Optical Switching and Networking 3 (2006) 4149 www.elsevier.

com/locate/osn

Multiple attack localization and identication in all-optical networks

R. Rejeb , M.S. Leeson, R.J. Green
School of Engineering, University of Warwick, Coventry CV4 7AL, United Kingdom Received 4 April 2005; received in revised form 5 December 2005; accepted 20 December 2005 Available online 30 January 2006

Abstract The security characteristics of currently emerging all-optical networks display many unique features compared to traditional communication networks. In particular, network transparency raises many security vulnerabilities that differ substantially from conventional failures and should therefore be treated differently. One of the serious problems related to transparency lies in the fact that optical crosstalk is additive and can be exploited to perform service disruption attacks upon the network. Since these attacks can spread rapidly through the network, causing additional problems and triggering multiple alarms, they must be detected and identied at any point in the network where they may occur. However, to monitor all wavelength channels at several detection points into any node is likely to be very expensive. In this paper we provide formal specications for optical crosstalk that can arise in optical cross-connect nodes. Based on these specications, we propose an algorithm for localizing the sources of multiple attacks and identifying their nature in all-optical networks. c 2006 Elsevier B.V. All rights reserved.
Keywords: All-optical networks; Fault management; Optical crosstalk; Optical network security

1. Introduction All-optical networks (AONs) offer the promise of increased capacity, exibility and scalability compared to the optical networks that are currently being operated. In particular, they provide transparency capabilities and new features that allow the routing and switching of trafc without any examination or modication of signals within the network. AONs contain only transparent optical components and therefore differ to a large extent from current optical networks. Due to this specic variation, AONs have unique features and requirements in terms of security and Quality of Service (QoS) that require a highly targeted approach
Corresponding author.

E-mail addresses: R.Rejeb@warwick.ac.uk (R. Rejeb), Mark.Leeson@warwick.ac.uk (M.S. Leeson), Roger.Green@warwick.ac.uk (R.J. Green). 1573-4277/$ - see front matter c 2006 Elsevier B.V. All rights reserved. doi:10.1016/j.osn.2005.12.001

in terms of fault management [1]. Although the job of fault management for AONs is essentially no different from that of traditional optical networks, numerous management issues arise because of the aforementioned network transparency and the unique characteristics of AON components. Whilst some of the available control and management mechanisms are applicable to different types of network architectures, many of them are not adequate for AONs, and this aspect must therefore be thoroughly considered and carefully addressed [2,3]. The specic AON features require more sophisticated techniques and methods for managing the network, controlled with an appropriate Network Management System (NMS) that can meet the challenges posed by AONs [1]. One of the main complications of fault management for AONs is that detection methods, which should be handled at the OSI layer closest to the failure, are

42

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

delegated to the physical layer instead of the higher layers. That is, fault detection and localization methods are less insulated from details of the physical layer than of higher layers, requiring the availability of expert diagnostic techniques to measure and control the smallest granular component, the wavelength channel. Moreover, fast and accurate determination of the various performance measures of a wavelength channel implies that measurements have to be done while leaving the signal in the optical domain [13]. Recent proposals for overcoming the difculty of monitoring the continuity and estimating the signal quality include error detecting codes, sampling and spectral methods [4,5]. However, most of these are too difcult to implement in every AON component or require access to the electrical domain. Since the key performance parameters associated with a lightpath,1 such as the bit error rate (BER), can only be monitored when the signal is available in the electrical domain, some methods have been proposed for adapting schemes for digital communications [69], providing new approaches for fault detection and localization in AONs. In particular, these methods consider only networks where a wavelength channel must be monitored at several detection points into any node. However, to monitor all wavelength channels at several detection points into any AON node is likely to be a very expensive solution. In this paper, we show that monitoring information for any propagating lightpath, on the input and output sides of any Optical Cross-Connect (OXC) node, is sufcient to localize the sources of multiple attacks and to identify their nature in AONs. We rst provide an overview of AON vulnerabilities to attacks. Then we dene a generic model for OXC nodes. Next, we specify the characteristics of optical crosstalk that may arise in OXC nodes from AON components that they employ. Based on these specications, we propose the key concepts of the Multiple Attack Localization and Identication (MALI) algorithm. Finally, we present an attack propagation example to gain a clear quantitative understanding of the process ow of this algorithm. 2. AON vulnerabilities to attacks Although network transparency offers many advantages for high data rate communications, it brings forth a set of new challenges in terms of network security, which do not exist in traditional networks. By their
1 A lightpath is dened as an end-to-end optical connection between a source and a destination node.

