1. Introduction
With the rapid development of digitization and computing power in information society, communication security is facing imminent threat. The majority of previously announced security enhancement strategies use algorithmic encryption, most commonly the advanced encryption standard (AES) [
1,
2,
3,
4], while algorithm-level encryption may be intercepted and cracked as a result of the advent of quantum computing [
5]. The chaotic system has the characteristics of broad bandwidth, good randomness and high sensitivity [
6,
7,
8,
9,
10]. At present, chaotic secure optical communication at the physical layer has become an effective strategy to protect the security of large-scale data exchange in modern networks [
11].
Chaotic signals are generated by analog and digital methods. The former can generate highly complex nonlinear dynamic broadband signals [
12]. In the field of optical communication, most chaotic signals in the analog domain are generated by chaotic lasers, which are large in volume, high in cost and complex in structure. At the same time, these schemes pose higher requirements on chaotic synchronization, which is very important for a secure communication system based on a chaotic system [
13]. The latter will pay for computational time when obtaining a more complex nonlinear dynamic behavior [
14,
15,
16]. When the chaotic signal is used as the carrier for chaotic secure communication, its spectral efficiency is low, and when the transmission rate is low, the information is easy to be intercepted [
17]. On the other hand, some scholars also adopt chaotic signal to drive phase modulator (PM) and scramble private chaotic phase [
18]. The process should convert the complicated nonlinear electro-optical signal and be injected into PM, which makes the optical layer encryption possibly. It can also encrypt the whole network data of low delay and high speed [
19]. However, the chaotic laser produces complexly and carries out nonlinear electro-optical signal converting. The variety of optical damage will inevitably cause signal distortion [
20]. It also significantly increases the cost, and the application of the scheme is impeded by these problems.
In this paper, we propose an analog–digital combined high-secure optical communication system. The scheme adopts a 3D chaotic system, and x is the injected signal of the PM to carry out phase disturbance in the analog domain. With a chaotic circuit instead of chaotic laser as a driving signal to be injected into the PM, the complicated nonlinear electro-optical signal conversion problem of existing schemes is solved. This scheme reduces the cost and optimizes the size. The y and z are used for the time–frequency domain encryption in the digital domain. Moreover, we demonstrate a 13.3 Gb/s encrypted signal transmission over 25 km standard single-mode fiber (SSMF). If the chaotic driving circuit produces a delay of 3 s, the bit error rate (BER) reaches more than 0.3 at the receiver. The results show that the analog–digital combined encrypted scheme based on the chaotic circuit as driving signal has a good performance in optical communication system and is compatible with the existing optical networks.
2. Principles
In
Figure 1, we present the schematic diagram of the proposed analog–digital combined high-secure optical communication system. The encryption module is made up of two encrypting portions: digital and analog. The unified 3D chaotic system generates chaotic signals for the analog-digital combined encryption. In the analog part,
x chaotic signal is generated by the corresponding circuit of the chaotic system to encrypt the phase. In the digital part, the
y and
z sequences of the chaotic system are generated by MATLAB to encrypt the data in the time and frequency domain. At the receiver, the PM is demodulated by using chaotic circuit to generate chaotic signal, which is opposite to the
x chaotic signal. Then, the digital signal processing (DSP) performs the opposite operation with the transmitter to decrypt in the digital domain.
Employing the following 3D chaotic system to generate a chaotic signal to encrypt the original data:
when
a = 0.6,
b = 1, and (
x1,
y1,
z1) = (0, 0, 1), the system (1) is in a chaotic orbit, as shown in
Figure 2.
