Secure key real-time update and dynamic DNA encryption for CO-OFDM-PON based on a hybrid 5-D chaos

Yun Wang; Yun Wang; Qi Zhang; Qi Zhang; Qi Zhang; Ran Gao; Xiangjun Xin; Xiangjun Xin; Xiangjun Xin; Rongzhen Xie; Rongzhen Xie; Jingkun Jiang; Jingkun Jiang; Feng Tian; Feng Tian; Xinying Li; Fu Wang; Fu Wang; Qinghua Tian; Qinghua Tian; Zhipei Li; Yongjun Wang; Yongjun Wang; Leijing Yang; Leijing Yang; Xiaolong Pan

doi:10.1364/OE.495626

1. Introduction

The rapid development of emerging technologies,including the Internet of Things,artificial intelligence, and virtual reality, has led to an ever-increasing demand for user bandwidth [1–5]. To accommodate this growth, passive optical network (PON) have been widely implemented due to their ability to provide high access speeds at a low cost [6]. Orthogonal frequency division multiplexing PON (OFDM-PON) is emerging as a promising candidate for next-generation PON (NG-PON) due to its benefits, including flexible time-frequency resource allocation,high spectral efficiency, and strong tolerance to dispersion [7–9]. However, due to PON’s downlink broadcasting characteristics, the system is vulnerable to attacks from unauthorized users or malevolent eavesdroppers, potentially jeopardizing user data security [10,11]. Furthermore, the high directionality of the uplink in the GPON standard requires additional channel resources for key transmission [12]. As a result, there is a need for increased collaboration to enhance the security and effectiveness of the PON system.

In the past, upper layer encryption schemes such as MAC [13–15] have been proposed. However these mechanisms only encrypt data at the upper layer, potentially exposing sensitive headers and control information [16]. Recently, physical layer security (PLS) has come to light as a potential strategy to guarantee secure OFDM-PON communication networks [17]. Among PLS schemes, chaos-based methods are of particular interest due to their unique advantages including excellent pseudo-randomness, traversal, and sensitivity to initial values and parameters [17,18]. This includes various proposed chaotic encryption methods for OFDM-PON, categorized into bit-level encryption, constellation masking,and time-frequency scrambling [19–30]. These methods include techniques such as heterodyne encryption [19], joint chaos and FrFT [20], active constellation expansion and frame interleaving [21], chaotic constellation shifting [22], controlled constellation shaping [23], chaotic probabilistic shaping [24], phase ambiguity-based constellation shifting [25], multi-domain permutation with connected dimensional transformation [26], analog-digital hybrid dual-field encryption [27] and subcarrier permutation [28–30]. Additionally, Liu et al. proposed improved DNA-encoding combined with matrix scrambling [31] and Xiao et al. introduced dual encryption using DNA encoding and QAM matrix block spiral dislocation [32] to enhance key space and improve physical layer security. However, the majority of these methods focus solely on static key pre-sharing for encryption and neglect consideration of dynamic key alternatives.

Both an efficient key distribution strategy and an encryption system are components of a comprehensive PLS technology for PON [17]. To enhance the security of OFDM-PON, how to dynamically manage key has become the main focus [17,33]. Regarding key management of the PON, there are some strategies. For example, key generation methods based on channel estimation [22,34], key distribution methods based on pre-equalization and Low Density Parity Check (LDPC) codes [35], key distribution methods based on heterogeneous operations [36], frequency-guided assisted implementation of key distribution management [37], quantum key distribution schemes [38]. However, for most traditional key management methods, plaintext and key are separate and unrelated, and additional channels are used to achieve key distribution. Moreover, the above schemes do not further investigate the update of the key and there is a service life of the key [33].

In this paper, a scheme that combines chaotic DNA encryption and dynamic key update is proposed, which balances key managenent and data encryption in coherent (CO) OFDM-PON. The internal key associated with the plaintext and external key is generated by a double key (DK) generation algorithm. Then the four-dimensional (4-D) chaotic Lü system and one-dimensional (1-D) logical mapping are employed to perform dynamic DNA encryption. The key is embedding into the pilot sequence by the specific mapping rules. It can be distributed in real-time without occupying additional secure channels. The receiver can recover key by calculating correlation of the received pilot sequence and the pre-shared pilot sequence, then carry out the data decryption. The encrypted 16QAM signal transmission is simulated and verified over an 80 km of standard single mode fiber (SSMF) in the CO-OFDM system. The results prove that the proposed scheme can improve the security performance of OFDM-PON at a low cost of transmission performance of 0.3 dB and the key can be updated and distributed in real-time without occupying additional secure channels.

2. Principle

The system structure of the encryption scheme is shown in Fig. 1. At the optical line terminal (OLT), a pseudo-random binary sequence (PRBS) is transmitted as the downstream data. An external key set $K=K_1\ldots,K_s,\ldots,K_S$ is stored locally in OLT in advance, and the value of the index S depends on the size of the storage space of the local computer and the security level of the communication system. The PRBS and the selected $K_s$ form K are combined by the hash function to generate the internal key $k_s$. Thus the $k_s$ is associated with plaintext and is live-updatable. After DK generation, the PRBS is encrypted by DNA encoding, operation and decoding under the control of chaotic sequence. The pilot sequence is inserted to the symbol matrix following serial-to-parallel (S/P) and 16QAM mapping, and the $k_s$ is embedding in pilot. After that, inverse fast fourier transform (IFFT) is performed and a cyclic prefix (CP) is added. A parallel-to-serial (P/S) conversion is followed by the channel transmission of the encrypted signal.

