Secure key generation and distribution scheme based on historical fiber channel state information with LSTM

Danyang Wang; Hongxiang Wang; Yuefeng Ji

doi:10.1364/OE.510433

1. Introduction

The rapid development of civil and commercial communication has significantly increased the demand for data transmission in recent years, and optical fiber communication has attracted attention because of its large capacity and long distance transmission. The continued growth of traffic raises security concerns [1]. Optical fibers are vulnerable to eavesdropping, residual crosstalk and other threats [2,3]. Secure key generation and distribution (SKGD) provide security for secret data transmission over optical fiber links. Physical layer security is the foundation of overall network security making the overall security of the network more stable and reliable. The physical layer level eavesdropping attacks are more suitable to be directly and efficiently solved using physical layer methods. In traditional physical-layer encryption methods, quantum key distribution can provide a high level of security [4,5], but its key rate is limited by single-photon detection, and the cost is high and the distance is limited. Key distribution based on chaotic systems is difficult to implement due to the strong limitations of deploying consistent chaotic systems [6,7]. The security key distribution mechanism of the physical-layer has aroused the interest of researchers recently.

Physical-layer SKGD (PL-SKGD) schemes based on fiber channel characteristic fluctuations are considered to have high security where channel reciprocity is used to ensure key consistency through two-way transmission between legitimate users. The sources of random entropy for symmetric keys originate from fluctuations in shared channel characteristics, including (i) phase fluctuation between orthogonal polarization modes in the delay interferometer (DI) [8], (ii) combination of polarization mode dispersion and local fiber [9,10], and (iii) phase fluctuations in Mach-Zehnder interferometers (MZIs) [11], etc. These schemes require additional devices such as DI, local fiber, MZI, polarization analyzer or split-polarization preserving fiber to track performance fluctuations which are incompatible with existing infrastructure. Besides, their error-free transmission distance is less than 100km, and the key generation rate is difficult to meet industry requirements due to insufficient channel randomness.

In order to solve this problem, some people propose to use digital chaos as a random source to drive the active polarization scrambling to obtain 2.7Gbit/s key generation rate (KGR) [12–15], or use digital chaos to perturb the amplitude and phase of the signal constellation realized KGR=1.85Gbit/s [16]. It is worth noting that, in order to ensure a high degree of consistency in the sequence of key bits, the bidirectional asymmetric bandwidth will limit the KGR at high frequencies [14]. A cross-multiplication algorithm has also been proposed to further improve KGR by cross-multiplying the send and receive signals instead of simple pilot signals [17–20], which is implemented in fiber communications [21]. 10Gb/s KGR has been implemented but the error-free transmission distance is only 10km [22]. The above schemes improve the KGR and security performance by enhancing the randomness of the channel or signal. However, it is ignored that the eavesdropper Eve not only has the ability to brute force cracking. Since the fiber channel changes quasi-statically, Eve is likely to eavesdrop on the optical signal from the two legitimate nodes respectively at the intermediate node of the legitimate channel as shown in Fig. 1 (a). By analyzing the characteristics of coupled eavesdropped optical signals containing channel and signal randomness, Eve may reconstruct the public characteristics to obtain the transfer function of the public channel between legitimate nodes with a well-designed algorithm, and the public characteristics are the only source of key randomness, which makes the security of the key unguaranteed. On the other hand, Eve may be infinitely close to the legitimate node, as shown in Fig. 1 (b), and obtain a simulated waveform with channel characteristics that is very similar to the legitimate node. The spatial multipath of wireless channels makes it difficult for Eve to monitor all channel characteristics. However, in optical fiber communication, the randomness including channels and signals are all reflected in the optical signals in the optical fiber.Even if Eve cannot obtain all the randomness of the channel, it is possible to reduce the key generation rate of legitimate nodes.

Fig. 1. (a) Eve eavesdrops in the middle of the link, and obtains the channel function between the two legitimate nodes through the feature construction algorithm; (b) Eve eavesdrops infinitely close to the legitimate node to obtain the channel function from the transmit and receive signals.

Download Full Size | PDF

The latest research in related literature [23] shows that the Eve designed can reconstruct channel functions of SKGD schemes including 1)measuring phase fluctuation between orthogonal polarization modes in the delay interferometer [8] and 2)cross-multiplying the send and receive signals [21], and finally reduce KGR by three to four orders of magnitude. Receiving signals from legitimate nodes in the middle of the channel to reconstruct the channel transmission matrix and obtain all channel characteristics. The key distribution system of the above two schemes only relies on the characteristics of the current channel, so their system is easy to be cloned. Therefore, designing an unclonable physical-layer key generation and distribution system is expected to resist the tapping threat in [23]. Neural networks are widely used in fiber channel damage compensation [24,25], channel modeling [26–29], and channel monitoring [30] because of their strong learning simulation and prediction ability. Long Short Term Memory neural network (LSTM-NN) shows excellent ability for dynamic modeling of time-varying data [31] and has recently been introduced to solve problems such as detecting, locating, and analyzing optical network faults [32], fiber nonlinear compensation in digital dry systems [33], and simultaneous accurate monitoring of optical signal-to-noise ratio and dispersion [34]. It can effectively deal with the interference between adjacent symbols and the problem of gradient disappearance in recurrent neural networks. Therefore, using LSTM-NN to design a dynamic SKGD system based on HFCSI, combined with chain storage memory structure is expected to effectively improve the unclonability and KGR, and significantly improve the security level of keys.

