Layer 1 Encryption in WDM Transport Systems

Editor's Notes

• #4: – not for every optical network encryption brings a benefit. In general security is interesting whenever there is a consolidation of services which are considered mission critical for the operator. Typically this is the case for data centers. In the end of my talk I will give a little overview that shows were we are effectively deploying optical encryption and you will see that industry - or you could say - Enterprise customers are a sweet spot. So lets have a look into a typical Enterprise / Data Center network:
• #5: Most of the data center we talk about have a secure physical access, this means building are in one or the other way shielded against attacks from the outside world and there are security gates that make sure not everybody can enter the buildings.
• #6: Due to those measures Data Center Hardware,…..Servers, Storage, Mainframes,…is protected. So due to teh fact that you have a physical security gateway a potential enemy can‘t just go there, steal HW or do HW reconfigurations.
• #7: Talking about SW that is actually running on the HW. Also here Data Centers have security concepts….secure shells, separated IP domains, central authentification servers controlling who gets SW access to which device or part of the network by when and also providing passwords in a centralized way acc. to certain rules rather than individual operators providing access for everybody who knows the birthday of their wife.
• #8: So that‘s all fine and well understood. But the point where those concepts don‘t have control is the point were the optical fiber leaves the data center building or the campus and in 99% of all cases crosses public ground where it is really difficult for the data center operator to make sure that only teh right poeple get access to this infrastructure.
• #9: were can potential attackers get access to a fiber network? – because fiber operators have to continiously maintain their infrastructure they have street cabinets. Everybody know the grey boxes and can imagine how easy it is to open a street cabinet and get access to such a splice box that contains a group of fibers which are in-service. From there an attacker can either deploy such a little Y-bridge which tabs light permanently or he can use such a coupling device which makes use of the fact that whenever you start bending fibers light will leak out of the fiber core and can be collected and detected. OK- so that‘s how you get the light but how do you get to that data? I think we all know that. Wavelengths can get identified and filtered using standard ITU filters, transport protocols like G.709 are fully standardized and protocol analyzers will perfectly do the job of stripping them away and providing a payload signal. The cost for the equipment that you need to realize such a scenario is below 10k dollar.
• #10: OK. So I am a network operator and in order to protect against such a scenario I want to run encryption on my network. So what are the key criteria I have to look for? … …and as a result of a market analysis I will come to the conclusion that encryption should always be done on teh lowest possible layer. Not every operator has access to teh L1 therefore sometimes L2 or L3 solutions show better economics.
• #11: Lets now talk a bit more about the concept of L1 encryption. As you might know there are lots of different encryption schemes and algorithms available. And it would be beyond teh scope of this session to introduce you to the way how all the different schemes really operate on the level of algorithms. But just one quick comparison here….Security levels scale with the complexity of the key. In the digital domain the key is always a number and key complexity is due to the size of this number. AES256 is a quasi-standard in encryption today. Researchers today believe that it can only be attacked by trial and error. The number of trials you need in order to have reasonable chance beeing successful is almost at the level of the number of atoms in the universe.
• #12: Whats the difference between encryption on L3 – typically know as Ipsec – or encryption on L2 or encryption on L1? First of all the most obvious difference is …L1 encryption is protocol agnostic. So it can be applied to any prototcol in the data center and there are lots of different protocols present in today data center networks - not everything is Ethernet. But there is also a big difference in the way encryption inluences the transport. At this point you have to know that most encryption schemes are dynamic. That means keys are not static, they change automatically. In order to make sure that the remote location can follow this dynamic key exchange both location have to continiously exchange some data. …data that is generated by the encryption scheme itself. For a encrpytion scheme that is based on a protocol like L2 or L3 this means that you have to add an overhead. For example in IP – every IP packet has to carry an additional overhead that carries the pure encrpytion information. You see the orange areas in the pictures – those are teh encrpytion header that are added to the different protocols. Adding larger header to IP packet or MAC frames means that you limit teh effective throughput and also add latency. In contrast to that a L1 encryption that uses an available tranport protocol can just go to the header of that transport protocol and insert the relevant information. So you turn some bits of an idle pattern in an OTU2 frame into something meaningful. The impact to teh payload with regards to throughput is zero.
• #13: What you see here is prototcol throught put an encrpyted system as a function of frame size. First – what is called ADVA encryption here is a L1 scheme…and you can – for everything that is L2 or L3 protocol based throuput scales with teh inverse frame size. Average framesize in today‘s internet traffic is about 300 to 400 bytes, source „NetworkWorld“. So we see typically 20% effects. But it can be even more for very small packets.
• #14: The following OTU/ODU overhead bytes are used for the dynamic key exchange in our ADVA AES256 encryption solution: 10TCE-PCN-16GU+AES100G: GCC2 5TCE-PC(T)N-10G+AES10G: GCC1/2
• #15: Lets have a look at teh networking aspects of such an encrpytion scheme. First of all – we do a so-called inflight encryption. This means – data in encryption on teh network side btu unencrypted at all clients ports. – completely symmetrical. In order to make sure that only those systems that are supposed to talk to eahc other are running the same encryption scheme the first thing that needed to establish such a scheme is authentification. This means that a so-called atuh. Key need to be provided to both systems and then they are allowed to talk to each other. This is done via some secure shells – can be in-band, can be out of band. Then the AES 256 scheme starts running between two individual cards. Every minute all keys will automatically change. In order to enable the remote location o follow this fast key exchange there is so called Deffie-Hellman that just enables the remote location to always generate the news key on ist own rather than transmitting key between the two sites. Payload transport is not at all affected or disrupted….
• #24: Main focus of encryption over long distance OTN networks is on GbE and 10GbE LAN services. The following bytes are used with the STM-64c line interface:F2/3 bytes used for key exchange, latency & other functions Setup via  ECC (DCCR) or an external DCN connection The following bytes are used with the OTU-2e line interface: GCC1/2 used for key exchange, latency & other functions Setup via  ECC (GCC0) or an external DCN connection
• #25: Main focus of encryption over long distance OTN networks is on Ethernet LAN services.
• #27: Bar chart shows the sector spending on security in the UK.