Fig. 1. System structure of the encryption scheme.

Download Full Size | PDF

2.1 DK real-time generation

To obtain the key associated with the plaintext, hash function is employed to generate key in real time. The hash is a linear function that converts messages of various lengths into messages of a fixed length. In this paper, we use secure hLash algorithm $(SHA)512$. At the OLT, the $K_s$ selected from $K$ and the data PRBS are combined to generate $k_{mid}$, which can be expressed as follows:

(1)$$k_{mid}=bin2dec(Extract32(joint(SHA512(K_s),SHA512(PRBS)))),$$

where $joint(A, B)$ denotes splicing of $A$ and $B$ together, $SHA512(\cdot )$ returns a hash value of 512 bits length, $Extract32(C)$ means to take the first 32 digits of $C$. $Extract32(C)$ is performed to improve the sensitivity of $k_{mid}$ to PRBS and $K_s$. The $bin2dec(\cdot )$ means to convert the binary sequence to the corresponding decimal. The $k_{mid}$ is processed by a specific mapping to obtain a internal key that satisfies the initial value condition of the hybrid 5-D chaos. The mapping relationship is given by:

(2)$$\left\{ \begin{array}{ll} k_1 = floor(mod(k_{mid},24))+1 \\ k_2=floor(mod(k_{mid},39))+1\\ k_3=floor(mod(k_{mid},59))+1\\ k_4=floor(mod(k_{mid},299))+1\\ k_5=roundn(mod(k_{mid},24)*{10}^{{-}2},-4) \end{array}, \right.$$

where $k_i(i=1,2,3,4,5)$ denotes the i-th internal key, $mod(a,m)$ returns the remainder after dividing $a$ by $m$, $floor(x)$ means to round down $x$. The $k_{mid}$ stands for the dynamic key associated with the external key and the plaintext. The $SHA512$ is extremely sensitive to the input value, and any slight difference in the input content, the calculated hash value will change dramatically. So when PRBS, $K_s$ either change, $k_s$ can be real-time updated. In addition, the external key set stored locally can be updated regularly according to the system’s level of confidentiality, which can well withstand known plaintext attacks.

2.2 Chaotic DNA encryption

The data PRBS is encrypted by dynamic diffusion based on DNA coding and a hybrid 5-D chaos as shown in Fig. 2. There are six steps to complete data encryption.

Fig. 2. The chaotic DNA dynamic encoding.

Download Full Size | PDF

Step1: Assign the values of ${k_i}$ $(i=\left \{1,2,3,4,5\right \})$ to the key matrix $[x_0,y_0,z_0,w_0,l_0]$, where $l_0$ is the key of the 1-D logistic chaotic mapping and $x_0$, $y_0$, $z_0$, $w_0$ are the keys of the 4-D hyperchaotic Lü system.

Step2: Generate the mapping binary sequence ${L_n}$ based on the 1-D logistic chaotic mapping, whose iterative formula is as follows:

(3)$$l_{n+1}=\mu*l_n(1-l_n),$$

where $l_i\in (0, 1)$, $i=1, 2, \ldots, n$, When $\mu \in [3.569945627,4]$, the sequence ${l_n }$ is in chaotic state. In this paper, $\mu$ is taken as 3.99. To obtain a chaotic sequence with better randomness, the first 2000 terms are removed. The ${l_n }$ is transformed into a binary sequence ${L_n }$ by Eq. (4).

(4) $$L_n=floor(mod(l_n*10^4,2)).$$

Step3: A 4-D hyperchaotic Lü system is used to produce chaotic sequences $\left \{x_n\right \}$, $\left \{y_n\right \}$, $\left \{z_n\right \}$, $\left \{w_n\right \}$ with the following expressions.

(5)$$\left\{ \begin{array}{ll} \dot x = a*(y-x)+w \\ \dot y={-}x*z + c*y\\ \dot z =x*y-b*z\\ \dot w =x*z + d*w \end{array}, \right.$$

where $x$, $y$, $z$, $w$ are state variables, $a$, $b$, $c$ are parameters of the system, and $d$ is the control gain parameter. When $a=36$, $b=3$, $c=20$, $-0.35<d\leq 1.30$, the system is in a hyperchaotic state [39]. When taking $d=1.2$ and ($x_0$, $y_0$, $z_0$, $w_0$) is taken as (13, 13, 34, 125), the chaotic phase factor diagram of the hyperchaotic system is shown in Fig. 3. It can be seen that the chaotic system has extremely fine phase space mixing, which presents complex chaotic dynamics behavior and pseudo-randomness.

Fig. 3. The chaotic phase factor illustration of (a) $x-z$, (b) $x-w$, (c) $x-y-w$, and (d) $x-y-z$.

Download Full Size | PDF

Step4: $\left \{PRBS\right \}$ and $\left \{L_n\right \}$ are DNA encoded under the control of chaotic sequences $\left \{{x_n}^{'}\right \}$ and $\left \{{y_n}^{'}\right \}$. Encoding results are noted as $\left \{base1\right \}$, $\left \{base2\right \}$.

(6)$$\left\{ \begin{array}{ll} base1=code(PRBS,{x_n}^{'}) \\ base2=code(L_n,{y_n}^{'}) \end{array}, \right.$$

where $code(a,n)$ means that $a$ is converted into a base by selecting the n-th mapping rule according to the DNA coding rules. $\left \{{x_n}^{'}\right \}$ and $\left \{{y_n}^{'}\right \}$ are positive integer random sequences of $[1,8]$, which is obtained by Eq. (7).