We designed the chaotic circuit corresponding to the chaotic system to implement the encryption on the hardware. The proposed scheme utilizes the chaotic signal generated by the chaotic circuit to drive the PM to encrypt rather than the optical carrier, and the transmission capacity is no longer limited by the bandwidth of the chaotic signal. The chaotic circuit has the characteristics of small size, low cost and high sensitivity. Its size is only 10 cm × 5 cm. The circuit is composed of three channels, which are integrated according to the state variables
x,
y, and
z, respectively. The circuit schematic of system (1) was designed as shown in
Figure 3. The construction of the corresponding chaotic circuit can be represented as:
The chaotic circuit completes the computing of integral, addition, subtraction and nonlinear operations. The supply voltage of the circuit is ±13.5 V. The corresponding circuit components can be selected as:
The type specification of operational amplifier is LM741CN. The physical equipment of the analog circuit is shown in
Figure 4a. The phase trajectory of the analog circuit in the oscilloscope shows in
Figure 4b,c.
Figure 4b is the phase trajectory of
x–
y, and
Figure 4c is the phase trajectory of
y–
z. The outputs waveform of the physical circuit is consistent with the simulation outputs. The temporal waveform of the generated chaotic signal
x is shown in
Figure 4d.
Figure 4e shows the spectrum of the generated chaotic signal
x. The results indicate the typical characteristics of chaotic signal, including random like-noise in the time domain and the wide bandwidth in the frequency domain. There are the Lyapunov exponent of the signal greater than 0, which exhibits the chaotic properties of the
x signal. The autocorrelation function (ACF) can prove the high randomness.
Figure 4f shows the autocorrelation of the
x chaotic signal. As can be seen from the results in
Figure 4f, there are no similar fragments in the
x chaotic signal. In this scheme, the
x signal generated by the chaotic circuit is used to encrypt the data, and the
x chaotic signal is injected into PM as the driving signal to disturb the phase. The amplitude of the driving signal of PM 1 is opposite to that of the driving signal of PM 2. The chaotic circuits at the transmitter and receiver are controlled by the same power supply, which ensures the synchronization of chaotic signals.
When the chaotic signal is injected into the PM, the adapter needs to be connected, which has a 50 Ohms impedance. This affects the chaotic waveform and the nonlinear dynamic characteristics of chaos disappear. Therefore, in this scheme, the chaotic circuit module needs to be connected in series with the amplifying matching module to realize the matching between modules, and the amplification of the chaotic signal is conducive to signal encryption. The specific flow chart is shown in
Figure 5. The voltage is adjusted according to the feedback signal of the common emitter amplifier circuit.
The main function of this module is realized by a triode. Due to the randomness and non-periodicity of chaotic signals, it is more challenging to amplify and match chaotic signals. If the chaotic signal is directly connected to the triode, waveform distortion or signal self-excitation may occur. Therefore, it is necessary to add a voltage follower module, low-pass filter module and current series negative feedback module to match and adjust. The specific circuit schematic diagram is shown in
Figure 6.
In
Figure 6, the amplification matching circuit is mainly composed of resistance–capacitance parallel
R15 and
C4,
R16 and
C5, operational amplifiers
U9 and
U10, current-limiting resistance
R2 and
R13, triode Q1BUV26G, current feedback sampling resistance
R18, load resistance
R19 and
Vp power supply. The adapted voltage follower, which is made up of the operational amplifier
U9, is designed to match the chaotic signal source of the output to that of the input and perform impedance matching, allowing the signal of the amplifier circuit to operate within its normal range. At the same time, it has an isolation effect and can cut off the interference effect of the back electromotive force on the front stage. The low frequency signal can thus flow normally through the low pass filter module, which is made up of inductance and capacitance. The output signal is injected into the voltage follower composed of operational amplifiers
U9 and
U10, where resistors
R17 and
R18 are used for limiting the current. Finally, the signal is injected from the base of the triode, and the emitter outputs the amplified chaotic signal. Since the signal is input from the base and output from the emitter, the common emitter amplifier circuit is formed. The signal is transmitted back to a low-pass filter module made up of an inductor and capacitor through a feedback loop. The corresponding circuit components can be selected as:
The purpose of this design is to increase load capacity and stabilize output voltage.
