![BWmap allocation frame for upstream data transfer [2].](https://www.researchgate.net/profile/Nelidya-Md-Yusoff/publication/354132086/figure/fig3/AS:11431281253608470@1718920818149/BWmap-allocation-frame-for-upstream-data-transfer-2_Q320.jpg)
Content uploaded by Nelidya Md. Yusoff
Author content
All content in this area was uploaded by Nelidya Md. Yusoff on Jan 03, 2023
Content may be subject to copyright.
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 301
Security enhanced dynamic bandwidth allocation
algorithm against degradation attacks in next
generation passive optical networks
F. M. Atan,1,2N. Zulkifli,1,* S. M. Idrus,1N. A. Ismail,1,2A. M. Zin,1,2A. Ramli,1AND
N. Md. Yusoff3
1Lightwave Communication Research Group, Universiti Teknologi Malaysia, Malaysia
2Faculty of Electrical Engineering, Universiti Teknologi MARA, Malaysia
3Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia, Malaysia
*Corresponding author: nadiatulhuda@utm.my
Received 21 June 2021; revised 8 August 2021; accepted 23 August 2021; published 10 September 2021 (Doc. ID 434739)
The dynamic bandwidth allocation (DBA) algorithm is highly impactful in improving the network performance
of gigabit passive optical networks (GPON). However, reports delineating its vulnerability to certain attacks can
be found in the literature, thus raising concerns. A degradation attack manipulates the transmission control pro-
tocol (TCP) congestion control algorithm, which may impact the received bandwidth of targeted network users.
Here, the absence of electronics within the passive splitter renders attack identification in GPONs a significant
challenge. Therefore, the current study aimed to propose a secured DBA mechanism known as security enhanced
DBA capable of overcoming this particular threat. A detection phase served as a critical component for sensing
and subsequently mitigating any abnormal behaviors observed among optical network units (ONUs). Upon
identification of the attacker, penalties were imposed to deter the next attack attempt and reestablish the fairness
to previously attacked ONUs. The simulation findings revealed throughput improvement of up to 63% due to the
security feature offered by the mechanism. Besides, significant improvements for the upstream delay performance
recorded at 52%, 60%, and 65% for traffic containers (TCONT) TCONT2, TCONT3, and TCONT4, respec-
tively, were observed in comparison to the non-secure DBA mechanism. Hence, the integration of the security
mechanisms in DBA renders it possible to avoid any exploitation of GPON vulnerability in hacking other users’
bandwidth. © 2021 Optical Society of America
https://doi.org/10.1364/JOCN.434739
1. INTRODUCTION
At this stage, the passive optical network (PON) has continued
to proliferate, given its ability to provide higher transmission
speed, lower overall cost per customer, and guaranteed quality
of service (QoS). In typical time-division multiplex (TDM)
PON, traffic from the optical network units (ONUs) and
optical line terminal (OLT) are sent through a single optical
fiber branched passively through an optical power splitter
[1]. Generally, the communication links between these two
components employ different wavelengths, namely, 1310 nm
and 1490 nm for upstream and downstream transmissions,
respectively.
Figure 1shows a basic PON architecture based on the above
description. The downstream traffic typically functions in a
broadcasting manner, thus complying with the subscriber line
agreement (SLA), in which traffic in the downstream channel
flows to all users concurrently. However, each ONU is only
capable of reading its own traffic, employing a compulsory
encryption method [2]. In contrast, the upstream direction
necessitates a static/dynamic media sharing mechanism to
determine transmittability in the shared upstream channel.
Here, each ONU is characterized by the start time and length
of each transmission time slot generally scheduled by using a
bandwidth allocation scheme [3].
Regarding the upstream channel, a static bandwidth assign-
ment has been associated with two major disadvantages.
First, it restricts higher bandwidth allocation to heavily
loaded ONUs, thus contributing to buffer overflows and
transmission delays. Second, the function is less effective
for full bandwidth utilization in view of the waste seen with
unused bandwidth at lightly loaded ONUs [4]. Therefore, the
International Telecommunication Union Telecommunication
Standardization Sector (ITU-T) has required the use of a
dynamic bandwidth allocation (DBA) mechanism, whereby its
implementation in the upstream channel is highly beneficial.
Such a move can increase bandwidth utilization, leading to
enhanced network performance [5].
1943-0620/21/120301-11 Journal © 2021 Optical Society of America
302 Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking Research Article
Fig. 1. Basic PON architecture.
However, despite the presence of various DBA algo-
rithms revealed in the literature, most have emphasized QoS
improvement, while its security aspect is largely ignored [6].
In general, PON is considered secure, as multiple security
protocols implemented on the network, for instance, gigabit
PON (GPON), offers security features such as data encryp-
tion, authentication, and key establishment, among others [7].
Though, the encryption is underpinned by a plain text key
exchange occurring during the setup process.
Consequently, different researchers have proposed varying
encryption and authentication techniques for future PON
[7–9], which typically demand the keys to be given only on the
downstream channel. In contrast, the upstream channel and
the DBA have no security measures in place since they rely on
the passive nature of the network. In particular, all ONUs are
projected to behave and act according to the DBA arrangement
[10]. This potentially may lead to loopholes in the network,
thereby compromising the security of the DBA mechanism
itself, which is an essential process in GPON.
In the DBA process, the occurrence of a degradation attack
is aimed towards gaining more bandwidth at the cost of other
ONUs, as opposed to sabotaging the entire GPON operation
[11]. The transmission of GPON upstream signals externally
beyond their assigned slots, causing other ONUs to experience
packet loss, results in the intruder effectively abusing two
network features: (1) the transmission control protocol (TCP)
function, which decreases the requested bandwidth of an ONU
following the packet loss, and (2) the bandwidth assignment
of DBA, which is performed dynamically according to the
ONU’s requested bandwidth.
Given the PON’s status as an access network and its primary
function that lies in the medium access control (MAC) layer, a
degradation attack directed at the network and transport layers
will result in decreased bandwidth requests in the upstream
PON of the attacked ONUs. Here, these ONUs will experi-
ence traffic collision, thus forcing the TCP mechanism, known
as TCP congestion avoidance, for eliciting and handling the
said collision. Consequently, the transmission of the attacked
ONUs will slow. Concurrent to the workings of the conges-
tion avoidance algorithm, malicious ONUs gain much of the
unused bandwidth due to DBA implementation; thus, most
of the bandwidth in the network is dominated by the attacker,
despite its lack of targeted attack on a specific user.