(7)$$\left\{ \begin{array}{ll} {x_n}^{'}=floor(mod(x_n*10^4,8))+1\\ {y_n}^{'}=floor(mod(y_n*10^4,8))+1 \end{array}. \right.$$

Chaotic DNA coding method, specifically, is based on the biological principle of A-T complementary and G-C complementary of base pairing rules, and the idea of 0 and 1 complementary in binary numbers. Two binary numbers are encoded into one base, and there are eight DNA coding rules satisfying the complementary rules. The mapping rules are shown in Table 1.

Table 1. Coding and decoding rules of chaotic DNA.

View Table | View all tables in this article

Step5: The DNA sequences $\left \{base1\right \}$ and $\left \{base2\right \}$ are operated under the control of the chaotic sequence $\left \{{z_n}^{'}\right \}$, and the operation result is written as $\left \{base3\right \}$ .

(8)$$base3=DNAope(base1,base2,{z_n}^{'}),$$

where $DNAope(a, b, n)$ denotes the operation of $a$ and $b$ by selecting the n-th operation rule according to the DNA operation rules. The $\left \{{z_n}^{'}\right \}$ is a positive integer random sequence of $[1,3]$, which is obtained by Eq. (9).

(9)$${z_n}^{'}= floor(mod(z_n*10^4,3))+1.$$

Specifically, there are three kinds of DNA operation rules which include addition, subtraction and $XOR$. The operation rules are shown in Table 2.

Table 2. DNA base operation rules.

View Table | View all tables in this article

Step6: $\left \{base3\right \}$ is DNA decoded under the control of chaotic sequence $\left \{{w_n}^{'}\right \}$, and the encoding result is written as $\left \{encry_{bit}\right \}$.

(10)$$encry_{bit}=decode(base3,{w_n}^{'}),$$

where $decode(r,n)$ means that $r$ is converted into binary sequence by selecting the n-th mapping rule based on DNA decoding rules as shown in Table 1. The $\left \{{w_n}^{'}\right \}$ is a positive integer random sequence of $[1,8]$, which is obtained by Eq. (11).

(11)$${w_n}^{'}=floor(mod(w_n*10^4,8))+1.$$

2.3 Secure key hidden distribution

Figure 4 illustrates the principle of key hidden distribution. The pilot sequence $P_s$ are stored locally and pre-shared with the ONU. At the OLT side, The key embedding is realized by segmentally rotating the coordinates of the local pilot signal constellation points. Rotation angle is determined by the internal key $k_s$. Each $G$ consecutive $P_s$ is used to embed a 1-bit key, and the embedding process is as follows:

(12)$$P_{s,key_{G\times1}}^T=P_{s_{G\times1}}\times\exp(jk_s\pi)=\left( \begin{array}{cc} P_{s_i}\times\exp(jk_s\pi) \\ P_{s_{i+1}}\times\exp(jk_s\pi)\\ \cdot{\cdot}\cdot\\ P_{s_{i+G+1}}\times\exp(jk_s\pi) \end{array} \right),$$

where $P_{s_i}$ represents the i-th constellation point of $P_s$, $i\in \left \{1,G+1,3G+1,\ldots,(M-1)G+1\right \}$, $M$ is bit length of the key $k_s$ to be distributed. Since $k_s\in \left \{0,1\right \}$ and phase flip $0^{\circ }$ or $\pi$, every $G$ $P_s$ embedded with 1-bit key is converted to $P_{s,key}^T\in \left \{P_s,-P_s\right \}$. In order to embed all keys, $P_s$ of length $N$ are divided into $M$ segments, so $N=G*M$. If $N$ is fixed, the smaller $G$ is, the more key information can be embedded. But the smaller the segmentation gap is, the lower the correlation judgment accuracy is. In order to improve the accuracy of $k_s$ extraction at the ONU side, $G$ pilot signals are used to embed 1bit $k_s$, so $G$ is defined as the correlation redundancy.

Fig. 4. The Schematic diagram of secure key hidden distribution.

Download Full Size | PDF

After passing through the fiber channel, the pilot $P_{s,key}^T$ carrying the key is written as $P_{s,key}^R$ at the receiver side. At the ONU side, the correlation coefficient $\rho$ between $P_s$ and $P_{s,key}^R$ is calculated to recovery the key. The key is decided according to the positive or negative of $\rho$, the specific algorithm is as follows:

(13)$$\left\{ \begin{array}{ll} k_s^R=0,\rho \left(P_{s,key_{G\times1}}^R,P_{s_{G\times1}}\right)>0 \\ k_s^R=1,\rho \left(P_{s,key_{G\times1}}^R,P_{s_{G\times1}}\right)\leqslant0\\ \end{array}, \right.$$

where $k_s^R$ is the recovered key from the receiver and the correlation coefficient $\rho$ is defined as:

(14)$$\rho(A,B)=\frac{1}{G-1}\sum_{i=1}^{G}(\frac{\overline{A_i-\mu_A}}{\sigma_A})(\frac{B_i-\mu_B}{\sigma_B}),$$

where $G$ is the correlation redundancy, $\mu _A$ and $\sigma _A$ are the mean and standard deviation of $A$, and $\mu _B$ and $\sigma _B$ are the mean and standard deviation of $B$, respectively. After the receiver correctly extracts the key, the extracted key $k_s^R$ and $P_s$ are used to reconstruct the pilot $P_{s,key}^T$ according to the key embedding rules. Finally, channel estimation, demodulation and decryption are performed.

