEEE Trans. Commun., vol.39, no. 11, pp. 16251634, Nov. 1991.

[20] M. I. Skolnick, Introduction to Radar Systems, 3rd ed. Boston, MA:McGraw-Hill, 2001.

[21] P. A. Humblet, Design of optical matched filters, in Proc. IEEEGLOBECOM91, vol. 2, Dec. 25, 1991, pp. 12461250.

[22] P. A. Humblet and M. Azizoglu,On the bit error rate of lightwave sys-tems with optical amplifiers, J. Lightw. Technol., vol. 9, no. 11, pp.15761582, Nov. 1991.

[23] B. R. Mahafza, Radar Systems Analysis and Design UsingMATLAB. Boca Raton, FL: Chapman Hall/CRC, 2000.

[24] S. B. Alexander, Optical Communication Receiver De-sign. Bellingham, WA: SPIE Opt. Eng. Press, 1997.

[25] J. G. Proakis,Digital Communications, 3rd ed. Boston, MA: McGraw-Hill, 1995.

[26] A. J. Viterbi, CDMA: Principles of Spread Spectrum Communica-

tion. Reading, MA: Addison-Wesley, 1995.[27] T. Ojanpera and R. Prasad, Eds.,Wideband CDMA for Third Generation

Mobile Communications . Belmont, MA: Artech House, 1998.[28] L. Tancevski and I. Andonovic,Wavelength hopping/time spreading

code division multiple access systems,Elect. Lett., vol. 30, no. 17, pp.13881390, Aug. 1994.

[29] T. H. Shake,Confidentiality performance of spectral phase encodedoptical CDMA,J. Lightw. Technol., 2005, to be published.

[30] Y. Han and B. Jalali, Photonic time-stretched analog-to-digital con-verter: Fundamental concepts and practical considerations, J. Lightw.Technol., vol. 21, no. 12, pp. 30853103, Dec. 2003.

Thomas H. Shake (M94) wasborn in Syracuse,NY,in 1957. He received the B.S. degree from SyracuseUniversity in 1980 and the M.S. degree from the Uni-

versity of California, Berkeley, in 1981, both in elec-trical engineering.

He has been a Member of the Technical Staffat Massachusetts Institute of Technology, LincolnLaboratory, Lexington, MA, since March 1982. Heis currently assigned to the Advanced Networks andApplications Group. His work at Lincoln Laboratoryhas included research and development in various

aspects of communication systems and data networks, including militarysatellite system analysis and design, interactions between space-based andterrestrial communication networks, and network security in heterogeneous

environments. His current research interests include optical network architec-ture, network and communications security, high-precision network timing,and optical communication waveform design.

2005-security performance of optical cdma against eavesdropping.pdf

Documents