In this paper, a PL-SKGD scheme based on LSTM-NN combined with historical fiber channel state information (HFCSI) is proposed and verified by simulation. It uses the chain structure composed of LSTM units to learn and store the unique mapping relationship between the time series of the historical channel, and exploits the fundamental fact that the illegal eavesdropper can never obtain HFCSI to design an unclonable PL-SKGD system. Note that except for the channel probing process, all operations are done through the digital signal process (DSP) module, there is no additional device, which leads to the natural compatibility of the proposed scheme for the currently deployed infrastructure, avoiding additional optical components for measurement. A 150km error-free key generation rate (KGR) of 0.82Gbit/s (32.8%BitRate) SKGD is realized and security of the key is guaranteed by the proposed scheme, which is analyzed and verified through the randomness test NIST of the key, the impact of the difference in training data storage depth on the key sequence, and laser linewidth matching difficulty.

2. Principles

In this section, the PL-SKGD scheme based on LSTM-NN combined with HFCSI is theoretically analyzed. It includes the detection of HFCSI based on coherent reception, chain connection, and training data loading of LSTM blocks for learning and storing HFCSI, dynamic SKGD system based on LSTM-NN, and architecture of LSTM-NN.

2.1 Detection of HFCSI based on coherent reception

In this work, a point-to-point coherent optical communication model is designed as shown in Fig. 2(a). Alice and Bob are two legitimate nodes generating a sequence of shared key bits for secure communication through symmetric encryption by using the channel reciprocity and randomness of 150km standard single-mode fiber (SSMF) between them. This process is executed before normal communication. Legitimate node continuously and coherently receive the detection signal $Data$ passing through the common detection channel at the time interval of $t_s$. After post-processing including quantization, information reconciliation (IR) and privacy amplification (PA), consistent adjacent time series $Data_{{t_0} - n{t_s}}^{A/B}$, $Data_{{t_0} - {t_s}}^{A/B}$, and $Data_{{t_0}}^{A/B}$ are obtained. Each detection of the two legitimate nodes is within the coherence time, so the fiber channel can be considered quasi-static at this time. Based on the reciprocity of the channel, the same detection signal can experience the same degree of channel damage in the common channel. Finally, two legitimate nodes get highly similar received signals. The channel damage includes dispersion, polarization film dispersion, nonlinearity and phase noise. The dispersion is mainly related to the length of the fiber, and the legitimate nodes have the same dispersion damage because they share the common channel. It is worth noting that in order to ensure that the time series received by the two legitimate nodes experience the same linear and nonlinear phase noise, the local amplifier and the local laser used for both modulation and coherent reception are respectively provided for the legitimate nodes. Because the phase noise generated by the kerr effect in the channel and the inherent jitter of active devices is shared between two legitimate nodes. Phase noise is mainly affected by the laser linewidth at the transmitting and receiving ends and the gain of the amplifier [35]. Such a setup makes the detection signal received by the two legitimate nodes experience the same phase noise. Finally, the same detection signal and the received signal after post-processing are used as the training data of the subsequent LSTM-NN to obtain the same LSTM-NN to learn and store the unique mapping relationship between the historical channel time series, and finally used in the key generation system to make the legitimate node generate a symmetric key bit sequence.

Fig. 2. Schematic diagram of the proposed SKGD scheme.

Download Full Size | PDF

It is worth noting that, except for channel detection, the other operations are implemented through DSP. As a result, our scheme is fully compatible with the currently deployed fiber infrastructure without the need to add any additional fiber channels or devices between Alice and Bob. Moreover, before PL-SKGD, the initial value of LSTM-NN parameters and the channel detection signal $Data$ were transmitted in plain text in the channel to achieve pre-sharing. In order to ensure that our scheme is sufficiently secure, reasonable assumptions need to be made: the eavesdropper is powerful enough and knows all prior knowledge, including the initial values of LSTM-NN parameters, the channel detection signal $Data$, post-processing process, channel detection time, etc.

2.2 Chain connection and training data loading of LSTM blocks

In order to learn and store the historical fiber channel characteristics, the artificial intelligence algorithm LSTM-NN is exploited to realize unclonable dynamic SKGD based on the fundamental fact that the eavesdropper cannot detect the HFCSI. We propose a structure of chained LSTM blocks to learn and store the CSI of fiber at adjacent times, as shown in Fig. 2(b). Recursive neural network (RNN) is good at solving time series problems. The network activation of the previous time step is used as network input to affect the prediction of the current time step, thus forming a loop so that the current decision-making refers to the previously stored a priori information. Neither traditional neural networks nor convolutional neural networks can accomplish this function. Their outputs are only determined by the current input. When the information that needs to be referenced is far away from the current time, more than 8-10 time steps, RNN may have the problem of gradient disappearance during reverse training, resulting in geometric loss of previous information and only short-term information can be stored. LSTM is a special type of RNN that can effectively solve the problem of gradient disappearance when time series have long-term dependencies. We train an LSTM-NN locally on two legitimate nodes. As time goes by, adjacent LSTM blocks are connected in a chain, where each block stores the fiber channel status at the current moment. The detection signal and the post-processed received signal are input into the corresponding LSTM block as training data. The output ${h_{t}}$ of LSTM at the current moment is closely related to the output ${h_{t - 1}}$ at the previous moment and the input data at the current moment that is the channel state at the current moment. In addition, changes of fiber channel characteristics at adjacent moments are random, and the chain structure we designed accumulates these random changes in historical channel characteristics, which could be sufficient to ensure the randomness of the key.