nature, AON components are particularly vulnerable to various forms of disruption attacks. These can be broadly grouped into three main categories [8]: 1. Service denial the signal is disrupted by the attacker(s). 2. QoS degradation the attacker overpowers legitimate optical signals with attack signals. 3. Trafc analysis the attacker passively analyses trafc on the network. In particular, denial of service and QoS degradation attacks must be detected and identied at any point in the network where they may occur. Moreover, the speed of attack detection and identication must be commensurate with the data transmission rate because [2]: 1. The high data rates ensure that large amounts of data can be compromised in a short time. 2. The large network latency causes large amounts of data to be in transit at any one instance. 3. An attack, which is erroneously identied as a failure, can spread rapidly through the network. 4. Inappropriate action might be taken by the NMS if attacks are not identied at all nodes. Furthermore, transparency in AONs may also introduce signicant miscellaneous transmission impairments such as crosstalk, amplied spontaneous emission noise, and gain competition [10]. As a result, these impairments aggregate and can impact the signal quality as it progresses towards its destination, so that the received signal at the receiver end might become unacceptably large. There are several methods that can be used to implement attacks upon AONs. These include ber attacks (ber cuts), power jamming attacks (within optical ampliers), crosstalk attacks (within routing and switching nodes) and correlated jamming attacks (tapping attacks) [8]. In particular, crosstalk attacks, which are of interest for us in this paper, have higher damage capabilities and therefore can be exploited to perform service disruption attacks upon the whole network. This is because optical crosstalk is additive, and thus the aggregate effect of crosstalk over a whole AON may be more nefarious than a single point of crosstalk. 3. Optical cross-connect nodes An OXC node is the essential key network element enabling recongurable optical networks, where lightpaths can be set up and taken down as needed without having to be statically provisioned. A typical

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

43

Fig. 1. Typical structure of an OXC node. The node consists of n wavelength demultiplexers on the input side, m optical space switches, and n multiplexers on the output side.

structure of an OXC node is shown in Fig. 1. The node consists of n wavelength demultiplexers on the input side, m optical space switches,2 and n multiplexers on the output side. On each incoming ber, m wavelengths are separated using a wavelength demultiplexer. The outputs of the demultiplexers are directed to the optical switches, so that the outputs having the same wavelength are directed to the same switch. Then, they are directed to multiplexers associated with output ports. Finally, the multiplexed output is sent to an output ber. However, while cross-connecting wavelengths from input to output bers, these AON components introduce crosstalk effects that can seriously impact the transmission performance. 3.1. OXC node model For convenience in the discussions to follow, we now state the following notation and assumptions that we will use in the remainder of this paper. Let p(k ) denote a lightpath with wavelength k . Let P denote the set of all established lightpaths in the network. Hence, we dene an OXC node as a 7-tuple ( F, W , D , S , M , , ), where F = { F1 , F2 , . . . , Fn } is a nonempty nite set of ber ports; W = {1 , 2 , . . . , m } is a nonempty nite set of wavelengths;
2 In this OXC node model architecture, one switch is used for switching the same-wavelength channels.

D = { D1 , D2 , . . . , Dn } is a nonempty nite set of demultiplexers; S = { S1 , S2 , . . . , Sm } is a nonempty nite set of optical switches; M = { M1 , M2 , . . . , Mn } is a nonempty nite set of multiplexers; : F W P {0 } (connection state function); : F W {0, 1, 2, 3, . . .} (wavelength channel state function). The connection state function, , is a key function in this OXC node model. Specically, it is responsible for determining the current connection state of established lightpaths that propagate through the node. It is given by an n m matrix, with nonzero elements, when a lightpath propagates through the OXC node. The wavelength channel state function, , is responsible for updating the health and current status of any established lightpath passing through the node. It is specied by an n m matrix with nonzero elements where a propagating lightpath is disturbed. The required monitoring information and measurements can be correlated locally at each node or acquired from remote monitoring nodes3 as proposed in [11] and [12]. Thus, this OXC node model relies on a reliable management system and calls for the following monitoring requirements:
3 For example, in sparsely network model, due to many reasons such as cost, performance, and feasibility, only some specic nodes are selected for monitoring the total health of the network.