Theoretically, a typical DBA is not capable of distinguishing
the difference between valid and invalid bandwidth requests,
as it will release the available bandwidth to any ONU request
at a particular instance. Consequently, it will further assist the
attacker. In this case, a degradation attack is highly intrusive
due to its indistinguishability from the moment of occurrence
and will only be detectable once the intended data are received
by the receiver. Besides, the attack further manipulates the
essence of passiveness present within the network. Therefore,
in view of the existing gap identified in the literature, this work
proposes new detection and mitigation methods aiming to
enhance security awareness in DBA. Once the secure DBA
is firmly in place, a penalty is imposed upon the discovery
of an attacker; thus, it can no longer take advantage of the
circumstances.
The remainder of this paper is organized as follows:
Section 2addresses the literature analysis undertaken and
the related works, followed by Section 3that outlines the PON
degradation attack scenario in detail. Section 4then introduces
the security enhanced DBA (SE-DBA) mechanism and the
simulation configuration, followed by discussing the findings
in Section 5. Section 6concludes the paper by proposing
additional recommendations.
2. RELATED WORK
As more end-users are being served over a shared physical
medium in the PON, the access network protection can be
of greater significance, as a single attack can impact several
users with near-gigabit per second (Gbps) transmission [12].
As GPON is underpinned by the assumption that all of its
components are physically secured, the protection mechanism
is often lax. Besides, ONU authentication and downstream
traffic encryption are both optional, while upstream traffic
is non-encrypted. High PON directionality is presumed,
where other ONUs cannot sniff the traffic sent by an OLT
[13]. Thus, this section categorizes the related works on
the topic into two parts: (1) security threats and (2) TCP
implementation in PON.
A. Security Threats in PON
The current research specifically underlines its focus on the
security enhancements within the GPON infrastructure,
thereby theoretically posing no effect on the already-delegated
hardware and standard. Accordingly, physical-layer-based
security controls using passive or active sensors are omitted
to prevent increased operating or capital spending. Also, the
PON protection standard may lead to new definitions based
on proprietary solutions.
Eavesdropping happens when an ONU can intercept data
sent by another ONU. In general, eavesdropping is an occur-
rence that is observed when an ONU can intercept the data
sent by another ONU. According to the PON standard, an
advanced encryption standard (AES) key will be provided
by the OLT to each ONU during the initialization process.
However, this process may be sabotaged where a malicious user
is able to plant a sensitive receiver and consequently decrypt
the key. Therefore, the provision of privacy to a network is
possible using two main methods: (1) to secure the distribution
of AES keys generated during initialization and (2) to generate
advanced cryptic keys via a complicated method in addition to
the standard AES keys.
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 303
Accordingly, examples of the first method include sugges-
tions for randomness at the physical layer and key distillation
based on coding techniques to ensure a secure AES key [14].
Meanwhile, the work of [15] proposed features for securing
the AES key during initialization via the implementation of a
time-sensitive protocol. Alternatively, other scholarly efforts
describing the process of securing the key exchange include
[7,16], which utilize a combination of a complex Diffie–
Hellman key exchange protocol and a secret session key to
ensure complete privacy.
In contrast, the researchers in [17,18] and recently published
[19] opted for the second method by integrating a quantum
key distribution (QKD). Here, the technology improves chan-
nel security and privacy via its allocation for the OLT and
ONUs both to send and reply with a cryptic key. Although the
current cryptography protocols for public-key cryptography
are more dependent upon computational complexity, the laws
of quantum mechanics ensure the extent of QKD protection.
Its utilization is linked with the predominant benefit of easy
detection for any eavesdropping operation as an attempt to
disclose key information. As such, this will eventually interrupt
the quantum bits carried by single photons.
However, in a severe case of eavesdropping, the attack typ-
ically proceeds as a theft of service (ToS) attack. Once the
traffic data have been spied upon by the malicious ONU, it
can decrypt the traffic and steal the identity of lawful ONUs,
thus gaining complete access to the network in the disguise
of a victimized ONU. The work in [20] studied the method
to enhance security via wavelength hopping and code cycling
techniques.
The standard process of securing the network via encryp-
tion and cryptography is commonly applied to its lower layer.
However, despite the abundance of discourses on security
improvements, they can usually be overcome in the network
start-up phase during ONU discovery and identification.
Thus, they are of no interest in the current discussion; these
following issues are solvable in the lower layer.
As the attack occurs in the MAC layer, special attention
is necessary for overseeing the process in view of the shared
nature of all applicable ONUs. The denial of service (DoS)
attack, however, is one that is capable of inducing severely
degraded performance in the upstream channel. In particular,
PON can suffer from such attacks when a malicious ONU
sends an inband signal that overloads the target resources and
eventually crashes the system [21]. Consequently, some or the
entirety of the ONU upstream traffic can be blocked. Due to
the shared nature of the upstream data channel, a single light
source sent continuously can cease the entire PON operation,
especially upon its coincidence with other wavelengths in use.
Even though the downstream traffic is not optically harmed,
the operation may cease due to the lack of acknowledgment of
the data packets from the ONUs.
Furthermore, the research in [22] discussed the DoS attack
in PON, utilizing machine learning as a protective measure,
where the attacker is determined via a means of a comparison.
The juxtaposition was made between the malicious ONU traf-
fic request and the common network trend, following which
an upstream channel DBA algorithm was presented. Following
this, an improved upstream channel delay was observed.
However, the premeditated nature of the attack rendered it
impossible to distinguish whether the network experienced
an attack or was merely faced with high traffic flow during a
specific time duration.
Moreover, a related paper [23] suggested the degradation
attack as another form of DoS, made by sending signals out-
side of their allocated time by using another ONU’s timeslot,
ultimately leading to a collision. The scholars further presented
a degradation attack scenario and introduced a detection
technique. Concurrently, the work also proposed a mitiga-
tion approach toward establishing improved fairness in the
static bandwidth allocation algorithm. However, it should
be noted that the work was conducted using the Ethernet
PON (EPON) standard and implemented static bandwidth
allocation, which was inherently different from GPON. Thus,
significant differences pertaining to the standard should be
considered during GPON implementation, as reflected in
the current proposed work via DBA inclusion in adhering to
GPON requirements [24].