2.3 LSTM-NN architecture

Alice and Bob train LSTM-NN locally respectively. The input Data is $Data$, and the label data is the received signal after post-processing, as shown in Fig. 3. This is similar to the principle of using LSTM for fiber channel damage compensation. However, we are not consider recovering the damaged signal to $Data$ to achieve accurate signal recovery with a low bit error rate in the proposed scheme. We only need legitimate nodes learn and store the same HFCSI from the received signals, train an LSTM-NN with the same parameters, and use it for SKGD. Each line transfers a complete vector from the output of one node to the input of other nodes in Fig. 3. The green box represents the neural network layer, the blue circle represents the point-by-point operation, the pink box represents the post-processed received signal, the orange box represents the pre-shared detection signal, the straight line represents vector transfer, and the bifurcated line represents the content being transferred to different locations. Each repeating module in the LSTM-NN is also known as a hidden unit, and the state of each unit is transmitted by a horizontal line chain running through its top, which contains a small number of linear operations, so long-term information can easily be transmitted over long distances unchanged.

Fig. 3. LSTM-NN architecture.

Download Full Size | PDF

The inside of the cell is controlled by three gates, the first step being the forget gate, which decides to discard information from the cell state that leads to incorrect predictions. Its inputs are ${{\rm {h}}_{t - 1}}$ and ${x_t}$, and its outputs are numbers between 0 and 1, with 1 representing full retention and 0 representing full deletion. See equation (1). The next step is to decide what new information to store in the cell state, the input gate, calculated according to equations (2) (3). The tanh network layer creates vector CTS that can be added to cell states, and sigmoid outputs a number between 0 and 1 for each value in the Ct to determine which states only need to be updated, and to what extent. At this time, the state of the unit is updated by equation (4), and the output of the final unit is calculated by equations (5) and (6). The state of the unit is multiplied by the output of the sigmoid layer after passing the tanh network layer, and finally, only the part we decide to output is output.

(1)$${f_t} = \sigma ({W_f}[{h_{t - 1}},{x_t}] + {b_f}.$$

(2)$${i_t} = \sigma ({W_i}[{h_{t - 1}},{x_t}] + {b_i}).$$

(3)$$\mathop {{C_t}}^ \sim{=} \tanh ({W_c}[{h_{t - 1}},{x_t}] + {b_c}).$$

(4)$${C_t} = {f_t} * {C_{t - 1}} + {i_t} * \mathop {{C_t}}^ \sim.$$

(5)$${o_t} = \sigma ({W_o}[{h_{t - 1}},{x_t}] + {b_o}.$$

(6)$${h_t} = {o_t} * \tanh({C_t}).$$

The $W$ matrix in all equations represents the weights of $f, i, o,$ and $c$ connected forgetting gates, input gates, output gates, and cell states. We choose mean square error as a loss function, considering 50% data for training, and 50% data for final-key generation.

2.4 Process of encryption and decryption based on latest LSTM-NN

The dynamic SKGD based on LSTM-NN for encrypting and decrypting is shown in Fig. 4. The LSTM-NN is stored and updated locally. Assuming that Alice is the legitimate sender and Bob is the legitimate receiver. Alice sends the pseudo-key to the latest local LSTM-NN. The final key is generated by the pseudo-key with the latest LSTM-NN, and the encrypted information is modulated into a light signal with the pseudo-key and sent to Bob. Note that the pseudo-key is also transmitted in plaintext. Even if the eavesdropper knows the pseudo-key, the real key cannot be obtained because eavesdropper does not have the same LSTM-NN as the legitimate node. At the receiving end, Bob input the plaintext pseudo-key into the latest LSTM-NN to get the final-key, and complete the decryption process. The dynamic change of the key is realized by changing the pseudo-key and updating the LSTM-NN over time, which can significantly improve the security of the key.

Fig. 4. Encryption and decryption based on latest LSTM-NN assuming that Alice is the legitimate sender and Bob is the legitimate receiver.

Download Full Size | PDF

3. Experiment and discussion

3.1 SKGD model

3.1.1 Phase estimation model

A simulation model of point-to-point coherent transmission for phase estimation is designed using VPI to verify the concept and evaluate the feasibility of our scheme, as shown in Fig. 5. The model is mainly divided into the following four parts:

Fig. 5. Simulation model of point-to-point coherent transmission for phase estimation. CW, continuous wave laser; MZM, Mach-Zehnder modulator; SW, MEMS switch.

Download Full Size | PDF

1) Transmitter (Tr): Alice and Bob send 2.5Gbit/s QPSK format data ($Data$) to each other as a channel detection signal. This signal is modulated by passing the pre-agreed PRBS data through the laser (CW) and Mach-Zehnder modulator (MZM), loaded with optical amplified spontaneous emission (ASE) noise with a noise parameter of 4dB after passing through a local erbium-doped fiber amplifier (EDFA). It is worth noting that the laser CW not only modulates the signal at the transmitting end, but also serves as the local oscillator light source (LO) for coherent reception. Its emission frequency is 193.1THz, the linewidth is 1MHz, and the laser emission power is ${1 \times {10^{ - 3}}}\;{W}$.

