SlideShare a Scribd company logo

Making networks secure with multi-layer encryption

ADVA
ADVA

Stephan Lehmann's NetNordic session discussed the most effective encryption methods for safeguarding external network connections against unauthorized access. He debated how the latest technology for encryption at multiple layers can provide a comprehensive state-of-the-art security infrastructure for all connectivity applications, and explored how new solutions are ensuring that data is encrypted without impacting network performance.

Technology
1 of 12
Making networks secure with multi-layer encryption 22 September 2022 Stephan Lehmann
© 2022 ADVA. All rights reserved. 2 Network security provides secure foundation Critical infrastructures require reliable networks Confidentiality – Integrity – Availability Required Actual Time Security Level
© 2022 ADVA. All rights reserved. 3 Cryptography is crucial for network security Encryption and authentication support different layers Application TLS/SSL (App) SSH (Admin) VPN IPsec (L3) Transport MACsec (L2) OTNsec (L1) Network security Firewalling Segmentation Encryption Authentication Intrusion Detection >100 Gbit/s 1-100 Gbit/s 0,1-1 Gbit/s <100 Mbit/s <100 Mbit/s
© 2022 ADVA. All rights reserved. 4 Traditional VPN not sufficient for modern networks Evolution of encryption requirements VPN (IPsec) Client-site (RAS) Move to cloud Mobile first Site-site Growing bandwidths Network requirements (QKD, Multi-tenancy) TLS/SSL PerApp VPN MACsec OTNsec ZeroTrust StrongAuth
© 2022 ADVA. All rights reserved. 5 Secure Out-Of-Band Management • Protection of management traffic running over 3rd party networks Client Separation („multi-tenancy“) • Client-specific keys and management • Cryptographic separation per interface or per VLAN Quantum-safe keys • See: „Quantum threat: How to protect your optical network” tomorrow Sidetrack: security for managed networks Extended requirements especially for service provider
© 2022 ADVA. All rights reserved. 6 Multi-layer encryption covering every use case Several encryption tunnel on different layers OTNsec (L1) MACsec (L2) IPsec (L3) TLS/SSL (L4++) Mobile Small office Home office Sub Sub HQ Production Cloud
© 2022 ADVA. All rights reserved. 7 How do we evaluate encryption quality? Characteristics of encryption solutions Strong encryption Weak encryption No encryption
© 2022 ADVA. All rights reserved. 8 What do you need for a strong encryption solution? Powerful encryption in hardware with open, reviewed and proven algorithms Secret session keys with high entropy and periodic re-keying Countermeasures against potential quantum computer attacks Detection of physical and logical manipulation attempts Review of architecture and implementation by independent security bodies Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
© 2022 ADVA. All rights reserved. 9 What does ADVA provide for encryption? FPGA with Advanced Encryption Standard (AES) and 256 bits encryption keys Multiple true random number generators (TRNG) with ephemeral keys allowing perfect forward secrecy (PFS) Quantum key distribution (QKD) and post-quantum cryptography (PQC) Physical tamper protection, secure boot and secure software download, on-board smart cards and eFuses Certified by NIST and German BSI Hardware true random number generator Classical and PQC key exchange Suitable for L1, L2, Lx encryption Self protecting, tamper detection Crypto agility and full flexibility Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
© 2022 ADVA. All rights reserved. 10 Secure foundation by encryption and authentication Network interface device* with MACsec hardware encryption and VNF Compute Node (VNF) Trusted Side Untrusted Side Segment A Segment B Segment C Network security (firewall, IDS, IP VPN, etc.) Network segmentation (physical and virtual) Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Port 9+10 *FSP 150-XG118Pro (CSH)
© 2022 ADVA. All rights reserved. 11 POP POP POP Location 2 Location N Location 1 Certified multi-layer encryption for SD-WAN The big picture Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC …
© 2022 ADVA. All rights reserved. 12 Stephan Lehmann Senior product line manager +49 151 44 01 40 42 slehmann@adva.com linkedin.com/in/stelehmann/ Encryption and authentication on multiple layers for a secure foundation for modern and software-defined networks Security-certified and carrier- grade solutions to secure optical transport (Layer 1) and metro networks (Layer 2) Further listening: „Quantum threat: How to protect your optical network” by Vincent Sleiffer on Friday Further reading: Making networks secure with multi-layer encryption Takeaways