To recover the key correctly, it is crucial to determine the positive and negative of $\rho$ between the received pilot and the local pilot. According to the principle of key recovery, the key may be extracted correctly only when the polarity of $P_{s,key}^R$ has not changed completely. However, in practice channel noise may result in difference between $P_{s,key}^T$ and $P_{s,key}^R$. The received pilot can be expressed by Eq. (15).

(15)$$P_{s,key}^R=H*P_{s,key}^R+A_n,$$

where $H$ is the channel matrix and $A_n$ is the noise caused by the channel. According to Eq. (12), Eq. (15) can be expressed as:

(16)$$P_{s,key}^R=H*({\pm} P_s)+A_n,$$

(17)$$\\ \rho \left(P_{s,key_{G\times1}}^R,P_{s_{G\times1}}\right)=\rho \left({\pm} H*P_{s_{G\times1}}+A_n,P_{s_{G\times1}}\right),$$

from Eq. (17), it can be seen that the $\rho$ is related to $G$ and $A_n$. Combined with the definition of $G$, the effect of $A_n$ on $\rho$ can be eliminated when G is taken to a certain value. The Eq. (17) can be rewritten as:

(18)$$\rho \left(P_{s,key_{G\times1}}^R,P_{s_{G\times1}}\right)\approx\rho \left({\pm} H*P_{s_{G\times1}},P_{s_{G\times1}}\right),$$

Equation (18) indicates that $\rho$ is not affected by noise. When we find the appropriate $G$, the key can be recovered correctly according to Eq. (13).

3. Simulation setup

The simulation device of the proposed scheme is built on the VPItransmissionMaker software based on the CO-OFDM-PON system, as shown in Fig. 5. At the OLT, a PRBS with length of $9.92 \times 10^4$ is input. After encryption, S/P and 16QAM mapping, the encrypted bitstream is converted into a 248$\times$100 symbol matrix. The IFFT/FFT length is 256, where 248 subcarriers carry the encrypted information, 5 are used to carry the pilots inserted the key and the rest are supplemented with zeros. A CP of length 1/4 of IFFT is introduced to serve as a protection interval,. After P/S, the OFDM symbol carrying the key is imported into the pulse generator to realize digital-to-analog conversion(DAC). The effective bit rate is 46.5 Gb/s(15GSa/s$\times$ 4 $\times$ 248/256/(1+1/4)). The OFDM signal is sent to the Machzendar modulator (MZM) for IQ modulation. A continuous wave (CW) laser with a linewidth of 100 kHz, output power of 14 dBm, and a center wavelength of 1550 nm serves as the optical source. The optical signal is then sent across SSMF following optical amplification. The optical power of received signal can be adjusted at the ONU using a variable optical attenuator (VOA). The received signal is injected into the coherent receiver for coherent detection. The output signal of the coherent receiver is sampled and discretized by the oscilloscope to perform the analog-to-digital conversion (ADC), and then the output signal is processed offline in matlab, including S/P, de-CP, FFT, pilot and key recovery, channel estimation, QAM demapping, and signal decryption.

Fig. 5. The simulation setup of the proposed encryption scheme for CO-OFDM-PON.

Download Full Size | PDF

4. Results and discussions

4.1 Security performance

To evaluate the security performance of the proposed secure strategy, it is necessary to discuss the initial value sensitivity and the key space size. Firstly, the initial value sensitivity of the hybrid 5-D chaotic system is verified. Figure 6 shows the results of the chaotic sequence with the number of iterations under different initial values. In Fig. 6 (a), we set $l_0$ to 0.234544374632765 and 0.234544374632766 respectively while keeping the other parameters constant. In Fig. 6 (b), we only change $x_0$ and the other parameters remain the same. As shown in Fig. 6, when the initial value of 1-D logistic mapping changes by a magnitude of $\triangle l_0=10^{-15}$, there is essentially no overlap of chaotic sequence values. Figure 6 (b) shows that chaotic sequence values changes completely when the initial value of 4-D chaotic Lü system changes by $\triangle x_0=10^{-13}$ magnitude. There is no valid information to be recovered even if offenders use the key with a slight change to decrypt the signal, which effectively enhances the security of data transmission.

Fig. 6. The initial value sensitivity of hybrid 5-D chaotic system when the initial value changes slightly (a) 1-D logistic mapping when $\triangle l_0=10^{-15}$; (b) 4-D chaotic Lü system when $\triangle x_0=10^{-13}$.

Download Full Size | PDF

Secondly, how well the system can defend against eavesdropping attempts is directly related to the key space size. The bigger the key space, the greater the resistance to illegal attackers. The DK consists of the external key and the internal key. The parameters and initial values of the 5-D chaotic system are the internal key and are denoted by ($\mu$, $l_0$, $x_0$, $y_0$, $z_0$, $w_0$, $d$), ranging from (3.569945627, 4), (0, 1), (-25, 25), (-40, 40), (0, 60), (-200, 300), (-0.35, 1.3), respectively. Considering only 10 digits, the size of the internal key space is 8.514$\times$ $10^{102}$. The entropy of this system is about 341.93, which is high enough to fend off any brute-force attack by unauthorized intruders. Additionally, the external key set $K=K_1\ldots,K_s,\ldots,K_S$ is prestore in OLT locally, which expands the key space to $(8.514\times 10^{102})^S$. It presents that the DK update mechanism improves the security of the system.