2) Optical fiber link: The detection signal reaches the receiver through 150km SSMF. The fiber attenuation coefficient is ${2 \times {10^{ - 4}}}\;{dB/m}$ and the nonlinear coefficient is ${2.6 \times {10^{ - 20}}}\;{m^{2}/W}$.

3) Receiver (Re): The detection signal carries the channel characteristics and is received coherently after passes through the optical fiber channel. The 90$^{\circ }$ optical mixer combines the detection signal and the local oscillator optical reference signal to generate four optical signals with a 90$^{\circ }$ phase difference, which are then passed through two pairs of balanced photoelectric receivers to recover the relative phase information between the input signals.

4) Digital signal processing module (DSP): This module is executed locally and offline to complete resampling, signal recovery (clock recovery, dispersion compensation, polarization equalization), phase estimation and post-processing (IR, PA).

Finally, Alice and Bob obtain the signal constellation diagram as shown at the bottom of Fig. 5. The measured phase fluctuation curve is shown in Fig. 6(a). It can be found that the phase fluctuation curves of the coherently received detection signals by Alice and Bob are very similar in time, which means the feasibility of extracting the same sequence from the waveform for training LSTM-NN. The forward and backward channels of the optical fiber are reciprocal indicating that phase fluctuations can be shared among legitimate nodes and used to extract highly correlated sequences for training LSTM-NN. Quantitatively calculate the correlation (corss-correlation) between the phase waveforms of Alice and Bob to confirm the correlation between the two. The maximum correlation coefficient (CC) value is 0.8198, as shown in Fig. 6(b). This provides the possibility for legitimate nodes to train the same LSTM-NN with the same structure.

Fig. 6. (a) Phase distribution of the received signal measured by Alice and Bob; (b) Cross-correlation between these two waveforms as a function of time delay.

Download Full Size | PDF

3.1.2 Post-processing procedure

In order to generate error-free and random sequences for the training of local LSTM-NN, the following post-processing process is applied by the legitimate node using Matlab to extract the same sequence from the phase fluctuation waveform, including quantization, IR and PA.

1) Quantization: To map the measured phase fluctuation waveform onto the binary raw sequence, we use a lossy quantizer [36]:

(7)$$Q(y) = \left\{ \begin{array}{l} 1,f(y) \ge q + \\ 0,f(y) < q - \\ Discarded,else \end{array} \right.q \pm{=} mean \pm \varepsilon \times \sigma$$

The two thresholds q+ and q- are jointly determined by the mean $mean$ and the standard deviation $\sigma$ of the phase fluctuation waveform f(y), and are controlled by the scalar $\varepsilon$. The lossy quantizer discards samples within two thresholds, and only samples outside the threshold are converted into binary sequences. In addition, due to the imperfect symmetry of the optical fiber channel between legitimate nodes, there is a certain error in the binary sequence obtained by quantization. The scalar $\varepsilon$ has a profound impact on the sequence error rate (SER) and valid bit generation rate (VBGR). The SER and VBGR performance relative to the scalar $\varepsilon$ is shown in Fig. 7. The larger the value of $\varepsilon$, the larger the distance between thresholds, which results in discarding blur samples and reducing SER, but at the same time VBGR is also reduced. Choose a suitable value for the scalar $\varepsilon$ so that the maximum SER value is less than the correction capability of the information reconciliation (IR), so we set the $\varepsilon$ value = 0.3. At this time, the VBGR is 2.17Gbit/s and the SER is 13.7%. In contrast, the SER between Alice and Eve is 62.4% at $\varepsilon$ = 0.3, which is quite different from the legitimate node key bit.

Fig. 7. Variation of the average VBGR, and SER as a function of $\varepsilon$.

Download Full Size | PDF

2) IR: After quantization, SER between Alice and Bob is 13.7%, which is far beyond the soft decision forward error correction (SD-FEC) threshold ($2 \times {10^{ - 2}}$). So in this paper, the distributed source coding [37] with BCH code (65535, 23213) is deployed to remove quantization errors between Alice’s and Bob’s binary sequences. It provides a correction capability of 3470 error-bits for each codeword. Considering the error correction capability of BCH code, to weigh SER and VBGR and avoid large load during the information negotiation process, the value of $\varepsilon$ is set to 0.3. At this time, the SER is 13.7%. After IR, an error-free VBGR of 2.17Gbit/s was achieved. If $\varepsilon$<0.3, it is necessary to use BCH codes with stronger correction capabilities to obtain error-free sequences, which may lead to more information leakage and increased computational complexity.

3) PA: During the information negotiation process, part of the information of the Eve negotiation sequence is easily leaked when the two legitimate nodes exchange BCH codes. In order to eliminate this information leakage, we implement PA [37] through SHA-3 [38] and the input hash function has a block size of 681(256/(1-0.624)) bits. After privacy amplification, the mutual information between Alice and Eve key sequences is reduced from $3.64 \times {10^{ - 2}}$ to $4.34 \times {10^{ - 2}}$, and the VBGR is reduced to 0.82(2.17$\times$ 256/681) Gbit/s (33% BitRate). In our scheme, VBGR is limited by the PA and the imperfect symmetry of the fiber channel.

