Secure authentication scheme for 10 Gbit/s Ethernet passive optical networks

With the development of access network, 10G EPON has gained more and more attention. As its topology structure is point-to-multi-point and the downstream data is broadcasted, it will suffer from eavesdropping and masquerading attack. To eliminate these safety threats, this paper proposes an integrated security scheme including a bilateral authentication method and an encryption algorithm combined with one-way hash function. The authentication method can verify OLT and ONU during the registration process, preventing illegal users joining the network, and safely establish a secret key used for encrypting as well. The proposed scheme's security is based on the computational Diffie–Hellman assumption and the target collision resistant hash functions. The simulation results indicate that this mechanism is more suitable for practical use.