Passive Optical Networks (PONs) are a promising candidate to solve the last-mile problem in access networks. By using optical fibers, PONs can offer to the subscribers higher capacity than other traditional access technologies, such as xDSL or Cable-TV, at a lower cost than FTTx solutions. As for any other access-network technology, security is a very important issue. PONs have very specific security requirements because (i) the downstream transmission channel is inherently broadcast, and (ii) malicious transmissions in the upstream channel can not be easily detected and prevented. This paper shows that malicious upstream transmissions can be used to conduct very intrusive degradation attacks upon the upstream traffic and quantifies the decrement of the upstream throughput over a PON under different scenarios of degradation attack. Further, the paper considers how the effect of a degradation attack carried on at the physical layer is greatly amplified by the TCP congestion control algorithm resulting in a strong degradation with little effort by the attacker. The attacker could then exploit bandwidth sharing mechanisms to gain an unfair amount of bandwidth. We also propose a possible mitigation strategy that pinpoints the attacker and re-establishes fairness in terms of throughput per ONU.
Degradation attacks on Passive Optical Networks
TORNATORE, MASSIMO;VERTICALE, GIACOMO
2012-01-01
Abstract
Passive Optical Networks (PONs) are a promising candidate to solve the last-mile problem in access networks. By using optical fibers, PONs can offer to the subscribers higher capacity than other traditional access technologies, such as xDSL or Cable-TV, at a lower cost than FTTx solutions. As for any other access-network technology, security is a very important issue. PONs have very specific security requirements because (i) the downstream transmission channel is inherently broadcast, and (ii) malicious transmissions in the upstream channel can not be easily detected and prevented. This paper shows that malicious upstream transmissions can be used to conduct very intrusive degradation attacks upon the upstream traffic and quantifies the decrement of the upstream throughput over a PON under different scenarios of degradation attack. Further, the paper considers how the effect of a degradation attack carried on at the physical layer is greatly amplified by the TCP congestion control algorithm resulting in a strong degradation with little effort by the attacker. The attacker could then exploit bandwidth sharing mechanisms to gain an unfair amount of bandwidth. We also propose a possible mitigation strategy that pinpoints the attacker and re-establishes fairness in terms of throughput per ONU.| File | Dimensione | Formato | |
|---|---|---|---|
|
2012_ondm.pdf
Accesso riservato
:
Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione
1.13 MB
Formato
Adobe PDF
|
1.13 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