3.1.3 Local training of LSTM-NN model

Alice and Bob convert the received signal ${Data_A}/{Data_B}$ into the same binary sequence $Data_{{t_0}}^{A/B}$ after the process of post-processing. These sequences contain public channel status information at the current moment. The same binary sequence $Data_{{t_0}}^{A/B}$ and the input data $Data$ are used as labels and input data respectively for the training of LSTM-NN. LSTM-NN is selected to estimate the channel response at the current moment and accumulate memory and store historical channel responses. Through the subsequent training and processing, the mapping function from ${Data}$ to $Data_{{t_0}}^{A/B}$ at any time ${t_0}$ is related to the mapping function from ${Data}$ to $Data_{{t_0}-n{t_s}}^{A/B}$ (n=1,2,…) that has been detected and trained at all historical moments. All historical channel responses act on LSTM-NN to affect SKGD at the current moment. The trained LSTM-NN is stored locally for key generation, the pseudo-key is input into the LSTM-NN to obtain the final-key.

It should be noted that LSTM-NN does not need to ensure the accuracy of learning and estimating channel responses. It only needs to ensure that the LSTM-NN models trained by Alice and Bob are consistent. The post-processed received signal ensures that the label data is consistent. In addition, the initial value of LSTM-NN is shared in advance to ensure that the same LSTM-NN model is trained between legal nodes. Taking into account the limitations of training resources and the convergence of the loss function, we conducted a large number of simulation experiments. The parameters of LSTM-NN are set as follows: the learning rate of LSTM-NN $\alpha$= 0.0003, the window step size $n\_steps$=8, the number of times training samples enter the model $epochs$=300, the sample size for each input $batch\_size$=4*128, the number of hidden layers is 4, and each hidden layer has 5*128 neurons. The loss function of the model is shown in the Fig. 8 (a). It can be seen from the figure that the loss function drops sharply in the early stages of training. The weights and biases are continuously updated through the gradient descent algorithm, and the loss function slowly and steadily converges to a very small value.

Fig. 8. (a) The loss function of LSTM-NN; (b) The results of NIST randomness test.

Download Full Size | PDF

The training of LSTM-NN is completed in Pycharm, equipped with numpy and tensorflow packages. We first extract 50% from the 65536 bits received data for LSTM-NN training, and the remaining 50% is input into LSTM-NN as a pseudo key to obtain the real key. key. In the end, the key consistency rate of the two legitimate nodes was measured to be 100%.

3.2 Security analysis

The randomness of the key sequence, the impact of the difference in training data storage depth ($\Delta {\rm {tdsd}}$) between the Eve and the legitimate node on phase waveforms CC and KER, and the impact of cumulative changes in fiber channel characteristics on key generation are analyzed to illustrate the security of the SKGD scheme.

Firstly, the National Institute of Standards and Technology (NIST) test suite is employed [39] to evaluate the randomness of the final key bits, and the results are shown in the Fig. 8 (b). The 1 million-bit key sequences passed 15 tests which is designed to evaluate the randomness of the sequence through information theoretic measures or specific patterns. It can be found that all tests had a p-value greater than 0.01. Therefore, the symmetric key generated by the proposed scheme has good randomness.

Secondly, for the situation where Eve eavesdrops on the channel functions from two legitimate nodes at the intermediate node of the link, as shown in Fig. 1 (a), our scheme can effectively resist this eavesdropping method. The structure of LSTM-NN continues to change as the number of detections increases, because each detection updates the training data to LSTM-NN. Each updated training data contains the CSI at the current moment. Eve cannot obtain all historical detection data. The larger the ($\Delta {\rm {tdsd}}$) between Eve and the legitimate node, the less HFCSI Eve knows. We verified the impact of this difference on key generation, as shown in the Fig. 9 (a).

Fig. 9. (a) The impact of the $\Delta {\rm {tdsd}}$ varied from 2048bit to 40960bit on phase waveforms CC and KER. (b) Phase waveforms CC and KER between Eve and the legitimate node when the difference between Eve’s laser linewidth and legitimate node’s laser linewidth varied from 0.1Hz to 4MHz.

Download Full Size | PDF

It can be found that the greater the $\Delta {\rm {tdsd}}$ between Eve and the legitimate node, the smaller the CC between Eve’s phase waveforms and the legitimate node’s phase waveforms, and the closer the KER is to 50%, which is equivalent to blind guessing. When the $\Delta {\rm {tdsd}}$ is greater than or equal to 32768 bits, CC and KER converge stably to about 0.1 and 50% respectively. This phenomenon is enough to illustrate the impact of HFCSI on key generation. It is worth noting that the training data used to store HFCSI for training LSTM-NN does not need to be all stored locally. After LSTM-NN learning and storing historical channel functions, the historical training data can be discarded. It only needs to continuously update the training data at the current detection moment to LSTM-NN.

The cumulative changes in the channel are reflected in the structural update of LSTM-NN. The latest LSTM-NN contains all HFCSI. In order to further improve the unclonability of this scheme, so that the KER between the key obtained by the eavesdropper and the legitimate node’s key is larger and the CC is smaller, active changes in channel characteristics can be considered, such as by introducing noise, changing EDFA power, adding local optical fibers, and other methods to change the phase fluctuation of the public channel. Dynamically changing channel characteristics increases the frequency of channel state changes, thereby improving the unclonability of the proposed scheme.

