Visible Light Communication vs. Optical Camera Communication: A Security Comparison Using the Risk Matrix Methodology

Abstract

Optical Wireless Communication (OWC) technologies are emerging as promising complements to radio-frequency systems, offering high bandwidth, spatial confinement, and license-free operation. Within this domain, Visible Light Communication (VLC) and Optical Camera Communication (OCC) represent two distinct paradigms with divergent performance and security profiles. While VLC leverages LED-photodiode links for high-speed data transfer, OCC exploits ubiquitous image sensors to decode modulated light patterns, enabling flexible but lower-rate communication. Despite their potential, both remain vulnerable to various attacks, including eavesdropping, jamming, spoofing, and privacy breaches. This work applies—and extends—the Risk Matrix (RM) methodology to systematically evaluate the security of VLC and OCC across reconnaissance, denial, and exploitation phases. Unlike prior literature, which treats VLC and OCC separately and under incompatible threat definitions, we introduce a unified, domain-specific risk framework that maps empirical channel behavior and attack feasibility into a common set of impact and likelihood indices. A normalized risk rank (NRR) is proposed to enable a direct, quantitative comparison of heterogeneous attacks and technologies under a shared reference scale. By quantifying risks for representative threats—including war driving, Denial of Service (DoS) attacks, preshared key cracking, and Evil Twin attacks—our analysis shows that neither VLC nor OCC is intrinsically more secure; rather, their vulnerabilities are context-dependent, shaped by physical constraints, receiver architectures, and deployment environments. VLC tends to concentrate confidentiality-driven exposure due to optical leakage paths, whereas OCC is more sensitive to availability-related degradation under adversarial load. Overall, the main contribution of this work is the first unified, standards-aligned, and empirically grounded risk-assessment framework capable of comparing VLC and OCC on a common security scale. The findings highlight the need for technology-aware security strategies in future OWC deployments and demonstrate how an adapted RM methodology can identify priority areas for mitigation, design, and resource allocation.