**4. Physical layer attacks**

Depending on the network traffic, it is envisioned that a fraction of the network nodes will be BS‐based, other nodes will be RS‐based and the rest will be hybrid nodes. The objective of the proposed algorithms of this chapter is to use hybrid nodes in order to minimize the lightpath interactions and at the same time to minimize the network cost. This means that WSSs are placed only in some of the input ports and specifically only at the locations that are neces‐ sary in order to allow only the necessary wavelengths to pass through the WSS and avoid all crosstalk interactions. Thus, by using hybrid nodes and not RS‐based nodes, we can minimize the network cost while at the same time eliminating crosstalk interactions and consequently

In order to provide cost‐efficient network solutions, it is necessary to plan optical networks over a long‐time horizon. When dealing with optical networks, where the cost to build the network is high and the investment that takes place should last for a long time, sophisticated planning decisions must take place to ensure that the network infrastructure will not require any major upgrades over a predetermined amount of time. The problem becomes more involved in the case of future traffic demand forecasts that include uncertainty, as network planning decisions must be taken without the exact knowledge of future traffic demands. In this case, these decisions will be based on estimations. In the remaining of this chapter, the proposed multi‐period network planning approaches with uncertain traffic demands are discussed. The planning approaches assume that for the first period, the demands follow a known distribution and for the periods that follow the demands are increased based on a

The multi‐period network planning problem in this chapter will be investigated for two dif‐

This approach considers the demands of the next period and optimizes the investment cost in each period. Therefore, the solution is calculated sequentially for each period. The solu‐ tion can be optimal for each period but not jointly for all the periods under consideration. Once the solution is provided for one period, then this solution affects the solution of the periods that follow. This is due to the fact that the solution of one period is assumed to be fixed and the solutions of the periods that follow are now based upon the previously found

This approach considers the demands of all periods and optimizes the investment cost from the beginning of the planning period, that is the multi‐period approach minimizes the net‐ work cost over all periods at once. Therefore, the demand distribution for every time period

protecting the network against jamming attacks.

54 Optical Fiber and Wireless Communications

ferent period‐planning types as detailed below.

**3.1. Incremental network planning**

**3.2. Multi‐period network planning**

multiplicative factor.

solutions.

**3. Planning approaches for demand uncertainty**

In general, the physical layer attacks in transparent optical networks can be grouped in two main categories: eavesdropping and service disruption.

In eavesdropping, the purpose of an attacker is to passively analyze the traffic in the network after gaining access to the information through an unauthorized observation method. To gain mid‐span access to the fiber, the eavesdropper has to cut through and strip away the cable's outer jacket to access the individual fibers in its center.

Service disruption can be performed through high‐power jamming attacks and can be classi‐ fied into three sub‐categories based on the effects it inflicts on the signal:


These types of attacks propagate through the transparent network affecting several connec‐ tions, and as a consequence, the localization of an attack is a difficult problem. Due to the high bit rates of optical networks and the interaction of the connections, a jamming attack can cause a huge amount of information loss. Therefore, the limitation of attack propagation is a crucial consideration in designing transparent WDM optical networks.

The focus of this study is to deal with service disruption and especially with in‐band and out‐of‐band jamming attacks.

#### **4.1. In‐band jamming attack**

High‐power in‐band jamming attack is an attack that can be performed through the intra‐ channel crosstalk effect. Intra‐channel crosstalk is the effect of power leakage between light‐ paths crossing the same switch and using the same wavelength due to non‐ideal isolation of the inputs/output ports of the switching fabric. Intra‐channel crosstalk cannot be filtered out, since the interfering signal is on the same wavelength as the one affected. Thus, a high‐power jamming signal can cause significant leakage inside the switches between lightpaths that are on the same wavelength as the attacking signal.