Thirdly, our simulations have verified that even if Eve is infinitely close to the legitimate node and experiences a channel of approximately the same length as the legitimate node as shown in Fig. 1 (b), it is still very difficult to obtain same received signal and the same key bits, because a small mismatch in Eve’s laser linewidth will has a great impact on the CC and KER, as shown inFig. 9 (b). It can be found that when the $\Delta {\rm {Linewidth}}$ changes from 0.1Hz to 0.1MHz, the correlation index CC of the phase waveform measured by the Eve and legitimate node drops sharply, and KER rises sharply. When the $\Delta {\rm {Linewidth}}$ increases to 4MHz, the phase waveform correlation approaches 0, and KER approaches 50%. This is enough to prove Eve’s difficulty in laser linewidth matching.

In Fig. 9(a), when $\Delta {\rm {tdsd}}$=0, it is assumed that Eve has a laser with the same parameters as the legitimate node. Starting from the initial channel detection moment, Eve obtains all the HFCSI. This extreme case leads to failure of SKGD since CC (Alice, Eve) > CC (Alice, Bob), but we believe that this extreme case is difficult to achieve. When $\Delta {\rm {tdsd}}$ > 12288 bits, CC (Alice, Eve) < CC (Alice, Bob) and decreases sharply. In addition, we can accumulate long-term random channel changes and then start normal communication to ensure that CC (Alice, Eve) is sufficiently lower than CC (Alice, Bob). In Fig. 9(b), when $\Delta {\rm {Linewidth}}$=0, it is assumed that Eve has a laser with the same parameters as the legitimate node. At this time, CC (Alice, Eve) > CC (Alice, Bob). This extreme case also leads to the failure of SKGD but we believe that this extreme situation is also difficult to achieve. Even lasers produced from the same batch in the same factory will not have the same linewidth. When $\Delta {\rm {Linewidth}}$ > 1Hz, CC (Alice, Eve) is less than CC (Alice, Bob) and decreases sharply.

In addition, the security analysis for man-in-the-middle attacks, impersonate attacks, and reconstructed channel transmission matrix attacks in [23] is as follows: (1) Man-in-the-middle attack. a) Eve eavesdrops on the phase fluctuation in the middle of the channel: If Eve eavesdrops in the middle of the channel between Alice and Bob, the channel length experienced by the channel detection signal is different from that of both Alice and Bob, and the data used to train the LSTM is different. At this time, Eve cannot obtain the same key bit sequence even if it matches the laser linewidth of the legitimate node. b) Signal injection attack. Eve may attempt to interfere by injecting signals in the middle of the link. In this case, in order to ensure communication security, power monitoring can be used as a means of attack detection in actual SKGD [13]. (2) Identity spoofing attack. This typically requires upper-layer authentication protocols to prevent identity spoofing attacks. Recently, some studies have proposed extracting device physical layer identity fingerprints from time domain signals and spectrum for identity authentication. Our previous work proposed that by combining keys and identity codes [35], we can resist eavesdropping attacks and identity spoofing attacks simultaneously. (3) Reconstructed channel transmission matrix attacks in [23]. Our security robustness depends on the following two factors: a) it is very difficult to match a laser with the same parameters as the legitimate node; b) even if the laser matches, through infinite Even if it is close to the legitimate node to receive the detection signal that has experienced the complete public channel, it cannot obtain the detection signal of all historical detection moments. Even cannot obtain the same LSTM as the legitimate node, so it cannot obtain the same key bit sequence.

Finally, we analyze and compare existing SKGD schemes to highlight the possible superiority of the proposed scheme, including KGR, error-free key distribution distance, whether additional device is required, and the source of randomness as shown in Table 1.

Table 1. Comparison of SKGD schemes.

View Table | View all tables in this article

3.3 Optimal channel length for error-free SKGD

Finally, through simulation experiments, the optimal fiber channel length of error-free SKGD of our scheme was measured which is 150km, as shown in Fig. 10(a). With the channel length increasing, the phase fluctuations between legitimate nodes become more frequent and severe, as shown in Fig. 10(b). In order to make the maximum value of SER lower than the error correction capability of IR, the values of quantization scalar $\varepsilon$ for different channel lengths are shown in Table 2. It can be found that when the fiber channel length is less than 200km, the legitimate node can obtain a lower SER by increasing the value of the scalar $\varepsilon$ from 0.1 to 1. When the fiber channel length exceeds 200km, the SER increases sharply. When the fiber channel length is 175km and 200km, although the SER is lower, its VBGR is much lower than the VBGR when the fiber channel length is 150km. Weighing SER and VBGR, 150km is the best channel length to ensure error-free SKGD. At this time, SER is 13.7% and VBGR is 2.17Gbit/s.

Fig. 10. (a) The impact of different fiber channel lengths on binary sequences (training sequences of LSTM); (b) Phase distribution when the fiber channel lengths are 100km, 150km, 200km, and 250km respectively.

Download Full Size | PDF

Table 2. The value of $\varepsilon$ for different fiber channel lengths.

