Layer-1 Optical Encryption over Dark Fiber / DWDM / OTN

Fiber optic communication infrastructure was always considered more secure than copper infrastructure, since it does not radiate and is more resilient to tapping.

Recent years have shown that it is possible to tap the fiber optic cable and extract the data transmitting over it. As a result, data security over DWDM links has increased, especially in financial and government institutions, critical infrastructure, data centers and service providers. Moreover, security requirements such as confidentiality, integrity and authentication have become mandatory in some industries.

Please contact us for a quote or further assistance.

Innovative cryptography solution with high level of security

PacketLight’s encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data, providing full end-to-end transparency of service data, and low latency of less than 12 usec for 10G Ethernet.

Solution Review

PacketLight’s cryptography solution performs GCM-AES-256 encryption on Layer-1 of the client signal, supporting full bandwidth of the 1/10/40/100G services. The solution is compliant with NIST FIPS 140-2 standards and NSA Suite B requirements for GbE/10/40/100Gb Ethernet, as well as 4/8/10/16/32G FC, STM64/OC-192 SONET/SDH, and OTU2/3/4.

The solution resolves three major concerns in optical link security:

  • Confidentiality - preventing disclosure of information to unauthorized parties
  • Data integrity - ensuring that the message has not been altered
  • Authentication – validating that both parties involved are indeed who they claim to be

The solution enables users to flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.

Figure 1: Example of Transponder Encrypted Connectivity over Dark Fiber

Up to 20 encrypted signals can be multiplexed into a single 100G or 200G OTN uplink using PacketLight’s muxponder devices. The encryption can be done per client interface (service) or for the entire uplink (line side).

Other Security Solutions

In addition to the data encryption, PacketLight DWDM devices support the following security capabilities:

  • Fiber attenuation monitoring - monitors the attenuation levels between two sites in real-time and provides system alerts in case of any degradation in fiber attenuation.
  • Firewall - malicious fiber tapping attempts is one of the reasons for degradation in fiber attenuation. PacketLight units comprise alerts, so tapping attempts are identified quickly and remedied.
  • Secured access to management console - firewall functionality protects PacketLight’s device against attacks targeted at the management port by enabling the user to maintain a whitelist of managers that can access the device.

Please contact us for a quote or further assistance.

Products for Layer-1 Encryption Solutions

How can we help you?

Please write a subject for your message.
Please let us know your name.
Please let us know your email address.
Invalid Input
Invalid Input
Please let us know your message.