**Figure 4** illustrates an example of a high‐power jamming attack in node *n*<sup>1</sup> of the network through lightpath (*p*<sup>1</sup> , *w*<sup>i</sup> ). In this figure, the attacker uses the lightpath (*p*<sup>1</sup> , *w*<sup>i</sup> ) in order to attack the network. The attacking signal initially affects lightpath (*p*<sup>0</sup> , *w*<sup>i</sup> ), through intra‐channel

**Figure 4.** High‐power in‐band jamming attack propagation.

crosstalk because this lightpath uses the same wavelength and is crossing the same node as the attacking lightpath. In turn, lightpath (*p*<sup>0</sup> , *w*<sup>i</sup> ) becomes an attacker too called "secondary attacker". Thus, lightpath (*p*<sup>0</sup> , *w*<sup>i</sup> ) spreads the attack further to lightpath (*p*<sup>3</sup> , *w*<sup>i</sup> ).

#### **4.2. Out‐of‐band jamming attack**

High power out‐of‐band jamming attack is an attack that can be performed through the inter‐ channel crosstalk effect. Inter‐channel crosstalk results due to the power leakage between adjacent channels.

**Figure 5** illustrates the high‐power out‐of‐band signal propagation through the inter‐chan‐ nel crosstalk effect. In this case, lightpath (*p*<sup>1</sup> , *w*i+1) is used by an attacker in order to attack the network. Lightpath (*p*<sup>1</sup> , *w*i+1) then affects lightpath (*p*<sup>0</sup> , *w*<sup>i</sup> ) as the two lightpaths co‐propa‐ gate along the same fiber utilizing adjacent wavelengths. Then, the affected lightpath (*p*<sup>0</sup> , *w*<sup>i</sup> ) becomes a "secondary attacker" and affects lightpath (*p*<sup>3</sup> , *w*i‐1).

**Figure 5.** High‐power out‐of‐band jamming attack propagation.

#### **5. Attack‐aware routing wavelength assignment**

In this section, a heuristic algorithm is presented for the Aa‐RWA with given demands in order to minimize the propagation of physical layer attacks. The algorithm aims at mini‐ mizing the interactions among lightpaths in order to avoid the propagation of high‐power jamming attacks, in terms of affected lightpaths through intra‐ and inter‐channel crosstalk. As discussed above, with these types of attacks, an affected lightpath can also affect other lightpaths, thus spreading the attack to other parts of the network. The goal of the Aa‐RWA techniques is then to minimize as much as possible the spread of any attack that can occur in the network.

The proposed heuristic approach solves the problem by sequentially serving one‐by‐one the con‐ nections and consists of two phases. In the first phase, *k* candidate paths are calculated for each requested connection. In the second phase, the algorithm establishes the connections sequentially with the objective to minimize the number of in‐band and out‐of‐band lightpath interactions.

#### **5.1. Finding candidate paths**

In the first phase, *k* candidate paths are identified for serving each requested connection. These paths are selected by employing a *k*‐shortest path algorithm. The *k*‐shortest path algo‐ rithm pre‐calculates for each source‐destination pair (*s*, *d*) a set of *k* candidate paths *P*sd as follows: first, the shortest path is calculated using Dijkstra's algorithm, and then, the cost of the links which belong to the shortest path is doubled and Dijkstra's algorithm is executed again. This procedure is repeated until *k* paths are found. After a subset *P*sd of candidate paths for each source‐destination pair (*s*, *d*) is computed, the total set of computed paths is given as input to the next phase of the algorithm.

### **5.2. Attack‐aware RWA**

This section describes the heuristic algorithm for establishing the connections, one‐by‐one, in some particular order with the objective to minimize the lightpath interactions through the crosstalk effect.

#### *5.2.1. Definitions*

crosstalk because this lightpath uses the same wavelength and is crossing the same node as

, *w*<sup>i</sup>

High power out‐of‐band jamming attack is an attack that can be performed through the inter‐ channel crosstalk effect. Inter‐channel crosstalk results due to the power leakage between

**Figure 5** illustrates the high‐power out‐of‐band signal propagation through the inter‐chan‐

In this section, a heuristic algorithm is presented for the Aa‐RWA with given demands in order to minimize the propagation of physical layer attacks. The algorithm aims at mini‐ mizing the interactions among lightpaths in order to avoid the propagation of high‐power jamming attacks, in terms of affected lightpaths through intra‐ and inter‐channel crosstalk. As discussed above, with these types of attacks, an affected lightpath can also affect other lightpaths, thus spreading the attack to other parts of the network. The goal of the Aa‐RWA

, *w*i+1) then affects lightpath (*p*<sup>0</sup>

gate along the same fiber utilizing adjacent wavelengths. Then, the affected lightpath (*p*<sup>0</sup>

) spreads the attack further to lightpath (*p*<sup>3</sup>

, *w*<sup>i</sup>

, *w*i‐1).

