Abstract—Enhanced security has often been cited as an impor-tant benefit of optical code-division multiple-access (O-CDMA)signaling but has seldom been analyzed in detail. This paperpresents a theoretical analysis of the degree of confidentiality thatcan be provided by spectral-phase-encoded O-CDMA. Two eaves-dropping detector structures are presented that can theoreticallybreak the confidentiality of spectral-phase-encoded signals bydetecting the code words in use by a specific user. One of them, anoptical beat detector, is quantitatively analyzed to determine theprobability of correctly detecting user code words. The confiden-tiality of user signals is shown to be vulnerable to such a detector ifan eavesdropper can isolate a single user signal with a sufficientlyhigh signal-to-noise ratio (SNR). At lower SNRs, combining mul-tiple bits is shown to dramatically increase the probability of aneavesdropper correctly detecting user code words; even for codeslong enough to strain implementation capabilities (e.g., 2048 codeelements), the probability of correct detection is shown to risefrom negligibly low values to virtually 100% by the combining ofless than 100 transmitted bits at the eavesdropper’s receiver.
Index Terms—Code-division multiple access (CDMA), commu-nication system security, optical communication.
I. INTRODUCTION
SECURITY has often been put forward as a benefit thatcould be obtained from optical code-division multiple-ac-
cess (O-CDMA) signaling techniques [1]–[5]. A previous paperhas examined both the types of security that may be providedby O-CDMA and the degree of security that may be obtained[6]. This work found that two types of encoding mentioned fre-quently in the literature—time-spreading/wavelength-hoppingencoding [7] and spectral-phase encoding [8]—appear to havethe potential for producing the very large code spaces requiredfor significantly enhanced security.
Reference [6] focused on developing quantitative resultsfor the confidentiality of time-spreading/wavelength-hoppingO-CDMA encoding. It showed that, despite the very large codespaces than can be produced by these encoders, the confiden-tiality produced is considerably weaker than that producedby standard cryptographic techniques and, furthermore, isstrongly dependent on certain system design parameters such
Manuscript received September 29, 2004; revised December 29, 2004.This work is supported by the Defense Advanced Research Projects Agency(DARPA) under Air Force Contract F19628-00-C-0002. Opinions, interpreta-tions, recommendations and conclusions are those of the authors and are notnecessarily endorsed by the U.S. Government.
The author is with the Massachusetts Institute of Technology, Lincoln Labo-ratory, Lexington, MA 02420-9108 USA (e-mail: [email protected]).
Digital Object Identifier 10.1109/JLT.2005.844504
as transmitted power levels. The current paper presents a similaranalysis for spectral-phase-encoded O-CDMA and shows thatthe same types of attacks on confidentiality that were shownto be effective against time-spreading/wavelength-hoppingsignals can also be effective against spectral-phase-encodedsignals, at least in theory. Quantitative results are developedthat define the theoretical limits of confidentiality that can beattained by spectral-phase-encoding techniques.
This paper is organized as follows. Section II details theassumptions and methodology of the confidentiality analysis.Section III presents two different detector structures that aneavesdropper may use to infer a user’s code from a transmittedsignal. Section IV presents a mathematical analysis of theperformance of one of the detectors described in Section III.Section V presents simulation results quantifying the proba-bility of correct code word detection for an eavesdropper usingthe detector analyzed in Section IV. Section VI discusses theresults of this analysis, considering practical implementationlimitations and comparing spectral-phase O-CDMA encodingwith cryptography as a security technique. Section VII presentsa brief set of conclusions.
II. ANALYSIS METHODOLOGY
The confidentiality analysis in this paper follows the samemethodology as the analysis in [6]. We assume that an eaves-dropper is technically sophisticated, has extensive resources forconstructing eavesdropping hardware, and knows the type of en-coding in use. While we assume that the eavesdropper knowsboth the type of encoding and the parameters of the code thatdefine the overall code space (e.g., the number of time slotsor spectral elements per coded bit, etc.), we assume he or shedoes not know the specific codes in use by any authorized users.(Similar assumptions are normally used in confidentiality ana-lyzes of cryptographic techniques—see [9, p. 23], for example.)We assume that the eavesdropper mounts the most efficient at-tack possible on the confidentiality of a user or set of usersand that the parameters of the users’ encoding technique arechosen to produce a large enough code space so that brute forcesearching of different code words is not an efficient attack. Inthe case of spectral-phase-encoded O-CDMA that does not useON–OFF keying (OOK),1 the eavesdropper’s most efficient at-tack against a particular user is to tap into the communications
1As [6] describes, the use of OOK makes any form of O-CDMA encodingparticularly vulnerable to eavesdropping with simple hardware.