44

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

1. All trafc passing through an OXC node can be monitored, including the trafc that originates and terminates at the node itself. 2. The monitoring methods are able to detect any service disruption, even subtle performance degradation, on the input/output side of any OXC node in the network. 3. An arbitrary lightpath p that propagates through an OXC node can have a status indicating the current level of its signal quality. For example: Level 0 indicates that the signal quality of p has an acceptably high level. Level 1 indicates that the signal quality of p is degraded but still acceptable. Level 2 indicates that the signal quality of p is degraded and is becoming critically poor. Level 3 indicates that the signal quality of p is seriously degraded to the point of unacceptability. 3.2. Crosstalk in OXC nodes Two main crosstalk mechanisms have been identied in OXC nodes [1315]. One is due to the nonideal response of the wavelength demultiplexers and multiplexers (demux/mux). The other is due to the non-ideal signal switching of the optical switches. According to whether it has the same nominal wavelength as an affected signal or not, crosstalk can be categorized in two forms, namely interchannel crosstalk and intrachannel crosstalk [16]. The former arises between adjacent signals at different wavelengths, while the latter occurs between signals at the same nominal wavelength. Interchannel crosstalk arises from a variety of sources. One potential source is in the wavelength demultiplexer that selects one channel and imperfectly rejects the others. Another is in an optical switch, switching different wavelengths, where the crosstalk arises due to imperfect isolation between the switch ports. Although the main interchannel crosstalk components usually come from the two adjacent channels, and the crosstalk from the other channels is usually negligible, interchannel crosstalk effects can also occur through more indirect interactions. A simple example occurs in an optical amplier if one channel affects the gain seen by another channel, which can lead to service disruption attacks. Another example is with regard to nonlinearity in optical bers and devices that can lead to undesirable crossmodulations and consequently cause service disruption attacks. In particular, under high power inputs or over long distances, bers exhibit nonlinear characteristics

that cause interactions among propagating signals on different wavelengths [2]. Intrachannel crosstalk, whose effects can be much more severe than interchannel crosstalk, accumulates upon propagation and cannot be eliminated by optical lters or demultiplexers. Intrachannel crosstalk can also arise from a variety of sources. As illustrated in Fig. 2(a), the demultiplexer ideally separates the incoming wavelengths to different output ports. It is because of the non-ideal specication of the demultiplexer that a small portion of the signal at one wavelength, for example 1 , leaks into other wavelengths (2 , 3 , 4 ). When the wavelengths are combined again into a single ber by the multiplexer, the small portions of 1 that leak into other channels will also leak back into the common ber at the output. This causes intrachannel crosstalk since the signal of 1 and the other crosstalk leakages, even if they contain the same data, are not in phase with each other due to different delays encountered by them [16]. Another source of intrachannel crosstalk can arise in an optical switch, switching signals with the same wavelength. Fig. 2(b) shows schematically the traces of crosstalk that arise by switching four channels of wavelength 1 . The solid arrows and dashed traces indicate the regular signal and crosstalk propagation, respectively. Intrachannel crosstalk arises in an optical switch when a portion of a signal leaks into another signal as they propagate through the same optical switch, simultaneously. This occurs due to the non-ideal isolation of one switch port from the other. As shown in Fig. 2(b), each output port of the switch includes three additional crosstalk components. Thus, each channel that passes through an optical switch will be mixed with other crosstalk leakages of the same wavelength. However, under the assumption that the OXC node is fully loaded, each propagating lightpath can be affected by up to m + n 2 intrachannel crosstalk components, m 1 of which are leaked by cascaded demux/mux pairs and the other n 1 contributions are leaked by the associated optical switch [15]. Note that some of these contributions can be leaked from the disturbed lightpath itself. Hence, the number of crosstalk contributions leaked from any lightpath is random, from 0 to m , since it essentially depends on the current connection state of the OXC node. On that condition, it can be stated that any arbitrary lightpath p passing through an OXC node can be affected by up to m n crosstalk effects stemming either from: (a) the next upstream node of lightpath p , or (b) m + n 2 intrachannel crosstalk effects that can affect lightpath p directly, or

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

45

Fig. 2. Sources of intrachannel crosstalk in a typical OXC node. (a) A cascaded wavelength demultiplexer and multiplexer. (b) An optical switch.

