CN111555823B - Secure optical communication cross-IP transmission method and device - Google Patents

Abstract

The method comprises the steps of firstly determining a starting point and an end point of an IP network to be crossed, carrying out analog-to-digital conversion on an encrypted optical signal at the position of the starting point of the IP network to be crossed, and converting the encrypted optical signal into an encrypted IP data packet for transmission in the IP network. And then, the encrypted IP data packets are converged at the transmission end point position of the IP network to be crossed, the encrypted signals are modulated and converted into encrypted optical signals, and the encrypted optical signals are continuously transmitted in the optical network. The core lies in that the noise encryption secure optical communication is applied across an IP network, the capability of resisting eavesdropping attack of the physical layer secure optical communication is improved, and the continuous and stable secure communication service is provided for different services in the existing network architecture.

Description

Secure optical communication cross-IP transmission method and device

Technical Field

The invention belongs to the technical field of secure optical communication, and relates to a secure optical communication cross-IP transmission method and device.

Background

In recent years, information technology is rapidly developed, optical fiber communication is rapidly developed, but the optical cable transmission distance is long, the line environment is complex, and the existing optical communication cannot resist line or node eavesdropping attacks. Meanwhile, with the development of quantum computers with strong deciphering capacity, the data content of optical communication has the major hidden danger of 'being intercepted, copied and tampered', and the security threat and influence of the physical layer are increasingly prominent. At present, the security of a communication system is realized by utilizing a physical layer security scheme, which becomes a new research hotspot and is widely valued at home and abroad. The physical layer safety optical communication is a new system optical communication technology which aims at resisting line or node eavesdropping attack and takes the enhancement of the capability of resisting intercepted information as a means. The current basic research on physical layer secure optical communication can be divided into two categories: one is quantum key distribution theory and the other is physical layer security theory. The new network information security technology represented by quantum key distribution still needs to be perfected, and a plurality of restriction factors exist at present. For example, in the present stage, the quantum key distribution system has limited performance in the aspects of key generation rate, available transmission distance and the like, and is difficult to popularize on a large scale. One of the mainstream research directions in the physical layer security theory is noise encryption secure optical communication, and the core is to map signals and noise to phase and amplitude spaces to realize information hiding and realize secure transmission. The key generation of the existing noise encryption safety optical communication technology depends on the optical link characteristic, is only applied to an optical network and does not transmit across an IP network, and the flexibility of the application of the noise encryption safety optical communication is reduced. Specifically, the method comprises the following steps:

(1) noise encryption secure optical communication technology

The Y-00 protocol is used for noise-based encryption of physical layer secure optical communications, and a basic idea of the Y-00 protocol is to mask a signal level by noise so that an eavesdropper cannot correctly recognize the level. Transceiver prototypes have been developed that use multi-level phase modulation (PSK Y-00) or intensity modulation (ISK Y-00). One of the priority issues in current communication systems for security evaluation is the security evaluation of key estimates against ciphertext attacks (COAs) or known plaintext attacks (kpa). For ciphertext attacks (COAs), the eavesdropper attack process typically includes two steps: the first step is to read the encrypted data (ciphertext) correctly and then to perform mathematical processing on the ciphertext to recover the original data (plaintext) or the secret key, the Y-00 protocol uses a "basis for sending binary data" multi-level encryption, and it becomes difficult to read the encrypted data correctly. For a known plaintext attack (kpa), a conventional cipher based on a mathematical algorithm converts the binary data of the plaintext into a binary ciphertext. Thus, the eavesdropper can easily recognize the two correct signal levels ("0", "1") of the ciphertext, so that the eavesdropper successfully obtains the correct ciphertext itself, which may lead to password cracking. In the Y-00 protocol, binary data is completely encrypted by a set of base-pair multi-level signaling. Each base carries binary data as shown in fig. 1, and when dense multilevel signals are used and the amount of noise is greater than the minimum decodable signal difference of the multilevel signal, the noise masks the signal level and prevents correct signal level detection. Thus, this type of password provides a higher level of security for eavesdroppers than mathematical passwords.