Alternatively, another significant issue of interest is the
different frame structures of the data packet. For example, the
MAC layer protocol denotes the utilization of multi-point
control protocol (MPCP) by EPON [25]. Here, the protocol
integrates the preservation of the Ethernet framing format,
which carries variable-length packets without fragmentation.
Contrarily, GPON employs the GPON transmission con-
vergence (GTC) layer as the MAC layer approach, where a
GPON encapsulation method (GEM) packet is produced by
GTC. Accordingly, this allows the attainment of efficient user
traffic packaging along with frame segmentation for a better
provision of QoS geared for delay-sensitive traffic, such as
voice and video applications. Similarly, the GEM packet is also
responsible for the dynamic allocation of bandwidth using a
traffic container (TCONT). Since the DBA in GPON follows
a strict hierarchy of specific TCONT, the current proposed
work is innately and starkly different from the work in [23]
in the manner pertaining to the network behavior due to a
degradation attack.
More recently, the work in [26] has demonstrated the effect
of timeslot violations in GPON, in which the main vulner-
ability linked to a degradation attack is the absence of any
party policing of the upstream channel laser burst. Here, a
disturbance was experimentally incorporated by using laser
signals with different wavelengths; upon an attack, the results
revealed a significant connection loss with the end-to-end unit.
The mixing of two light signals caused interference, resulting
in optical disturbance and frame loss, following which the
latter outcome caused alarm to rise via the detection method.
Regardless, the above-mentioned approach could not deter-
mine the source of interference, despite the OLT’s ability to
recognize unauthorized LEDs that were present, and would be
unable to locate the malicious attacker. Besides, this suggested
that the physical protection of all passive optical hubs inher-
ently increased the network setup cost. However, it should be
noted that the experiment was performed in the physical layer,
whereas the works did not implement the attack aftermath to
its DBA implementation.
304 Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking Research Article
B. TCP in PON
The degradation attack described in [23] has delineated one
that manipulates the TCP congestion algorithm embedded in
the network transport layer. Accordingly, several researchers
have ventured into assessing TCP implementation in PON,
in which the review can be categorized into two groups. The
first category utilizes a singular TCP flavor and assesses its
TCP performance across various network parameters, thus
aiming to test the networkability for functioning in specific test
parameters. Meanwhile, a comparison is made in the second
category for different TCP flavors based on common network
parameters, where these experiments mainly assess specific
TCP responses. This is undertaken to determine the best TCP
flavor for implementation in a standard network configuration.
Nevertheless, the current work is poised to follow the first
approach given the variation of network parameters between
the normal and attacked networks.
Furthermore, a study detailing possible issues of TCP
performance issues in GPONs has been presented by [27],
defining the burstiness of the GEM packet to the TCP win-
dows. In general, TCP behaviors are sensitive to the PON
MAC layer performance, encompassing elements such as over-
all channel delay and DBA fairness. Regardless, the current
work is limited to delineating a singular ONU and one type
of traffic used. Additionally, the consensus is that an advanced
analysis is necessary for the PON MAC layer with a variety of
TCP flavors and traffic patterns.
Meanwhile, the scholars in [28] discussed the issue of DBA
fairness in detail, thus proposing a method for controlling the
traffic rate for ensuring improved fairness. The study specifi-
cally emphasized enhanced congestion control in the presence
of fighting incoming traffic from multiple ONUs; however, it
was done in EPON, which had different specifications on the
MAC layer compared to GPON.
Moreover, the fairness issue regarding TCP has been under-
lined by other researchers, such as [27–29]. In particular, the
work in [30] has offered a comparison of different TCP per-
formances in 10-Gigabit-capable PON (XG-PON), where
an assortment of TCP flavors is presented. The scholars next
analyzed the responses of XG-PON regarding total through-
put and delay relative to different round trip times (RTTs).
However, the work failed to consider the effect of network
security given its focus on improving the coexistence of dedi-
cated XG-PON backhaul with a Long-Term Evolution (LTE)
access network.
In this work, the effect of the degradation attack on the
upstream channel performance is delineated, following which a
secure DBA scheme is described following its role in ensuring
dynamic control of the upstream bandwidth. The scheme
can mitigate the effect of such an attack on PON without
violating the SLA. In line with this, relatively recent surveys on
DBA schemes for PON in [6,31] have revealed that from the
reviewed DBAs, none consider the security criteria for PON.
In contrast, the only security-based DBA in GPON, as
published in [22], has merely targeted peculiar bandwidth
patterns and fails to describe the source of attacks, such as out-
of-band, which can be more harmful to the network. Besides,
despite acknowledgment of the higher-layer effect in [22], it is
largely ignored and unaccounted for in the simulation study.
Therefore, the current work specifically evaluates the perform-
ance of the SE-DBA algorithm in consideration of the worst
case of the threat, namely, out-of-band. Here, the impact of
TCP as the higher-layer protocol is underlined in the SE-DBA
process, where the DBA mechanism includes the detection
and mitigation phases accordingly. Ultimately, DBA ensures
that the bandwidth request from each ONU is appropriately
determined before granting bandwidth.
3. DEGRADATION ATTACK IN XG-PON
A degradation attack in XG-PON is a form of attack targeting
the network performance of the upstream transmission. Here,
it exploits the working concepts of TCP, the legacy higher-layer
protocol operating over the XG-PON. In an ideal scenario,
each ONU will obey the respective timeslot allocated to them.
However, the zero-monitoring technique further oversees any
ONU not compliant with the allocation.
As illustrated in Fig. 2, the attack is initiated following a
malicious ONU sending a signal outside of its allocated time-
slots. A malicious ONU is known as an ONU that transmits
outside of its permissible time, thereby disrupting the signal
from ONUs that legitimately own the particular timeslot.
However, note that this signal may not mean anything other
than disturbing the timeslot of other ONUs that rightfully
send signals within their respective timeslots. When the two
signals are mixed in the same timeslot (i.e., packets from
ONU 1 and ONU 4), a collision will trigger the TCP con-
gestion control algorithm, which results in a reduced lawful
ONU speed as it experiences a collision. On the contrary, the
malicious ONU continues being granted bandwidth through
the dynamically assigned bandwidth, and it is able to obtain
more bandwidth, as its request of bandwidth is continuously
granted.