(c) (m 1) (n 1) interchannel crosstalk effects that can affect lightpath p indirectly. 4. Attack localization and identication algorithm The need to localize the sources of security attacks and to identify their nature in AONs has been explained and justied in several works [69]. In the previous section we have specied optical crosstalk that can arise in OXC nodes. Based on these specications, we now present the key concepts of the MALI algorithm that can be used to localize and identify multiple attacks in AONs. In this section we do not examine the means available for detection of attacks on AONs. Instead we consider that attacks as well as subtle performance degradation can be detected on the input and output side of any OXC node in the network. 4.1. Key concepts As discussed earlier, crosstalk in an OXC node arises when established lightpaths share the node resources as they propagate simultaneously. The basic idea of the MALI algorithm is to correlate security failures and attacks locally at each OXC node and to discover the tracks of multiple attacks through the network using as little monitoring information as possible. The MALI algorithm is distributed and relies on a reliable management system such as the Link Management Protocol (LMP) [17], since its overall success depends upon correct message passing and

processing at the local nodes. Specically, the dynamic behavior of networks in which information is changing continuously over time requires robust and efcient mechanisms for keeping nodes updated about new information. In particular, the accuracy and continuous updating of connection and channel state matrices, as stated above, are very important conditions for following up the traces of performance degradation and attacks. However, the key concepts of this algorithm are based on the fact that this fundamental knowledge concerning all supported connections and channels can be correlated at different points in any node and, hence, can be used for discovering the tracks of different types of attacks through OXC nodes. To identify the sources and nature of detected performance degradation, the MALI algorithm makes particular use of up-to-date connection and monitoring information on the input and output sides of any OXC node in the network. As already mentioned, this information can be gathered locally at each node or acquired from remote monitoring nodes. Generally speaking, the column vectors of a connection matrix, on the input side of an OXC node, can be very useful for identifying which propagating channels share a wavelength demultiplexer and which of them affect each other in an optical switch. Similarly, the row vectors of a connection matrix, on the output side, can also assist in distinguishing channels that contribute intrachannel crosstalk effects caused by cascaded demux/mux pairs from those that contribute interchannel crosstalk effects arising between channels

46

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

with different wavelengths. Furthermore, the use of channel state information on the input side can be extremely helpful in taking the decision as to whether a disturbed channel is affected by crosstalk at the current node or has it passed to it from an upstream node. Similarly, the status of a channel on the output side of an upstream node can indicate whether an attack ows through that node or originates from the ber link interconnecting both upstream and downstream nodes. The MALI algorithm requires monitoring information for any established lightpath on the input and output sides of each OXC node in the network. Given the cost and complexity of signal quality monitoring in AONs, these requirements may be a serious limitation as the number of lightpaths passing through an OXC node increases. Therefore, reducing the amount of monitoring information required may signicantly relax the tight requirements posed by the MALI algorithm. As a consequence, this offers the benet of relaxing the high cost and complexity of signal quality monitoring in AONs. For this purpose, the MALI algorithm relies on a method for correlating and estimating the health of lightpaths that propagate through an OXC node simultaneously [18]. This method utilizes fewer measurements and less monitoring information, which can be acquired and gathered using available supervisory techniques and methods. 4.2. Generic localization and identication procedure To illustrate the main points of the MALI algorithm, we consider a general attack localization scenario that may occur in a typical AON. For simplicity of exposition, it is assumed that the sample network model is composed of several OXC nodes interconnected by optical ber links. Each node handles a certain number of lightpaths, which may terminate or originate at certain nodes. Each lightpath has specic direction and we will therefore term nodes being upstream or downstream of one another for a certain lightpath. The MALI algorithm mainly runs a generic localization procedure, which will be initiated at the downstream node that rst detects serious performance degradation at an arbitrary lightpath on its output side. The identication procedure will be performed to determine the set of lightpaths that are most likely to be offender lightpaths. Let us suppose that OXC is a downstream node that rst notices performance degradation on its output side. Let p x be a disturbed lightpath whose signal quality suffers from that performance degradation as it propagates through OXC. As stated above,