Fig. 2 is a schematic diagram of a noise-encryption secure optical communication scheme based on the Y-00 protocol. The current typical noise encryption scheme is as follows:

(a) the noise encryption method based on phase modulation comprises the following steps: mapping the signal to a phase space, and fully utilizing the phase space state of the signal to realize the phase space hiding of the signal; the method is characterized in that: the encryption method has little influence on transmission performance.

(b) The noise encryption method based on amplitude modulation comprises the following steps: mapping the signal to an amplitude space, and fully utilizing the amplitude space state of the signal to realize the hiding of the amplitude space of the signal; the method is characterized in that: the AD/DA quantization space is fully utilized.

(c) The noise encryption method based on amplitude/phase modulation comprises the following steps: mapping the signal to an amplitude/phase space, and fully utilizing the phase space state of the signal to realize multi-dimensional space hiding of the signal; the method is characterized in that: a large noise masking is achieved. In Quadrature Amplitude Modulation (QAM) Modulation technology in optical communication, the Modulation order can reach 1024 orders at most, and the utilization rate of the system frequency band can be greatly improved. The process uses a large-range capturing and high-precision synchronization technology for realizing high-order QAM in a vector signal analysis system. QAM has the advantage of a larger symbol rate, and thus higher system efficiency. The occupied bandwidth is generally determined by the symbol rate, so the more bits per symbol, the higher the efficiency. For a given system, the number of symbols required is 2n, where n is the number of bits per symbol. For 16QAM, n is 4, thus there are 16 symbols, for 64QAM, n is 6, thus there are 64 symbols, channel coded binary MPEG-2 bit stream enters QAM modulator, signal is divided into two paths, one path is given to I and the other path is given to Q, each path is given 3 bits of data once, the binary number of 3 bits has 8 different states, which correspond to 8 different levels of amplitude, so that I has 8 levels of different amplitude, Q has 8 levels of different amplitude, and I and Q two paths of signals are orthogonal. Thus, the amplitude combination of any one I and any one Q maps a corresponding constellation point on the polar coordinate diagram, such that each constellation point represents a mapping composed of 6 bits of data, I and Q have a total of 64 combination states of 8 × 8, and various possible data state combinations are finally mapped. As shown in the schematic diagram of the QAM encryption model shown in fig. 3, after mapping data and a secret key, the data and the secret key are transmitted through a channel and then reach a receiving end, and a legal receiving end and the sending end share the same secret key, so that the influence of noise on signals is small, the legal receiving end can accurately recover original data from the noise, and an illegal receiving end does not know the initial secret key, so that the influence of noise on the signals is large, and the illegal receiving end cannot accurately recover the original data from the noise.

(2) IP layer network technology

The traditional IP layer network technology and the IT technology are fused by the existing IP layer network technology, and the Internet application service taking a user as the center is realized by adopting a development, operation and maintenance integrated mode. The traditional IP network is converted from distributed control to centralized control plane, and the difference of underlying network is shielded for various applications through service arrangement and control layer, thereby realizing service and application decoupling, control and forwarding decoupling. Agility, intelligence, fusion and openness are development directions of new IP network technologies. Agility: the automatic opening and operation of the service are realized through the automatic arrangement capacity, and the rapid opening and delivery of the service are realized on the basis of resource mapping and rich API of application, logic and physical networks on the basis of standardizing the service flow processing flow; wisdom: the automatic operation of the network and the service, the network and the service are automatically managed and flexibly deployed by sensing the relevant state of the network and the application in real time and adopting a centralized control surface and a strategy transmission mode based on a big data analysis and visualization technology; fusing: the development, operation and maintenance integrated operation is realized, the network and the IT are fused, and a network management mode taking equipment management as a core is changed into effective cooperation of a user, an application and the network; opening: network software is used for providing programmability for both inside and outside, extracting, abstracting and packaging a demand layer and a resource layer into programmable interfaces, and communicating the demand layer and the resource layer through the standardization of a layered interface and an operating system, so that the opening of network and service capabilities is realized.