Recommended

Designing the 5G Unified Air Interface
Designing the 5G Unified Air InterfaceDesigning the 5G Unified Air Interface
Designing the 5G Unified Air Interface
Qualcomm Research
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
ADVA
 
5g introduction_NR
5g introduction_NR5g introduction_NR
5g introduction_NR
Nitin George Thomas
 
In-service synchronization monitoring and assurance
In-service synchronization monitoring and assuranceIn-service synchronization monitoring and assurance
In-service synchronization monitoring and assurance
ADVA
 
How Mobile Technology Works
How Mobile Technology WorksHow Mobile Technology Works
How Mobile Technology Works
3G4G
 
Part 8: 5G Spectrum - 5G for Absolute Beginners
Part 8: 5G Spectrum - 5G for Absolute BeginnersPart 8: 5G Spectrum - 5G for Absolute Beginners
Part 8: 5G Spectrum - 5G for Absolute Beginners
3G4G
 
Final2
Final2Final2
Final2
Srinivas k
 
5G and Open Reference Platforms
5G and Open Reference Platforms5G and Open Reference Platforms
5G and Open Reference Platforms
Michelle Holley
 

Recommended

Designing the 5G Unified Air Interface
Designing the 5G Unified Air InterfaceDesigning the 5G Unified Air Interface
Designing the 5G Unified Air Interface
Qualcomm Research
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
ADVA
 
5g introduction_NR
5g introduction_NR5g introduction_NR
5g introduction_NR
Nitin George Thomas
 
In-service synchronization monitoring and assurance
In-service synchronization monitoring and assuranceIn-service synchronization monitoring and assurance
In-service synchronization monitoring and assurance
ADVA
 
How Mobile Technology Works
How Mobile Technology WorksHow Mobile Technology Works
How Mobile Technology Works
3G4G
 
Part 8: 5G Spectrum - 5G for Absolute Beginners
Part 8: 5G Spectrum - 5G for Absolute BeginnersPart 8: 5G Spectrum - 5G for Absolute Beginners
Part 8: 5G Spectrum - 5G for Absolute Beginners
3G4G
 
Final2
Final2Final2
Final2
Srinivas k
 
5G and Open Reference Platforms
5G and Open Reference Platforms5G and Open Reference Platforms
5G and Open Reference Platforms
Michelle Holley
 
Smart Antenna
Smart AntennaSmart Antenna
Smart Antenna
Farzana Shaik
 
LTE - Long Term Evolution
LTE - Long Term EvolutionLTE - Long Term Evolution
LTE - Long Term Evolution
Arief Gunawan
 
Vehicular_Networking_Slides.pdf
Vehicular_Networking_Slides.pdfVehicular_Networking_Slides.pdf
Vehicular_Networking_Slides.pdf
ssuserc656bb
 
Day 1 LTE Technology Overview
Day 1 LTE Technology OverviewDay 1 LTE Technology Overview
Day 1 LTE Technology Overview
mahesh savita
 
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) DevicesBeginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
3G4G
 
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5G
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5GEvolution in wireless communication , 1G , 2G , 3G , 4G & 5G
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5G
Kamal Bhagat
 
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptxpowerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
semua
 
LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfaces
Abdulrahman Fady
 
Mw presentation 1
Mw presentation 1Mw presentation 1
Mw presentation 1
Amizareza
 
Gsm presentation shaikot
Gsm presentation shaikotGsm presentation shaikot
Gsm presentation shaikot
sivakumar D
 
