Senetas fibre optic connections are secure - right
•Transferir como PPTX, PDF•
0 gostou•1,195 visualizações
Fibre optic connections are often assumed to be secure, but they can be tapped. Senetas, a company that develops high-speed network encryption technology, explains how fibre tapping can be done with readily available devices. With some technical knowledge and effort, optical fibres can be tapped without detection by splicing into or polishing the fibres to create an evanescent wave coupler that splits the signal. While difficult, motivated attackers could potentially intercept transmitted data this way if not encrypted. Senetas recommends encryption to protect valuable data and discusses their CN range of encryptors that provide full-duplex encryption up to 10Gbps with low latency.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (18)
Semelhante a Senetas fibre optic connections are secure - right
Semelhante a Senetas fibre optic connections are secure - right (20)
Senetas fibre optic connections are secure - right
- 1. SENETAS “FIBRE OPTIC CONNECTIONS ARE SECURE - RIGHT?” 1
- 2. Senetas Europe High Performance Encryption Solutions Securing Data In Transit Graham Wallace Ian Greenwood
- 3. Company overview • Senetas Europe, based in Basingstoke is a wholly owned subsidiary of Senetas Corp. Ltd. Australia • An Australian ASX listed engineering company • Developing high speed network encryption technology since 1997 • Currently sold to more than 35 countries globally
- 4. Senetas Security Products Portfolio
- 5. Technology Differentiators • Layer 2 encryption for performance & simplicity • Constant low latency (<7us) even on voice/video links • Retains full network bandwidth • Ideal for 1GB/10GB datacentre fibre links
- 6. Tapping Optical Fibre The Fact and the Theory
- 7. Why would someone tap an optical link? • Live networks and back-up systems run remotely on high speed optical fibre • Optic Fibre NOT secure • Readily available fibre tap device bought on Net • Intrusion undetected by information sender or receiver • 480 million km of fibre deployed • IDC estimates that only 30% of the digital universe is subject to security applications.
- 8. How - Clip on Coupler • We can already prove that fibre can be tapped. • What is contentious is whether this risk can be mitigated against without the need for encryption.
- 9. How - Light Touch Techniques • The effect of this technique is similar to splicing. • The extent to which the fibres are polished will decide on the tap ratio. This can be as low as 1% but up to 20% would be likely to be undetectable.
- 10. How - Light Touch Techniques The polished evanescent wave coupler is based on bringing the cores of two fibres close together by removing part of the cladding and optically contacting the polished faces. By this process, the two cores behave as if they are contained within the same cladding.
- 11. Evanescent Wave Coupler - Jigs
- 12. Patents for fusing fibres • Once you can splice there are a number of patented techniques for fusing more than one fibre WITHOUT breaking the original. • You can check out: – US 4989939 – US 5410626 – US 6862385
- 13. Main Message ‘If your data is worth millions then it’s worth spending thousands to get it’ • We do not suggest this is a trivial enterprise • Nor could it be done by novices • But we do suggest that this kind of attack is possible for moneyed and motivated people
- 14. Senetas CN range of Encryptors summary • Encrypts ALL the contents of Ethernet and Fibre Channel frames • Full duplex line-rate encryption up to 10Gbps < 7 microseconds latency • All Senetas solutions centrally managed by CypherManager • Certified - FIPS 140-2 level 3, Common Criteria EAL4+, CAPS IL3 baseline • Ideal for Point to Point fibre links and MPLS Services • Flexible licensing from 10Mbps to 10Gbps EAL4 +
- 15. Securing Data in Transit Thank you for your attention. Any Questions?
Notas do Editor
- Senetas Europe are a wholly owned subsidiary of Senetas Australia.Senetas in Australia have been very successful in designing and supplying encryptors into the Asian markets for over 15 years, 18 months ago Senetas Europe was established to engage with partners to address both the private and public requirements for encryption solutions.And it is with great pleasure that we have with use today SelexElsag our partner to supply CAPS approved into Government space and Tellemachus who specialise in addressing the security needs of organisations such as police forces.
- What we do.The range of certified encryptors cover speeds from 2Mbps through to 10 Gbps and a range of protocols from E1/T1 to SONIT/SDH.Our CAPS program is focused on the CN1000 1 and 10 gig Ethernet plus the Fibre Channel encryptors.Hopefully that gives you an idea of who we are and what we do, now we would like to show you why we do it.Introduce Graham Wallace.
- It is demonstrable that with a cheap clip-on tapping device we can extract sufficient light to accurately reconstruct the transmitted data packet.However, this device introduces a loss of anything from 3-6dB depending on the wavelength being tapped.It is therefore detectable using simple Optical Time-Domain Reflectometer(OTDR) devicesIt has never been our contention that this device is an appropriate tool for a serious cyber-thief.We believe only that it opens up the question of what is possible.Nevertheless there are scenarios we will consider which could use even this simple device.
- Guided Waves occur when light propagates along or is constrained by the physical boundaries of a waveguide. This is the case for a singlemode fiber where the denser core has refractive index n1 and the cladding is less dense with refractive index n2. When the core diameter is small enough that the number of possible totally internally reflected rays is reduced to one, thus allowing only a single mode of guided light, the concept of rays changes to modes which bend with or are guided by the core.
- Indeed from the patent if you have a jig design which is specific to the fibre and the percentage of tap you wish to use then the whole process seems straightforward enough regardless of location. It’s really just about preparation.
- I think that’s probably sufficient. I’d like to just revisit the main message slide I showed earlier and reiterate. We believe that serious cyber actors can tap fibre optic links without being detected or without being stopped in a timely fashion. Justification for encryption remains a function of data value and risk assessment but we would contend that the you cannot make that judgement based on the idea that optical fibres are secure.
- Senetas are the only vendor that offers a whole range of layer 2 appliance based solutions including Ethernet, fibre-channel, SONET/SDH and ATM from 10MB to 10GB throughput. 100Gb in development.Because the solutions running at layer 2 rather than layer 3 there is little or no overhead added to the data packets. The CN 10000 ethernet solution has ~ 7uS latency and 99.9% bandwidth availability. (Layer 3 solutions from vendors such as Check Point/Cisco use IPSEC and VPN’s which encapsulate the whole packet adding significant overhead, especially on small frame such as those required for voice and video traffic). The Senetas layer 2 technology utilises a ‘cut through’ implementation rather than the layer three ‘store and forward’ characteristics.In the same way a switch has less impact on data delay than does a router.We currently are “in evaluation” stage with CESG (CAPS) which is due to be approved in during 2012 and will be the only 1 and 10Gigabit layer 2 encryptors approved for HM Government. We already have FIPS140-2 and Common Criteria. The commercial and CAPS products are based an exactly the same hardware platform.