Resumen
Passive optical networks are currently the most promising solution for access networks. These networks rely on broadcast signal distribution in the downstream direction and unicast signal transmission in the upstream direction. The upstream direction is controlled by optical line termination (OLT). The broadcast transmission method increases security vulnerability because the attacker is able to connect his/her modified optical network unit (ONU) to the free port of the splitter (commonly in the basement). We present the concept for the activation process of ONUs based on physical unclonable function (PUF) for next-generation passive optical networks stage 2 (NG-PON2). The use of PUF increases security in the NG-PON2. Furthermore, the registration identifier (ID) is not stored in a nonvolatile memory, in comparison with the common solution defined by the International Telecommunication Union (ITU) recommendation G.989.3. An attacker cannot perform a reverse engineering attack to obtain the registration ID. For this reason, the attacker cannot clone an ONU. We proposed security improvements that involve authentication, encryption, integrity protection, and data origin verification methods in the NG-PON2. Our model uses the standard implementation of the transmission convergence layer of NG-PON2 with the new physical layer operations, administration, and maintenance (PLOAM) messages. The recommendation G.989.3 allows specifying own PLOAM messages since not all IDs are used in the current specification.