Research on Integrated Security Scheme over EPON
|School||East China Jiaotong University|
|Course||Communication and Information System|
|Keywords||Ethernet passive optical network bilateral authentication timestamp-basedencryption algorithm multi-service classification encryption|
With the advance of Triple Play, EPON, as representative of PON, is considered as oneof the best access means because of its broad bandwidth, low costs and simple structure.However, due to its point-to-multi-point topology, downlink data are broadcasted. Also, itsframes are transparent, causing the safety threats. If not solved well, these problems couldhinder the massive deployment of EPON.On the basis of principle, structure and research status of EPON, this thesis analyzed theexisting authentication and encryption schemes. The defects in these schemes were stated andthe solutions were given. To prevent masquerading, a bilateral authentication methodembedded with key exchange protocol was presented, using elliptic curve digital signaturealgorithm to verify OLT and ONUs. Meanwhile, the adoption of Diffie-Hellman keyexchange protocol can safely transmit session key. Based on ONUs ranging and pollingbandwidth allocation, two encryption algorithms using timestamp were given to avoideavesdropping. The first one combining timestamp with session key and using Hash function,the output message digest is used as the initial key of AES algorithm. The second one embedstimestamp into the key expansion of AES. Both schemes can update and synchronizeencrypting keys safely by adopting timestamp, thus, enhancing the system security. Thesecurity problems under multi-service circumstance are discussed, which are the safety of allservices in the network cannot be guaranteed by using only one encryption algorithm.Therefore, a scheme is proposed to classify services and assembly the same security levelones to decrease the consumption of system resources as possible. Finally, the schemesmentioned above were simulated by programming and OPNET, the experiment results provedthe feasibility of them.