5g TECHNOLOY
5g TECHNOLOY5g TECHNOLOY
5g TECHNOLOY
SumanPramanik7
 
6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction
3G4G
 
Near field Technology
Near field TechnologyNear field Technology
Near field Technology
shrien_sahi
 
Plasma Antenna and its applications
Plasma Antenna and its applicationsPlasma Antenna and its applications
Plasma Antenna and its applications
swetha samv
 
What is 5G?
What is 5G?What is 5G?
What is 5G?
Rohde & Schwarz North America
 
Overview 5G Architecture Options from Deutsche Telekom
Overview 5G Architecture Options from Deutsche TelekomOverview 5G Architecture Options from Deutsche Telekom
Overview 5G Architecture Options from Deutsche Telekom
Eiko Seidel
 
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
Ryuichi Yasunaga
 
3GPP Release 17: Completing the first phase of 5G evolution
3GPP Release 17: Completing the first phase of 5G evolution3GPP Release 17: Completing the first phase of 5G evolution
3GPP Release 17: Completing the first phase of 5G evolution
Qualcomm Research
 
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITYLTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
جامعة تعز كلية الهندسة وتقنية المعلومات Taiz University Engineering
 
Overview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; OperationsOverview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; Operations
Deepak Sharma
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
Westermo Network Technologies
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
ADVA
 

More Related Content

What's hot

Day 1 LTE Technology Overview
Day 1 LTE Technology OverviewDay 1 LTE Technology Overview
Day 1 LTE Technology Overview
mahesh savita
 
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) DevicesBeginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
3G4G
 
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptxpowerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
semua
 
LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfaces
Abdulrahman Fady
 
Gsm presentation shaikot
Gsm presentation shaikotGsm presentation shaikot
Gsm presentation shaikot
sivakumar D
 
6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction
3G4G
 
Near field Technology
Near field TechnologyNear field Technology
Near field Technology
shrien_sahi
 
Plasma Antenna and its applications
Plasma Antenna and its applicationsPlasma Antenna and its applications
Plasma Antenna and its applications
swetha samv
 
What is 5G?
What is 5G?What is 5G?
What is 5G?
Rohde & Schwarz North America
 
Overview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; OperationsOverview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; Operations
Deepak Sharma
 

What's hot (20)

Smart Antenna
Smart AntennaSmart Antenna
Smart Antenna
 
LTE - Long Term Evolution
LTE - Long Term EvolutionLTE - Long Term Evolution
LTE - Long Term Evolution
 
Vehicular_Networking_Slides.pdf
Vehicular_Networking_Slides.pdfVehicular_Networking_Slides.pdf
Vehicular_Networking_Slides.pdf
 
Day 1 LTE Technology Overview
Day 1 LTE Technology OverviewDay 1 LTE Technology Overview
Day 1 LTE Technology Overview
 
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) DevicesBeginners: Introduction to 5G Reduced Capability (RedCap) Devices
Beginners: Introduction to 5G Reduced Capability (RedCap) Devices
 
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5G
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5GEvolution in wireless communication , 1G , 2G , 3G , 4G & 5G
Evolution in wireless communication , 1G , 2G , 3G , 4G & 5G
 
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptxpowerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
powerpoint_presentation_-_making_5g_nr_a_reality_february_2020_web.pptx
 
LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfaces
 
Mw presentation 1
Mw presentation 1Mw presentation 1
Mw presentation 1
 
Gsm presentation shaikot
Gsm presentation shaikotGsm presentation shaikot
Gsm presentation shaikot
 
5g TECHNOLOY
5g TECHNOLOY5g TECHNOLOY
5g TECHNOLOY
 
6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction6G Training Course Part 7: 6G Technologies - Introduction
6G Training Course Part 7: 6G Technologies - Introduction
 
Near field Technology
Near field TechnologyNear field Technology
Near field Technology
 
Plasma Antenna and its applications
Plasma Antenna and its applicationsPlasma Antenna and its applications
Plasma Antenna and its applications
 
What is 5G?
What is 5G?What is 5G?
What is 5G?
 
