Infinera CHM6 encryption: What network operators need to know about layer 1 encryption

Network operators and providers are under increasing threat from cyber security breaches, each of which could cost millions and even threaten national security. While cybercrime 

is still behind the majority of attacks, there are other security threats that operators need to be aware of, including cyber espionage, cyber warfare, and hacktivism. 

The latest application note from Infinera details how, by focusing on layer 1, operators can reduce the cost of encryption while minimising latency and scaling throughput, and provides more details about Infinera’s CHM6 encryption solution.

Who should download this White Paper?

Designers and planners and anyone who selects the optical equipment for networks, be they long-haul, short-haul, FTTH etc.., and needs to know how to keep their data safe.

Why download this white paper?

This White Paper:

• Advises how to reduce the cost of encryption while minimising latency and scaling throughput
• Provides valuable information on how layer 1 encryption can offer better network  efficiency relative to IPsec
• Explains how this can also be applied for encrypted data centre interconnect
• Offers an overview of how Infinera’s CHM6 coherent channel module can help operators protect that all-important data

What is CHM6 and how can it help protect network data?

Infinera offers layer 1 encryption for enhanced security, available on CHM6 Xponder sleds for the GX G42 compact modular platform. 

Managed through the Transcend Network Management System (TNMS), this encryption option ensures secure data centre interconnect (DCI) with encrypted wavelengths between data centres. It can also support encryption for enterprise and wholesale customers, securing internal traffic across vulnerable environments.

It enables wirespeed bulk encryption, protecting data over the entire concatenated optical data unit, including Ethernet (100 GbE, 400 GbE), and OTU4 client traffic. The encryption is symmetric, employing the same encryption key for both ends, ensuring high throughput and low latency. It is authenticated and authorised using Internet Key Exchange version 2 (IKEv2). X.509 certificates or pre-shared keys (PSKs) can be used for secure key exchange. 

Elliptic curve Diffie-Hellman ephemeral (ECDHE) ensures a shared data encryption key without revealing secret data, while the key used in the DSP is rotated every one minute to 60 minutes, which makes cracking it much harder.