Furthermore, to verify the correlation of DK with the plaintext, we slightly changed the plaintext and extracted the 14-th digit of the chaotic sequence for comparison. Figure 7 shows the chaotic values between 1100 and 1200 iterations in different dimensions. In the first dimension, for example, when the plaintext is slightly changed, the two color lines correspond to significantly different values at the same position. It proves that the chaotic sequences are entirely changed. Due to the natural advantage of real-time changes in plaintext, the key is also dynamic and updated in real time. Therefore, the security of the system is enhanced further.

Fig. 7. The 14-th digit of the chaotic sequence following 1-bit change in plaintext.

Download Full Size | PDF

4.2 Key extraction performance

The bit error rate (BER) of key extraction with different $G$ against various optical signal to noise ratio (OSNR) is shown in Fig. 8. We can see that with OSNR increasing, the BER approaches to zero. At low OSNR, the key BER curves fluctuate greatly when $G$ is small, and stably recovering the key is challenging. When $G \geqslant$ 7, the key BER is 0 regardless of the value of OSNR and all the key are correctly recovered. According to Eq. (17), the reason for this is that the signal is affected by the noise in the channel, which makes the phase of the pilot frequency signal change. Combined with Eq. (12), the key is precisely hidden in the phase of the pilot signal for secret transmission. The larger the value of $G$, the greater the CR and the more pilot signals are used to transmit a one-bit key. Therefore, the effect from channel noise can be eliminated by choosing a suitable $G$. Table 3 shows the OSNR tolerance value for key extraction under different $G$. We can see that with $G$ increasing, the OSNR tolerance decreases. In other words, a smaller OSNR is needed to guarantee that the BER of key is 0. However, the corresponding key transmission rate will also be reduced. In summary, in order to resist the effect of channel noise, the CR among the pilot sequence should be over 7.

Fig. 8. The BER curves of key extraction with different G under different OSNR.

Download Full Size | PDF

Table 3. OSNR tolerance value for key extraction under different G.

View Table | View all tables in this article

4.3 Transmission performance

In the OFDM systems, average power ratio (PAPR) is an important system performance metric [40]. Therefore, we tested the complementary cumulative distribution function (CCDF) of PAPR after security enhancement of OFDM signals. Figure 9 (a) illustrates the CCDF curves of the PAPR of the encrypted and original 16QAM signals under different G. It shows that the CCDF curves of the encrypted 16QAM and the original largely overlap. This proves that the proposed encryption strategy almost has no impact on the PAPR performance of the signal. Meanwhile, the CCDF curves of the encrypted signals with different values of G are also tightly fit together, which indicates that the proposed key distribution scheme does not negatively affect the performance of the encrypted signals, and the key distribution scheme can be well compatible with the chaotic encryption scheme.

Fig. 9. (a) The CCDF curves of the encrypted and original signals, (b) the BER curves for legitimate and illegitimate ONUs with OSNR.

Download Full Size | PDF

The BER curves for legitimate and illegitimate ONUs with OSNR are displayed in Fig. 9 (b). It shows that for the illegal ONU, the BER is always maintained at around 0.5, which proves that the encrypted signal cannot be decrypted correctly. For both the original and encrypted signals, the OSNR sensitivities required to achieve a BER at the forward error correction (FEC) threshold ($3.8\times 10^{-3}$) are approximately 21.3 dB and 21.6 dB, respectively, in a back-to-back (BTB) transmission setup. When considering 80km SSMF transmission, these sensitivities exhibit a slight increase to approximately 21.7 dB for the original signal and 22 dB for the encrypted signal. For legal ONU, when the OSNR is greater than 22 dB, the BER can be achieved below FEC threshold. The encrypted data can be recovered correctly. However, the encrypted signal introduces an OSNR loss of about 0.3 dB compared to the original signal. This loss is mainly caused by chaotic DNA encryption. According to the DNA coding principle, every two bits are mapped into one base. The encrypted bit signal is affected by the neighboring bit, which leads to an error propagation at the receiver side. The constellation diagrams of received by the illegal ONU and decryped by the legal ONU are presented by the illustration in Fig. 9 (b). Comparing the two constellation illustrations, it shows that the unlawful user can get the constellation diagram by decision, but cannot recover the valid information due to the incorrect key being used and the inability to recover the correct pilot sequence. This demonstrates that the proposed secure strategy can achieve security enhancement of CO-OFDM-PON system.

Table 4 presents a comparative analysis of the scheme. Compared with the bit-level encryption schemes [31,32,41] that use DNA encoding, our approach offers distinct advantages. Firstly, we introduce a key management scheme within the encryption process, thereby expanding the application scope. Secondly, we achieve efficient key storage utilization through a dual-key mechanism, allowing for adaptable key space based on the system’s security requirements. Furthermore, in comparison to the scheme involving chaotic constellation transformation and pilot-aided secure key agreement [37], our proposed scheme exhibits a minor reduction in transmission performance. However, it substantially enhances security by significantly increasing the key space, thereby reinforcing the overall security performance of the system.

Table 4. Scheme comparison analysis

View Table | View all tables in this article

Moreover, the computational complexity of the proposed scheme is evaluated as shown in Table 5. The complexity is mainly divided into five parts: (1) key generation, (2) chaotic system, (3) scrambling sequence generation, (4) DNA encoded encryption, and (5) secure key hidden distribution. Assuming that an OFDM symbol is to be encrypted and the distributed key length is M, the complexities of each part are summarized in Table 5. It is worth noting that in practical applications, there is no need to frequently iterate Eq. (3) and (5) or update scrambling sequence frequently unless the security keys have changed at the OLT. Therefore, the major computational complexity arises from the system-level encryption.