View Table | View all tables in this article

4. Conclusions

A PL-SKGD scheme based on HFCSI with LSTM-NN is proposed and fully analyzed that theoretically provides a high-level secure, unclonable SKGD system to resist eavesdropping attacks. The chain structure composed of LSTM-NN units is used to learn and store the unique mapping relationship of time series between historical channels. The fundamental fact that the illegal eavesdropper can never obtain historical channel status information is used to design an unclonable PL-SKGD scheme, which achieved error-free symmetric encryption of 150km PPOL 0.82Gbit/s (32.8%Bitrate). The convergence of the LSTM-NN loss function, the randomness of the key sequence, and the impact of Eve’s storage depth of HFCSI and laser linewidth mismatching on key generation is analyzed by simulation model of the SKGD. Finally, it is verified that the best error-free SKGD transmission distance is 150km. Overall, the proposed scheme is an enabling technology to effectively prevent extrating and reconstructing channel characteristics, and enhance the security of optical network.

Funding

National Natural Science Foundation of China (62021005).

Disclosures

The authors declare no conflicts of interest.

Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

References

1. N. Skorin-Kapov, M. Furdek, S. Zsigmond, et al., “Physical-layer security in evolving optical networks,” IEEE Commun. Mag. 54(8), 110–117 (2016). [CrossRef]

2. K. Shaneman and S. Gray, “Optical network security: technical analysis of fiber tapping mechanisms and methods for detection & prevention,” in Military Communications Conference, vol. 2 (IEEE, 2004), pp. 711–716.

3. M. P. Fok, Z. Wang, Y. Deng, et al., “Optical layer security in fiber-optic networks,” IEEE Trans.Inform.Forensic Secur. 6(3), 725–736 (2011). [CrossRef]

4. C. Cai, Y. Sun, and Y. Ji, “Simultaneous long-distance transmission of discrete-variable quantum key distribution and classical optical communication,” IEEE Trans. Commun. 69(5), 3222–3234 (2021). [CrossRef]

5. J. Niu, Y. Sun, X. Jia, et al., “Key-size-driven wavelength resource sharing scheme for qkd and the time-varying data services,” J. Lightwave Technol. 39(9), 2661–2672 (2021). [CrossRef]

6. B. Zhu, F. Wang, and J. Yu, “A chaotic encryption scheme in dmt for im/dd intra-datacenter interconnects,” IEEE Photonics Technol. Lett. 33(8), 383–386 (2021). [CrossRef]

7. Y. Fu, M. Cheng, W. Shao, et al., “Analog-digital hybrid chaos-based long-haul coherent optical secure communication,” Opt. Lett. 46(7), 1506–1509 (2021). [CrossRef]

8. A. A. E. Hajomer, X. Yang, A. Sultan, et al., “Key distribution based on phase fluctuation between polarization modes in optical channel,” IEEE Photonics Technol. Lett. 30(8), 704–707 (2018). [CrossRef]

9. I. U. Zaman, A. B. Lopez, M. A. A. Faruque, et al., “Physical layer cryptographic key generation by exploiting pmd of an optical fiber link,” J. Lightwave Technol. 36(24), 5903–5911 (2018). [CrossRef]

10. I. U. Zaman, A. B. Lopez, M. A. A. Faruque, et al., “Polarization mode dispersion-based physical layer key generation for optical fiber link security,” in Advanced Photonics (Optica Publishing Group, 2017), paper JTu4A.20.

11. K. Kravtsov, Z. Wang, W. Trappe, et al., “Physical layer secret key generation for fiber-optical networks,” Opt. Express 21(20), 23756–23771 (2013). [CrossRef]

12. L. Zhang, A. Hajomer, X. Yang, et al., “Secure key generation and distribution using polarization dynamics in fiber,” in 22nd International Conference on Transparent Optical Networks (2020), pp. 1–4.

13. A. A. E. Hajomer, L. Zhang, X. Yang, et al., “284.8-mb/s physical-layer cryptographic key generation and distribution in fiber networks,” J. Lightwave Technol. 39(6), 1595–1601 (2021). [CrossRef]

14. L. Zhang, A. A. E. Hajomer, W. Hu, et al., “2.7 gb/s secure key generation and distribution using bidirectional polarization scrambler in fiber,” IEEE Photonics Technol. Lett. 33(6), 289–292 (2021). [CrossRef]

15. Y. Bromberg, B. Redding, S. M. Popoff, et al., “Remote key establishment by random mode mixing in multimode fibers and optical reciprocity,” Opt. Eng. 58(01), 1 (2019). [CrossRef]

16. T. Qiu, W. Shao, L. Deng, et al., “Secure key distribution based on the polarization reciprocity of fiber and a coherent reception architecture,” Opt. Lett. 48(13), 3547–3550 (2023). [CrossRef]

17. A. Khisti, “Secret-key agreement over non-coherent block-fading channels with public discussion,” IEEE Trans. Inf. Theory 62(12), 7164–7178 (2016). [CrossRef]

18. S. Sharifian, F. Lin, and R. Safavi-Naini, “Secret key agreement using a virtual wiretap channel,” in Conference on Computer Communications (IEEE, 2017), pp. 1–9.

19. S. Zhang, L. Jin, Y. Lou, et al., “Secret key generation based on two-way randomness for tdd-siso system,” China Commun. 15(7), 202–216 (2018). [CrossRef]

20. G. Wunder, R. Fritschek, and K. Reaz, “Recip: Wireless channel reciprocity restoration method for varying transmission power,” in 27th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (IEEE, 2016), pp. 1–5.