A. Impact on TCP Congestion Control
This section discusses the impact of the TCP congestion
control algorithm on the degradation attacks, followed by a
detailed explanation of DBA manipulation by an attack in the
XG-PON environment. Theoretically, many types of conges-
tion control design philosophies are available based on network
requirements [32]. In particular, TCP NewReno is one of the
classic loss-based congestion control algorithms present; thus,
it is highlighted in this discussion [33].
Typically, TCP advertises the link’s ability to perform data
transfer using the variable known as the congestion window
Fig. 2. Degradation attack scenario.
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 305
(CWND). It denotes the number of windows available for the
packet segment and that require filling in. Here, the TCP’s
three-way handshake procedure will reply with an acknowl-
edgment message (ACK), where the message is returned to the
sender every time the packet arrives at the intended receiver.
Once a packet is determined as missing, the TCP algorithm
waits for a duration of three ACKs. If it is still missing after this
wait, a timeout event is issued, and slow start and congestion
avoidance algorithms are subsequently launched. In particular,
the timeout event is the congestion control parameter that will
be directly affected by the degradation attack that causes the
absence of ACK. It is attributed to the attack’s role in losing the
original packet when its timeslot is violated by the intrusion
of packets from the attacker. Hence, regardless of the duration
of TCP wait for the packet, recovery is not possible due to the
attack event, which is unknown by the sender.
Moreover, the evoking of the congestion control mecha-
nism and launch of the slow start algorithm will lead to the
previously high CWND value returning to one segment per
RTT. Such sudden CWND reduction ensures that the transfer
rate and total throughput are significantly low as the network
load is minimized for clearing the congestion. Note that the
CWND increment is exponential during the slow start phase
and linear during the congestion avoidance phase.
All these events will eventually affect the TCP throughput,
which is calculated as a function of variables such as RTT,
maximum segment size (MSS), and loss probability. The origi-
nal mathematical model has been delineated by the authors of
[34], which considers the area under a saw-tooth graph:
TCP Throughput =Window size
RTT =MSS ×3
8W2
RTT ×W
2
,(1)
=
MSS
p
RTTq2
3p
,(2)
C=3
2.(3)
Collecting the constant term as Eq. (3), the equation
finalized as
TCP Throughput =MSS ×C
RTT ×√p,(4)
where Wis window size of the biggest unfragmented data
received in bytes, and pis the packet loss probability.
From Eq. (4), it is apparent that packet loss probability
interferes with the throughput given its inversely proportional
nature to the overall throughput. Here, the loss probability in
the equation is not a constant value; but is a reaction to net-
work conditions, such as network congestion or a bottleneck
situation. In a degradation attack, the loss probability will
increase, as the attack concurrently destroys the packets of the
lawful ONU and limits the bandwidth allocated to the lawful
ONU.
B. DBA Manipulation
In a TDM XG-PON, the OLT is tasked with performing all
DBA processes in the network. In this context, a standard DBA
process starts with a polling and scheduling mechanism, where
the polling mechanism specifically receives and collects the
queue reports from each ONU. In contrast, the scheduling
mechanism is utilized to calculate and assign the upstream
bandwidth with sufficient guard time. Figure 3depicts the
structure of the scheduling mechanism in XG-PON, while
Fig. 4illustrates the use of a bandwidth map (BWmap) in the
subsequent cycle of the service interval (SI).
In Fig. 4, which shows a bandwidth cycle, arrow 1 depicts
the polling process of the cycle that collects the queue list from
each ONU using the Dynamic Bandwidth Report upstream
(DBRu) field. Based on the queue list, a scheduling process is
developed to determine the priority for each queue list. On the
other hand, arrow 2 represents a bandwidth granting process
that broadcasts the scheduled packet back to the ONU via the
BWmap in the downstream channel. The BWmap includes
multiple DBA arrangements such as ONU identification, the
TCONT prioritization, and granted bandwidth size for each
ONU. Essentially, the bandwidth cycle is completed each
time the request/grant process is completed. The OLTs collect
and process all requests during the present cycle and use the
information in granting the bandwidth for the next cycle.
Alternatively, the main issues surrounding the TCP reac-
tion time with XG-PON DBA can be described using two
instances. The first issue denotes the difference in the opera-
tional speed of the TCP and DBA, where the latter requires
125 µs for each upstream scheduling, while the former oper-
ates in the range of 100 ms. In particular, the TCP occurs in
a typical connection within a 2.5 Gbps upstream network.
Contrarily, the second issue is described using the RTT value
changes that occur following the queuing policies of DBA.
Fig. 3. BWmap allocation frame for upstream data transfer [2].
Fig. 4. BWmap used for the next-cycle SI.
306 Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking Research Article
This is attributable to the unpredictable burstiness nature of
the TCP traffic itself.
Consequently, a resolution of the above-mentioned issues
requires the TCONT type to adhere to TCONT2 (T2),
TCONT3 (T3), and TCONT4 (T4) only so as to mimic
real TCP application (i.e., T2, voice call; T3, video appli-
cation; and T4, best-effort Internet application). Here, T1
is not employed due to its allocation of a fixed bandwidth.
Meanwhile, the grant size is set to the maximum event at low-
load traffic as a result of its varying frequency cycles. In the
event of a similar TCONT arriving concurrently between dif-
ferent allocation identifications (Alloc IDs), no prioritization
occurs between them, and the first-in-first-out (FIFO) order
will take place.
One of the most crucial measurements for DBA effective-
ness is denoted by the value of delay. Since DBA processing
occurs in the MAC layer, an attack in a higher layer will affect
its effectiveness. By assuming a self-similar traffic generator
with a Pareto distribution, the awaiting probability is given by
Eq. (5), where ρis the system load, and Nis the maximum
limit of the possible packet obtained by calculating the Hurst
exponent according to the Norros formula [35]. Meanwhile,
the system load in PON can be calculated using Eq. (6), where
µis the service rate, and λis the arrival rate. Concurrently,
the mean delay in cumulative queuing can be calculated using
Eq. (7) [35]:
=1−exp ρ
N
P∞
i=0exp −ρ
Ni,(5)
ρ=λ
µ,(6)
tq=
N
ρ−1
Pw
.(7)
During an attack, Eq. (3) displays the manner in which the
lawful ONU experiences a reduced service rate, thus increas-
ing its delay variation. Here, the total delay calculation of
the upstream connection is given by Eq. (8). Meanwhile,
the downstream delay, Ddownstream is the delay based on the
downstream channel, as given by Eq. (9):
Dupstream =Ddownstream +tq+Dpropagation,(8)
Ddownstream =DOLT +RTT
2+SI
2.(9)
As the DBA behaves in a request-grant manner, the
increased loss probability encountered during the degrada-
tion attack directly impacts the bandwidth request of the
lawful ONU. Moreover, the throughput reduction results
in a communication speed decrement, thus requiring less
bandwidth every time the polling and scheduling mechanism
advertises newly available bandwidth. However, this situation
favors the malicious ONU due to the availability of more band-
width. Accordingly, the passive nature of DBA will ultimately
grant more bandwidth to the malicious ONU since the overall
request of the attacked ONUs is low, and surplus bandwidth is
present.
