Fiber optic communication infrastructure was always considered more secure than copper infrastructure, since it does not radiate and is more resilient to tapping.

Recent years have shown that it is possible to tap the fiber optic cable and extract the data transmitting over it. As a result, data security over DWDM links has increased, especially in financial and government institutions, critical infrastructure, data centers and service providers. Moreover, adhering to security requirements such as confidentiality, integrity and authentication have become mandatory in some industries.

Please contact us for a quote or further assistance.

FIPS 140-2 Level 2 and Common Criteria EAL2 certified optical network Layer-1 encryption solution for high level of security.

PacketLight’s Layer-1 encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data, providing full end-to-end transparency of service data (unlike MacSec Layer-2 or IPsec Layer-3 encryption), and low latency of less than 12 usec for 10Gb Ethernet.

Layer-1 Encryption Solution Review

PacketLight’s encryption solutions perform GCM-AES-256 encryption on Layer-1 of the client signal, supporting full bandwidth of GbE/10/40/100/400Gb Ethernet services. The solution complies with NIST FIPS 140-2, Common Criteria EAL2, and Commercial National Security Algorithm (CNSA) Top Secret Suite B 2015 requirements for GbE/10/40/100/400Gb Ethernet, 4/8/10/16/32G FC, STM64/OC-192 SONET/SDH, and OTU2/3/4.

The solution resolves three major concerns in optical link security:

  • Confidentiality - preventing disclosure of information to unauthorized parties
  • Data integrity - ensuring that the message has not been altered
  • Authentication – validating that both parties involved are indeed who they claim to be

The solution enables users to flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.

PacketLight Layer-1 Encryption Diagram
Example of Encrypted Connectivity over Dark Fiber with Transponder

Up to 20 encrypted signals can be multiplexed into a single 100G or 200G OTN uplink using PacketLight’s muxponder devices. The encryption can be done per client interface (service) or for the entire uplink (line side).

Layer 1 Encryption High Capacity

Example of Encryption of Multiple High Capacity Rates and Protocols

Other Security Solutions

In addition to the data encryption, PacketLight DWDM devices support the following security capabilities:

  • Fiber attenuation monitoring - monitors the attenuation levels between two sites in real-time and provides system alerts in case of any degradation in fiber attenuation.
  • Firewall - malicious fiber tapping attempts is one of the reasons for degradation in fiber attenuation. PacketLight units comprise alerts, so tapping attempts are identified quickly and remedied.
  • Secured access to management console - firewall functionality protects PacketLight’s device against attacks targeted at the management port by enabling the user to maintain a whitelist of managers that can access the device.

Please contact us for a quote or further assistance.

FIPS 140 2 Level 2 validated       Common Criteria EAL2 Certified       Common Criteria EAL2 Certified

 

 

Related products