Cost Effective High Speed Physical Layer Security with PL-2000AD
Tel Aviv, Israel – Oct 12, 2016
PacketLight Networks today announced PL-2000AD, a fully integrated (compact 1U) Optical Transport Network (OTN) solution that equips enterprises and carriers with extended point-to-point Layer-1 encryption capabilities across metro and long haul routes. The new product protects data in transit at the physical layer, where lesser known but dangerous breaches are increasing exponentially.
For many years cyber-security breaches were aimed at the data center, cloud or the data itself in the enterprise environment. As security in those areas strengthened, hackers have begun attacking the network, whether wireless or over fiber and cables. Conceptually, hacking into light waves seems excessively difficult but it turns out there are viable and practical ways of economically achieving this. Hence, Layer-1 or physical layer security has become a key part of a total cyber-security solution.
The PL-2000AD also maintains the cost-effective PacketLight approach of delivering bundled encryption solutions in the same package as their 200G multiprotocol multi-rate Muxponder/ Transponder/ADM offering. While the introduction of data encryption over the network can force massive and costly infrastructure migrations at upper layers, the PL-2000AD encryption can interconnect with any layer-2/3 switches or to existing DWDM infrastructure. This provisions leading-edge security into the network quickly and painlessly.
“The challenge of protecting the network from hackers is hitting enterprises and service providers hard and fast, while increasingly stringent regulations enforced by government and security managers are making encryption mandatory across organizations and countries,” explained Koby Reshef, PacketLight’s CEO. “Our customers are now able to comply with these regulations and deliver new types of encryption service without changes to existing infrastructure - making it quicker, less costly and faster to implement. PL-2000AD offers the most advanced Layer-1 security with minimal integration effort.”
The PL-2000AD supports protocols such as Ethernet, Fibre Channel, SONET/SDH and OTN that are ideal for data centers and carrier networks. The encryption solution also works with various client protocols such as 10G/40G/100G LAN, STM64/OC192, OTU2/4 and 8G/10G/16G/32G FC. It also provides flexible encryption solutions for a variety of services from 10G up to 100G, and can encrypt the data-per-service or per muxponder uplink.
PacketLight’s cryptography performs GCM-AES-256 layer-1 encryption for up to 20 multirate Ethernet, Fibre channel or SONET/SDH services. The encrypted service provides full end-to-end transparency of service data and clock with a minimal latency. For improved security, PacketLight’s encryption uses periodical key exchange using the Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC CDH) algorithm.
PacketLight’s encryption solution ensures three major concerns of optical link security:
- Confidentiality - preventing disclosure of information to unauthorized parties
- Data integrity - ensuring that the message has not been altered
- Authentication – validates identities of both parties
The encryption solution is fully compliant with NIST FIPS 140-2 Level 2 and with CNSA Top Secret Suite requirements (formerly NSA Suite B).