For many years, IP networks and Optical Transport Networks (OTNs) have been two networks that operate independently. The IP layer lacks a protection mechanism and cannot sense the change of the topology of the bottom layer in time, the service control scheduling mechanism has a limited effect on the aspect of quick response of important services, the OTN is an evolution target of the next generation transport network, and more operators and equipment manufacturers set the transport network based on the OTN technology. Although IP networks and OTN hierarchies are well defined and convenient to maintain, inefficient use of network resources is also caused. In addition, in some optical networks without coverage of only an IP network area or in a scenario of cross-layer joint optimization of noise encryption secure optical communication in a data center, a noise encryption secure optical communication and IP network joint strategy is less researched.

In summary, the conventional noise encryption secure optical communication technology does not consider that optical communication needs to cross an IP network or an unknown IP area, that is, the conventional noise encryption secure optical communication technology cannot cross the IP network, so that the application of the noise encryption secure optical communication technology is limited. The existing secure optical communication has insufficient flexibility, that is, it is not possible to flexibly select an optical network or an IP network for transmission according to a channel state, a service type, and an area to be spanned by information, and it is insufficient to provide a continuous and stable secure communication service capability for different services in the existing network architecture.

Disclosure of Invention

In order to solve the defects in the prior art, the application provides a noise encryption secure optical communication cross-IP network method and device based on an optical Physical Layer secure cross-IP (optical Physical Layer Security over IP) strategy, and the core lies in that the noise encryption secure optical communication cross-IP network is applied, so that the noise attack prevention capability of the Physical Layer secure optical communication is improved, and the method and device are beneficial to providing continuous and stable secure communication services for different services in the existing network architecture.

In order to achieve the above object, the first invention of the present application adopts the following technical solutions:

a secure optical communication cross-IP transmission method is applied to a noise encryption secure optical transmission system based on a Y-00 encryption protocol, and comprises the following steps:

step 1: dividing the network, and determining a source node and a destination node of the optical network and a source node and a destination node of the IP network to be crossed;

step 2: setting an epitaxial optical analog-digital converter node and an optical modulator node of a source node of an IP network, and setting an epitaxial optical analog-digital converter node and an optical modulator node of a destination node of the IP network;

and step 3: establishing light paths between a source node of an optical network and an epitaxial light analog-digital converter node of a source node of an IP network, between the source node of the optical network and an epitaxial light modulator node of the source node of the IP network, between a destination node of the optical network and an epitaxial light analog-digital converter node of a destination node of the IP network, and between the destination node of the optical network and the epitaxial light modulator node of the destination node of the IP network;

and 4, step 4: the method comprises the steps that a source node of an optical network encrypts service data to obtain an encrypted data signal, and then the encrypted data signal is modulated to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to an epitaxial optical analog-digital converter node of an IP network source node along an optical path between the optical network source node and the epitaxial optical analog-digital converter node of the IP network source node;

and 5: the epitaxial optical analog-digital converter node of the IP network source node performs analog-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

step 6: the encrypted IP data packet is transmitted in an IP network and converged at a destination node of the IP network;

and 7: the epitaxial light modulator node of the IP network destination node modulates the converged encrypted IP data packet to obtain an encrypted light signal, and the encrypted light signal is transmitted to the optical network destination node along a light path between the epitaxial light modulator node of the IP network destination node and the optical network destination node;

and 8: and the optical network destination node decrypts the encrypted optical signal to obtain service data.

The invention further comprises the following preferred embodiments:

preferably, the noise encryption safety optical transmission system based on the Y-00 encryption protocol comprises a sending end and a receiving end;

the transmitting terminal comprises a transmitting terminal laser, a transmitting terminal pseudo-random signal generator, a driving module and a transmitting terminal electro-optical conversion module;

generating a base signal by a sending end pseudo-random signal generator by the pre-shared secret key, and encrypting an input binary signal in a driving module by the base signal to obtain an encrypted signal; the method comprises the steps that a laser at a sending end generates a local oscillator optical signal and inputs the local oscillator optical signal to an electro-optical conversion module at the sending end, and the electro-optical conversion module at the sending end modulates an encrypted signal to obtain an encrypted optical signal;

the receiving end comprises a receiving end laser, a receiving end pseudo-random signal generator, a judgment module and a receiving end photoelectric conversion module;

the pre-shared secret key generates a base signal through a receiving end pseudo-random signal generator; the receiving end laser generates a local oscillation optical signal and inputs the local oscillation optical signal into the receiving end photoelectric conversion module, and the receiving end photoelectric conversion module demodulates the encrypted optical signal to obtain an encrypted signal; and the judgment module decrypts the encrypted signal through the base signal to obtain an output binary signal.