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1653
Fig. 1. Locations of taps allowing an eavesdropper to isolate individual usersignals.
infrastructure in a location that allows isolation of that partic-ular user’s transmitted signal. This type of attack is illustratedin Fig. 1 for a broadcast star topology.
An eavesdropper in this situation can take advantage of thefact that the spectral-phase O-CDMA encoding process per-forms a linear transformation on a very short input pulse [8],[10]. The encoded waveform is essentially the impulse responseof the encoding filter, which implicitly specifies the code onwhich confidentiality is based. If the eavesdropper can accu-rately detect a user’s transmitted waveform, he or she can de-rive the user’s code from this waveform and use this code todetect subsequently transmitted data until the user changes thecode. The remainder of this paper quantifies the degree to whichan eavesdropper can accurately detect a user’s code word(s) bythis method.
III. DETECTOR STRUCTURES FOR CODE INTERCEPTION
We model the spectral-phase-encoded signal as a short pulsethat has been passed through an encoder that divides the spectralbandwidth of the signal into frequency bins, each of widthHz. In each frequency bin, a phase shift of 0 or is introduced bythe encoder2 [10]. Fig. 2 shows a simplified example of spectraand output signals from such an encoder, with representingthe power spectrum of the input signal and representingthe frequency domain transfer function of the encoder.
In principle, a simple downconversion and Fourier transformof the transmitted waveform (see Fig. 3) will yield the user’scode and defeat any confidentiality protection it offers. How-ever, the transmitted signal may be extremely wide band andwould require sampling rates at the fast Fourier transform (FFT)input that are prohibitively fast. One possible solution to thisproblem might be for the eavesdropper to examine only a por-tion of the bandwidth (containing a minimum of two code bins)on a single detection and to combine multiple detections ob-tained by sequentially scanning the full bandwidth of the signal.
2Phase shifts of other than 0 or � are also possible, as are nonbinary encodingschemes. This paper analyzes the case of binary phase shifts, of which phaseshifts of 0 and � are representative.
Fig. 2. Spectral and time-domain representations of spectral-phase-encodedsignal. (a) Source spectrum; (b) encoder transfer function; (c) exampletime-domain signal (128 random code elements).
Fig. 3. Direct FFT detection of spectral-phase code.
Another solution might be to capture the original signal in a re-circulating loop and play it back multiple times to allow “equiv-alent time” sampling techniques, which can attain very fine sam-pling resolution with reasonable actual sampling rates. (Suchsampling techniques are used in commercial oscilloscopes andhave been demonstrated with optical technology as well [13].)
Another possible code detector implementation is to use thesame type of grating, lens, and mask assembly that has been pre-viously proposed for generating and decoding spectral-phase-encoded signals [10]–[12]. A conceptual implementation of onechannel of such a detector is shown in Fig. 4. The input signal isoptically amplified and may be split into a number of channelsif parallelism is desired (see subsequent discussion). The signalfor each channel is further split into two parts, each of whichis passed through a grating/filter assembly that passes only se-lected frequency components. Let be the center frequencyof the frequency component affected by the code elementof the encoder’s phase mask [Fig. 2(b)], which has bandwidth
. The optical filter in the upper half of the one-channel de-tector in Fig. 4 can be an amplitude mask chosen to pass only
1654 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 4, APRIL 2005
Fig. 4. One channel of an optical beat detector for code interception.
two components of the input signal— and . (Such anamplitude mask structure has been demonstrated in [11].) Thelower half similarly passes and . These signals arethen separately photodetected, bandpass-filtered around the beatfrequency of , and beat together again to produce a basebandsignal that contains information about the relative phase valuesin bins through of the transmitted signal. This informa-tion can be combined with similar signals from other frequencybins (as analyzed in detail below) to generate the code elementvalues for the transmitted signal. To detect a code word withphase elements, this combining requires either channels ofthe structure shown in Fig. 4 implemented in parallel or sequen-tial scanning of a single channel through the frequency binsof the transmitted signal.3 Sequential scans would require re-tuning of the mask center frequencies between scans,4 and couldeither be performed on multiple successive transmitted bits fromthe user or on successive samples of a single-bit transmissioncaptured in an optical recirculating loop.
The relative difficulty of implementing the two detectors de-scribed previously is difficult to gauge without further work. Im-plementation of either one would serve as an existence proof ofan eavesdropping capability. Nevertheless, it is necessary to cal-culate the performance of such a code interceptor in the pres-ence of noise to determine how much security is provided byspectral-phase-encoded O-CDMA signaling. We choose in thispaper to calculate the performance of the optical beat detectorstructure shown in Fig. 4, since it is based on the same basictechnology as proposed user encoders and decoders. (Thus, thefeasibility of implementing this type of eavesdropping detectorshould differ only in scale—i.e., the number of channels re-quired for the desired degree of parallelism—from the feasi-
3As discussed in the next section, the exact number of channels required todetect an L element code can vary.
