Security model and authentication protocol in EPON-based optical access network

An EPON (Ethernet passive optical network), which is progressing to standardization in IEEE 802.3ah, consists of an OLT (optical line termination) and multiple ONUs (optical network units) using passive optical components. This network is susceptible to various security threats, such as eavesdropping, masquerading, denial of service, and so on. We propose a security model and a security protocol to support authentication in an EPON based optical access network. We analyze security threats and security models in the EPON reference model. After considering these models, we propose that an encryption layer is placed at the RS layer. The paper proposes an authentication protocol based on public key exchange and a key establishment protocol. User authentication and ONU authentication are performed separately to give efficient key management and a strong authentication service.