Following this, the attacker dominates or controls the band-
width, where the DBA’s role to assist the attack is thus proven.
Moreover, the attack can be more impactful when the attacker
is capable of decrypting the initial setup message and ascertain-
ing the timeslot allocation for each ONU. This means that it
can pinpoint a highly loaded and more fragile ONU, rendering
the attack more intensive and intrusive.
4. SECURED DYNAMIC BANDWIDTH
ALGORITHM
In this work, a new SE-DBA is proposed to protect against
degradation attacks, which consists of a two-stage method.
After the attack takes place, the detection method captures the
Alloc ID of the attacker, which is then determined as the ONU
with the lowest rate of frame error loss. After this identification,
the attacker Alloc ID proceeds to the mitigation processes,
which commence with DBA denying its bandwidth request in
the next-cycle upstream polling and scheduling mechanism. A
detailed explanation of these detection and mitigation methods
is provided in the following sections.
A. Detection Method
The detection method begins with the establishment of a func-
tion known as the collision detector (CollDet). The CollDet
function, as in Fig. 5, primarily serves two purposes: (1) moni-
toring the ONU currently being sent and its parameters, such
as duration of transmission, retransmission time, and ACK
count, and (2) keeping track of the number of collisions within
the network for each ONU. Hence, any missing ACKs are
considered a collision, while the number of packet losses is
calculated.
It should be noted that an error in transmission seldom
causes a minor collision, which may not be due to an attack.
Thus, a suitable threshold is calculated and placed in the algo-
rithm; if the collision happens to exceed this threshold, the
CollDet checks for the missing ACK sequence and the ONU
that supposedly misses it. Figure 6summarizes the whole
detection method algorithm.
Fig. 5. Collision detection (CollDet) function.
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 307
Fig. 6. Detection method algorithm.
Due to the burstiness of the TCP traffic arrival, the same
ONU may transfer large-sized packets and need a new retrans-
mission time. This is not considered an attack despite some
collisions occurring. It is observed much more in a heavily
loaded network, where keeping check whether the same Alloc
ID is still transmitting will eliminate the chances of false alarm.
If a new Alloc ID is transmitting, the CollDet searches for
the ONU depicting the lowest collision. Here, the underpin-
ning idea suggests that the malicious ONU will be the one
having the lowest collision since it is the only one protected
against the attack. Once the Alloc ID, the lowest collision, is
gathered, the value is positioned for the mitigation process.
Meanwhile, the collision is retrieved by comparing the total
number of packets arrived with the total ACK messages sent.
To ensure simulation simplicity, only a single attacker is placed
in the network. In the event of multiple attacks, the detection
method would have to be more dynamic in its threshold set-
ting whilst distinguishing the ONU(s) with lowest collisions
compared to the other ONUs in the network.
B. Mitigation Method
Figure 7shows the flowchart of the mitigation method. Upon
the reception of the Alloc ID, the mitigating process looks in
the DBA of the network, where the DBA process denotes a
bandwidth request being made by all ONUs, regardless of the
traffic condition. The prior section describes that all band-
width requests are gathered in the BWmap after the polling
and scheduling mechanism by the OLT. Therefore, protection
against degradation attacks renders the service provider respon-
sible for the service level agreement to all its customers in the
start-up process, despite the possibly good notion of a total
block of the malicious ONU being a good idea. Hence, the
act of total denial of the malicious ONU for its timeslot will
breach the responsibility.
Fig. 7. Mitigation method algorithm.
When gathering all Alloc IDs, the CollDet function is run
before any allocation takes place. If it returns a value of one, the
malicious ONU is thus identified, and punishment is in order.
As a punishment and to discourage the malicious ONU from
a future attack on the network, the total bandwidth granted
to it is set as half of the original SLA values. Then, the queue
report from the malicious ONU ceases for this cycle and is only
processed on the next SI cycle. However, the packet queuing
inside it is not discarded but is only punished for staying within
the queue for an extended period.
In contrast, the CollDet returning the value of zero will
cause the normal DBA operation to be consumed. Here, each
bandwidth request is treated according to the TCONT priority
and grant size available, following which the DBA ends when
all Alloc IDs finish receiving their allocation or if the grant size
is no longer available.
Furthermore, the mitigation process enables other law-
ful ONUs to take up the extra bandwidth allocation in the
next cycle, thus restoring some balance in the network post-
attack. Besides, it hinders the motivating push of the attack
for malicious ONUs since the attack cannot be masked given
the detection method. Concurrently, a false alarm is highly
unlikely due to the threshold calculations carried out during
the start-up process.
5. SIMULATION RESULTS
The network simulation is performed using Python program-
ming, where the network parameters are detailed in Table 1.
A total of four ONUs were connected to a splitter and a single
OLT, following which a standard GPON-based GigaPON
308 Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking Research Article
Table 1. Simulation Parameter
Parameter Values
US/DS line 2.5/10 Gbps
US/DS traffic load 0.5–1.4
Average traffic size 1476–1500 bits
Traffic arrival Self-similar traffic with a Pareto
distribution
Guard band period for uplink
channel
8 bits
Disturbance Poisson distributed traffic of
500 bit interarrival of 2 ms
TCP rules New Reno
TCONT2 bandwidth assignment Assured, SI =5
TCONT3 bandwidth assignment Guaranteed, SI =10
TCONT4 bandwidth assignment Best-effort, SI =10
access network (GIANT) DBA [36] was employed in the sim-
ulation. Here, GIANT was one of the most prominent types
of DBA commonly utilized in PON, and the traffic generator
produced self-similar traffic following a heavy-tailed Pareto
distribution. The disturbance generator, however, produced
a Poisson-distributed signal emitting 500 bits of the useless
frame. Based on the CWND advertised, the useless frame
might cause only a small disturbance or contrarily destroy the
entire frame from lawful ONUs depending on the network
load at a given time.