4Reference [12] contains a detailed review of available technologies for con-structing tunable filters of the type that would be required for this detector.
bility of implementing standard user encoders and decoders.)Thus, while the optical beat detector is not the only way of at-tempting to intercept spectral-phase-encoded data, its analysishere provides a theoretical benchmark of the confidentiality ofspectral-phase encoding, and this benchmark can be related toan implementation with some degree of plausibility.
IV. EAVESDROPPING PERFORMANCE OF THE OPTICAL
BEAT DETECTOR
It is easiest to understand the operation of the optical beat de-tector by considering its output given a set of continuous sinu-soidal inputs, each with a phase of 0 or . This set of inputswould correspond to an idealized unmodulated mode-lockedlaser signal with one mode per phase-encoding bin.
Consider a single channel of the beat detector as shown inFig. 4. Let the input to the single-channel detector consist offour sinusoids of the form
(1)
As stated above, each phase-encoding bin has bandwidth ;thus
(2)
Modeling the photodetectors as ideal square-law devices, theoutputs of the top and bottom arms of the detectors are
(3)
Let the bandpass filters have idealized rectangular passbandswith both center frequencies and bandwidths of (i.e., pass-
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1655
bands of to ). Then, after appropriate trigonometric ma-nipulations, the outputs of the bandpass filters can be shown tobe
(4)
After mixing these two signals together and low-pass filteringof bandwidth , the baseband output is given by
(5)
which yields a constant signal of either 1/2 or 1/2, sinceeach phase-encoding element is either 0 or . Multiple channelsof such detectors, each tuned to different frequency bands, canbe combined to allow the eavesdropper to solve for all ofthe , thus yielding the transmitter’s code word. Probably thesimplest way of combining multiple such channels is to build
channels, each offset in frequency by one bin width .This would yield equations
...
(6)
which can easily be solved sequentially if values for , ,and are given. Thus, the user’s code word can be reducedto eight possibilities by this detector, each one corresponding toa guess as to the values of , , and . The eavesdroppercould then test each of the eight resulting code words againstthe user’s transmissions. Alternatively, extra detector channelscould be added to resolve the uncertainty. Determining the op-timum number of channels and the best method of implementingthem to produce the simplest possible set of simultaneous equa-tions is beyond the scope of this paper.
The above analysis can easily be extended to model actualtransmitted signals, which will consist of modulated streams ofrandom data. An equation modeling such a transmitted signalcan be written by considering the encoder output to be the linearsuperposition of the impulse response of each of the indi-vidual code elements. In an ideal model, the code elementcan be modeled as having a perfectly rectangular transfer func-tion, with a nonzero value between the frequencies ofand , as shown in Fig. 5. The transfer function hasa positive value in its nonzero range if , and a negativevalue if .
The impulse response of a single code element is
(7)
Fig. 5. One-sided transfer function of a single code element � . In thisexample � = 0.
A modulated data stream can be modeled as the superposi-tion of all impulse responses multiplied by a data modulationcomponent, yielding
(8)
where the data sequence is for OOK, orfor binary phase-shift keying (BPSK), and where is
the time it takes to transmit one data bit (i.e., the inverse of thedata rate).
To detect the phase code from such a modulated stream, theeavesdropper must either pass different bits sequentiallythrough a single channel of the detector shown in Fig. 4 (tuningthe optical filters to different wavelengths for each successivebit) or implement copies of the structure in the figure, eachat a different wavelength center. In the analysis that follows, wemake the worst-case assumption (from the user’s point of view)that all channels are implemented in parallel, although animplementation of this for large values of may be very difficultin practice.
The eavesdropper must also synchronize to the transmittedsignal in order to be able to sample the output(s) of the detectorat the time of maximum signal-to-noise ratio (SNR). Since theeavesdropper does not know the code, he or she cannot correlatethe incoming signal to a copy of the coded signal to achieve bitsynchronization. However, the structure of spectral-phase-en-coded signals [Fig. 2(c)] may allow the eavesdropper to achievereasonably good bit synchronization without knowing the code,especially if phase shifts of 0 and are used in the encoder.5
Autocorrelations of both encoded signals (see [10, Fig. 4])and signals decoded with an “orthogonal” decoder (see [11,Fig. 12]) each show timing structure that could be used by aneavesdropper to attain timing synchronization. Furthermore, theoutput of the optical beat detector itself may be able to be usedto gain timing information with sufficient averaging times (seesubsequent discussion). The eavesdropper’s effective SNR forsuch synchronization procedures will naturally be somewhatlower than the authorized users. This may limit the accuracy ofthe eavesdropper’s synchronization, but some degree of syn-chronization should still be possible. Therefore, we will assumein the remaining analysis that the eavesdropper is able to attain
5Phase code values of 0 and � produce a waveform that is always symmetricabout the midpoint of the bit interval, as shown in Fig. 2(c). This should allowthe use of a signal reflector/correlator structure to determine bit synchronization.Some other code phase values also produce symmetric signals, although it ispossible to use code phase values that do not.