lightpath p x can be affected either by aggregated crosstalk passed to it from its next upstream node or by any other lightpath that copropagates through OXC simultaneously. Therefore, the MALI algorithm explicitly considers the worst case, acting on the assumption that any lightpath that propagates through OXC can affect the disturbed lightpath px in one form or another. Let X O ( px ) denote the set of lightpaths that share the same output ber with the disturbed lightpath px . Let X S ( po ) denote the set of lightpaths that propagate with po X O ( px ) through the same optical switch at the same time. Let I ( po ) and I ( ps ) denote the status of input lightpaths po and ps X S ( po ), respectively. Hence, the generic localization procedure proceeds as follows: A downstream node that rst notices serious performance degradation at lightpath px raises an alarm, indicating that a failure is detected, and performs the following steps: 1. If needed, compute the channel state matrix, I , on the input side of the node. 2. Determine the set X O ( px ) of lightpaths that share the same output ber with the disturbed lightpath px . 3. For any lightpath po X O , repeat the following steps: 4. Determine the set X S ( po ) of lightpaths that pass through the same switch with po at the same time. 5. For any lightpath ps X S , delegate the localization process to ps s next upstream node when its channel status, I ( ps ) = 0, is nonzero on the input side. Otherwise, terminate the localization process for ps . An upstream node that receives the localization process with a disturbed lightpath ( px for example), starts the localization procedure from scratch and repeats all steps when the channel status, O ( px ) = 0, of px is nonzero on the output side of the node. Otherwise, it terminates the localization process and noties the NMS indicating that the failure is most likely to be at the optical ber link interconnecting both upstream and downstream nodes. In this case, there is no need to compute the channel state matrix, I , on the input side of the node. Once the origins of the detected attacks have been localized, the NMS can then take correct decisions (for example, which offender lightpaths should be disconnected or rerouted) and perform the appropriate protection and restoration actions.

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

47

5. Attack propagation scenario To gain a quantitative understanding of the process ow of the MALI algorithm, we now present an attack propagation scenario and try to localize the sources of these attacks and identify their nature. Fig. 3 shows a sample network, where several OXC nodes are interconnected by optical ber links. Each node consists of two incoming/outgoing bers, two demux/mux pairs, and two optical switches. Seven lightpaths, p1 to p7 , propagate through the network simultaneously. In this scenario, two attacks A1 and A2 are implemented to disturb the proper function of AON components. Node N6 represents an optical amplier, which we view here as a black box with input and output lines. For the purpose of this example, we assume that node N6 disposes also of necessary monitoring information on its input and output sides, respectively. Table 1 summarizes the complete conguration of all nodes used in this sample network. As shown in Fig. 3, node N7 notices rst serious performance degradation at lightpath p5 , whose signal quality becomes unacceptable poor on the output side of the node. Hence, node N7 raises an alarm and noties the NMS, indicating that a failure has occurred on that lightpath. It then initiates the localization process, which proceeds as follows: Downstream node N7 computes the channel state matrix, I ( N7 ), on the input side and determines the sets X O ( p5 ) and X S ( p5 ), containing p5 , and p5 plus p6 , respectively. Since I ( p5 ) = 2 and I ( p6 ) = 1, the localization process is delegated to upstream nodes N6 and N8 , respectively. Upstream node N6 determines that the connection matrix, O ( N6 ), on the output side contains p3 and p5 . Since I ( p3 ) = 2 O ( p3 ) = 2, it delegates the localization process to p3 s next upstream node, N4 . As I ( p5) = 0 O ( p5 ) = 2, it then terminates the localization process for lightpath p5 and noties the NMS that p5 is rst affected in the current node, N6 . Upstream node N8 computes the channel state matrix, I ( N8 ), on the input side and determines the sets X O ( p6 ) and X S ( p6 ), which here contain p6 , and p6 plus p7 , respectively. As I ( p6) = 0, it terminates the localization process for lightpath p6 . Since I ( p7 ) = 2 O ( p7 ) = 2, it noties the NMS, indicating that lightpath p7 affects copropagating lightpaths that share the same optical switch with it (in this case p6 ). Hence, the NMS has to decide, depending on the performance degradation level, whether lightpath p7 should be immediately disconnected or not.