Overview 5G Architecture Options from Deutsche Telekom
Overview 5G Architecture Options from Deutsche TelekomOverview 5G Architecture Options from Deutsche Telekom
Overview 5G Architecture Options from Deutsche Telekom
 
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
 
3GPP Release 17: Completing the first phase of 5G evolution
3GPP Release 17: Completing the first phase of 5G evolution3GPP Release 17: Completing the first phase of 5G evolution
3GPP Release 17: Completing the first phase of 5G evolution
 
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITYLTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
LTE NETWORK OPTIMIZATION FOR URBAN AREA AT TAIZ CITY
 
Overview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; OperationsOverview Of Gsm Cellular Network &amp; Operations
Overview Of Gsm Cellular Network &amp; Operations
 

Similar to Making networks secure with multi-layer encryption

Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Cohesive Networks
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
 

Similar to Making networks secure with multi-layer encryption (20)

Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100D
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router Çözümleri
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
 
ID Quantic encryption
ID Quantic encryptionID Quantic encryption
ID Quantic encryption
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 

More from ADVA

ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
ADVA
 

More from ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Making networks secure with multi-layer encryption

  • 1. Making networks secure with multi-layer encryption 22 September 2022 Stephan Lehmann
  • 2. © 2022 ADVA. All rights reserved. 2 Network security provides secure foundation Critical infrastructures require reliable networks Confidentiality – Integrity – Availability Required Actual Time Security Level
  • 3. © 2022 ADVA. All rights reserved. 3 Cryptography is crucial for network security Encryption and authentication support different layers Application TLS/SSL (App) SSH (Admin) VPN IPsec (L3) Transport MACsec (L2) OTNsec (L1) Network security Firewalling Segmentation Encryption Authentication Intrusion Detection >100 Gbit/s 1-100 Gbit/s 0,1-1 Gbit/s <100 Mbit/s <100 Mbit/s
  • 4. © 2022 ADVA. All rights reserved. 4 Traditional VPN not sufficient for modern networks Evolution of encryption requirements VPN (IPsec) Client-site (RAS) Move to cloud Mobile first Site-site Growing bandwidths Network requirements (QKD, Multi-tenancy) TLS/SSL PerApp VPN MACsec OTNsec ZeroTrust StrongAuth
  • 5. © 2022 ADVA. All rights reserved. 5 Secure Out-Of-Band Management • Protection of management traffic running over 3rd party networks Client Separation („multi-tenancy“) • Client-specific keys and management • Cryptographic separation per interface or per VLAN Quantum-safe keys • See: „Quantum threat: How to protect your optical network” tomorrow Sidetrack: security for managed networks Extended requirements especially for service provider
  • 6. © 2022 ADVA. All rights reserved. 6 Multi-layer encryption covering every use case Several encryption tunnel on different layers OTNsec (L1) MACsec (L2) IPsec (L3) TLS/SSL (L4++) Mobile Small office Home office Sub Sub HQ Production Cloud
  • 7. © 2022 ADVA. All rights reserved. 7 How do we evaluate encryption quality? Characteristics of encryption solutions Strong encryption Weak encryption No encryption
  • 8. © 2022 ADVA. All rights reserved. 8 What do you need for a strong encryption solution? Powerful encryption in hardware with open, reviewed and proven algorithms Secret session keys with high entropy and periodic re-keying Countermeasures against potential quantum computer attacks Detection of physical and logical manipulation attempts Review of architecture and implementation by independent security bodies Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
  • 9. © 2022 ADVA. All rights reserved. 9 What does ADVA provide for encryption? FPGA with Advanced Encryption Standard (AES) and 256 bits encryption keys Multiple true random number generators (TRNG) with ephemeral keys allowing perfect forward secrecy (PFS) