Security enhanced dynamic bandwidth allocation algorithm against degradation attacks in next generation passive optical networks

The dynamic bandwidth allocation (DBA) algorithm is highly impactful in improving the network performance of gigabit passive optical networks (GPON). However, reports delineating its vulnerability to certain attacks can be found in the literature, thus raising concerns. A degradation attack manipulates the transmission control protocol (TCP) congestion control algorithm, which may impact the received bandwidth of targeted network users. Here, the absence of electronics within the passive splitter renders attack identification in GPONs a significant challenge. Therefore, the current study aimed to propose a secured DBA mechanism known as security enhanced DBA capable of overcoming this particular threat. A detection phase served as a critical component for sensing and subsequently mitigating any abnormal behaviors observed among optical network units (ONUs). Upon identification of the attacker, penalties were imposed to deter the next attack attempt and reestablish the fairness to previously attacked ONUs. The simulation findings revealed throughput improvement of up to 63% due to the security feature offered by the mechanism. Besides, significant improvements for the upstream delay performance recorded at 52%, 60%, and 65% for traffic containers (TCONT) TCONT2, TCONT3, and TCONT4, respectively, were observed in comparison to the non-secure DBA mechanism. Hence, the integration of the security mechanisms in DBA renders it possible to avoid any exploitation of GPON vulnerability in hacking other users’ bandwidth.