The biggest security exposure is in the ranging process when the OLT broad-
casts the serial number and ID of the ranged ONU. A malicious user can make
use of this information for spoofing. This problem can be avoided through an
authentication process during which the ONU is verified by a password known
only to the OLT (e.g. through management provision).
To improve security, the ITU-T G.983.1 standard (Sect. 8.3.5.6, [8]) defines a
churning procedure to scramble the data for downstream connections with a key
established between the ONU and OLT. The encryption key is sent from an
ONU to the OLT with a defined protocol. (Note that the encryption key is only
sent in the secure upstream link.) To further enhance the security, the encryption
key can be ...