Table 1 Current connection and channel states used in the attack localization and identication example

Upstream node N4 , which receives the localization process from N6 , computes the channel state matrix, I ( N4 ), on the input side and determines the sets X O ( p3 ) and X S ( p3), as containing p3, and p2 plus p3 , respectively. Here, I ( p2 ) = 2, so the localization process is delegated to N1 . Also, I ( p3 ) = 0, and so the localization process for lightpath p3 terminates. The NMS is notied that lightpath p3 is rst affected in the current node, N4 . Upstream node N1 determines that the sets X O ( p2 ) and X S ( p2 ) both contain p2 . Since O ( p2 ) = 0, it terminates the localization process and noties the NMS that the failure is most likely to be at the ber link interconnecting both nodes N1 and N4 . In this attack propagation scenario, we saw how the MALI algorithm can be used for localizing the origins of multiple attacks in a distributed manner using merely the current connection and channel monitoring information at each node in the network. In this scenario, we saw that the detected attack at node N7 stems from two different sources and the offender lightpaths in this case are p2 and p7. Table 2 summarizes the ow of identied attacks in this scenario. Lightpath p2 is directly affected by a power jamming attack A1 , which causes an increase in the optical power at that lightpath, and thus impacts copropagating lightpath p3 as they pass through node N4 . When traversing the optical amplier (node N6 ), lightpath p3 robs lightpath p5 of power and

48

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

Fig. 3. An attack propagation scenario through concatenated AON nodes. The sample network consists of seven OXC nodes interconnected with each other by ber links. Each node consists of two incoming/outgoing ber pairs, two demux/mux pairs, and two optical space switches. Seven lightpaths propagate through the network, simultaneously. The detected disruption at node N7 stems from two different sources A1 and A2 , carried along with lightpaths p2 and p7 , respectively. Lightpath p5 , on which serious performance degradation is detected, is innocent and should not be disconnected.

Table 2 Flow of identied attacks used in the example Attack A1 (1 ) X 1 (1 ) G 1 (1 ) X 2 (1 ) A2 (1 ) X 3 (1 ) X 4 (1 ) Attack location N1 N4 N4 N6 N7 Client N8 N8 N7 Attack source Optical link Switch demux/mux Optical amplier Switch demux/mux Client node Switch demux/mux Switch demux/mux Attack method In-band jamming Crosstalk Out-band jamming Crosstalk In-band jamming Crosstalk Crosstalk Offender lightpath p2 (1 ) p2 (1 ) p3 (1 ) p5 (5 ) p7 (1 ) p6 (1 ) p5 (1 )

propagates downstream through successive AON components, affecting other legal lightpaths along its route. On the other hand, lightpath p7 , which is disturbed by a malicious attack A2 , affects copropagating lightpath p6 as they pass through node N8 at the same time. When passing through node N7 , lightpath p6 , in turn, affects its neighboring lightpath p5 . However, lightpath p5 , on

which serious performance degradation is detected, is innocent and should not be disconnected. Since A1 is a power jamming attack on the optical link N1 N4 , the NMS may reroute lightpath p2, thereby avoiding node N4 . Lightpath p7 , which is added in node N8 , should be immediately disconnected until attack A2 is thoroughly isolated.

