全光网络光层安全问题研究

主要探讨了与全光网络的光层有关的安全管理问题,对全光网络的结构作了较为详细的介绍,在对全光网络光层的安全特征分析的基础上,总结了全光网可能遭到的恶意攻击的三种方式,针对不同的攻击方式提出了一些解决办法,并对这些方法的优缺点作了分析比较。     

全光网络的安全及防范分析

介绍全光网络的发展和特点,分析全光网络存在的脆弱性,列举全光网络可能遭受的多种攻击,进一步分析全光网中不同网络层的安全技术.提出一种基于现有公用WDM光网络的安全传输方案,最后讨论全光网络安全技术的发展趋势.     

光网络安全及防范技术研究

本文首先分析了全光网络与传统网络的主要区别及不同特点,提出对全光网络的安全问题必须重新认识,并列举了几种全光网络可能受到的攻击。分析了光网中不同网络层上的不同的安全防范技术,给出了几种对光网络的不同网络层攻击有效的保护方法。最后在此基础上分析了光网络安全研究的发展趋势。     

全光网络的安全性探讨

全光网络通过渡长路由为用户提供一个透明的光路,因此带来了许多安全性问题.袭击者往往根据全光网的弱点进行业务干扰和分光窃取信号.文章主要探讨了与全光网络的光层有关的安全管理问题.在对全光网络的安全特征进行分析的基础上,介绍了全光网可能遭到的恶意攻击的3种方式.针对不同的攻击方式提出了一些解决办法,并对这些方法的优缺点作了分析比较.     

全光通信网安全问题初探

本文介绍了全光通信网(AON)的概念。研究了全光网络中光层可能遭到的两种网络攻击:服务玻坏和网络窃听以及对网络通信安全的影响。提出了全光网络安全的考虑方法和可以采取的安全策略。     

全光网络的安全技术研究

首先介绍了全光网络的发展以及特点,并根据其特点分析了全光网络面临的安全问题,然后从全光网络中不同层面提出了相应的安全防范技术,列举出一系列安全措施。最后针对全光网络的安全问题提出了目前3种实施方案：基于光码分多址技术增强光传输安全性的方案、基于混沌密码技术的全光网络安全解决方案以及量子密码技术在全光网络安全中的应用,并对其进行了简要分析。     

光纤传感器在全光网络安全及防范措施中的应用

在对全光网络存在的安全问题分析的基础上,总结了现存的攻击方法,讨论了光纤传感器在全光网络安全及防范措施中应用,在现有的理论模型基础上提出一种新型的全分布式光纤传感器模型,最后分析了该方案解决全光网络安全隐患的有效性.     

多粒度全光网中的多层联合路由

多粒度交换技术利用波带级路由以及光纤级路由，可有效降低光交叉连接器的复杂度。但多粒度交换增加了光网络的逻辑层次结构，使得网络中的路由与资源分配问题更为复杂，因此，在多粒度全光网中实现多层联合路由是提高网络性能的关键。本文对多粒度交叉连接结构进行了分析，并对多粒度全光网中的多层联合路由问题进行了研究。     

动态业务条件下多粒度全光网性能分析与研究

多粒度交换技术利用波带级路由以及光纤级路由，可有效降低光交叉连接的复杂度，但多粒度交换增加了光网络的逻辑层次结构，便得网络中的路由与资源分配问题更为复杂，多粒度全光网中的多层联合路由机制是影响网络性能的关键。本文对动态业务下多粒度全光网中的资源分配策略进行了深入研究，比较了采用不同节点交换比例时网络的阻塞性能，分析了不同业务量时多粒度交叉连接节点的最佳波带粒度，并结合经济性对多粒度全光网的性能进行了综合分析。     

光网络中强光攻击与防护研究

针对光网络中的强光攻击问题,提出了全光网络光器件强光安全性急需研究的关键问题,给出了五种光器件防护方案.利用这些方案,可以将强光的危害局限到一个光再生段的光纤范围内.     

Fault and attack management in all-optical networks

Network management for optical networks faces additional security challenges that arise by using transparent optical network components in communication systems. While some available management mechanisms are applicable to different types of network architectures, many of these are not adequate for all-optical networks. These have unique features and requirements in terms of security and quality of service, thus requiring a much more targeted approach in terms of network management. In this article we consider management issues with particular emphasis on complications that arise due to the unique characteristics and peculiar behaviors of transparent network components. In particular, signal quality monitoring is still a major complication in all-optical networks. Despite new methods for detection and localization of attacks having been proposed, no robust standards or techniques exist to date for guaranteeing the quality of service in these networks. Therefore, sophisticated mechanisms that assist in managing and assessing the proper function of transparent network components are highly desirable. Accordingly, we present an algorithm for multiple attack localization and identification that can participate in some tasks for fault management of all-optical networks     

Cross-talk attack monitoring and localization in all-optical networks

The effects of an attack connection can propagate quickly to different parts of an all-optical transparent network. Such attacks affect the normal traffic and can either cause service degradation or outright service denial. Quick detection and localization of an attack source can avoid losing large amounts of data in an all-optical network. Attack monitors can collect the information from connections and nodes for diagnostic purpose. However, to detect attack sources, it is not necessary to put monitors at all nodes. Since those connections affected by the attack connection would provide valuable information for diagnosis, we show that by placing a relatively small number of monitors on a selected set of nodes in a network is sufficient to achieve the required level of performance. However, the actual monitor placement, routing, and attack diagnosis are challenging problems that need research attention. In this paper, we first develop our models of crosstalk attack and monitor node. With these models, we prove the necessary and sufficient condition for one-crosstalk-attack diagnosable networks. Next, we develop a scalable diagnosis method which can localize the attack connection efficiently with sparse monitor nodes in the network.     