Table 5. Computational Complexity of Encryption in Each OFDM Symbol

View Table | View all tables in this article

In addition, in order to qualitatively assess the anti-statistical analysis attack capability of the secure system, an encrypted transmission of the parrot "coco" is attempted. Figure 10 (a) displays the image and histogram of the original data, and Fig. 10 (b) and Fig. 10 (c) show the images and histograms received by the legal and illegal ONU ends, respectively. From the Fig. 10, it can be observed that the received image and histogram at the legal ONU side are almost the same as the original data and the data values of the histogram are not evenly distributed. However, for the illegal ONU side the received image is completely blurred and the corresponding gray value data of the histogram is evenly distributed. This shows that the proposed encryption strategy can successfully fend off attacks using statistical analysis.

Fig. 10. Images and histograms of (a) original data, (b) received data at the legal ONU, and (c) received data at the illegal ONU.

Download Full Size | PDF

5. Conclusion

To achieve security enhancement of CO-OFDM-PON, a new scheme has been proposed that combines DK real-time generation, chaotic DNA encryption and key distribution. Service life of the key in the system have been improved due to the real-time characteristic of the DK, which greatly enhances the randomness of DNA encryption. By converting key to phase information of the pilot, the key can be transmitted together with the secure data without taking additional channel resources and degrading the symbol rate. We have demonstrated the performance of the proposed scheme on a 46.5 Gb/s encrypted 16QAM CO-OFDM-PON simulation system over 80 km SSMF transmission. The results prove that the PAPR is not decreased and the encrypted signal can be recovered correctly at a low OSNR loss of 0.3 dB. The 0 BER of key can be achieved when $G\geqslant 7$ and the key space is greatly expanded to $(8.514\times 10^{102})^S$. The results show that the proposed scheme offers a secure and dependable way to achieve the secure transmission of CO-OFDM system.

Funding

The State Key Program of National Natural Science of China (Grant No. 61835002) (Grant No. 61835002); the Funds for Creative Research Groups of China (Grant No. 62021005) (Grant No. 62021005).

Disclosures

The authors declare no conflicts of interest.

Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

References

1. T. Mai, H. Yao, N. Zhang, L. Xu, M. Guizani, and S. Guo, “Cloud mining pool aided blockchain-enabled internet of things: An evolutionary game approach,” IEEE Trans. Cloud Comput. 11(1), 692–703 (2021). [CrossRef]

2. Y. Gong, H. Yao, D. Wu, W. Yuan, T. Dong, and F. R. Yu, “Computation offloading for rechargeable users in space-air-ground networks,” IEEE Trans. Veh. Technol. 72(3), 3805–3818 (2022). [CrossRef]

3. S. Ma, H. Yao, T. Mai, J. Yang, W. He, K. Xue, and M. Guizani, “Graph convolutional network aided virtual network embedding for internet of thing,” IEEE Trans. Netw. Sci. Eng. 10(1), 265–274 (2023). [CrossRef]

4. F. Chai, Q. Zhang, H. Yao, X. Xin, R. Gao, and M. Guizani, “Joint multi-task offloading and resource allocation for mobile edge computing systems in satellite iot,” IEEE Trans. Veh. Technol. 72(6), 7783–7795 (2023). [CrossRef]

5. F. Wang, H. Yao, Q. Zhang, J. Wang, R. Gao, D. Guo, and M. Guizani, “Dynamic distributed multi-path aided load balancing for optical data center networks,” IEEE Trans. Netw. Serv. Manage. 19(2), 991–1005 (2022). [CrossRef]

6. L. G. Kazovsky, W.-T. Shaw, D. Gutierrez, N. Cheng, and S.-W. Wong, “Next-Generation Optical Access Networks,” J. Lightwave Technol. 25(11), 3428–3442 (2007). [CrossRef]

7. J. Armstrong, OFDM for Optical Communications (IEEE, 2009), pp. 189–204.

8. L. Zhang, X. Xin, B. Liu, J. Yu, and Q. Zhang, “A novel ECDM-OFDM-PON architecture for Next-Generation optical access network,” Opt. Express 18(17), 18347–18353 (2010). [CrossRef]

9. E. Wong, “Next-Generation Broadband Access networks and Technologies,” J. Lightwave Technol. 30(4), 597–608 (2012). [CrossRef]

10. A. Teixeira, A. Vieira, J. Andrade, A. Quinta, M. Lima, R. Nogueira, P. Andre, and G. Tosi Beleffi, “Security issues in optical networks physical layer,” in 2008 The 10th Anniversary International Conference on Transparent Optical Networks, (IEEE, Athens, Greece, Jun., 2008), pp. 123–126.

11. L. Zhang, X. Xin, B. Liu, and J. Yu, “Physical-enhanced secure strategy in an OFDM-PON,” Opt. Express 20(3), 2255–2265 (2012). [CrossRef]

12. C. Mendonccca, M. Lima, and A. Teixeira, “Security issues due to reflection in PON physical medium,” in 2012 14th International Conference on Transparent Optical Networks (ICTON), (IEEE, Coventry, UK, Jul., 2012), pp. 1–4.

