This post is going to break some of the most famous myths about optical fiber networks. Recently copper cables are replaced by fiber optics for the fact that fiber optic cables are far more efficient than the copper cables. Data flowing through the copper cables were easily tapped using magnetic induction techniques. Fiber optics overcame this problem as the data inside is in the form of light and it doesn't produce any magnetic field around the surface of the wire.
First of all lets look into the construction of the optic fiber cable.
Optical fiber include the following:-
1)Core - Center most part (glass).
2)Cladding - The second layer of glass above the core.
3)Buffer jacket - It provides protection to the fiber from external mechanical
influences.
4)Kevlar- After buffer jacket comes a layer of kevlar which increases the tensile
strength of the cable.
5)Black polyurethane jacket - It is the outer-most layer of the fiber optic cable
There are certain myths surrounding fiber optic networks. They are as follows:-
-->Fiber optic is completely secure.
-->Dark fibers provided by the carriers are secure.
-->Data is protected by volume.
-->Width Data Modulation networks cannot be tapped.
Now I am going to introduce you to some of the tapping techniques that can be used to breach data from a optic fiber network and which is going to break all the myths mentioned above.
Tapping techniques of fiber optic cable are usually passive, safe & cheap
-->PASSIVE - it doesn't rise suspicion to end users.
-->SAFE - they doesn't leave trace of attacker.
-->CHEAP - tools that can be used to tap are very much cheap.
Given below are the tapping techniques of fiber optics cable :-
A) COUPLER SPLICE-IN :-
Data in the form of light inside the optical fiber has to compulsorily follow the principle of total internal reflection. But when optic fiber cable is bend over a certain angle then it start defying the principle of total internal reflection and some amount of light start to seep through the surface of the cable at the point of bending which invisible for naked eyes . The bending coupler captures
this light and the astonishing fact is that full amount of data can be obtained by the attacker even capturing small amount of light from the optic cable.
C) EVANESCENT COUPLING :-
Although most of the signal lies in the core of the fiber, a fraction of the light is also extended into the cladding. This fraction of light is called the evanescent field. Removing the fiber coating and a part of the cladding without touching the core would enable an attacker to access the evanescent field and eavesdrop on the line. For a skilled technician, the whole process would take approximately one hour to complete.
Through capturing only a small percentage of the light, a hacker can obtain 100% of the information.
Now that we have seen all the tapping techniques lets discuss about some security solutions.
SOLUTIONS FROM SECURITY POINT OF VIEW:-
1) Attenuation monitoring:-
Optical signals suffer from minor degradations as they travel through the fiber. This is usually caused by scattering and absorption of light across the length of
the fiber and is known as attenuation. Devices to check the attenuation of signal in an optical fiber are available and can be used to check if there are alterations in the predetermined intensity of the signal. Any alteration in the attenuation could then be detected.
The limitations possessed by this method is that it will be unable to detect evanescent coupling tap and detect a coupler that is already placed in the fiber.
2) Providing encryption:-
We can provide encryption for the data that is being transferred through the optic cable. Employing the right encryption technology will help corporations ensure that performance is not sacrificed for security. Encrypting data at layer 2 (data link layer) can ensure high throughput and low latency (less than 10 microseconds. In contrast to layer 3 encryption (eg. IPSec), there is no encryption tax at layer 2 on the size of the data packets. Encryption can therefore be performed at wire speed (maximum data transmission rate) for even the most demanding 10Gbps links.
CONCLUSION :-
Organizations spends lots of money in setting up various technologies such as firewalls, IDS, IPS which is a good practice but, the fail to maintain the integrity of the information once it goes out of the organization. As malicious and criminal attacks spread, companies need to exercise due caution to protect their data.
Encryption is the only method to ensure real data security. This should be implemented as part of a coherent risk management and data protection
strategy. Whether companies plan to connect data centers, campus networks or foreign branches they need encryption – without encryption there is no
compliance, no confidentiality and ultimately no security.