Preferably, in step 1, if there is no optical network and no IP network area to be spanned, the IP network range to be spanned is expanded until the optical network can be connected, and the source node and the destination node of the IP network are re-determined.

Preferably, in step 3, the optical path is established by a routing spectrum allocation algorithm.

The application also discloses another invention, namely a secure optical communication cross-IP transmission device, based on the secure optical communication cross-IP transmission method, the device comprises a network division module, an epitaxial node setting module, a light path establishing module, an encryption module, an analog-to-digital conversion module, a transmission control module, a modulation module and a decryption module;

the network division module is used for dividing the network, and determining a source node and a destination node of the optical network and a source node and a destination node of the IP network to be crossed;

the epitaxial node setting module is used for setting an epitaxial optical analog-digital converter node and an optical modulator node of a source node of the IP network and an epitaxial optical analog-digital converter node and an optical modulator node of a destination node of the IP network;

the optical path establishing module is used for establishing optical paths between a source node of an optical network and an epitaxial optical analog-digital converter node of an IP network source node, between the source node of the optical network and an epitaxial optical modulator node of the IP network source node, between a destination node of the optical network and an epitaxial optical analog-digital converter node of an IP network destination node, and between the destination node of the optical network and the epitaxial optical modulator node of the IP network destination node;

the encryption module is used for encrypting the service data by the source node of the optical network to obtain an encrypted data signal and then modulating the encrypted data signal to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the epitaxial optical analog-to-digital converter node of the IP network source node along the optical path between the optical network source node and the epitaxial optical analog-to-digital converter node of the IP network source node;

the analog-to-digital conversion module is used for the epitaxial optical analog-to-digital converter node of the IP network source node to perform analog-to-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

the transmission control module is used for controlling the transmission of the encrypted IP data packet in the IP network and converging the encrypted IP data packet in a destination node of the IP network;

the modulation module is used for modulating the converged encrypted IP data packet by the epitaxial light modulator node of the IP network destination node to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the optical network destination node along the optical path between the epitaxial light modulator node of the IP network destination node and the optical network destination node;

and the decryption module is used for decrypting the encrypted optical signal by the optical network destination node.

The beneficial effect that this application reached:

the application provides a noise encryption secure Optical communication cross-IP network method and device based on an Optical Physical Layer Security over IP strategy, the method and device can flexibly select an Optical network or an IP network to transmit according to a channel state, a service type and an area to be crossed by information, perform analog-to-digital conversion on an encrypted Optical signal, transmit in the IP network, cross the IP network, and do not reduce the Security of secure Optical communication. The eavesdropping attack resistance of the physical layer and the communication safety stability are improved, and the method can adapt to different application scenes to promote safe optical communication. The encryption noise secure optical communication is more flexible and universal, and the wide application of the secure optical communication technology is promoted.

Drawings

FIG. 1 is a schematic diagram of the Y-00 protocol;

FIG. 2 is a schematic diagram of a noise-encrypted secure optical communication scheme based on the Y-00 protocol;

FIG. 3 is a schematic diagram of a QAM encryption model;

FIG. 4 is a diagram of an embodiment of a noise-encrypted secure optical transmission system based on a Y-00 encryption protocol using a secure optical communication cross-IP network method according to the present application;

FIG. 5 is a flow chart of a secure optical communication cross-IP network method of the present application;

fig. 6 is a diagram of an embodiment of a method for secure optical communication across an IP network according to the present application.

Detailed Description

The present application is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present application is not limited thereby.

