When network system providers are asked about possible solutions, they briskly answer: «If you need security, use fiber optics.»
At first glance, everything is obvious.
Fiber optics are ordinary glass that transmits electromagnetic energy in the form of infrared light. There is practically no radiation to the outside. The message can only be intercepted by physically connecting to the fiber.
Thus, the problem of information security is finally solved.
However, everything is not so simple.
Optoelectronics (especially for high-speed, CCTV, and video applications) are expensive and in many cases do not eliminate the problem of electromagnetic radiation into the environment, since workstations, servers, interface cards, hubs, and other network devices are also active equipment and set their own level of radiation. Therefore, when making decisions about the use of fiber optic cabling systems (FOCS), it is important to understand the actual state of affairs in terms of security.
Domestic and foreign manufacturers of optical cable systems successfully operate on the Russian market. These are, first of all, the Samara Optical Cable Company and the company «Prospective Technologies Plus» (St. Petersburg); optical cables are supplied to Russia by Alcatel (France), Fujikura (Japan), General Cable Company (USA), Mohawk/CDT (USA), MOI Elektronik (Germany), Nokia (Finland), Pirelli (Spain), Samsung (South Korea), SEL (Germany) and others. Currently, one of the world leaders in the production of optical cable systems is the transnational company Alcatel (France), which offers the most complete range of optical cables.
First of all, let us consider the structure and main parameters of the fiber optic cable. This will allow us to indicate some solutions for protecting the integrity of the corresponding data transmission networks.
Fiber optic cables are differentiated by the size of the carrier fiber and the cladding, a layer of glass that reflects light. In addition. In addition, optical fiber cables are distinguished by the transmission mode: single-mode and multimode cables, as well as by the wavelength used (850-1550 ns) and the light sources used (lasers or light-emitting diodes — LEDs).
|
|
1 — optical fiber; 2 — intra-modular hydrophobic filler; 3 — cordel; 4 — central strength element — steel cable; 5 — hydrophobic filler; 6 — fastening tape; 7—intermediate polyethylene shell; 8 — armor made of corrugated steel tape; 9 — protective sheath made of polyethylene. |
Fig. 1. Configuration of fiber optic cable
(using the example of optical city cable manufactured by Fujikara for installation in cable ducts, pipes, blocks, collectors, on bridges and in cable shafts)
The central element of a fiber optic cable is an internal core made of glass or plastic (Fig. 1, position 1). The diameter and purity of the glass fiber determine the amount of light it transmits.
Glass was known to the ancient Egyptians, but it was not until the Renaissance that people learned to make window glass. If we filled the ocean with modern glass used for fiber optics, we would be able to see the bottom at any point, just as we see the earth from an airplane.
The following types of fiber optic cable are the most common:
• with a core of 8.3 μm and a sheath of 125 μm;
• with a 62.5 µm core and a 125 µm cladding;
• with a 50 µm core and a 125 µm cladding;
• with a 100 µm core and a 145 µm cladding;
Fiber optic cables with a thickness of 8.3 microns are very difficult to connect accurately. Therefore, installation errors are possible, including those that are difficult to detect during cable wiring testing. Such errors are often eliminated by installing additional fiber optic repeaters (hubs), which increases the level of electromagnetic radiation of the cable system as a whole. However, so-called custom cable kits have recently appeared on the market, that is, cables with connectors already installed and tested at the factory. They completely relieve installers from the tedious procedures of installing and testing wiring in the field.
Fiber optic cables are characterized by the following features (see Fig. 1):
• the presence of a central strength element;
• placement in a polymer tube — module;
• the number of optical fibers in one module is from 1 to 12;
• filling the space between the modules with reinforcing elements — cords made of fiberglass or Kevlar threads and a hydrophobic gel;
• covering all these elements and modules with an intermediate polymer shell;
• external protection of the shell made of polyethylene or metal; it is possible to have two protective shells — metal and polyethylene.
Along with these common features, optical cables from different companies may have additional fastening tapes, anti-corrosion and waterproof windings, corrugated metal sheaths, etc.