The simulation was run for approximately 60 min for each
network occupancy to receive approximately 106packets,
in which a demonstration of the attack severity in a busier
network was reflected in the varying network occupancy rates
from 0.5 up to a ratio of 1.4. Following this, the results section
was divided into two segments; the first segment denoted the
effect of the degradation attack on the network with the stand-
ard GIANT DBA. Here, some of the network parameters were
varied to depict the intensity of the attack between different
network occupancies. Conceptually, the network occupancy
described the ratio of total bytes sent by all ONUs and the
traffic link rates. Accordingly, the link capacity was set at
38,880 bytes for the XG-PON upstream link. Meanwhile, the
second segment displayed the effect of security in improving
the DBA applied to the network. Here, the malicious ONU
was excluded from the calculation to examine the behavior of a
lawful ONU when SE-DBA was applied.
A. Impact of a Degradation Attack in the Network
Figures 8and 9show the network throughput versus t, simula-
tion time per ONU at network occupancies equal to 0.5 (low
load traffic condition) and 1.0 (high load traffic condition),
respectively. These results are provided in order to illustrate
the behaviors of all ONUs (malicious and well-behaved) in
the event of attacks. The maximum throughput that can
be achieved by any ONU is set at 250 Mbps. The number
of total TCP bytes to be sent is 1024 bytes. The through-
put of all ONUs is based on the CWND and the advertised
window. The advertised window follows the standard seven
segment TCP, and CWND is increased by every RTT. In
both scenarios, the attack is set to take place beginning from
t=10 s.
0 5 10 15 20 25 30 35 40 45
0
50
100
150
200
250
Time (s)
Average Total Throughput (Mbps)
ONU1
ONU2
ONU3
ONU4
Fig. 8. TCP throughput during the attack using GIANT DBA at
the network occupancy of 0.5.
0 5 10 15 20 25 30 35 40 45
0
50
100
150
200
250
Time (s)
Average Total Throughput (Mbps)
ONU1
ONU2
ONU3
ONU4
Fig. 9. TCP throughput during the attack using GIANT DBA at
the network occupancy of 1.0.
In Fig. 8, the network occupancy set at 0.5 indicates network
idleness and the ability to handle requests from all ONUs.
Prior to the attack, each ONU has similar TCP throughput
performance. Network throughput rapidly increases with
simulation time, where the maximum throughput value is
reached at around t=7 s. However, during attack at t=10 s,
the throughputs of all lawful ONUs experience reduction while
the attacker’s throughput, ONU4, is unaffected. Due to the
lowly loaded network, an extra unoccupied timeslot is available
to be used by the lawful ONUs to resend their ACK message
once they are being attacked. Although the network is able to
withhold throughput performance at more than 200 Mbps
(90% of the original throughput value) for about 5 s after the
attack, it eventually starts to decrease rapidly, as the network
succumbs to the continuous attack.
Meanwhile, a slightly different observation can be found
at the network occupancy of 1.0, as depicted in Fig. 9. The
network occupancy now is at maximum, and the network
is considered heavily loaded. Similarly, all ONUs are able to
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 309
Fig. 10. Received TCONT2 (ONUs 1 to 3) at the network occu-
pancy of 1.0.
Fig. 11. Bandwidth request versus network occupancy.
reach the maximum throughput of 250 Mbps. When the
attack commences at t=10 s, the throughput performance
experiences a sudden reduction. As the network becomes more
occupied with the increasing generated traffic with t, the vul-
nerability of the network against a degradation attack is more
prevalent. Since the network is heavily loaded, there is no extra
unallocated timeslot to be used during the attack. Hence, the
severity of the attack is much higher compared to the lowly
loaded network. For instance, at t=15 s, around 66% of
throughput reduction is experienced by the most affected law-
ful ONU, while the rest of the ONUs varies between 33% and
43%. In addition, the throughput reaches to the lowest value
of less than 50 Mbps compared to almost 150 Mbps during
network occupancy of 0.5. The different behavior observed for
ONU 1, particularly the sudden increment between t=16
and t=27 s, is due to the fluctuations of T2 traffic distri-
bution. Further investigation, as shown in Fig. 10, reveals a
significant presence of T2 traffic for ONU 1 within this period
compared to other ONUs. As a highest priority traffic type, it
gets to be served immediately, thus contributing to the increase
of throughput.
Figure 11 shows that the bandwidth request per ONU ver-
sus network occupancy that ranges from 0.5 to 1.4 represents
low to high traffic conditions. During low traffic conditions,
bandwidth requests are still fairly divided among each ONU,
which indicates the negligible impact of the attack. This
will then be translated to fairly granted bandwidth to these
requests. However, as the network occupancy increases, the
impact of attack is becoming more apparent with the trend of
further bandwidth request increment for ONU 4. At a network
occupancy of 1.0, the request of the malicious ONU consists
of almost 80% of all requests. The performance shows that the
standard DBA without security awareness cannot foresee this
trend as a sign of possible attacks and is unable to distinguish
the real requests from false requests. The DBA then proceeds
to give bandwidth according to request, further assisting the
malicious ONU.
B. Improvement of SE-DBA on the Network
Performance
Network throughput performances versus simulation time,
t, using SE-DBA at network occupancies of 0.5 and 1.0 are
depicted in Figs. 12 and 13, respectively. In Fig. 12, where the
occupancy is set to be at 0.5, the network is rather lowly loaded.
However, the attack still causes disturbance on the network
where the throughput of the lawful ONUs suffers temporary
reduction. However, as the defend mechanism (detection and
mitigation methods) is applied at round t=15 s, the lawful
ONU is able to increase its throughput by a maximum of
63%. On the other hand, the punishment experienced by the
malicious ONU is the reduction of throughput by 43%. Even
though the malicious ONUs did not lose their throughput as
much as the lawful ONUs, the reduction of throughput should
deter them from repeatedly attacking the network. In Fig. 13,
the throughput performance using SE-DBA when the network
occupancy is equal to 1.0 is illustrated.
