PacketLight’s Layer-1 encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data, providing full end-to-end transparency of service data (unlike MacSec Layer-2 or IPsec Layer-3 encryption), and low latency of less than 12 usec for 10Gb Ethernet.

Layer-1 encryption solution for high level of security. FIPS 140-2 Level 2 compliant and Common Criteria EAL2 certified.

Please contact us for a quote or further assistance.

The Need for DWDM Network Encryption

Fiber optic communication infrastructure was always considered more secure than copper infrastructure, since it does not radiate and is more resilient to tapping.

Recent years have shown that it is possible to tap the fiber optic cable and extract the data transmitting over it. As a result, data security over DWDM links has increased, especially in financial and government institutions, critical infrastructure, data centers and service providers. Moreover, adhering to security requirements such as confidentiality, integrity and authentication have become mandatory in some industries.

PacketLight's Layer-1 Optical Encryption Solution 

PacketLight’s encryption solution perform GCM-AES-256 encryption on Layer-1 of the client signal, supporting full bandwidth of GbE/10/40/100/400Gb Ethernet services. The solution is Common Criteria EAL2 certified, and complies with NIST FIPS 140-2 and Commercial National Security Algorithm (CNSA) Top Secret Suite B 2015 requirements for GbE/10/40/100/400Gb Ethernet, 4/8/10/16/32G FC, STM64/OC-192 SONET/SDH, and OTU2/3/4.

The solution resolves three major concerns in optical link security:

  • Confidentiality - preventing disclosure of information to unauthorized parties
  • Data integrity - ensuring that the message has not been altered
  • Authentication – validating that both parties involved are indeed who they claim to be

The solution enables users to flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.

PacketLight Layer-1 optical encryption with tapping alarm

Example of Encryption over Dark Fiber with Transponder

Up to 20 encrypted signals can be multiplexed into a single 100G or 200G OTN uplink using PacketLight’s muxponder devices. The encryption can be done per client interface (service) or for the entire uplink (line side).

Layer 1 optical Encryption for High Capacity Rates and Protocols

Example of Encryption of Multiple High Capacity Rates and Protocols

Total Network Protection - Additional Security Solutions

In addition to the data encryption, PacketLight DWDM devices support the following security capabilities:

  • Fiber attenuation monitoring - monitors the attenuation levels between two sites in real-time and provides system alerts in case of any degradation in fiber attenuation.
  • Firewall - malicious fiber tapping attempts is one of the reasons for degradation in fiber attenuation. PacketLight units comprise alerts, so tapping attempts are identified quickly and remedied.
  • Secured access to management console - firewall functionality protects PacketLight’s device against attacks targeted at the management port by enabling the user to maintain a whitelist of managers that can access the device.

Please contact us for a quote or further assistance.

Common Criteria EAL2 Certified       Common Criteria EAL2 Certified

 

 

Related products

PL-2000T - 800G Optical Transport Platform

PL-2000T

800G Optical Transport Platform
PL-2000M 200G Single Wavelength Muxponder

PL-2000M

200G Single Wavelength Muxponder
PL-2000ADS Muxponder and Transponder for 200G Short Reach Optical Networks

PL-2000ADS

200G ADM for Short Haul

PL-1000TE Crypto

Encryption over 10G DWDM Wavelength