1656 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 4, APRIL 2005
Fig. 6. Detector outputs for random bit stream patterns and different values of f T .
bit synchronization of the user signal. This is a conservativeassumption from the point of view of security—since thereare theoretical reasons that it could possibly be accomplished,it would be dangerous when assessing security to rely on theassumption that the eavesdropper cannot attain bit sync, eventhough it may difficult.
The Appendix derives an equation governing the perfor-mance of the optical beat detector given an input of randomlymodulated data and noise. The output of the detector, repre-sented in (A8), is somewhat complicated mathematically, andconsists of one fourth-order signal signal term (the firstterm in (A8)), one fourth-order noise noise term (the lastterm), and 14 other various forms of signal noise terms. Thesummation indexes represent the contributions of randomlymodulated data bits.
Note that the output at any given time is affected by the trans-mitted data pattern. Since all output terms are multiplied by
terms, the main effect on the detector output at anygiven time comes from transmitted bits that are within severalbits of the output time. These bits can cause “interference,”even in the absence of noise, for the eavesdropper, who is effec-tively trying to isolate the first term of (A8) for a single value of
.This interference can be seen in Fig. 6, which shows noiseless
“eye diagrams” of the detector output for various random datastreams for three different types of data modulation—OOK,BPSK, and two-code keying (2-CK), where a data “1” is rep-
resented by one code word and a data “0” is represented by adifferent code word. (For 2-CK, for every bit in (8), butthe set of values changes between “ones” and “zeros.”) Thefigure plots detector outputs between the times
, which contains 99% of the energy of the detector outputdue to a single data bit when the peak of the signal is normal-ized to . The leftmost picture in each row is the outputwhen a single data bit is sent, resulting in a single coded pulsebeing transmitted. In this case, the detector output takes the formof a signal, which an eavesdropper with ideal timesynchronization would sample at its peak value (here normal-ized to ). Adding random data bits before and after thebit of interest produces the other traces shown in the figure. Fif-teen consecutive data bits (seven before and seven after a centralbit, which is assumed to be targeted by the eavesdropper) and100 randomly chosen data sequences were used to generate eachplot. (Longer data sequences and larger numbers of random datastreams produced traces with negligible differences from thoseshown.)
The interference is highly dependent on the value of, the code bin bandwidth times the time between succes-
sive data bits (i.e., the inverse of the data rate), which increasesas indicated in the traces further to the right in Fig. 6. This quan-tity corresponds to the parameter defined in [8], which relatesthe interval between successive data bits to the effective dura-tion of the spectrally encoded data pulse. (It also correspondsto the number of modes per code bin if a mode-locked laser is
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1657
Fig. 7. Detector outputs for noninteger values of f T .
used to excite the encoder filter.) As derived in [8], for a fixedcode bin bandwidth and a fixed number of code elements ,increasing the value of reduces the maximum data rate thatcan be supported by a single user. Also shown in [8] is that fora fixed amount of “spreading gain” (defined as ), lowervalues of also allow larger number of simultaneous users tobe supported for a given maximum bit-error rate (BER). Thus,low values of seem to be preferable for communication im-plementations.
As Fig. 6 shows, the greater the value of , the less theinterference to the eavesdropper from surrounding random databits and, by implication, the less stringent the requirements onthe eavesdropper for timing synchronization. Thus, low valuesof seem to be preferable for security reasons as well as forgood communication performance. It is interesting to note that,theoretically at least, the interference patterns form a moreclosed “eye” for noninteger values of , as shown in Fig. 7;encoding signals with such noninteger values should make theeavesdropper’s job more difficult.
V. SIMULATION RESULTS
The performance of the optical beat detector in the presenceof random data modulation and noise is difficult to evaluateanalytically, since the random variables in (A8) form up tofourth-order products and are also present within nonlinearfunctions such as the cosine. The performance of this detectorwas therefore evaluated by computer simulation. Simulations
were based on (A8) and on the fact that the random processesand can be easily generated from Gaussian random
processes using (A3). Each pulse corresponding to a particularsummation index value in (A8) was represented by 25 timesamples. Corresponding noise samples were generated usingMATLAB’s multivariate Gaussian random number generatorand transformed using (A3). (Since the time samples weremore frequent than those that would generate uncorrelatedvalues of random noise for the bandpass Gaussian processes,it was necessary to generate correlated random samples. Thiscapability is included in the MATLAB multivariate Gaussianrandom number generator.)