21. Y. Wu, Y. Yu, Y. Hu, et al., “Channel-based dynamic key generation for physical layer security in ofdm-pon systems,” IEEE Photonics J. 13(2), 1–9 (2021). [CrossRef]

22. X. Huang, L. Zhang, Z. Chai, et al., “10 gb/s physical-layer key distribution in fiber using amplified spontaneous emission,” Opt. Lett. 48(3), 586–589 (2023). [CrossRef]

23. W. Hu, Z. Wei, S. Popov, et al., “Tapping eavesdropper designs against physical layer secret key in point-to-point fiber communications,” J. Lightwave Technol. 41(5), 1406–1414 (2023). [CrossRef]

24. P. Jain, L. Lampe, and J. Mitra, “Joint pmd tracking and nonlinearity compensation with deep neural networks,” J. Lightwave Technol. 41(12), 3957–3966 (2023). [CrossRef]

25. P. J. Freire, A. Napoli, B. Spinnler, et al., “Reducing computational complexity of neural networks in optical channel equalization: From concepts to implementation,” J. Lightwave Technol. 41(14), 4557–4581 (2023). [CrossRef]

26. X. Zhao, F. Du, S. Geng, et al., “Neural network and gbsm based time-varying and stochastic channel modeling for 5g millimeter wave communications,” China Commun. 16(6), 80–90 (2019). [CrossRef]

27. B. Mthethwa and H. Xu, “Deep learning-based wireless channel estimation for mimo uncoded space-time labeling diversity,” IEEE Access 8, 224608–224620 (2020). [CrossRef]

28. Q. Bai, J. Wang, Y. Zhang, et al., “Deep learning-based channel estimation algorithm over time selective fading channels,” IEEE Trans. Cogn. Commun. Netw. 6(1), 125–134 (2020). [CrossRef]

29. H. Yang, Z. Niu, S. Xiao, et al., “Fast and accurate optical fiber channel modeling using generative adversarial network,” J. Lightwave Technol. 39(5), 1322–1333 (2021). [CrossRef]

30. P. Myland, S. Babilon, T. Hegemann, et al., “Reconstruction of spectral irradiance in a real application with a multi-channel spectral sensor using convolutional neural networks,” Opt. Express 31(16), 25724–25746 (2023). [CrossRef]

31. S. Hochreiter and J. Schmidhuber, “Long Short-Term Memory,” Neural Comput. 9(8), 1735–1780 (1997). [CrossRef]

32. K. Abdelli, H. Grießer, C. Tropschug, et al., “Optical fiber fault detection and localization in a noisy otdr trace based on denoising convolutional autoencoder and bidirectional long short-term memory,” J. Lightwave Technol. 40(8), 2254–2264 (2022). [CrossRef]

33. P. J. Freire, D. Abode, J. E. Prilepsky, et al., “Transfer learning for neural networks-based equalizers in coherent optical systems,” J. Lightwave Technol. 39(21), 6733–6745 (2021). [CrossRef]

34. C. Wang, S. Fu, H. Wu, et al., “Joint osnr and cd monitoring in digital coherent receiver using long short-term memory neural network,” Opt. Express 27(5), 6936–6945 (2019). [CrossRef]

35. D. Wang, H. Wang, H. Xu, et al., “Physical-layer encryption and authentication scheme based on skgd and 4d hyper-chaos,” Opt. Express 31(7), 11829–11845 (2023). [CrossRef]

36. C. Ye, S. Mathur, A. Reznik, et al., “Information-theoretically secret key generation for fading wireless channels,” IEEE Trans.Inform.Forensic Secur. 5(2), 240–254 (2010). [CrossRef]

37. U. Maurer and S. Wolf, “Secret-key agreement over unauthenticated public channels.ii. privacy amplification,” IEEE Trans. Inf. Theory 49(4), 839–851 (2003). [CrossRef]

38. N. Sklavos, “Towards to sha-3 hashing standard for secure communications: On the hardware evaluation development,” IEEE Latin Am. Trans. 10(1), 1433–1434 (2012). [CrossRef]

39. L. Bassham, A. Rukhin, J. Soto, et al., A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications (National Institute of Standards & Technology, 2010).

Secure key generation and distribution scheme based on historical fiber channel state information with LSTM

Abstract

1. Introduction

2. Principles

2.1 Detection of HFCSI based on coherent reception

2.2 Chain connection and training data loading of LSTM blocks

2.3 LSTM-NN architecture

2.4 Process of encryption and decryption based on latest LSTM-NN

3. Experiment and discussion

3.1 SKGD model

3.1.1 Phase estimation model

3.1.2 Post-processing procedure

3.1.3 Local training of LSTM-NN model

3.2 Security analysis

3.3 Optimal channel length for error-free SKGD

4. Conclusions

Funding

Disclosures

Data availability

References

Data availability

Cited By

Figures (10)

Tables (2)

Equations (7)

Optics Express

Schemes	KGR(bit/s)	Error-free	Whether device	Source of
		Distance(km)	is required	randomness
Ref. [8] (2018)	128	50	yes	current channel
Ref. [12] (2021)	284.8M	24	yes	current channel
Ref. [13] (2021)	2.7G	10	yes	current channel
				and chaos scrambler
Ref. [22] (2023)	10G	10	no	ASE
Ours	0.82G	150	no	history channel