PacketLight Devices Demonstrate Risk Reduction
At a Glance
Location: Lab in Japan
Industry: Video
Purpose: Layer-1 encryption and risk reduction in PacketLight’s devices during the transport of video over IP protocols.
Devices:
The following PacketLight devices were tested:
PL-2000M 200G over Single Wavelength Muxponder
PL-4000T 4 x 400G Transponder
PL-1000D OSA and OTDR Fiber Monitoring Device
Outcome: PacketLight devices demonstrated risk reduction by proving resilient against flooding and other physical and cyber threats.
Purpose
PacketLight devices were tested for security functionality in the transmission of various video over IP transmissions over different 400G network setups. The following tests were conducted:
- Layer-1 encryption for 100Gb Ethernet encapsulating video over IP traffic.
- Proof of the safety and protection of management ports against external physical elements.
- Physical non-intrusive testing of the fiber optics using OTDR, that can also detect potential fiber tapping
Test Setup
PacketLight products successfully connected a 400G network between multiple sites (Hokkaido, Tokyo and Osaka) and conducted Layer-1 full rate, full throughput transparent encryption for 100G eth stream containing Video over IP data . In addition, protection testing of the management ports against attacks from different types was contacted successfully.
The test was conducted in cooperation with the Industrial Cyber Security Center of Excellence (ICSCoE), the National Institute of Information and Communications Technology (NICT), and Science Information NETwork (SINET).
Three PacketLight devices were used:
| PL-2000M 200G over Single Wavelength Muxponder – this device was used to transport video over IP encapsulated in 100Gb Ethernet services over a 200G encrypted uplink (Figure 1). |  |
| PL-4000T 4 x 400G Transponder high capacity transmission of 4x 100G over a single 400G wavelength using pluggable with compact 400G optical coherent modules (Figure 2). |  |
| PL‑1000D OSA and OTDR Fiber Monitoring Device were used and tested for resilience and protection of FTP, HTTP and SNMP ports against elements such as flooding. |  |
Layer-1 Encryption
PacketLight’s encryption devices perform GCM-AES-256 encryption on Layer-1 of the client signal, supporting full bandwidth of Ethernet services. The solution complies with NIST FIPS 140 Level 2, Common Criteria EAL2, and Commercial National Security Algorithm (CNSA) Top Secret Suite B 2015 requirements.
The solution is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data, providing full end-to-end transparency of the services and low latency.
Management Port Protection
This test was aimed at verifying possible security vulnerabilities on new technologies, video controllers and network equipment used in the broadcasting industry.
The ICSCoE formed test teams and conducted penetration testing to identify equipment malfunctions, protocol problems, and network operational issues over the backbone network for Video over IP at the rate of 400G.
One of the important achievements of this experiment was the development of a new method to generate 400G network traffic over next generation high-speed backbone network, using inexpensive high-performance consumer PC. This new method made performing load testing on backbone networks in various locations and environments an easy task.
Results
The experiment proved that the management ports on PacketLight devices are resilient to flooding and cyber threats.
PacketLight enjoys the prestige and enhanced reputation in the Japanese market following the successful test in SINET and NICT labs.
Figure 1: Encrypted 200G transmitting video over IP encapsulated in 100Gb Ethernet services
Figure 2: Safety and protection of management ports against external elements