Since it is independent of the particular code used for datatransmission, the eavesdropper was assumed to know the noise-less form of the detector output (i.e., the form of the first termin (A8)). This was used to correlate the noisy outputs, essen-tially forming a matched filter receiver that is matched to the
signal. The output of this correlator detection wascompared with a threshold, a positive value being mapped into
, and a negative value being mapped into in(6). The eavesdropper’s probability of error for a single detec-tion of is given by the number of errors divided by the totalnumber of trials. This probability of error can be convertedto the figure of merit for eavesdropper detection, the probabilityof correctly detecting the entire code word by
(9)
1658 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 4, APRIL 2005
Fig. 8. Optical beat detector performance with random data and noise.
where is the total number of code elements in the encoder(usually called the code length).6
Note that (9) contains an implicit assumption that informationabout the value of one code element does not give any informa-tion about the values of any other code elements. For many typesof codes this is not true. For example, if an element Walshcode were used, the eavesdropper could detect only a fractionof the code elements and use the known structure of Walshcodes to determine the rest of the code element values. Alterna-tively, the eavesdropper could perform separate detections anduse the code structure to help correct any detection errors, thusraising the probability of correct code word detection. We do notconsider these effects here because feasible spectral-phase-codeimplementations of most pseudo-orthogonal codes (e.g., Goldcodes) or truly orthogonal codes (e.g., Walsh codes) would pro-duce relatively small code spaces, which could be efficiently at-tacked by brute force code word searching, rendering the opticalbeat detector unnecessary.
Nevertheless, it should be possible to construct spectral-phasecodes with large code spaces where there is little or no corre-lation between the values of any two code elements of a givencode word.7 This analysis assumes the use of such a code, whichproduces the worst case for the eavesdropper in terms of deter-mining . Clearly, however, any correlations among codeelement values could be exploited by the eavesdropper to in-crease the probability of correct code word detection.
The probability of correct code word detection is plotted inFig. 8 as a function of the eavesdropper’s received SNR for threemodulation types—OOK, BPSK, and 2-CK signaling. The spe-cific signal to noise ratio used for this plot is ratio of the energy
6Strictly speaking, given the L � 3 channel detector specified previously inthe paper, L should be replaced by L � 3, but it is more convenient to dealwith the code length, and the performance of detector implementations with Lchannels, perhaps configured differently from the detector in Fig. 4, would alsofollow (9) as is.
7Analysis in [8] has shown that it is possible to support a reasonable number ofsimultaneous users with acceptable BER performance using codes where eachcode element is randomly selected, thus producing a code space size of � 2
and no correlations between code element values. A potential approach for gen-erating sets of such code words for use in a communication system is postulatedin [6].
Fig. 9. Detector performance with different values of f T .
Fig. 10. Detector performance versus code length.
per code element (i.e., the energy received through a single filterof width ) to the receiver noise spectral density. A value of
512 code elements is used for this example, and a valueof was also assumed, as this maximizes (among in-teger values of ) the eavesdropper’s sensitivity to timingsync errors. Also shown in the figure is a curve that neglectsthe intersymbol interference (ISI) caused by nearby data bits.This curve is much quicker to simulate and offers a reasonableorder-of-magnitude approximation to the results that includeboth ISI and noise, as can be seen in the figure.
While the confidentiality performance of 2-CK signalingis best and BPSK is the worst, the differences are relativelysmall—all three types of signaling have similar performance.The difference between the performance of the optical beatdetector when and is also relativelysmall, as can be seen in Fig. 9. ( appears to be oneof a number of noninteger values causing maximum ISI to thedetector—see Fig. 7.)
Fig. 10 shows the dependence of the eavesdropper’s detec-tion performance on the length of the code. The figure showsthat increasing the number of elements from 512 to 2048 makes
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1659
a difference of at most a few decibels in the value of SNR re-quired for the eavesdropper to detect code words with minimalprobability of error.
It is possible for the eavesdropper to improve detection perfor-mance dramatically by combining multiple detections. Insteadof correlating the detector output with the ideal signal over asingle bit time, detections from multiple bits can be combinedbefore thresholding. As long as the code is not changed during themultiple bits collected, the eavesdropper can combine many de-tections into a single threshold decision, significantly increasingthe effective signal to noise ratio. (This procedure is describedin more detail in [6] for time-spreading/wavelength-hoppingencoding.) Fig. 11 shows simulated results for OOK and BPSKsignals given that the SNR per code element per data bit is 0 dB.Interestingly, OOK gives the eavesdropper poorer performancein this case, since half of the detections, on average, simplydetect noise, while each detection of a BPSK signal yields furtherinformation concerning the code values. It is also interesting tonote that 2-CK signaling makes multiple-bit combining muchmore difficult. The eavesdropper cannot combine multiple bitsbefore thresholdingatall, since theoutputsof thebeatdetector forthe two different codes may interfere destructively, corruptingthe eavesdropper’s detection of both codes. Any combiningof multiple bit detections must be done after thresholding,which reduces the eavesdropper’s advantage.8 This is in directcontrast to the situation regarding multiple-bit combining fortime-spreading/wavelength-hopping encoded signals, which caneasily be combined before thresholding for 2-CK signals [6].
