Secure Data Transmission Via Spatially Multiplexed Optical Signals

Abstract

A system, for example an optical communication system, includes an optical transmitter. The transmitter is configured to direct towards an optical fiber a spatially multiplexed optical signal. The optical fiber is configured to convey data via the multiplexed optical signal from the transmitter to a receiver. The transmitter is configured to set a signal-to-noise ratio (SNR) or a transmission capacity of the multiplexed optical signal to achieve a predetermined secrecy capacity of the transmission.

Claims

1-5. (canceled)

6. A system, comprising: an optical transmitter configured to direct towards an optical fiber a spatially multiplexed optical signal, the optical fiber being configured to convey data via said multiplexed optical signal from the transmitter to a receiver; wherein the transmitter is configured to set a signal-to-noise ratio (SNR) or a transmission capacity of the multiplexed optical signal to achieve a predetermined secrecy capacity of the transmission.

7. The system of claim 6, wherein the secrecy capacity is determined from a difference between a data capacity of a legitimate data channel transmitted via the optical fiber, and an estimated data capacity of an optical signal tapped from the optical fiber.

8. The system of claim 6, wherein the transmitter is configured to receive a measure of optical channel signal parameters from the receiver.

9. The system of claim 6, wherein the transmitter is configured to estimate a measure of optical channel signal parameters as received by the receiver.

10-19. (canceled)

20. An apparatus, comprising: a plurality of optical modulators configured to direct towards a multimode optical fiber a corresponding plurality of modulated optical signals; a mode-selective optical multiplexer configured to form a transmitted optical signal from a plurality of mode-shaped optical signals derived from said plurality of modulated optical signals for input to the fiber; and a noise source configured to set a signal-to-noise ratio (SNR) or a transmission capacity of the transmitted optical signal to achieve a predetermined secrecy capacity of the optical signal.

21. The system of claim 20, wherein the noise source is configured to set the SNR of the transmitted signal to place an eavesdropper in one of a plurality of predetermined security regions of the transmitted data.

22. The system of claim 21, wherein the plurality of security regions includes an exponentially secure region.

23. The system of claim 20, wherein the noise source is configured to set the SNR based on an estimate of channel quality of an optical signal tapped from the multimode optical fiber, the estimate provided by a receiver of the transmitted optical signal.

24. The system of claim 20, wherein the noise source is configured to set the SNR based on an estimate of mode-dependent loss of an optical signal tapped from the multimode optical fiber, the estimate provided by a receiver of said transmitted signal.

25. The system of claim 20, wherein the noise source is configured to set the SNR or transmission capacity by adding a noise signal to one or more of the modulated optical signals.

26. The system of claim 25, wherein the noise source is configured to set the SNR or transmission capacity by adding a noise signal to an optical source of the optical modulators.

27. The system of claim 25, wherein the transmitter is configured to set the SNR or transmission capacity by adding electrical noise to an electrical-domain input to one or more of the optical modulators.

28. The system of claim 27, wherein the electrical noise comprises a bit stream produced by a pseudo-random cipher algorithm.

29. A method, comprising: configuring plurality of optical modulators to direct towards a multimode optical fiber a corresponding plurality of modulated optical signals; configuring a mode-selective optical multiplexer to form a transmitted optical signal from a plurality of mode-shaped optical signals derived from said plurality of modulated optical signals for input to the fiber; and configuring a noise source to set a signal-to-noise ratio (SNR) or a transmission capacity of the transmitted optical signal to achieve a predetermined secrecy capacity of the optical signal.

30. The method of claim 29, wherein the noise source is configured to set the SNR of the transmitted signal to place an eavesdropper in one of a plurality of predetermined security regions of the transmitted data.

31. The method of claim 30, wherein the plurality of security regions includes an exponentially secure region.

32. The method of claim 29, wherein the noise source is configured to set the SNR based on an estimate of channel quality of an optical signal tapped from the multimode optical fiber, the estimate provided by a receiver of the transmitted optical signal.

33. The method of claim 29, wherein the noise source is configured to set the SNR based on an estimate of mode-dependent loss of an optical signal tapped from the multimode optical fiber, the estimate provided by a receiver of said transmitted signal.

34. The method of claim 29, wherein the noise source is configured to set the SNR or transmission capacity by adding a noise signal to one or more of the modulated optical signals.