Aiming at the defects of the prior art and the service requirement of the safety optical communication popularization, the sensitivity of the safety transmission service is considered, the starting point and the end point of the IP network to be crossed are firstly determined, the encryption optical signal is subjected to analog-to-digital conversion at the position of the starting point of the IP network transmission to be crossed, and is converted into an encryption IP data packet to be transmitted in the IP network. And then, the encrypted IP data packets are converged at the transmission end point position of the IP network to be crossed, the encrypted signals are modulated and converted into encrypted optical signals, and the encrypted optical signals are continuously transmitted in the optical network. Fig. 4 shows an embodiment of a noise-encrypted secure optical transmission system based on a Y-00 encryption protocol for applying a secure optical communication cross-IP network method of the present application, which is used to demonstrate a data transmission and reception process, and the system includes a transmitting end, an optical analog-to-digital converter, an optical modulator, and a receiving end;

the transmitting terminal comprises a transmitting terminal laser, a transmitting terminal pseudo-random signal generator, a driving module and a transmitting terminal electro-optical conversion module; the receiving end comprises a receiving end laser, a receiving end pseudo-random signal generator, a judgment module and a receiving end photoelectric conversion module;

generating a base signal by a sending end pseudo-random signal generator by the pre-shared secret key, and encrypting an input binary signal in a driving module by the base signal to obtain an encrypted signal; the method comprises the steps that a laser at a sending end generates a local oscillator optical signal and inputs the local oscillator optical signal to an electro-optical conversion module at the sending end, and the electro-optical conversion module at the sending end modulates an encrypted signal to obtain an encrypted optical signal;

the optical analog-digital converter performs analog-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

the encrypted IP data packet is transmitted to an optical modulator in an IP network, and the optical modulator modulates the converged encrypted IP data packet to obtain an encrypted optical signal;

the pre-shared secret key generates a base signal through a receiving end pseudo-random signal generator; the receiving end laser generates a local oscillation optical signal and inputs the local oscillation optical signal into the receiving end photoelectric conversion module, and the receiving end photoelectric conversion module demodulates the encrypted optical signal to obtain an encrypted signal; and the judgment module decrypts the encrypted signal through the base signal to obtain an output binary signal.

As shown in fig. 5 and 6, the specific embodiment of the present application is as follows:

a secure optical communication cross-IP transmission method is applied to a noise encryption secure optical transmission system based on a Y-00 encryption protocol, and comprises the following steps:

step 1: determining a source node Alice and a destination node Bob of an optical network, and a source node 1 and a destination node 6 of an IP network to be crossed;

in the embodiment of the application, if the optical network is not connected with the IP network area needing to be spanned, the IP network range needing to be spanned is expanded until the optical network can be connected, and the source node and the destination node of the IP network are redetermined.

Step 2: setting an epitaxial optical analog-to-digital converter node C1 and an optical modulator node C3 of node 1, and an epitaxial optical analog-to-digital converter node C4 and an optical modulator node C2 of node 6;

and step 3: taking a source node Alice of an optical network and an epitaxial optical analog-to-digital converter node C1 of a source node 1 of an IP network as a source node and a destination node of an optical link, and establishing an optical path as an uplink optical path of the node Alice by using a routing spectrum allocation algorithm; taking an epitaxial optical modulator node C3 of a source node 1 of an IP network and a source node Alice of an optical network as a source node and a destination node of an optical link, and establishing an optical path by using a routing spectrum allocation algorithm as a downlink optical path of the node Alice;

taking a destination node Bob of an optical network and an epitaxial optical analog-to-digital converter node C4 of a destination node 6 of an IP network as a source node and a destination node of an optical link, and establishing a light path as an uplink light path of the node Bob by using a routing spectrum allocation algorithm; taking an epitaxial optical modulator node C2 of a destination node 6 of an IP network and a destination node Bob of an optical network as a source node and a destination node of an optical link, and establishing a light path by using a routing spectrum allocation algorithm as a downlink light path of the node Bob;

the established optical path is combined with a source node and a destination node of an IP network needing to be crossed, and a loopback data transmission path is established:

Alice→C1→1→3→5→6→C2→Bob→C4→6→4→2→1→C3→Alice；

Bob→C4→6→4→2→1→C3→Alice→C1→1→3→5→6→C2→Bob。

and 4, step 4: the node Alice encrypts the service data by using the secret key to obtain an encrypted data signal, and then modulates the encrypted data signal to obtain an encrypted optical signal, wherein the encrypted optical signal is transmitted along an optical path between the optical network source node Alice and the node C1;

the modulation format for the encrypted data packets may be 4QAM,16QAM, 64QAM, etc. In general, the higher the modulation order, the more secure the noise-encrypted secure optical transmission strategy of the Y-00 encryption protocol.