) becomes an attacker too called "secondary

, *w*i+1) is used by an attacker in order to attack

, *w*<sup>i</sup> ).

) as the two lightpaths co‐propa‐

, *w*<sup>i</sup> )

the attacking lightpath. In turn, lightpath (*p*<sup>0</sup>

**Figure 4.** High‐power in‐band jamming attack propagation.

nel crosstalk effect. In this case, lightpath (*p*<sup>1</sup>

becomes a "secondary attacker" and affects lightpath (*p*<sup>3</sup>

**5. Attack‐aware routing wavelength assignment**

**Figure 5.** High‐power out‐of‐band jamming attack propagation.

, *w*<sup>i</sup>

attacker". Thus, lightpath (*p*<sup>0</sup>

56 Optical Fiber and Wireless Communications

adjacent channels.

the network. Lightpath (*p*<sup>1</sup>

**4.2. Out‐of‐band jamming attack**

Each link *l* of the network is characterized by a Boolean wavelength availability vector *BWAV*<sup>l</sup> (*i*), 1 ≤ *i* ≤ *W*, whose *i* th element is equal to 0 if the *i* th wavelength of link *l* is utilized by a connection and is equal to 1, otherwise. *W* is the number of wavelengths that each fiber is able to support.

Each path *p* is characterized by a Boolean wavelength availability vector *BWAV*p(*i*), 1 ≤ *i* ≤ W. The *BWAV*p consisting of links *l*∈*p* is defined as the Boolean AND operation to the *BWAV*<sup>l</sup> of these links in each of the wavelengths of the *BWAV*<sup>l</sup> vectors.

$$\text{BWA } V\_p = \text{AND}\_{hyp} \text{(BWA } V\_l \text{)} \tag{1}$$

Thus, the element *BWAV*p(*w*) is equal to 1 if wavelength *w* is available over path *p*. The above equation enforces the wavelength continuity constraint among the links comprising a path. Each element *BWAV*p(*i*) represents a lightpath (*p*, *w*) between source‐destination pairs (*s*, *d*).

### *5.2.2. Algorithm description*

The aim of the heuristic algorithm is to establish *Λsd* lightpaths for (*s*, *d*) under the current uti‐ lization state of the network, given in the form of the wavelength availability vectors *BWAV*<sup>l</sup> , for all *l* and the established lightpaths up to that point. The objective of the Aa‐RWA heuristic algorithm is to minimize the number of lightpaths that interact with other lightpaths through intra‐ and inter‐ channel crosstalk and thus to minimize the propagation of high‐power jam‐ ming signal attacks.

The wavelength utilization *BWAV*p of the candidate pre‐calculated paths for the source‐destina‐ tion pair (*s*, *d*) is computed based on the *BWAV*<sup>l</sup> of the links. For each demand, the lightpath (*p*, *w*), from the set of candidate lightpaths with the smallest number of in‐band and out‐of‐band channel interactions with the already established lightpaths, is chosen. To evaluate this, the wavelength availability vectors *BWAV*<sup>l</sup> are used to identify the interactions of established lightpaths. Then, the lightpath with the minimum sum of in‐band and out‐of‐band channel interactions is established.

After establishing the lightpath (*p*, *w*), the corresponding *BWAV*<sup>l</sup> is updated. The algorithm at each step establishes a requested connection *Λsd* . If there are no available wavelengths, then the connection is blocked. Subsequently, the algorithm establishes lightpaths for all the connec‐ tion requests in sequential order. The output of the algorithm is a set of established lightpaths in terms of paths and wavelengths. For each lightpath, the algorithm also returns two scalars that represent the number of inter‐channel and the intra‐channel interactions of this lightpath with the other established lightpaths.