35. The method of claim 34, wherein the noise source is configured to set the SNR or transmission capacity by adding a noise signal to an optical source of the optical modulators.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0013] A more complete understanding of the present invention may be obtained by reference to the following detailed description when taken in conjunction with the accompanying drawings wherein:

[0014] FIG. 1 illustrates a prior art optical transmission system;

[0015] FIG. 2 illustrates several characteristics of secrecy capacity of a transmitted optical data signal vs. the signal-to-noise ratio of an optical signal tapped by an eavesdropper;

[0016] FIG. 3 illustrates in a first embodiment a system, e.g. for secure optical data transmission, in which noise is added to one or more optical signal paths via an amplifier-attenuator pair to decrease the SNR of the one or more optical signals;

[0017] FIG. 4 illustrates in a second embodiment a system, e.g. for secure optical data transmission, in which noise is added to one or more digital signal paths prior to modulation of an optical carrier;

[0018] FIG. 5 illustrates in a third embodiment a system, e.g. for secure optical data transmission, in which noise is added to one or more optical signal paths, e.g. by adding optical signal noise;

[0019] FIGS. 6A illustrates an embodiment of a system, e.g. for secure optical data transmission, in which a transmitter and a receiver may cooperate to operate at a predetermined secrecy capacity of the optical transmission;

[0020] FIGS. 6B illustrates an embodiment of the system of FIG. 6A, in which data may be transmitted securely by a correlation between logical states of pseudorandom bits transmitted via two spatial paths of a spatially multiplexing fiber;

[0021] FIGS. 7A and 7B illustrate methods, e.g. for secure optical transmission of data, that may be employed by the system of FIG. 6A;

[0022] FIG. 8 illustrates aspects of various security levels that may be attained with different levels of channel quality of a tapped optical signal; and

[0023] FIG. 9 illustrates a system, e.g. for secure optical transmission of data, in which orthogonality preserving, spatially unitary mode scrambling may be used to prevent an eavesdropper from properly interpreting a tapped optical signal.

DETAILED DESCRIPTION

[0024] The disclosure is directed to, e.g. methods and systems that provide improved security of optical communications. The inventors have discovered that a spatially diverse optical transmission medium, e.g. an optical fiber capable of supporting spatially multiplexed optical signal, e.g. a multimode or multi-core optical fiber, may provide greater security of data than conventional transmission media, e.g. a single-mode optical fiber. Because optical signals propagating in such a spatially diverse medium have modal relationships that typically remain relatively constant during transmission, data interception by an eavesdropper may be denied by, e.g. ensuring that the eavesdropper is unable to properly reconstruct these relationships in tapped optical signals.

[0025] FIG. 1 schematically illustrates a conventional spatially multiplexed optical transmission system 100. The system 100 includes an optical fiber 110 that is capable of supporting spatially multiplexed optical signal, e.g. a multimode or multi-core fiber. The term spatially-multiplexing fiber, sometimes referred to as SMF, when used without elaboration, is not limited to either fiber type. The fiber 110 is capable of supporting multiple propagation modes, e.g. orthogonal modes of a basis set of propagation modes.

[0026] An encoder 120 receives data from an unreferenced bit stream, e.g. as three-bit-wide encoded data, and converts the received data to a number of serial bit streams. One each of a corresponding number of modulators 130 receives each serial bit stream and converts the received bit stream to an optical signal by modulating an optical carrier, e.g. a laser output (not shown). Each modulator 130 may include a digital-to-analog converter (DAC), not shown, to convert the received bit stream to an analog signal prior to modulating an optical carrier, e.g. a constant wave (CW) laser output. A mode-selective multiplexer 140, sometimes briefly referred to as the multiplexer 140, receives the optical signals and forms a corresponding number of mode-shaped optical signals for input to the fiber 110. See, e.g., U.S. Pat. No. 8,320,769, incorporated herein by reference. The mode-shaped signals have mode relationships that are determined to support propagation within the fiber 100. Notably, the mode-shaped signals are spatially orthogonal when launched into the fiber. While the optical signals may change in some aspects, e.g. intensity, as the signals propagate, the mode characteristics, e.g. relative intensity and phase, are expected to remain nearly constant as the signals propagate.

[0027] A mode-selective detector 150 receives the mode-shaped signals and produces a number of optical signals having serial data modulation. A decoder 160 receives the serial optical data streams and reforms output encoded data.

[0028] If the fiber 110 is tapped, e.g. to intercept data, some energy from one or more of the propagating modes therein will be removed from the propagating signal. The reduction of the energy propagating in the one or more modes will typically result in a change of the relative modal properties of the optical channels propagating in the fiber 110.