And 5: when the encrypted optical signal is transmitted to an epitaxial optical analog-to-digital converter node C1 of a source node 1 of an IP network to be spanned, a node C1 performs analog-to-digital conversion on the encrypted optical signal, and converts the encrypted optical signal into an IP data packet;

step 6: the encrypted IP data packet is automatically transmitted in the IP network and is converged at a destination node 6 of the IP network to be crossed;

and 7: the node C2 modulates the converged encrypted IP data packet to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to an optical network destination node Bob;

and 8: and the node Bob decrypts the encrypted optical signal to obtain the service data.

A safe optical communication cross-IP transmission device is based on the safe optical communication cross-IP transmission method and comprises a network dividing module, an epitaxial node setting module, a light path establishing module, an encryption module, an analog-to-digital conversion module, a transmission control module, a modulation module and a decryption module;

the network division module is used for dividing the network, and determining a source node and a destination node of the optical network and a source node and a destination node of the IP network to be crossed;

the epitaxial node setting module is used for setting an epitaxial optical analog-digital converter node and an optical modulator node of a source node of the IP network and an epitaxial optical analog-digital converter node and an optical modulator node of a destination node of the IP network;

the optical path establishing module is used for establishing optical paths between a source node of an optical network and an epitaxial optical analog-digital converter node of an IP network source node, between the source node of the optical network and an epitaxial optical modulator node of the IP network source node, between a destination node of the optical network and an epitaxial optical analog-digital converter node of an IP network destination node, and between the destination node of the optical network and the epitaxial optical modulator node of the IP network destination node;

the encryption module is used for encrypting the service data by the source node of the optical network to obtain an encrypted data signal and then modulating the encrypted data signal to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the epitaxial optical analog-to-digital converter node of the IP network source node along the optical path between the optical network source node and the epitaxial optical analog-to-digital converter node of the IP network source node;

the analog-to-digital conversion module is used for the epitaxial optical analog-to-digital converter node of the IP network source node to perform analog-to-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

the transmission control module is used for controlling the transmission of the encrypted IP data packet in the IP network and converging the encrypted IP data packet in a destination node of the IP network;

the modulation module is used for modulating the converged encrypted IP data packet by the epitaxial light modulator node of the IP network destination node to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the optical network destination node along the optical path between the epitaxial light modulator node of the IP network destination node and the optical network destination node;

and the decryption module is used for decrypting the encrypted optical signal by the optical network destination node.

The present applicant has described and illustrated embodiments of the present invention in detail with reference to the accompanying drawings, but it should be understood by those skilled in the art that the above embodiments are merely preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not for limiting the scope of the present invention, and on the contrary, any improvement or modification made based on the spirit of the present invention should fall within the scope of the present invention.

Claims (4)

1. A secure optical communication cross-IP transmission method is applied to a noise encryption secure optical transmission system based on a Y-00 encryption protocol, and is characterized in that:

the method comprises the following steps:

step 1: dividing the network, and determining a source node and a destination node of the optical network and a source node and a destination node of the IP network to be crossed;

step 2: setting an epitaxial optical analog-digital converter node and an optical modulator node of a source node of an IP network, and setting an epitaxial optical analog-digital converter node and an optical modulator node of a destination node of the IP network;

and step 3: establishing light paths between a source node of an optical network and an epitaxial light analog-digital converter node of a source node of an IP network, between the source node of the optical network and an epitaxial light modulator node of the source node of the IP network, between a destination node of the optical network and an epitaxial light analog-digital converter node of a destination node of the IP network, and between the destination node of the optical network and the epitaxial light modulator node of the destination node of the IP network;

and 4, step 4: the method comprises the steps that a source node of an optical network encrypts service data to obtain an encrypted data signal, and then the encrypted data signal is modulated to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to an epitaxial optical analog-digital converter node of an IP network source node along an optical path between the optical network source node and the epitaxial optical analog-digital converter node of the IP network source node;

