Cryptography in optical networks. Is your data secure?
It is commonly believed that optical fibres are much safer than copper infrastructure. Unfortunately, it is not true.
Research in the last few years has shown that optical fibres can easily be tapped. In consequence, more and more companies, particularly financial and government institutions, place a lot more emphasis on the security of data, including the data that is transported over optical systems.
One of the major priorities for network administrators is building reliable networks that are safe and secure. Thus, they use wavelength multiplexing technology, build independent optical paths and implement automatic switching methods to move traffic to alternative (backup) paths in order to provide continuous transmission in the event of a single device or fibre failure.
However, there is a question as to whether, in our rush to larger capacities, shorter switching times and better availability, we have not forgotten about data security in the sense of its confidentiality and integrity.
Nowadays, cyberattacks are a threat to all enterprises. Optical fibres can be tapped, and confidential information revealed with tools that are relatively easy to use. This means that using optical fibres does not guarantee data security. However, with the help of encryption methods that have previously been used by military and intelligence agencies, it is possible to secure sensitive data.
When we look into this subject we face a number of significant challenges. Firstly, data encryption must be done without information loss, it must be transparent and enable full capacity. And we cannot forget about maintaining low latency, which is of primary importance to the financial sector. Secondly, we have to comply with laws that regulate aspects of sensitive data security. Finally, how do we integrate all this into our existing infrastructure without replacing links or devices that are already operational?
If a given solution is to provide a high level of security in a fibre optic infrastructure, it must include cryptographic security of data transmission, a firewall, secure network management protocols and monitoring of optical fibre parameters.
Only a joined up combination of these elements will allow us to provide three critical security functions:
Confidentiality – the protection of information against unauthorised disclosure,
Data integrity – the assurance that the data has not been modified in any way,
Authorisation – the confirmation that the parties involved are the ones they claim to be.
It is also necessary to provide network administrators with both regular and ad-hoc information on optical fibre parameters, as their rapid degradation may indicate that a fibre is being tapped. Thus, the security of the first layer is a key part of the total cyber security solution.
By taking the above requirements and complementing them with specific policies and standards, we receive a set of recommendations for an encryption platform. Among these are: the layer-1 encryption using at least a 256 bit key (GCM-AES-256), compliance with NIST FIPS 140-2 and NSA Suite B standards and the support of the 1/10/40/100Gb Ethernet, 4/8/16/32G Fibre Channel and OTU2/3/4 protocols.
So, what kind of solution do you need to secure your data?
Do you wish to build an xWDM network with data encryption from scratch?
Do you need to encrypt your data and transport it over your existing xWDM network?
Or maybe you need to build a secure point to point connection?
To sum up, the layer-1 encryption solution is independent of the application and the SAN/LAN devices you use, which makes it cost effective and easy to deploy. It enables integration into the existing WDM infrastructure and can be flexibly added without interference to existing services. A reliable network is a safe and secure network.
We support our partners helping them to build reliable solutions and create leading telecommunication networks.