[0029] FIG. 2 illustrates transmission characteristics referred to as total secrecy capacity (TSC) as a function of a signal-to-noise (SNR) of a presumed eavesdropper determined by data transmission simulations. The TSC refers to the data-carrying capacity of the fiber 110 (in normalized arbitrary units) at which there is high confidence that the secrecy of the transmitted data is assured. In the present nonlimiting example the probability of interception is 0.01%. Five nonlimiting example cases are shown, from 4 propagating modes (bottom characteristic) through 64 propagating modes (topmost characteristic). A receiver SNR of 20 dB is assumed without limitation. Each one of the TSC characteristics decreases as the SNR of the presumed eavesdropper increases. For all the illustrated characteristics, the secrecy capacity of the fiber 110 decreases with increasing SNR of the eavesdropper. In other words, as the quality of the signals tapped by the eavesdropper increases the secrecy capacity of the fiber 110 decreases.

[0030] Thus, in some embodiments the secrecy capacity of the fiber may be maintained at a relatively high level by ensuring that the eavesdropper's SNR is relatively low compared to the receiver. In other words, the SNR along the optical communication path may be designed to ensure that the SNR of an eavesdropper is never more than a predetermined proportion of the receiver SNR, e.g. never more than about 50% of the receiver SNR. Noise may be added to the transmitted signal by any conventional or future-discovered manner. Moreover, the noise may be added at any location between the optical transmitter and the eavesdropping optical receiver as determined to meet the objective of reducing the SNR of the eavesdropper as compared to the SNR of the receiver. The figures described immediately following provide three nonlimiting examples. Those skilled in the art may apply the principles described herein in other specific embodiments within the scope of the disclosure and the claims.

[0031] FIG. 3 illustrates an embodiment of a system 300 in which noise, e.g. analog noise, is added to the transmitted optical signal by one or more amplifiers, each of which may optionally be paired with a corresponding attenuator. As appreciated by those skilled in the art, an optical amplifier may add an incremental amount of noise, e.g. Gaussian noise, to the optical signal. In some embodiments the amplifier may be intentionally designed to have a greater amount of noise than might be used in a low-noise application. Such an amplifier may be referred to herein as a noisy amplifier. When a noisy amplifier is paired with an attenuator, the attenuator and the amplifier may have reciprocal gains with respect to each other, but this need not be the case.

[0032] In a first example, an attenuator 310 and amplifier 320 add noise to an optical signal initially output by a laser 330. The signal, referred to as a noise signal after output by the amplifier 320, is added to an optical signal received by one of the modulators 130. In various embodiments a noise signal may be added to one, some less than all, or all of the optical signals received by the modulators 130. In a second example, the noise is added between one of the modulators 130 and the multiplexer 140 via an attenuator 340 and an amplifier 350. Again, the pair 340/350 may be placed before one, some or all of the inputs to the multiplexer 140. In a third example, the noise is added between one of the outputs of the multiplexer 140 and the fiber 110 via an attenuator 360 and an amplifier 370. Again, the pair 360/370 may be placed after one, some or all of the inputs to the multiplexer 140. Finally, noise may be added by direct amplification via the fiber, symbolized by a spatially multiplexing attenuator 380 and amplifier 390. Such devices are known in the art.

[0033] FIG. 4 illustrates an embodiment of a system 400 in which electronic noise, e.g. digital noise, may be added to the transmitted signal prior to optical modulation. Such noise addition may be thought of as creating a noisy constellation, e.g. a noisy 16-, 32- or 64-QAM constellation. The system 400 includes the encoder 120 and an instance of the modulator 130, both previously described. Also separately shown is a DAC 410 which may be a functional portion of the modulator 130.

[0034] A first summing node 420 receives a channel output from the encoder 120 and an unreferenced digital noise source. A second summing node 430 receives the output of the DAC 410 and an unreferenced analog noise source. The modulator 130 receives the output of the second summing node 430. In various embodiments one or both the summing nodes 420, 430, and their respective noise sources, are present. In this manner, digital noise, analog noise, or both may be added to the bit stream from the encoder 120 before modulation of the channel optical signal.