and 5: the epitaxial optical analog-digital converter node of the IP network source node performs analog-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

step 6: the encrypted IP data packet is transmitted in an IP network and converged at a destination node of the IP network;

and 7: the epitaxial light modulator node of the IP network destination node modulates the converged encrypted IP data packet to obtain an encrypted light signal, and the encrypted light signal is transmitted to the optical network destination node along a light path between the epitaxial light modulator node of the IP network destination node and the optical network destination node;

and 8: the optical network destination node decrypts the encrypted optical signal to obtain service data;

the noise encryption safety optical transmission system based on the Y-00 encryption protocol comprises a sending end and a receiving end;

the transmitting terminal comprises a transmitting terminal laser, a transmitting terminal pseudo-random signal generator, a driving module and a transmitting terminal electro-optical conversion module;

generating a base signal by a sending end pseudo-random signal generator by the pre-shared secret key, and encrypting an input binary signal in a driving module by the base signal to obtain an encrypted signal; the method comprises the steps that a laser at a sending end generates a local oscillator optical signal and inputs the local oscillator optical signal to an electro-optical conversion module at the sending end, and the electro-optical conversion module at the sending end modulates an encrypted signal to obtain an encrypted optical signal;

the receiving end comprises a receiving end laser, a receiving end pseudo-random signal generator, a judgment module and a receiving end photoelectric conversion module;

the pre-shared secret key generates a base signal through a receiving end pseudo-random signal generator; the receiving end laser generates a local oscillation optical signal and inputs the local oscillation optical signal into the receiving end photoelectric conversion module, and the receiving end photoelectric conversion module demodulates the encrypted optical signal to obtain an encrypted signal; and the judgment module decrypts the encrypted signal through the base signal to obtain an output binary signal.

2. The method of claim 1, wherein the method comprises:

in step 1, if there is no optical network connected to the IP network area to be spanned, the IP network range to be spanned is expanded until the optical network can be connected, and the source node and the destination node of the IP network are re-determined.

3. The method of claim 1, wherein the method comprises:

and step 3, establishing a light path through a routing spectrum allocation algorithm.

4. A device for transmitting secure optical communication across IP, based on any one of claims 1 to 3, wherein the method for transmitting secure optical communication across IP comprises:

the device comprises a network division module, an epitaxial node setting module, a light path establishing module, an encryption module, an analog-to-digital conversion module, a transmission control module, a modulation module and a decryption module;

the network division module is used for dividing the network, and determining a source node and a destination node of the optical network and a source node and a destination node of the IP network to be crossed;

the epitaxial node setting module is used for setting an epitaxial optical analog-digital converter node and an optical modulator node of a source node of the IP network and an epitaxial optical analog-digital converter node and an optical modulator node of a destination node of the IP network;

the optical path establishing module is used for establishing optical paths between a source node of an optical network and an epitaxial optical analog-digital converter node of an IP network source node, between the source node of the optical network and an epitaxial optical modulator node of the IP network source node, between a destination node of the optical network and an epitaxial optical analog-digital converter node of an IP network destination node, and between the destination node of the optical network and the epitaxial optical modulator node of the IP network destination node;

the encryption module is used for encrypting the service data by the source node of the optical network to obtain an encrypted data signal and then modulating the encrypted data signal to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the epitaxial optical analog-to-digital converter node of the IP network source node along the optical path between the optical network source node and the epitaxial optical analog-to-digital converter node of the IP network source node;

the analog-to-digital conversion module is used for the epitaxial optical analog-to-digital converter node of the IP network source node to perform analog-to-digital conversion on the encrypted optical signal to obtain an encrypted IP data packet;

the transmission control module is used for controlling the transmission of the encrypted IP data packet in the IP network and converging the encrypted IP data packet in a destination node of the IP network;

the modulation module is used for modulating the converged encrypted IP data packet by the epitaxial light modulator node of the IP network destination node to obtain an encrypted optical signal, and the encrypted optical signal is transmitted to the optical network destination node along the optical path between the epitaxial light modulator node of the IP network destination node and the optical network destination node;

and the decryption module is used for decrypting the encrypted optical signal by the optical network destination node.

Images