13. M. Hossen, K.-D. Kim, and Y. Park, “Synchronized Latency Secured MAC protocol for PON based large sensor network,” in 2010 The 12th International Conference on Advanced Communication Technology (ICACT), (IEEE, Gangwon, Korea (South), Feb., 2010), pp. 1528–1532.

14. M. C. Yuang, P.-L. Tien, D.-Z. Hsu, S.-Y. Chen, C.-C. Wei, J.-L. Shih, and J. Chen, “A High-Performance OFDMA PON System Architecture and Medium Access Control,” J. Lightwave Technol. 30(11), 1685–1693 (2012). [CrossRef]

15. S.-S. Roh and S.-H. Kim, “Security model and authentication protocol in epon-based optical access network,” in 2003 The 5th International Conference on Transparent Optical Networks, (IEEE, Warsaw, Poland, Jul., 2003), pp. 99–102.

16. K. Zhang, J. Zhang, G. Gao, and A. Fei, “Physical Layer Security Based on Chaotic Spatial Symbol Transforming in Fiber-Optic Systems,” IEEE Photonics J. 10(3), 1–10 (2018). [CrossRef]

17. R. Melki, H. N. Noura, M. M. Mansour, and A. Chehab, “A survey on OFDM physical layer security,” Physical Communication 32, 1–30 (2017). [CrossRef]

18. N. Li, H. Susanto, B. Cemlyn, I. D. Henning, and M. J. Adams, “Secure communication systems based on chaos in optically pumped spin-VCSELs,” Opt. Lett. 42(17), 3494–3497 (2017). [CrossRef]

19. P. Cao, X. Hu, J. Wu, L. Zhang, X. Jiang, and Y. Su, “Physical Layer Encryption in OFDM-PON Employing Time-Variable Keys From ONUs,” IEEE Photonics J. 6(2), 1–6 (2014). [CrossRef]

20. L. Deng, M. Cheng, X. Wang, H. Li, M. Tang, S. Fu, P. Shum, and D. Liu, “Secure OFDM-PON System Based on Chaos and Fractional Fourier Transform Techniques,” J. Lightwave Technol. 32(15), 2629–2635 (2014). [CrossRef]

21. J. Zhong, X. Yang, and W. Hu, “Performance-Improved Secure OFDM Transmission Using Chaotic Active Constellation Extension,” IEEE Photonics Technol. Lett. 29(12), 991–994 (2017). [CrossRef]

22. A. Sultan, X. Yang, A. A. E. Hajomer, and W. Hu, “Chaotic Constellation Mapping for Physical-Layer Data Encryption in OFDM-PON,” IEEE Photonics Technol. Lett. 30(4), 339–342 (2018). [CrossRef]

23. Z. Zhang, Y. Luo, C. Zhang, X. Liang, M. Cui, and K. Qiu, “Constellation Shaping Chaotic Encryption Scheme with Controllable Statistical Distribution for OFDM-PON,” J. Lightwave Technol. 40(1), 14–23 (2022). [CrossRef]

24. J. Ren, B. Liu, D. Zhao, S. Han, S. Chen, Y. Mao, Y. Wu, X. Song, J. Zhao, X. Liu, and X. Xin, “Chaotic constant composition distribution matching for physical layer security in a PS-OFDM-PON,” Opt. Express 28(26), 39266–39276 (2020). [CrossRef]

25. J. Wang, Z. Li, Q. Zhang, X. Pan, R. Gao, X. Xin, H. Yao, F. Tian, Q. Tian, and Y. Wang, “Chaotic physical layer encryption scheme based on phase ambiguity for a DMT system,” Opt. Express 30(9), 14782–14797 (2022). [CrossRef]

26. B. Liu, L. Zhang, X. Xin, and Y. Wang, “Physical Layer Security in OFDM-PON Based on Dimension-Transformed Chaotic Permutation,” IEEE Photonics Technol. Lett. 26(2), 127–130 (2014). [CrossRef]

27. M. Cheng, L. Deng, X. Gao, H. Li, M. Tang, S. Fu, P. Shum, and D. Liu, “Security-Enhanced OFDM-PON Using Hybrid Chaotic System,” IEEE Photonics Technol. Lett. 27(3), 326–329 (2015). [CrossRef]

28. M. Cheng, L. Deng, X. Wang, H. Li, M. Tang, C. Ke, P. Shum, and D. Liu, “Enhanced Secure Strategy for OFDM-PON System by Using Hyperchaotic System and Fractional Fourier Transformation,” IEEE Photonics J. 6(6), 1–9 (2014). [CrossRef]

29. J. Li, Y. Zeng, S. Chen, and J. Chen, “Modified Hénon map generated chaotic pseudorandom-bit sequences and performance analysis,” IEEE Photonics J. 60(6), 060508 (2011). [CrossRef]

30. M. Bi, X. Fu, X. Zhou, L. Zhang, G. Yang, X. Yang, S. Xiao, and W. Hu, “A Key Space Enhanced Chaotic Encryption Scheme for Physical Layer Security in OFDM-PON,” IEEE Photonics J. 9(1), 1–10 (2017). [CrossRef]

31. X. Song, B. Liu, H. Zhang, R. Ullah, Y. Mao, J. Ren, S. Chen, J. Zhang, J. Zhao, S. Han, X. Liu, D. Zhao, and X. Xin, “Security-enhanced OFDM-PON with two-level coordinated encryption strategy at the bit-level and symbol-level,” Opt. Express 28(23), 35061–35073 (2020). [CrossRef]