R. Rejeb et al. / Optical Switching and Networking 3 (2006) 4149

49

6. Conclusion In emerging AONs, the unique characteristics of AON components and network architectures bring forth a set of new challenges in terms of network security and quality of service. Due to transparency, AON components are particularly vulnerable to various forms of disruption attacks. Among these, optical crosstalk has higher damage capabilities and therefore can be exploited to disturb the normal operation of AON components. This is because optical crosstalk is additive and thus the aggregate effect of crosstalk over a whole AON may be more nefarious than a single point of crosstalk. Since these attacks accumulate upon propagation and spread rapidly through the network, causing additional problems and triggering multiple alarms, they must be detected and identied at any point in the network where they may occur. However, monitoring all wavelength channels at several detection points into any node is likely to be very expensive. In this paper, we have shown that monitoring information for any propagating lightpath on the output side of any OXC node is sufcient to localize multiple attacks and to identify their nature in AONs. For that purpose, we dened a generic model for OXC nodes and specied the characteristics of optical crosstalk that can arise from AON components that they employ. Based on these specication, we proposed an algorithm for localizing the sources of multiple attacks and identifying their nature in AONs. The MALI algorithm requires fewer measurements and lesser monitoring information than other approaches. Consequently, it offers the benet of relaxing the high cost and complexity of signal quality monitoring for future AON management solutions. References
[1] R. Rejeb, I. Pavlosoglou, M.S. Leeson, R.J. Green, Management issues in transparent optical networks, in: ICTON 2004, vol. 1, Wroclaw, July 2004, pp. 248254. [2] M. Medard, D. Marquis, R.A. Barry, S.G. Finn, Security issues

in all-optical networks, IEEE Network 3 (11) (1997) 4248. [3] R. Rejeb, I. Pavlosoglou, M.S. Leeson, R.J. Green, Securing alloptical networks, in: ICTON 2003, vol. 1, Warsaw, July 2003, pp. 8790. [4] C. Larsen, P. Andersson, Signal quality monitoring in optical networks, Optical Networks Magazine 1 (4) (2000) 1723. [5] L.E. Nelson, S.T. Cundiff, C.R. Giles, Optical monitoring using data correlation for WDM systems, IEEE Photonics Technology Letters 10 (7) (1998) 10301032. [6] M. M edard, D. Marquis, S.R. Chinn, Attack detection methods for all-optical networks, in: Network and Distributed System Security Symposium, San Diego, 1113 March, 1998. [7] R. Bergman, M. M edard, S. Chan, Distributed algorithms for attack localization in all-optical networks, in: Network and Distributed System Security Symposium, San Diego, 1998. [8] M. M edard, S.R. Chinn, P. Saengudomlert, Node wrappers for QoS monitoring in transparent optical nodes, Journal of High Speed Networks 10 (4) (2001) 247268. [9] J.K. Patel, S.U. Kim, D.H. Su, Modeling attack problems and protection schemes for all-optical transport networks, Optical Networks Magazine 3 (4) (2002) 6172. [10] B. Ramamurthy, D. Datta, H. Feng, J.P. Heritage, B. Mukherjee, Impact of transmission impairments on the teletrafc performance of wavelength-routed optical networks, Journal of Lightwave Technology 17 (5) (1999) 759764. [11] T. Wu, A.K. Somani, Attack monitoring and localization in alloptical networks, in: Proceedings of OptiCom 2002, 2002, pp. 235248. [12] T. Wu, A.K. Somani, Necessary and Sufcient condition for k crosstalk attacks localization in all-optical networks, in: Proceeding of IEEE Globecom 2003, 15 December, 2003. [13] Y.D. Jin, Q. Jiang, M. Kavehrad, Performance degradation due to crosstalk in multiwavelength optical networks using dynamic wavelength routing, IEEE Photonics Technology Letters 7 (10) (1995) 12101212. [14] H. Takahashi, K. Oda, H. Toba, Impact of crosstalk in an arrayed waveguide multiplexer on N N optical interconnection, Journal of Lightwave Technology 14 (1996) 10971105. [15] Y. Shen, K. Lu, W. Gu, Coherent and incoherent crosstalk in WDM optical networks, Journal of Lightwave Technology 17 (5) (1999) 759764. [16] R. Ramaswami, K.N. Sivarajan, Optical Networks, A Practical Perspective, Academic Press, 2001. [17] J. Lang et al., Link Management Protocol (LMP), Internet Draft, 2004 (work in progress). [18] R. Rejeb, M.S. Leeson, R.J. Green, Cost optimization for multiple attack localization and identication in all-optical networks, in: ICTON 2005, vol. 1, Barcelona, July 2005, pp. 101106.