During the attack, lawful ONUs’ throughputs are reduced
up to 80% of the original value. Compared to the above sce-
nario, the network in this setting runs at maximum capacity.
Given the time-division multiple access (TDMA) nature of
upstream traffic, the traffic is arranged so that it occupies most
of the timeslots available to avoid wasting precious timeslots.
0 5 10 15 20 25 30 35 40 45
0
50
100
150
200
250
Time (s)
Average Total Throughput (Mbps)
ONU1
ONU2
ONU3
ONU4
Fig. 12. TCP throughput using SE-DBA at the network
occupancy of 0.5.
310 Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking Research Article
0 5 10 15 20 25 30 35 40 45
0
50
100
150
200
250
Time (s)
Average Total Throughput (Mbps)
ONU1
ONU2
ONU3
ONU4
Fig. 13. TCP throughput using SE-DBA at the network
occupancy of 1.0.
0.5 0.6 0.7 0.8 0.9 1 1.1 1.2 1.3 1.4
0
20
40
60
80
100
120
140
Network Occupa ncy
Mean Queuing Delay (ms)
SE DBA T2
SE DBA T3
SE DBA T4
GIANT T2
GIANT T3
GIANT T4
Fig. 14. Mean queuing delay versus network occupancy (GIANT
versus SE-DBA).
Hence, even small bursts of dummy packets launched by the
attacker to the network will give a significant impact to the
CollDet mechanism. When the mitigation algorithm is in
place, the malicious ONU is penalized to more than 40%.
Meanwhile, the lawful ONUs regain up to 60% of their origi-
nal value. It is acknowledged that the lawful ONUs do not
regain full capacity throughput. Even though the attack cannot
be solved in its entirety, the implementation of secured DBA
can undoubtedly lessen the adverse impacts to the overall
network performance.
Figure 14 shows the mean queueing delay performance of
T2, T3, and T4 for traffic occupancy ranges from 0.5 to 1.4.
The delay performances are compared before and after the
attack mitigation takes place. TCONT1 is not shown due to
it following a fixed bandwidth assignment. Results from the
malicious ONU are also excluded in order to demonstrate the
effects of DBA in the event of attacks and the performance
improvement attributed to the security improved DBA.
As expected, the intensity of the attack increases within
a heavily occupied network. All TCONTs generally suffer
during the attack with an increased upstream delay using the
standard GIANT DBA. Being the best-effort or lowest pri-
ority type of traffic, T4, which is least served during a highly
loaded network, experiences the most delay. Fortunately, after
applying SE-DBA, its delay performance is improved with-
out compromising the other TCONT types. At the network
occupancy of 1.0, the delay caused by the security measures is
up to 65%, 60%, and 52% for T4, T3, and T2, respectively. It
is apparent that without SE-DBA the bandwidth assignment
is manipulated during the attack. As a result, the bandwidth
to lawful ONUs is reduced, consequently increasing the delay
for all TCONT. With SE-DBA, the bandwidth assignment is
monitored not just by request and availability, but with added
identification worthiness, which assured the lawful ONUs’
bandwidth allocation.
These results demonstrate the impacts of a degradation
attack as one of the most intrusive attacks on the XG-PON’s
MAC layer. It manipulates the working principles of the TCP
transport layer through its congestion control algorithm. The
passiveness of the network prevents the OLT from determining
and isolating the attackers. The security improved DBA, SE-
DBA, successfully identifies the malicious ONU and defends
other lawful ONUs against degradation attacks. The malicious
ONU is penalized by limiting the offered bandwidth and, at
the same time, restoring fairness to other lawful ONUs.
6. CONCLUSION
In this study, a new degradation attack-resilient DBA scheme
for XG-PON is presented that improved the DBA via detec-
tion and mitigation methods as a defense mechanism against
the attack. The implementation of SE-DBA is vital in pre-
venting the manipulation of DBA through loopholes in the
TCP CWND mechanism. During high traffic load, where
the impact of attack is more severe, SE-DBA increases the
throughput performances of all lawful ONUs. Additionally,
SE-DBA also improves the delay performances of all TCONT
types, especially the lower priority traffic, T3 and T4. The
findings reaffirm SE-DBA’s ability to detect and mitigate the
system by penalizing the malicious ONU. Simultaneously, the
remaining lawful ONU can utilize the acquired bandwidth
to restore balance in the network. This effort is substantial
in interlayer communications within XG-PONs to enhance
network security by considering interlayer communication
gaps.
Funding. Ministry of Higher Education, Malaysia (Fundamental
Research Grant FRGS/1/2018/ICT03/UTM/02/8); Universiti Teknologi
Malaysia (Transdisciplinary Research Grant 05G60).
REFERENCES
1. D. Nesset, “PON roadmap [Invited],” J. Opt. Commun. Netw. 9,
A71–A76 (2017).
2. “10-gigabit-capable passive optical networks (XG-PON): general
requirements,” ITU-T Recommendation G.987.1, 2010.
3. “10-gigabit-capable passive optical networks (XG-PON): transmis-
sion convergence (TC) layer specification,” ITU-T Recommendation
G.987.3, 2010.
4. T. Holmberg, “Analysis of EPONs under the static priority sched-
uling scheme with fixed transmission times,” in 2nd Conference
Research Article Vol. 13, No. 12 / December 2021 / Journal of Optical Communications and Networking 311
on Next Generation Internet Design and Engineering (2006), Vol. 8,
pp. 192–199.
5. N. Ansari and J. Zhang, Media Access Control and Resource
Allocation (2013), pp. 23–28.
6. R. A. Butt, M. W. Ashraf, M. Faheem, and S. M. Idrus, “A survey of
dynamic bandwidth assignment schemes for TDM-based passive
optical network,” J. Opt. Commun. 41, 279–293 (2020).
7. L. Malina, T. Horvath, P. Munster, and J. Hajny, “Security solution
with signal propagation measurement for gigabit passive optical
networks,” Optik 127, 6715–6725 (2016).
8. V. Clupek, T. Horvath, P. Munster, and V. Oujezsky, “New security
improvements in next-generation passive optical networks stage 2,”
Appl. Sci. 9, 4430 (2019).
9. L. Malina, P. Munster, J. Hajny, and T. Horvath, “Towards secure
gigabit passive optical networks—signal propagation based key
establishment,” in Proceedings of the 12th International Conference
on Security and Cryptography (2015), pp. 349–354.