The physical equipment of the amplification matching circuit is shown in
Figure 7a. The temporal waveform after the amplification matching circuit is shown in
Figure 7b. The maximum output signal value is about 6.5 V. The cross-correlation (CC) function between chaotic circuit 1 and chaotic circuit 2 is shown in
Figure 7c. It is indicated that outputs of chaotic circuit 1 and chaotic circuit 2 are well synchronized with the CC of 0.99. The CC can be expressed as:
where
and
denote the mean of the time series of the chaotic circuit 1 and the chaotic circuit 2, respectively.
A schematic of digital domain encryption is shown in
Figure 8. The 16 quadrature amplitude modulation orthogonal frequency division multiplexing (16QAM-OFDM) modulation was adopted in our scheme. In order to reduce the complexity of the algorithm and improve the bit error performance, we designed an optimization algorithm. Firstly, as shown in
Figure 8a, the sub-bands in the frequency domain are divided. As is shown in
Figure 8b, the sub-bands in the frequency domain are disturbed, in order to reduce the number of disturbed objects in the frequency domain. Then, the encryption in the time domain is shown in
Figure 8c. The optimization scheme of region division is not used in the time domain, so as to achieve the effect of all information scrambling. It was assumed that the process of OFDM has
M subcarriers for data transmission. It can be divided into
K frequency bands according to region division, and each frequency band has
n sub-bands. Its relation satisfies
M =
K ×
n. The number of frequency bands
K can be selected, but
K must be greater than 3. A total of 512 subcarriers were used for data transmission, and the four subcarriers were divided into a frequency band, with a total of 128 frequency bands. Frequency domain encryption is to perturb the 128 frequency bands. Compared with the undivided frequency band algorithm, the computational cost of the proposed algorithm was reduced by four times, and all the data were perturbed and encrypted.
The chaotic sequence
y was used in this encryption part, but the original chaotic sequence did not meet the requirements of signal encryption, so it needed to be optimized, as shown in the following process:
where
means to set the non-integer element of the matrix to 0, and
Y is the generated permutation matrix. The encrypted information in frequency domain can be expressed as:
where
is the signal of encrypted frequency band and
is the signal of original frequency band.
The data of the time domain are perturbed so that all data are encrypted. The data are interleaving diffusion perturbation by the optimized chaotic sequence. Zoning perturbation was not used; otherwise, the data are only scrambled in a local area, which increases the possibility of cracking. The specific processing of chaotic sequence can be expressed as:
To improve the encryption performance and enhance the robustness of the system against proportional cracking, encrypted data in the time domain can be expressed as:
where
T is the original time domain data and
Te is the encrypted time domain data. At the receiver, the encryption algorithm is reversible, and the data can be decrypted by the reverse operation of the encryption process.
3. Experiment Setup and Results
The device diagram of the experimental equipment is shown in
Figure 9, and the intensity modulation direct detection (IM/DD) system based on 25 km SSMF is established. The attenuation of the SSMF is less than 0.2 dB/km, the dispersion is less than 18 ps/(nm·km), the effective group refractive index is 1.467, and the cladding diameter is 125.0 ± 0.7 μm. In addition, DSP technology and phase modulator were used to encrypt digital domain and analog domain, respectively. The encrypted signal at the digital end was loaded into arbitrary waveform generator (AWG, TekAWG70002A) with a sampling rate of 15 GSa/s. The analog signal after amplification by an electrical amplifier (EA) was injected into Mach–Zehnder modulator (MZM) to realize photoelectric modulation. The wavelengths and power of the laser were set at 1550 nm and 10 dBm, respectively. The output signal of the MZM was sent to PM 1 for phase encryption perturbation. The half-wave voltage of the PM was 6 V. The modulation depth was equal to 2. The modulation depth is defined as the ratio of the peak-to-peak value of the modulated wave to the half-wave voltage of the PM. The drive signal of PM 1 was generated by the chaotic circuit. After being amplified by an erbium-doped fiber amplifier (EDFA), the modulated