一种10 Gbit/s EPON的综合安全方案
An Integrated Security Scheme Based on 10 Gbit/s EPON
10 Gbit/s以太网无源光网络 双向认证 加密算法 安全 10 Gbit/s EPON bilateral authentication encryption algorithm security
摘要
设计了一种10 Gbit/s EPON(以太网无源光网络)综合安全方案, 用于解决其点到多点拓扑结构造成的诸如窃听和伪装对安全敏感类业务的威胁。该方案包括含有密钥交换的双向认证方案及基于时间标签的加密算法。其中, 认证方案可在注册过程中验证OLT(光线路终端)及ONU(光网络单元), 加密算法可使用帧结构中的时间戳生成时变的密钥。实验结果证明了该综合安全方案的有效性。
Abstract
An integrated security scheme for 10 Gbit/s EPON is proposed to prevent eavesdropping and masquerading threats to sensitive data caused by its point-to-multi-point topology. This scheme includes a bilateral authentication method combining with key exchange protocol and an encryption algorithm based on the timestamp. The authentication method can verify the OLT and ONU during the registration process and the encryption algorithm adopts timestamp in the frameto generate time-varying cipher keys. The validity of the proposed scheme is demonstrated in the experiment.
占雪梅, 李春莹, 张清淼. 一种10 Gbit/s EPON的综合安全方案[J]. 光通信研究, 2016, 42(3): 13. ZHAN Xue-mei, LI Chun-ying, ZHANG Qing-miao. An Integrated Security Scheme Based on 10 Gbit/s EPON[J]. Study On Optical Communications, 2016, 42(3): 13.