**Detailed descriptions of developed models and results of our attack-aware network planning approaches can be found in our publications.**

In the framework of the SAFE project, our main goal to develop a new attack-aware optical networks planning framework has been achieved with many individual planning algorithms and models. These models can be used by optical networks operators or other owners of optical infrastructure to plan their networks. Further potential users of the project results include networking scientists and engineers, particularly those interested in optical networks security. A description of the specific results follows.

In the first phase of our project, we modeled several types of attacks and defined new objective criteria for the Routing and Wavelength Assignment process accordingly. In order to minimize the maximum potential damage from jamming attacks exploiting in-band crosstalk in optical switches, we defined a new objective called the Propagating Crosstalk Attack Radius (P-CAR), as the maximum number of lightpaths which can be disturbed by a powerful jamming signal via in-band crosstalk in switches, under the assumption of unlimited attack propagation. By applying bin-packing-based heuristics for wavelength assignment, we enhanced network robustness to such attacks with no additional equipment or increase in cost. Namely, our algorithms are multiobjective and aim at minimizing both the attack propagation and the number of wavelengths used. Due to the fact that the P-CAR calculation is computationally demanding, we developed a more scalable variant of heuristics aimed at minimizing only the upper bound on the actual attack propagation, resulting in a significant algorithm speed-up with minor loss of precision. Furthermore, through comparison of our multiobjective approach with two single-objective approaches, one aimed only at minimizing the number of wavelengths used (without considering attacks), and the other at completely eliminating the possibility of propagation of attacks exploiting in-band crosstalk in switches (using the necessary number of wavelengths), we came to conclusion that our approach successfully limits attack propagation using the same number of wavelengths as the corresponding single-objective algorithm.

After minimizing the upper bound on the damage caused by jamming attacks exploiting in-band crosstalk in switches, in the second phase of the project we formulated the problem as an integer linear program (ILP), assuming limited attack propagation. We considered two propagation possibilities, which are closer to realistic network scenarios. In the first case, only the primary attacker can affect other lightpaths, and they do not acquire any attacking potential. In the second case, attacked lightpaths can become secondary attackers and affect lightpaths with which they share common switches, but attack propagation stops there. Two objective criteria were defined for the described cases of 1-hop and 2-hop attack propagation, called the Primary Attack Radius (PAR) and the Secondary Attack Radius (SAR), respectively. Using ILP formulations enabled us to find exact optimal solutions for small-sized networks. To solve the problem for larger network instances, we used GRASP (Greedy Randomized Adaptive Search Procedure), an iterative metaheuristic which is able to significantly decrease the PAR and SAR, respectively, using exactly the same number of wavelengths as the wavelength assignment heuristic which only minimizes wavelengths. In our previous work, we modeled jamming attacks which exploit gain competition in optical amplifiers and out-of-band crosstalk in fibers and designed heuristics based on tabu-search to minimize the number of lightpaths which can be disturbed by such attacks through careful routing of lightpath demands. This routing which minimizes out-of-band jamming effects was combined with wavelength assignment which minimizes in-band jamming effects to perform compound attack-aware routing and wavelength assignment (RWA) scheme against power jamming.

While our proposed attack-aware RWA approaches are able to minimize the damage from jamming attacks, complete elimination of attacks requires specialized equipment, which is very expensive. In the third phase of the project, we explored the market for different hardware solutions and implementations capable of limiting the jamming signals excessive power levels and analyzed their costs. We proposed a novel node architecture we call power equalizer, and developed mechanisms to perform careful power equalization placement in the network, minimizing the number of used equalizers, and, thus, the overall cost, necessary for reducing damage from attacks to the minimal possible measure.

An important functionality of a secure network is survivability of transmission under attack occurences. Therefore, in the fourth phase of our project, we analyzed the possibilities and restrictions of creating secure back-up paths considering jamming attack propagation in links and switches. We considered two variants of protection, one which searches for link-disjoint protection paths, thus protecting against single-link failures, and the other which considers link- and-node-disjoint back-up paths, thus protecting against link-and-node failures and limiting the propagation of jamming attacks exploiting in-band crosstalk in switches. Furthermore, we determined the so-called attack groups of the working and back-up paths of each connection (consisting of other connections which can attack them via in-band crosstalk in switches) and, by prohibiting these groups to share any common elements, we ensured that no in-band jamming attack can affect both the working and the back-up path of any connection.