Fig. 12 uses the single pulse approximation shown in Fig. 8 toapproximate the effect of increasing code length on the eaves-dropper’s ability to enhance performance by combining mul-tiple bits. While increasing the code length reduces the eaves-dropper’s detection performance for a given SNR, combining asfew as 100 bits overcomes the confidentiality protection offeredby even a 2048-element code at the SNR used in this example.
8There are still techniques, such as statistical clustering algorithms (e.g.,K-means [15, p. 395]), for combining multiple bit detections after thresholding.It is beyond the scope of this paper to evaluate how much poorer their perfor-mance is compared to prethresholding combining.
Fig. 12. Effect of code length on multiple-bit combining detectionperformance (eavesdropper’s E=N = 0 dB).
Given the data shown in Figs. 8–12, it is reasonable to askwhat level of SNR an eavesdropper might be able to obtain ina reasonable signal interception scenario. For the broadcast starscenario shown Fig. 1, a relationship can be derived betweenseveral system design parameters and the eavesdropper’s ratioof energy per code element to receiver noise density. A rigorousderivation is too long to be included here, but is given in [6, App.A] for time-spreading/wavelength-hopping encoding. Makingsmall modifications to adapt this derivation for spectral-phaseencoding, the resulting relationship between the eavesdropper’sSNR and the authorized users’ SNR required for acceptableBER performance is
(10)
In this equation, is the eavesdropper’s fiber tapping efficiency,is the number of taps in the broadcast star coupler that dis-
tributes user signals, is the ratio of the eavesdropper’s re-ceiver noise density to the authorized user’s receiver noise den-sity, is the authorized user receiver’s multichip energy com-bining efficiency, is the maximum theoretical number of si-multaneous users that can be supported at a specified maximumBER, is the required user SNR (per data bit) tomaintain the specified BER, is the actual number of simul-taneous users the designer wishes to support, and isthe eavesdropper’s effective SNR per code element.
A detailed interpretation of this equation is given in [6] andis not included here. However, it is important to note that thisequation implies a tradeoff between maximizing total systemcapacity (the ability to support a large number of simultaneoususers, ), and minimizing the eavesdropper’s SNR for betterconfidentiality. It also shows that the degree of confidentialityobtained by spectral-phase encoding is highly dependent on var-ious system design parameters that affect the eavesdropper’sSNR.
Fig. 13 shows an example of the confidentiality performanceversus system capacity tradeoff implied by (10) for a specificscenario. It plots versus the fraction of theoretical
1660 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 4, APRIL 2005
Fig. 13. Confidentiality versus capacity tradeoff for spectral-phase encoding.
system capacity , which is attainable with an accept-able BER. For the baseline curve 0 dB , we assume thatthe eavesdropper’s tapping efficiency is , that thereare 100 taps on the broadcast star, and that the user BER is
(which, with typical commercial error correction codingcurrently used in optical systems, would allow a decoded BERof ). The encoder has 512 elements. We also assumethat the users can combine the energy from multiple codeelements coherently with 100% efficiency and thatthe eavesdropper’s optical receiver is exactly as sensitive as theauthorized users’ receivers . The data in the figurealso assume that the eavesdropper does not use multiple-bitcombining to enhance detection performance.
The other three curves in Fig. 13 show the effect of varyingthe parameter
(11)
which represents several system design parameters that affectthe capacity versus confidentiality trade (see (10)). Clearly, thedegree of confidentiality and the tradeoff with system capacityis strongly affected by the values of these parameters.
For all four curves in Fig. 13, the eavesdropper’s ability to de-tect the user’s code falls off fairly sharply for a relatively smallreduction in system capacity, although the eavesdropper couldpotentially compensate for this by using multiple-bit combining.While increasing the code length increases the difficulty of codedetection by only a few decibels, it may also have the effect ofincreasing , the maximum theoretical number of simulta-neous users, further increasing system capacity, which wouldhelp improve the system capacity for a given level of confiden-tiality.
VI. DISCUSSION
A. Implementation Considerations
The analysis in this paper is primarily theoretical. The prac-tical degree of confidentiality that can be provided by spec-tral-phase encoding will depend both on the user’s ability to im-plement complex codes and the eavesdropper’s ability to imple-
ment effective code detectors. Spectral-phase encoders and de-coders have been implemented in the laboratory with over 100code elements [11]. This result is somewhat dated, and it is rea-sonable to expect that more complex coding implementationsare possible, though it is not clear just how many code elementscould be feasible in the near future. The author has not yet seenreports in the literature of any implementations approaching the512 elements that were used for several of the example calcula-tions in the previous section.