10. D. Hood and E. Trojer, Gigabit-Capable Passive Optical Network
(Wiley, 2012).
11. A. Rufini, E. Tego, F. Matera, V. Policlinico, M. Mellia, and P. Torino,
“Bandwidth measurements and capacity exploitation in gigabit
passive optical networks,” in Fotonica AEIT Italian Conference on
Photonics Technologies (2014).
12. L. G. Kazovsky, S. Wong, V. Gudla, P. T. Afshar, S.-H. Yen, S.
Yamashita, and Y. Yan, “Challenges in next-generation opti-
cal access networks: addressing reach extension and security
weaknesses,” IET Optoelectron. 5, 133–143 (2011).
13. F. M. Atan, A. Zin, N. A. Ismail, N. Zulkifli, and S. M. Idrus, “An
overview on security issues in the optical access network,” in IEEE
7th International Conference on Photonics (ICP) (2018).
14. M. Baldi, F. Chiaraluce, L. Incipini, and M. Ruffini, “Code-based
physical layer secret key generation in passive optical networks,”
Ad Hoc Netw. 89, 1–8 (2019).
15. T. Horvath, P. Munster, and M. Filka, “A novel unique parameter for
increasing of security in GPON networks,” J. Commun. Softw. Syst.
12, 112–116 (2016).
16. A. Yin, Q. Li, and M. Zhu, “Secure authentication scheme for 10
Gbit/s Ethernet passive optical networks,” Optik 125, 5947–5951
(2014).
17. S. Aleksic, D. Winkler, G. Franzl, A. Poppe, B. Schrenk, and F.
Hipp, “Quantum key distribution over optical access networks,”
in Proceedings of the 18th European Conference on Network and
Optical Communications and 8th Conference on Optical Cabling
and Infrastructure (NOC-OC&I) (2013), pp. 11–18.
18. J. Martinez-Mateo, A. Ciurana, and V. Martin, “Quantum key dis-
tribution based on selective post-processing in passive optical
networks,” IEEE Photon. Technol. Lett. 26, 881–884 (2014).
19. S. Bahrani, O. Elmabrok, G. C. Lorenzo, and M. Razavi,
“Resource optimization in quantum access networks,” in IEEE
International Conference on Acoustics, Speech and Signal
Processing—Proceedings (ICASSP) (2019), pp. 7988–7992.
20. W. Shawbaki, “Multimedia security in passive optical networks via
wavelength hopping and codes cycling techniques,” in Proceedings
of the Advanced International Conference on Telecommunications
and International Conference on Internet and Web Applications and
Services (AICT/ICIW) (2006), p. 51.
21. K. Nagesh, R. Sumathy, P. Devakumar, and K. Sathiyamurthy, “A
survey on denial of service attacks and preclusions,” Int. J. Inf.
Secur. Priv. 11, 1–15 (2017).
22. R. A. Butt, M. Faheem, M. W. Ashraf, A. Khawaja, and B. Raza,
“Attack-aware dynamic upstream bandwidth assignment scheme
for passive optical network,” J. Opt. Commun. (2019).
23. S. Drakulic, M. Tornatore, and G. Verticale, “Degradation attacks
on passive optical networks,” in 16th International Conference on
Optical Networking Design and Modelling (ONDM) (2012).
24. “Series G: Transmission systems and media, digital systems and
networks,” ITU-T Recommendation G.984.1, 2009, p. 48.
25. IEEE Standards Association (IEEE-SA) Standards Board, “IEEE.
802.3av 10G-EPON task force,” 2009.
26. T. Horvath, P. Munster, V. Oujezsky, J. Vojtech, M. Holik, P. Dejdar,
and M. Latal, “GPON network with simulated rogue ONU,” in
International Conference on Software, Telecommunications and
Computer Networks (SoftCOM) (2019).
27. J. Orozco and D. Ros, “TCP performance over gigabit-capable pas-
sive optical networks,” in AccessNets (2009), Vol. 6, pp. 264–279.
28. H. Nishiyama, Z. M. Fadlullah, and N. Kato, “Inter-layer fairness
problem in TCP bandwidth sharing in 10G-EPON,” IEEE Syst. J. 4,
432–439 (2010).
29. T. Lukaseder, L. Bradatsch, B. Erb, R. W. Van Der Heijden, and
F. Kargl, “A comparison of TCP congestion control algorithms in
10G networks,” in Proceedings, Conference on Local Computer
Networks (LCN) (2016), pp. 706–714.
30. J. A. Arokkiam, X. Wu, K. N. Brown, and C. J. Sreenan,
“Experimental evaluation of TCP performance over 10 Gb/s pas-
sive optical networks (XG-PON),” in IEEE Global Communication
Conference (GLOBECOM) (2014), p. 2223–2228.
31. H. Song, B. Kim, and B. Mukherjee, “Long-reach optical access
networks: a survey of bandwidth assignment mechanisms,” IEEE
Commun. Surv. Tutorials 12, 112–123 (2010).
32. M. Polese, F. Chiariotti, E. Bonetto, F. Rigotto, A. Zanella, and M.
Zorzi, “A survey on recent advances in transport layer protocols,”
IEEE Commun. Surv. Tutorials 21, 3584–3608 (2019).
33. J. Lin, L. Cui, Y. Zhang, F. P. Tso, and Q. Guan, “Extensive evaluation
on the performance and behaviour of TCP congestion control proto-
cols under varied network scenarios,” Comput. Netw. 163, 106872
(2019).
34. M. Mathis, J. Semke, J. Mahdavi, and T. Ott, “The macroscopic
behavior of the TCP congestion avoidance algorithm,” Comput.
Commun. Rev. 27, 67–82 (1997).
35. A. Lozhkovskyi and Y. Levenberg, “Calculation of average time of
packet delay in the storage buffer of a single-channel system with
self-similar traffic,” Comput. Probl. Electr. Eng. 7, 87–91 (2017).
36. J. D. Angelopoulos, H. C. Leligou, T. Argyriou, S. Zontos, E.
Ringoot, and T. Van Caenegem, “Efficient transport of packets
with QoS in an FSAN-aligned GPON,” IEEE Commun. Mag. 42(2),
92–98 (2004).
A preview of this full-text is provided by Optica Publishing Group.
Content available from Journal of Optical Communications and Networking
This content is subject to copyright. Terms and conditions apply.