[0035] The analog noise source provides the ability to add analog noise, e.g. colored or white Gaussian noise, to the analog signal used to modulate the optical channel. The digital noise source provides the ability to add digital noise to the data stream prior to conversion to the analog domain. The digital noise source may provide noise similar to the analog noise source, e.g. digital representations of colored or white Gaussian noise, or may provide correlated noise, e.g. a bit stream produced by a pseudo-random cipher algorithm such as the advanced encryption standard (AES) cipher. Such use of a cipher may provide a security layer to the modulated optical signal, making interpretation less likely in the event of successful interception by an unintended recipient. In such cases, the eavesdropper may not be able to distinguish the correlated noise from uncorrelated (e.g. Gaussian) noise. But the intended recipient, with a properly synchronized receiver and in possession of an appropriate key, may remove the correlated noise to recover the transmitted data.

[0036] FIG. 5 illustrates an embodiment of a system 500 in which noise, e.g. analog noise, may be added optically to the transmitted signal after optical modulation. Three examples are shown. In a first example noise produced by an optical amplifier 510 may be added via a summing node 520 to the output of the modulator 130. In a second example noise produced by an optical amplifier 530 may be added via a summing node 540 to the output of the multiplexer 140. In a third example noise produced by an optical amplifier 550 may be directly injected into the spatially multiplexing fiber 560. Various embodiments may include none, some or all of these three examples. The optical noise inputs may be selected to add noise specifically at one or more optical wavelengths, or may be broad-band.

[0037] FIG. 6A illustrates aspects of another embodiment for secure optical transmission. FIG. 6A includes a transmitter (TX) 610 and a receiver (RX) 620 connected by an optical fiber 630. An optional feedback path 640 provides information from the RX 620 to the TX 610 regarding signal parameters at the RX 620, e.g. power and/or mode-dependent loss (MDL). An eavesdropper 650 taps the optical fiber 630.

[0038] FIG. 7A presents one embodiment of a method 700A, e.g. for operating the system 600A. In a step 710 the RX 620 measures MDL and power of the received optical signal. In a step 720 the RX 620 estimates the MDL of the optical signal received by the eavesdropper. This estimate may be based on, e.g. a singular value decomposition of the estimated channel matrix. See, e.g. Peter Winzer and Gerard Foschini, MIMO Capacities and Outage Probabilities in Spatially Multiplexed Optical Transport Systems, Optics Express, Vol. 19, Issue 17, pp. 16680-16696 (2011), incorporated herein by reference. In a step 730 the RX 620 provides these values to the TX 610 via the feedback path 640. In some embodiments the TX 610 estimates the power and MDL at the RX 620 based on, e.g. an optical time-domain reflectrometric measurement from which the MDL is extracted using, e.g., the singular value decomposition referenced above. In such embodiments the feedback path 640 may be eliminated. In a step 740 the TX 610 calculates a secrecy capacity C.sub.S. The secrecy capacity is defined as the maximum transmission data rate at which the TX 610 may transmit with high confidence that the eavesdropper is unable to determine the transmitted data from the tapped optical signal. See, e.g. Kyle Guan, et al., Information-Theoretic Security in Space-Division Multiplexed Fiber Optic Networks, ECOC, Jun. 16, 2012, incorporated herein by reference. In this context high confidence means a confidence of at least about 99%. In some embodiments C.sub.S=C.sub.LC.sub.E, where C.sub.L is the data capacity of the legitimate data channel, e.g. the optical fiber 630, and C.sub.E is the estimated data capacity of the eavesdropper's signal tap. Typically if the TX data rate is less than about C.sub.S, then the confidence that the transmitted data cannot be intercepted may be at least about 99.99%. In other words, in such circumstances the eavesdropper is expected to have a chance no greater than about 1E-5 of successfully intercepting the transmitted data. See, e.g. Gaun, et al., supra. In a step 750 the TX 610 sets and/or adjusts its transmitted data capacity to be about equal to the calculated C.sub.S.

[0039] FIG. 7B illustrates a method 700B in which the TX 610 and the RX 620 negotiate a data transmission rate that results in a high confidence that an eavesdropper cannot intercept the data. Steps 710, 720 and 730 are as previously described. In a step 760 the TX 610 determines a transmission data rate that results in a desired level of security.

