PacketLight Networks has added Layer 1 optical encryption capabilities to its PL-2000AD Optical Transport Network (OTN) platform in order to protect data in transit at the physical layer.
The PL-2000AD is a fully integrated, compact 1U multiprotocol, multi-rate platform that now equips enterprises and carriers with extended point-to-point Layer-1 encryption capabilities across their metro and long-haul routes.
For many years, cyber-security breaches were aimed at the data centre, cloud or the data itself in the enterprise environment. As security in those areas has strengthened, hackers have begun attacking the network directly, whether wireless or over fibre and cables, and the number of such attacks is on the increase, according to the company.
Conceptually, hacking into light waves seems excessively difficult but it turns out there are viable and practical ways of achieving this at low cost. Hence, Layer-1 or physical layer security has become a key part of a total cyber-security solution (see our feature Securing the cloud networking supernova).
The PacketLight platform is a muxponder/transponder/add-drop multiplexer that supports a mix of client protocols – including Ethernet, Fibre Channel, SONET/SDH and OTN – and aggregates them into dual 100G OTU4 uplinks using an OTN cross-connect matrix. By bundling the encryption capabilities into the same package, it provides a highly cost-effective approach to this task.
While the introduction of data encryption over the network can sometimes force massive and costly infrastructure migrations at upper layers, PacketLight says the bundled approach and ease of interconnection with other equipment allow security functions to be provisioned quickly and painlessly. The PL-2000AD encryption can interconnect with any Layer-2/3 switches, or to existing DWDM infrastructure.
“The challenge of protecting the network from hackers is hitting enterprises and service providers hard, while increasingly stringent regulations enforced by government and security managers are making encryption mandatory across organisations and countries,” explained Koby Reshef, PacketLight’s CEO. “Our customers are now able to comply with these regulations and deliver new types of encryption service without changes to existing infrastructure – making it quicker, less costly and faster to implement. PL-2000AD offers the most advanced Layer-1 security with minimal integration effort.”
PacketLight’s cryptography performs GCM-AES-256 Layer-1 encryption for up to 20 multi-rate Ethernet, Fibre channel or SONET/SDH services. The encrypted service provides end-to-end transparency of service data and clock with minimal latency. For even stronger security, PacketLight’s encryption uses periodical key exchange using the Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC CDH) algorithm.
The encryption system is fully compliant with NIST FIPS 140-2 Level 2 and with CNSA Top Secret Suite requirements (formerly NSA Suite B).