32. Y. Xiao, Y. Chen, C. Long, J. Shi, J. Ma, and J. He, “A Novel Hybrid Secure Method Based on DNA Encoding Encryption and Spiral Scrambling in Chaotic OFDM-PON,” IEEE Photonics J. 12(3), 1–15 (2020). [CrossRef]

33. D. Forsberg, “Lte key management analysis with session keys context,” Comput. Commun. 33(16), 1907–1915 (2010). [CrossRef]

34. Y. Peng, P. Wang, W. Xiang, and Y. Li, “Secret Key Generation Based on Estimated Channel State Information for TDD-OFDM Systems Over Fading Channels,” IEEE Trans. on Wirel. Commun. 16(8), 5176–5186 (2017). [CrossRef]

35. A. Mazin, K. Davaslioglu, and R. D. Gitlin, “Secure key management for 5g physical layer security,” in 2017 IEEE 18th Wireless and Microwave Technology Conference (WAMICON), (IEEE, Cocoa Beach, FL, USA, 2017), pp. 1–5.

36. Y. M. Al-Moliki, M. T. Alresheedi, and Y. Al-Harthi, “Robust Key Generation From Optical Ofdm Signal in Indoor VLC Networks,” IEEE Photonics Technol. Lett. 28(22), 2629–2632 (2016). [CrossRef]

37. W. Zhang, C. Zhang, C. Chen, and K. Qiu, “Experimental Demonstration of Security-Enhanced OFDMA-PON Using Chaotic Constellation Transformation and Pilot-Aided Secure Key Agreement,” J. Lightwave Technol. 35(9), 1524–1530 (2017). [CrossRef]

38. X. Yu, Y. Liu, X. Zou, Y. Cao, Y. Zhao, A. Nag, and J. Zhang, “Secret-Key Provisioning With Collaborative Routing in Partially-Trusted-Relay-based Quantum-Key-Distribution-Secured Optical Networks,” J. Lightwave Technol. 40(12), 3530–3545 (2022). [CrossRef]

39. A. Chen, J. Lu, J. Lü, and S. Yu, “Generating hyperchaotic Lü attractor via state feedback control,” Phys. A 364, 103–110 (2006). [CrossRef]

40. H. Ochiai and H. Imai, “On the distribution of the peak-to-average power ratio in ofdm signals,” IEEE Trans. Commun. 49(2), 282–289 (2001). [CrossRef]

41. L. Liu, X. Tang, X. Jiang, Z. Xu, F. Li, Z. Li, H. Huang, P. Ni, L. Chen, L. Xi, and X. Zhang, “Physical layer encryption scheme based on cellular automata and dna encoding by hyper-chaos in a co-ofdm system,” Opt. Express 29(12), 18976–18987 (2021). [CrossRef]

Schemes	Key Space	Transmission Performance	Key Management	Data Encryption
DNA Encoding Encryption and Spiral Scrambling [32]	$1 \times 10^{135}$	gain		✓
CA-aided DNA encryption [41]	$2 \times 10^{138}$	loss		✓
Improved DNA encoding encryption at the bit-level [31]	$10 \times 10^{154}$	No impact		✓
Chaotic Constellation Transformation and Pilot-Aided Secure Key Agreemen [37]	$(4 \times 10^{30})^{S}$	No impact	$✓$	✓
The proposed scheme	$(8.514 \times 10^{102})^{S}$	loss	$✓$	✓

	Part (1)	Part (2)	Part (3)	Part (4)	Part (5)
multiplication	33	54	5	0	(4G+1)M
addition	35	53	4	4	3GM
floor( $\cdot$ )	4	0	5	0	0
mod( $\cdot$ )	5	0	5	0	0
SHA512( $\cdot$ )	2	0	0	0	0
roundn( $\cdot$ )	1	0	0	0	0

Schemes	Key Space	Transmission Performance	Key Management	Data Encryption
DNA Encoding Encryption and Spiral Scrambling [32]	$1 \times 10^{135}$	gain		✓
CA-aided DNA encryption [41]	$2 \times 10^{138}$	loss		✓
Improved DNA encoding encryption at the bit-level [31]	$10 \times 10^{154}$	No impact		✓
Chaotic Constellation Transformation and Pilot-Aided Secure Key Agreemen [37]	$(4 \times 10^{30})^{S}$	No impact	$✓$	✓
The proposed scheme	$(8.514 \times 10^{102})^{S}$	loss	$✓$	✓

	Part (1)	Part (2)	Part (3)	Part (4)	Part (5)
multiplication	33	54	5	0	(4G+1)M
addition	35	53	4	4	3GM
floor( $\cdot$ )	4	0	5	0	0
mod( $\cdot$ )	5	0	5	0	0
SHA512( $\cdot$ )	2	0	0	0	0
roundn( $\cdot$ )	1	0	0	0	0

Secure key real-time update and dynamic DNA encryption for CO-OFDM-PON based on a hybrid 5-D chaos

Abstract

1. Introduction

2. Principle

2.1 DK real-time generation

2.2 Chaotic DNA encryption

2.3 Secure key hidden distribution

3. Simulation setup

4. Results and discussions

4.1 Security performance

4.2 Key extraction performance

4.3 Transmission performance

5. Conclusion

Funding

Disclosures

Data availability

References

Data availability

Cited By

Figures (10)

Tables (5)

Equations (18)

Optics Express

G-value	2	3	4	5	6	7	8
OSNR tolerance (dB)	21	19	17	11	10	10	10

G-value	2	3	4	5	6	7	8
OSNR tolerance (dB)	21	19	17	11	10	10	10