It is clear that it is difficult to connect to a fiber-optic cable in the field. This is one of the arguments of the supporters of the opinion about the complete safety of the optical cable system. But the well-known principle of counteraction between armor and projectiles predetermined the development and commercialization of numerous innovations in installation technology. These are improved tools and devices for fusing fibers, fast-hardening epoxy resins, special connectors, etc.
But among specialists, information has appeared about the creation of special robots that are controlled remotely, can independently move along cable ducts and, without direct human participation, connect to a fiber-optic cable for subsequent transmission of data circulating in the optical cable system.
To counteract intruders armed with special equipment, it was proposed to use internal power metal structures of fiber-optic cables as signal wires. To gain access to the fiber, it is necessary to violate the integrity of these structures. This leads to an immediate alarm in the control center for the OCS.
There is practically no need for additional equipment to implement such a security system. For example, there is no need, as is often done with copper cables, to lay fiber optic cable in pipelines where high pressure is maintained (in this case, the alarm is triggered when the protective pipeline is depressurized).
The parameters of the optical fiber cable indirectly affect the security of the data transmission system as a whole. Let's consider single-mode and multi-mode transmission modes (Fig. 2).
Single-mode fibers transmit optical signals with one wavelength. Multi-mode fibers can transmit signals with different wavelengths.
To combine several optical signals, a so-called wave division multiplexer (WDM) is used. WDM works like a prism.
Signals with different wavelengths are combined in it, and then sent along one of the optical fibers. The prism at the receiving end decomposes the signal into waves of the original length and directs them to the input of the corresponding optical receiver.
The use of multiplexing allows increasing the number of possible data transmission channels.
However, in multimode cables, signals are attenuated more strongly, therefore, the distances between regeneration nodes must be significantly reduced, which, of course, will make the system more expensive, more “radiating” and, accordingly, less protected.
Fig. 2. Single-mode and multi-mode transmission modes
In general, the attenuation of signals in a fiber-optic cable (up to 5 dB/km) is approximately the same as that of an electrical coaxial cable, but still less. This is explained by the fact that light is not emitted outside the cable, like an electrical signal in copper wires. It is very important that with an increase in frequency over 200 MHz, fiber-optic cables have an undeniable advantage over any electrical cables. Therefore, high-frequency transmission is advisable to ensure information security.
Signal attenuation increases significantly when the cable is branched and branched, although fiber optics allow this.
Accordingly, it is preferable to use unidirectional cables, which immediately determines the possible network topologies: «star» (with two multidirectional cables between the central subscriber and each of the peripheral ones) or ring (with one unidirectional cable).
The security features in networks with the specified topologies are given in the table.
| Topology | Advantages | Disadvantages | Comment |
| Star | Ease of connecting new devices without reconfiguring the network. The central node can perform switching of channels, messages and packets | If the central node fails, the entire network fails. The central node requires strict physical and logical protection. Established point-to-point correspondence, broadcasts are not possible. | The main information is contained on the central node, the peripheral nodes act as terminals |
| Ring (network nodes are equal) | There is no central node with which security problems are associated. Each node has equal opportunities to transmit a message | A ring break disables the system. When adding a new node, the network must be reconfigured. Sending a message through other nodes reduces network security | Each node must be sufficiently productive. Sending a message through an intermediate node allows any manipulations to be performed with it, cryptographic protection will lead to a loss of productivity |
Table. Security features in networks with different topologies
Despite the low attenuation, fiber optics have another problem — chromatic dispersion. Glass transmits light waves of different lengths differently, so the light pulse, passing through the cable, is «washed out».
The result is a rainbow effect — the light signal is divided into color components. At a distance of several kilometers, it can «get into» the next bit, which will lead to data loss. This will violate their integrity, which is, along with confidentiality and availability, the most important aspect of information security. Single-mode cables transmit light of one frequency, so there is no chromatic dispersion effect.
One possible solution to this problem is to increase the distance between adjacent signals, but this will reduce the transmission speed. Fortunately, research has shown that if the signal is generated in some special form, then the dispersion effects almost disappear, and the signal can be transmitted over thousands of kilometers. Signals in this special form are called silitons.
The disadvantages of fiber optic cable that affect the safety of OCS include lower mechanical strength and shorter service life than electrical cable; as well as sensitivity to ionizing radiation (reduced transparency of the fiber).