QoS Recovery Schemes Based on Differentiated MPLS Services in All-Optical Transport Next Generation Internet

The Internet is evolving from best-effort service toward an integrated or differentiated service framework with quality-of-service (QoS) assurances that are required for new multimedia service applications. Given this increasing demand for high bandwidth Internet with QoS assurances in the coming years, an IP/MPLS-based control plane combined with a wavelength-routed dense wavelength division multiplexing (DWDM) optical network is seen as a very promising approach for the realization of future re-configurable transport networks. Fault and attack survivability issues concerning physical security in a DWDM all-optical transport network (AOTN) require a new approach taking into consideration AOTN physical characteristics. Furthermore, unlike in electronic networks that regenerate signals at every node, attack detection and isolation schemes may not have access to the overhead bits used to transport supervisory information between regenerators or switching sites to perform their functions. This paper presents an analysis of attack and protection problems in an AOTN. Considering this, we propose a framework for QoS guarantees based on the differentiated MPLS service (DMS) model and QoS recovery schemes against QoS degradation caused by devices failures or attack-induced faults in an AOTN. We also suggest how to integrate our attack management model into the NISTs simulator—modeling, evaluation and research of lightwave networks (MERLiN).     

Multiple attack localization and identification in all-optical networks

The security characteristics of currently emerging all-optical networks display many unique features compared to traditional communication networks. In particular, network transparency raises many security vulnerabilities that differ substantially from conventional failures and should therefore be treated differently. One of the serious problems related to transparency lies in the fact that optical crosstalk is additive and can be exploited to perform service disruption attacks upon the network. Since these attacks can spread rapidly through the network, causing additional problems and triggering multiple alarms, they must be detected and identified at any point in the network where they may occur. However, to monitor all wavelength channels at several detection points into any node is likely to be very expensive. In this paper we provide formal specifications for optical crosstalk that can arise in optical cross-connect nodes. Based on these specifications, we propose an algorithm for localizing the sources of multiple attacks and identifying their nature in all-optical networks.     

无线传感器网络路由协议安全性研究

无线传感器网络的特性使它面临着比传统网络更大的安全挑战。路由协议作为无线传感器网络的关键因素,其安全更为重要。介绍了无线传感器网络路由协议分类及其脆弱性,分析了几种网络路由协议的攻击方法,阐述了网络路由协议的安全策略。     

基于簇的分布式认知无线电网络安全体系结构

针对认知无线电网络中出现的模仿主用户攻击和自私行为攻击问题,提出一种基于簇的分布式认知无线电网络安全体系结构.这种安全体系结构通过采用数据加密和认证等安全技术解决无线网络中原有的安全问题,通过在主用户基站与认知用户间使用Hash匹配技术可解决模仿主用户攻击问题,通过簇头向目的节点发送转发节点的可用频谱信息可解决自私行为攻击问题.由分析可知该安全体系结构是安全、高效和可行的.     

On the trail of intrusions into information systems

The importance of information system security, particularly as it applies to the Internet, is obvious. Each day the news media report yet another security breach-sometimes a localized single crime or prank at others, a denial-of-service attack affecting millions of people. As electronic commerce becomes increasingly pervasive, the subject can only become more critical. One of the more interesting techniques for enhancing information system security is detecting that an intrusion has taken place. Although intrusion-detection systems have been a part of the information security landscape for over 25 years, their proper role in the overall security picture is often misunderstood. They are not preventative security measures. Most often, they are used as active security mechanisms in conjunction with other (passive) information assurance processes like firewalls, smart cards, and virtual private networks. In practice, an intrusion-detection system (IDS) attempts to detect attacks or attack preparations by monitoring either the traffic on a computer network or the application or operating system activities within a computer. Once such behavior is detected, the IDS may alert a security administrator or it may invoke an automated response (such as closing down external communication paths or initiating a mechanism to trace the source of an attack). If an IDS detects attack behavior soon enough, it might be able to invoke a response to thwart the attack.     

光通信网物理层全光异或加解密技术研究

针对目前光通信保密系统中基于电信号处理的流密码加解密技术的局限性,提出基于全光信号处理的加解密技术;对几种典型的全光异或加密方案进行了研究,介绍了各自的工作原理、特点及研究进展;利用OptiSystem软件搭建了基于SOA-MZI(半导体光放大器-马赫-曾德干涉仪)异或门的全光加解密系统仿真模型,并基于HNLF(高非线性光纤)的自相位调制效应设计了一个优化结构对系统进行优化。研究表明:全光加解密技术具有优良的特性,能使整个光通信保密系统运算速率更高,传输更安全。