The degree of difficulty in implementing the worst-case ver-sion of the optical beat detector with channels in parallel hasnot been considered in detail. Certainly, implementation of a512-channel parallel optical beat detector would be a very chal-lenging task, to say the least. However, a version of the beat de-tector with a small number of channels should be only slightlymore difficult to implement than the decoders required for au-thorized users, whatever the number of code elements. If, say, aten-channel beat detector with programmable filters were usedto scan 50 times through a single-bit transmission captured byan optical recirculating loop using a filter retuning rate of 50 Hz,a 500-element code could be extracted within a second. If mul-tiple-bit combining were required to increase the eavesdropper’sprobability of correct detection to an acceptably high value, thetime required would increase proportionally with the number ofbits combined.
The performance calculated in this paper assumes that theeavesdropper is able to attain perfect time synchronization. Aneavesdropper’s time synchronization in practice is likely to con-tain some degree of error, especially if the SNR is relatively low.This will result in a performance degradation compared with theresults given in this paper. Other implementation losses wouldalso occur in any practical implementation, further reducingthe eavesdropper’s performance. However, these implementa-tion losses may have negligible effects on the eavesdropper’sability to correctly detect code words if he can attain a high SNR,either through tapping enough power into a sensitive receiver orby multiple-bit combining techniques. The eavesdropper’s per-formance is thus highly dependent on the ability of the usersto minimize their transmitted power levels and control othersystem design factors that affect the eavesdropper’s SNR (see(10)).
B. Comparison With Cryptography
The standard technique for providing data confidentialitytoday is source cryptography. It is instructive to compare theconfidentiality characteristics of spectral-phase O-CDMAencoding with those of cryptography.
The analysis here indicates that the confidentiality providedby spectral-phase encoding can be broken in theory in a shortperiod of time, given a high enough SNR at the eavesdropper’sreceiver or enough bits transmitted with the same code(s) tocombine. This alone is enough to conclude that the confiden-tiality provided is significantly weaker than that provided bystandard cryptographic techniques, which generally take tensto hundreds of years to break even with very advanced com-puting equipment. Furthermore, the confidentiality of crypto-graphic techniques has no sensitivities to system design param-eters such as how much power is transmitted or how sensitive
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1661
the eavesdropper’s receiver can be made, as does the confiden-tiality of spectral-phase encoding.
VII. CONCLUSION
It is clear that, in theory at least, cryptography provides amuch greater degree of confidentiality than does spectral-phaseO-CDMA encoding. As noted in [6], this conclusion also ap-plies in principle to any form of O-CDMA encoding that can berepresented by a linear, time-invariant transfer function.
However, the degree of confidentiality provided by spec-tral-phase encoding is certainly much greater than that pro-vided by an unencoded signaling technique such as the OOKwavelength-division-multiplexing signaling used in typicalcommercial optical networks, since the eavesdropper is forcedto implement a specialized, probably expensive, detector. Fur-thermore, if the user’s code can be changed very frequently,(e.g., at rates approaching the data rate of the user signal), theeavesdropper’s capability to use multiple-bit combining tech-niques may be seriously limited. The confidentiality obtainedfrom spectral-phase-encoded O-CDMA may be quite sufficientfor some uses, though this must be evaluated on a case-by-casebasis and must include a thorough analysis of all the details ofthe design that may affect an eavesdropper’s ability to cleanlyand accurately detect channel transmissions.9
APPENDIX
In this appendix we derive an equation governing the perfor-mance of the optical beat detector in the presence of modulateddata signals and noise. As in the main body of the paper, wemodel the total signal as a superposition of the outputs fromeach phase element filter (Fig. 5). A single channel of the op-tical beat detector in Fig. 4 selects four individual elements fromthis superposition to beat against each other. A single elementfrom the modulated data stream has the form
(A1)
where represents noise. As in (8), represents a randomdata sequence, and represents the inverse of the data rate.We model the noise as a narrow-band white Gaussian process,yielding
(A2)
where
(A3)
9These conclusions are very similar to those obtained in [6] fortime-spreading/wavelength-hopping encoding. A relative comparison ofthe confidentiality of time-spreading/wavelength-hopping encoding versusspectral-phase encoding is a topic reserved for another paper.
and and are independent bandpass white Gaussiannoise processes [14].