__The developed solution approaches, in the form of implemented algorithms, for individual planning problems are as follows:__

- Fully implemented and tested Wavelength Assignment algorithms based on graph coloring and bin packing assuming infinite attack propagation capabilities. Implemented and tested in Matlab.
- Mixed integer linear programs for Wavelength Assignment assuming 1 and 2 hop attack propagation capabilities. Implemented and tested with Tomlab CPLEX.
- Greedy algorithms for power equalization placement to minimize the LAR (Lightpath Attack Radius), as well as metaheuristic Greedy Randomized Adaptive Search Procedure applied to minimize the number of power equalizers (GRASP-PE) needed to limit the propagation of high-power jamming attacks in WDM networks and achieve a LAR equal to congestion. Implemented in Matlab and tested at KTH.
- A GRASP heuristic for Wavelength Assignment assuming 1 and 2 hop attack propagation capabilities. Implemented and tested with PDC facilities at KTH.
- An Attack-Aware Routing and Wavelength Assignment (RWA) algorithm combining a Tabu search attack-aware routing approach with a Best Fit Decreasing attack-aware wavelength assignment approach.
- An exact integer linear program to place power equalizers or other VOA-equipped nodes to thwart and monitor attack propagation. Implemented and tested in Matlab linking to CPLEX.
- A survivable attack-aware routing and wavelength assignment algorithm with dedicated protection. Implemented and tested in C++.

__The developed models (attack models, new objective functions, relational models) are as follows:__

- Models for link-based and link and switched-based attack graphs used within the Wavelength Assignment algorithms based on graph coloring and bin packing assuming infinite attack propagation capabilities.
- New objectives: power equalization placement to minimize the number of power equalizers needed to achieve a LAR (Lightpath Attack Radius) equal to congestion; power equalization placement to minimize the LAR given a certain number of power equalizers.
- Models for 1 and 2-hop in-band propagation crosstalk attacks.
- Attack relational model which considers attacks via both links and switches by defining objective criterion AR (Attack Radius) - measuring both the PAR (Primary Attack Radius) for crosstalk attacks via switches and the LAR (Lightpath Attack Radius) via links
- A node architecture equipped with VOAs (Variable Optical Attenuators) at the ingress part for achieving power equalization functionality
- Attack group model for survivable RWA used which ensures that primary and back-up paths cannot both be attacked by the same attack.

__Additional results (for dynamic traffic demands):__

In the above mentioned research problems, we assume static traffic demands. Due to the periodic nature of traffic, planning according to predicted changes in traffic can allow us to more efficiently utilize network resources and lower the cost of the network design by reducing the number of transponders and, thus, the number of lightpaths needed. We had previously initiated research in this area in collaboration with UPCT and have decided to pursue it in the framework of secure planning since *a priori* reducing the number of lightpaths needed can implicitly reduce the attack radius between lightpaths. The set of lightpaths (i.e. the virtual topology) is in fact the input to the RWA algorithms developed. Thus, we investigate virtual topology design in the presence of multi-hour traffic in order to perform efficient transponder placement.

Work on the new problem model of multi-hour optical network planning with the objective to reduce the number of transponders (and lightpaths) needed and, thus, potentially minimize the possibilities of attacks was done in collaboration with UPCT. MILP formulations were developed for the cases with static and dynamic routing, with (non)-bifurcated traffic flows and tested using Tomlab CPLEX. Novel efficient and scalable algorithms using Greedy approaches and Lagrangian relaxations were developed for the multi-hour problem where the lightpaths are considered reconfigurable. We also develop a planning scheme called SR-VTCA (Stable Routing Virtual Topology Capacity Adjustment), where the number of lightpaths between node pairs is adjusted according to traffic variations while the IP routing remains fixed. This allows less lightpaths to be active, and thus less prone to attack, in addition to reducing the costs. We designed an algorithm called SIRA to perform efficient SR-VTCA planning.

The developed solution approaches, in the form of implemented algorithms, for individual planning problems of this additional problem set are as follows:

- A hybrid greedy algorithm called GARF for the multi-hour virtual topology design problem to minimize transponders implemented in Matlab and using MatplanWDM.
- An algorithm for virtual topology reconfiguration under multi-hour traffic using Lagrangian relaxation and sub-gradient optimization implemented in Matlab and using Tomlab CPLEX.
- SR-VTCA (Stable Routing Virtual Topology Capacity Adjustment) algorithm (SIRA) assuming multi-hour traffic with variable lightpaths and fixed routing.

The developed models (attack models, new objective functions, relational model) for this additional problem set are as follows:

- Multi-hour virtual topology design model where lightpaths can be (non)reconfigurable with variable routing with the objective to minimize the number of transponders and lightpaths.
- The SR-VTCA (Stable Routing Virtual Topology Capacity Adjustment) concept of keeping a fixed routing over a variable optical layer