optical signal was launched into 25 km SSMF. It is worth mentioning that the radio frequency (RF) signals of the intensity modulator and the phase modulator are independent, so there is no correlation between the rates of the intensity modulator and the phase modulator. The RF signal out by AWG was modulated to the light by the intensity modulator, and the optical carrier carrying the information was modulated by the independent phase modulator for perturbation. The modulation depth has a great influence on the encryption effect. The modulation depth of the proposed scheme reached 2, which can complete the encryption of information. At the receiver, the chaotic circuit2 was used to drive PM 2 for decryption, and we adjusted the received optical power by a variable optical attenuator (VOA). A photodiode (PD) was used for signal detection. A mixed signal oscilloscope (MSO, TekMSO73304DX) with a sampling rate of 50 GSa/s was used for analog-to-digital conversion (ADC). DSP technology was used to decrypt signal in the digital domain. The total bit rate of the OFDM signal can be tantamount to the expression of (subcarrier number × entropy × AWG sampling rate/IFFT size/(1 + CP)). CP is the length of the cyclic prefix to avoid data crosstalk. In this scheme, the length of CP was 1/8 of the data, and the number of IFFT points was 2048. This modulation scheme was 4 bit/symbol, and subcarrier number was 512. So, the scheme can transmit 13.3 Gb/s 16QAM-OFDM signal. The devices on the transmitter had AWG, Laser, MZM, EA, PM 1, EDFA, and chaotic circuit 1. The devices on the receiver had PM 2, VOA, PD, and MOS. The control power was used to control chaotic circuits.
Figure 10 shows the BER curve of the synchronous 16QAM-OFDM signal and the signal of a 3 s delay decryption under different receiver power after 25 km SSMF. As can be seen from
Figure 10, when the receiver and transmitter can synchronize, the signal can be decrypted normally. As the received optical power decreases, the BER of the signal increases. When there is a 3 s delay between the chaotic circuit 2 and chaotic circuit 1, the signal cannot be decrypted normally, and the BER reaches more than 0.3. It is worth mentioning that, when the delay is set to more than 3 s, the information on the receiver cannot be recovered normally. If the chaotic circuit with higher bandwidth is adopted, the synchronization requirement of chaotic circuit 1 and 2 will be stricter. The data after PM 1 are directly recovered, and the decryption of PM 2 and digital end is no longer carried out. The BER after PM 1 is above very high, as can be seen from the experimental results. The results show that the transmitted data have reached the effect of scrambling and masking under the encryption of the digital domain and analog domain. In addition, we also used the incorrect keys to decrypt it, and the results show that the data are difficult to recover.
In addition, we also tested the constellation points in different scenarios, as shown in
Figure 11, respectively showing the original constellation diagram (a), the encrypted data constellation diagram (b), the restored constellation diagram after 25 km optical fiber transmission (c), and the restored constellation diagram after back-to-back (BTB) (d). It is also clear from the constellation diagram that this scheme can recover the information well. In the case of the unknown key and encryption mechanism, the data are difficult to recover, and its constellation is a mess, as shown in
Figure 11b.
In order to verify the security of the proposed scheme, we also carried out the sensitivity test of the proposed scheme and whether the data can be recovered normally when the key is perturbed. In the concrete implementation scheme, we used the perturbed key to decrypt the transmitted data. It can be seen from
Figure 12 that, when the perturbation degree of
x,
y and
z reaches E-6, there is a large bit error in the data and the data cannot be recovered normally. The coordinate of curve
x at E-6 represents the BER after decrypting the information when the value 0 of the parameter
x in the key is changed to 0 + 10
−6. When the perturbation degree of the control parameter
a and
b reaches E-8, the data cannot be recovered normally. The experimental results show that the information can be recovered correctly only when the receiver obtains the correct key. For the eavesdropper, when the value difference between the cracked key and the correct key reaches E-8, the data are difficult to recover. The scheme ensures the security of data transmission.