Thus, the configuration of the fiber optic cable affects the safety policy when working with OCS. However, the discussion of the issue related to electromagnetic radiation seems no less important.
As noted above, computer networks built on the basis of fiber-optic channels emit confidential data into the surrounding space; some leading analysts even sarcastically call them «broadcast» networks. Let's clarify the essence of the problem with examples.
ITT Cannon NS&S conducted a series of measurements of the level of self-radiation for fiber-optic, shielded and unshielded cable systems in specially equipped laboratories. The active equipment together with the cable system of the maximum permissible length — 100 m — for the horizontal system was placed in an interference-protected isolated chamber. As a result, it turned out that at frequencies up to 70 MHz, the network based on the shielded cable system has the lowest level of self-radiation.
This is explained by the fact that with good grounding, shielding not only reduces the cables' own radiation by several orders of magnitude, but also reduces the electric potential of the active device housings. At frequencies of 70-100 MHz, all systems showed jumpy curves of the amplitude-frequency characteristics of the level of their own radiation, although their nature was approximately the same for all systems. The appearance of peaks indicates the formation of complex oscillatory circuits both in cables and in active equipment.
According to research by Lucent Technologies, the distance at which electromagnetic radiation from a cable, such as an unshielded twisted pair, can be intercepted is no more than half a meter, while the radiation range of a computer monitor (data from Siemens) is more than two kilometers.
Another example illustrating the reverse process is the impact on the computing system. During testing, the LAN operated in the ATM mode at a speed of 155 Mbit/s on lines with unprotected, protected twisted pair and optical fiber. The impact was determined to be the influence of a radio frequency field with an intensity of 3 V/m (a GSM mobile phone creates a field with an intensity of 4.7 V/m). The system based on unprotected twisted pair was characterized by a high level of failures and eventually failed. The LAN on optical fiber had failures, but worked.
And only the LAN based on protected twisted pair was completely unaffected by interference.
Thus, the security of the OCS is determined by the very «bottleneck» of telecommunication systems — the network active equipment.
One way to guarantee data privacy and security is to electrically shield the entire building using a so-called Faraday cage. However, this method is too expensive and is only used by intelligence organizations.
Information security issues are closely related to the availability and application of standards governing the development and operation of various hardware or software. It is known that where there is chaos, there is plenty of room for intruders. Therefore, the parameters of signal transmission over optical lines are defined unambiguously. Along with a detailed technical description, a link to the relevant optical data transmission standard can be used to determine the full set of requirements for the computer system as a whole.
The most popular standard in the USA and Europe governing the parameters of optical transmission for communications in industrial premises is ANSI/T1A/E1A-568A. It defines attenuation and bandwidth for multimode fiber and maximum attenuation for single-mode fiber.
There are other documents that contain standards for optical signal transmission. These are ANSI X3.166 «Fiber Distributed Data Interface (FDDI), Physical Medium Dependent (PMD)», ISO/IEC-11801 «Generic Cabling for Customer Premises» and IEEE 802.3z «Physical Medium Dependent Sublayer and Baseband Medium, Type lOOOBase-LX for Long-Wavelength Lasers and lOOOBase-SX for Short-Wavelength Lasers».
Most designers of cabling systems and other equipment continue to rely on standards texts and assemble cabling systems from individual components from different manufacturers on a plug-and-play basis. In such a situation, it is especially important that those responsible for information security and privacy in the organization test the reliability of the system as a whole, and not its individual parts,
The discussion of the security features of optical cable systems cannot be considered complete without mentioning the safety of working with fiber optic cables. Glass fibers are so thin that they are impossible to see with the naked eye. A piece of fiber can get into your eyes before you have time to see it.
The emitter of the optical signal is also potentially dangerous to humans. It can be a very powerful laser that can cause irreparable harm to health. So, when working with optical cable systems, make it a rule to never look at the end of the fiber, and be sure to use the appropriate equipment to inspect the cables.
The use of optical cable systems can create a false sense of complete security in users.
Another approach is more correct: the choice of fiber optic cable systems is only a partial solution to the problem of ensuring data security.
It makes it much more difficult for unwanted access to the network from the outside than in the case of using a system with standard unshielded lines used in modern networks.