But remember encryption is also not a ultimate solution but we can control the data breach to a great extend.
.
Optical fiber include the following:-
1)Core - Center most part (glass).
2)Cladding - The second layer of glass above the core.
3)Buffer jacket - It provides protection to the fiber from external mechanical
influences.
4)Kevlar- After buffer jacket comes a layer of kevlar which increases the tensile
strength of the cable.
5)Black polyurethane jacket - It is the outer-most layer of the fiber optic cable
There are certain myths surrounding fiber optic networks. They are as follows:-
-->Fiber optic is completely secure.
-->Dark fibers provided by the carriers are secure.
-->Data is protected by volume.
-->Width Data Modulation networks cannot be tapped.
Now I am going to introduce you to some of the tapping techniques that can be used to breach data from a optic fiber network and which is going to break all the myths mentioned above.
Tapping techniques of fiber optic cable are usually passive, safe & cheap
-->PASSIVE - it doesn't rise suspicion to end users.
-->SAFE - they doesn't leave trace of attacker.
-->CHEAP - tools that can be used to tap are very much cheap.
Given below are the tapping techniques of fiber optics cable :-
A) COUPLER SPLICE-IN :-
In this technique a fiber coupler is used that has 1 input and 2 outputs. Below a splice-in coupler is shown .
This is the simplest and most primitive method of tapping into a fiber optic cable. Here, the fiber optic cable is cut and a coupler is spliced in such a way that
the signal continues to the intended party whilst being eavesdropped by the attacker.
B) FIBER BENDING COUPLING :-
In this technique clip-on coupler is used to tap the data.
Below a clip-on coupler is shown.
this light and the astonishing fact is that full amount of data can be obtained by the attacker even capturing small amount of light from the optic cable.
C) EVANESCENT COUPLING :-
Although most of the signal lies in the core of the fiber, a fraction of the light is also extended into the cladding. This fraction of light is called the evanescent field. Removing the fiber coating and a part of the cladding without touching the core would enable an attacker to access the evanescent field and eavesdrop on the line. For a skilled technician, the whole process would take approximately one hour to complete.
Now that we have seen all the tapping techniques lets discuss about some security solutions.
SOLUTIONS FROM SECURITY POINT OF VIEW:-
1) Attenuation monitoring:-
Optical signals suffer from minor degradations as they travel through the fiber. This is usually caused by scattering and absorption of light across the length of
the fiber and is known as attenuation. Devices to check the attenuation of signal in an optical fiber are available and can be used to check if there are alterations in the predetermined intensity of the signal. Any alteration in the attenuation could then be detected.
The limitations possessed by this method is that it will be unable to detect evanescent coupling tap and detect a coupler that is already placed in the fiber.
2) Providing encryption:-
We can provide encryption for the data that is being transferred through the optic cable. Employing the right encryption technology will help corporations ensure that performance is not sacrificed for security. Encrypting data at layer 2 (data link layer) can ensure high throughput and low latency (less than 10 microseconds. In contrast to layer 3 encryption (eg. IPSec), there is no encryption tax at layer 2 on the size of the data packets. Encryption can therefore be performed at wire speed (maximum data transmission rate) for even the most demanding 10Gbps links.
CONCLUSION :-
Organizations spends lots of money in setting up various technologies such as firewalls, IDS, IPS which is a good practice but, the fail to maintain the integrity of the information once it goes out of the organization. As malicious and criminal attacks spread, companies need to exercise due caution to protect their data.
Encryption is the only method to ensure real data security. This should be implemented as part of a coherent risk management and data protection
strategy. Whether companies plan to connect data centers, campus networks or foreign branches they need encryption – without encryption there is no
compliance, no confidentiality and ultimately no security.
But remember encryption is also not a ultimate solution but we can control the data breach to a great extend.
.
Nice Topic and Greatly Explained !!!
ReplyDeleteThe bending coupler captures
ReplyDeletethis light and the astonishing fact is that full amount of data can be obtained by the attacker even capturing small amount of light from the optic cable. aminite