Consider a single channel of the beat detector with the opticalfilters in the top arm tuned to center frequencies and , andthose in the bottom tuned to center frequencies and . Theoutputs of the two photodetectors will be
(A4)
Only the cross product terms will be passed through the band-pass filters (each filter is modeled as an idealized filter with arectangular passband function, a bandwidth of , and a centerfrequency of ). After some manipulation of terms, the out-puts of the bandpass filters can be shown to be
(A5)
and
(A6)
where for notational convenience, we have defined
(A7)
1662 JOURNAL OF LIGHTWAVE TECHNOLOGY, VOL. 23, NO. 4, APRIL 2005
These two signals are then mixed together and lowpass fil-tered, producing a baseband output signal that, after some ma-nipulation, can be shown to be (within a multiplicative constant)
(A8)
where the time dependence of the random noise components(represented by capital letters A and ) has been dropped fromthe notation for compactness.
ACKNOWLEDGMENT
The author would like to thank many other staff members inthe Massachusetts Institute of Technology Lincoln Laboratory’sCommunications and Information Technology Division for theiruseful discussions concerning this work, most especially Dr. P.A. Schulz, who has had a substantial influence on the work re-ported here.
REFERENCES
[1] N. Karafolas and D. Uttamcandani, “Optical fiber code division multipleaccess networks: a review,” Opt. Fiber Technol., vol. 2, pp. 149–168,1996.
[2] K. Iverson and D. Hampicke, “Comparison and classification of all-op-tical CDMA systems for future telecommunication networks,” in Proc.SPIE, vol. 2614, 1995, pp. 110–121.
[3] L. Tancevski, I. Andonovic, and J. Budin, “Secure optical network ar-chitectures utilizing wavelength hopping/time spreading codes,” IEEEPhoton. Technol. Lett., vol. 7, no. 5, pp. 573–575, May 1995.
[4] P. Torres, L. C. G. Valente, and M. C. R. Carvalho, “Security system foroptical communication signals with fiber bragg gratings,” IEEE Trans.Microw. Theory Tech., vol. 50, no. 1, pp. 13–16, Jan. 2002.
[5] D. D. Sampson, G. J. Pendock, and R. A. Griffin, “Photonic code-divi-sion multiple-access communications,” Fiber Integr. Opt., vol. 16, pp.129–157, 1997.
[6] T. H. Shake, “Security performance of optical CDMA against eaves-dropping,” J. Lightw. Technol., vol. 23, no. 2, pp. 655–670, Feb. 2005.
[7] H. Fathallah, L. A. Rusch, and S. LaRochelle, “Passive optical fast fre-quency-hop CDMA communications system,” J. Lightw. Technol., vol.17, no. 3, pp. 397–405, Mar. 1999.
SHAKE: CONFIDENTIALITY PERFORMANCE OF SPECTRAL-PHASE-ENCODED O-CDMA 1663
[8] J. A. Salehi, A. M. Weiner, and J. P. Heritage, “Coherent ultrashortpulse code-division multiple access communication systems,” J. Lightw.Technol., vol. 8, no. 3, pp. 478–491, Mar. 1990.
[9] N. Ferguson and B. Schneier, Practical Cryptography. Indianapolis,IN: Wiley, 2003.
[10] A. M. Weiner, J. P. Heritage, and J. A. Salehi, “Encoding and decoding offemtosecond pulses,” Opt. Lett., vol. 13, no. 4, pp. 300–302, Apr. 1988.
[11] A. M. Weiner, J. P. Heritage, and E. M. Kirschner, “High-resolution fem-tosecond pulse shaping,” J. Opt. Soc. Amer. B, Opt. Phys., vol. 5, no. 8,pp. 1563–1572, Aug. 1988.
[12] A. M. Weiner, “Femtosecond pulse shaping using spatial light modula-tors,” Rev. Sci. Instrum., vol. 71, no. 5, pp. 1929–1960, May 2000.
[13] Y. Han and B. Jalali, “Photonic time-stretched analog-to-digital con-verter: Fundamental concepts and practical considerations,” J. Lightw.Technol., vol. 21, no. 12, pp. 3085–3103, Dec. 2003.
[14] J. G. Proakis, Digital Communications, 3rd ed. Boston, MA: McGraw-Hill, 1995, pp. 159–163.
[15] G. J. Miao and M. A. Clements, Digital Signal Processing and StatisticalClassification. Boston, MA: Artech House, 2002.
Thomas H. Shake (M’94) was born in Syracuse, NY,in 1957. He received the B.S. degree from SyracuseUniversity, Syracuse, NY, in 1980 and the M.S. de-gree from the University of California at Berkeley in1981, both in electrical engineering.
He has been a Member of the Technical Staff atthe Massachusetts Institute of Technology (MIT)Lincoln Laboratory, Lexington, since March 1982.He is currently assigned to the Advanced Networksand Applications Group. His work at LincolnLaboratory has included research and development
in various aspects of communication systems and data networks, includingmilitary satellite system analysis and design, interactions between space-basedand terrestrial communication networks, and network security in heteroge-neous environments. His current research interests include optical networkarchitecture, network and communications security, high-precision networktiming, and optical communication waveform design.
