Degradation attacks on Passive Optical Networks

Passive Optical Networks (PONs) are a promising candidate to solve the last-mile problem in access networks. By using optical fibers, PONs can offer to the subscribers higher capacity than other traditional access technologies, such as xDSL or Cable-TV, at a lower cost than FTTx solutions. As for any other access-network technology, security is a very important issue. PONs have very specific security requirements because (i) the downstream transmission channel is inherently broadcast, and (ii) malicious transmissions in the upstream channel can not be easily detected and prevented. This paper shows that malicious upstream transmissions can be used to conduct very intrusive degradation attacks upon the upstream traffic and quantifies the decrement of the upstream throughput over a PON under different scenarios of degradation attack. Further, the paper considers how the effect of a degradation attack carried on at the physical layer is greatly amplified by the TCP congestion control algorithm resulting in a strong degradation with little effort by the attacker. The attacker could then exploit bandwidth sharing mechanisms to gain an unfair amount of bandwidth. We also propose a possible mitigation strategy that pinpoints the attacker and re-establishes fairness in terms of throughput per ONU.