[0040] The level of security is described with reference to FIG. 8. FIG. 8 includes 4 regions I, II, III and IV that are divided by curves of decoded bit error ratio (BER) versus channel quality (as quantified by SNR, MDL, and the like) for various decoding (or forward error correction, FEC) techniques, e.g. practical FEC, maximum likelihood (ML) FEC, and Shannon limit FEC. If the channel quality for the eavesdropper is good enough to decode at the desired BER (region I), the eavesdropper may decode the tapped signal with high confidence, referred to without limitation as error-free using practical (e.g. relatively simple) FEC decoding. If the tapped channel quality is below the practical FEC limit, but above the ML FEC limit (region II), then the data transmission may be considered computationally secure, meaning e.g. that the computational cost of decoding the tapped signal may be computationally prohibitive for the eavesdropper. If the tapped channel quality is below the ML limit, but above the Shannon limit (region III), then the data transmission may be considered list decoding secure, meaning e.g. that the eavesdropper may attempt to perform FEC using various combinations of flipped input bits and an exhaustive trial-and-error search on a long list of possible solutions. However the computational barrier of this approach is expected to be even greater than needed to decode data in region II. Below the Shannon limit (region IV) it is expected that the data transmission is exponentially secure, e.g. meaning the eavesdropper can do nothing better than pure guessing.

[0041] In the step 760 the TX 610 determines a transmission rate that places the eavesdropper's BER in one of the regions I, II, III or IV. In this manner the data throughput of the transmission system 600 may be established to achieve a predetermined level of security given the presumed or determined presence of the eavesdropper.

[0042] In the embodiments described above, it is assumed that the eavesdropper is able to properly estimate its channel matrix. Some embodiments impede the eavesdropping receiver's ability to determine its channel matrix to reduce the eavesdropper's ability to successfully intercept data. This strategy may be used independent of or in combination with other embodiments described herein. The following describes such embodiments.

[0043] Referring to FIG. 9, a system 900 is illustrated for, e.g. secure optical communication between a transmitter 905 and a receiver 910 via a spatially multiplexing fiber 915. Data may be transmitted over fiber 915 via the spatial modes of the fiber 915 by launching signals orthogonally into the fiber. The system 900 includes a essentially spatially unitary mode scrambler 920, e.g. that is essentially spatially unitary, a channel estimator 930, a mode descrambler 940 and a receiver digital signal processor (DSP) 950. The DSP 160 may communicate with the channel estimator 930 via a feedback path 960 to dynamically adjust the channel estimation. An eavesdropper 970 may extract one or more of the spatial modes of the fiber 915 to attempt to intercept data.

[0044] The mode scrambler 920 receives optical channels, e.g. from the modulators 130 (FIG. 1) to be orthogonally coupled to corresponding spatial paths of the fiber 915. The mode scrambler 920 may operate on a pseudo-random scrambling schedule known only to the scrambler 920 (at the legitimate transmitter 905) and the descrambler 930 (at the legitimate receiver 910). The mode scrambling provided by the mode scrambler 920 may be reversed by the descrambler 940, making the transmitted data available to the receiver. However, if the scrambling schedule is hidden from the eavesdropper 970 he may not properly estimate, and hence properly invert, the channel to obtain useful information.

[0045] In some embodiments the mode scrambling takes place at a time scale that is faster than the time needed for channel estimation. In this manner, eavesdropper may be prevented from properly estimating the channel, thereby preventing decoding of the scrambled data. The rate of mode scrambling is not limited to any particular value, but in one example, may be faster than about 1E6 modulation symbols.

[0046] In FIG. 9, a scrambling function U(t) imposed by the scrambler 920 can be implemented optically or electronically using known methods. In the event that coupling between the spatial modes of the fiber 915 is weak, the receiver 910 may not require multiple-input multiple output (MIMO)-DSP processing to recover the transmitted data. In such cases, a descrambling function V(t) provided by the descrambler 940 can be implemented in optics or in electronics. If instead the legitimate channel requires MIMO-DSP at the receiver 910, e.g. due to significant coupling between legitimate SDM paths, then the descrambling function V(t) should be implemented electronically, e.g. by the DSP 950, after the channel estimator 930 applies an estimated inverse channel matrix H.sup.1. Some embodiments may include an optional start-up phase during which the transmitter and the receiver do not scramble/descramble the modes. This may allow the legitimate receiver to acquire a first estimate of a channel matrix H imposed by the fiber 915 in a static channel environment.

[0047] Although multiple embodiments of the present invention have been illustrated in the accompanying Drawings and described in the foregoing Detailed Description, it should be understood that the present invention is not limited to the disclosed embodiments, but is capable of numerous rearrangements, modifications and substitutions without departing from the invention as set forth and defined by the following claims.