What is Layer-1 Optical Encryption?

Fiber optic networks used to be considered resilient to tapping and theft of information. Recent years have shown that it is possible to tap the fiber optic cable and extract the data transmitting over it (even the smallest leak enables to extract all the information transmitted on the fiber).

As a result, data security over DWDM links has increased, especially in data-sensitive industries such as finance and government institutions. It has also become mandatory in some industries to adhere to security requirements.

Encryption of the data has become a very important element in protecting traffic. It is done over Layer-1 of the network, the transport layer. All the data transported is encrypted and the overhead of the encryption and management of the Key exchange* do not reduce the bandwidth of the transported data. PacketLight’s solution also monitors the attenuation of the fiber and alerts of any change, as it can imply a fiber tapping attempt.

Layer-1 encryption resolves the three major concerns in optical link security:

  • Confidentiality - preventing disclosure of information to unauthorized parties
  • Data integrity - ensuring that the message has not been altered
  • Authentication – validating that both parties involved are indeed who they claim to be

It is also important that encryption over Layer-1 be fully transparent so it doesn’t affect the bandwidth and speed of the traffic travelling through the fiber (low latency). Layer-1 encryption must comply or be certified with the following standards:

  • NIST FIPS 140-2
  • Common Criteria EAL2
  • Commercial National Security Algorithm (CNSA) Top Secret Suite B 2015

How is Layer-1 encryption done?

PacketLight’s encryption solution performs encryption using protocol GCM-AES-256 on Layer-1 of the client signal. It supports the full bandwidth of GbE/10/40/100/400Gb Ethernet services.

Encrypted Connectivity over Dark Fiber with Transponder

Example of Encrypted Connectivity over Dark Fiber with Transponder


* Key exchange – to communicate confidentially between two parties, they must exchange a secret key so that each party is able to encrypt messages before sending, and decrypt messages when receiving them.

Further Reading

How can we help you?

Required field
Required field
Invalid Input
Required field
Please let us know your message.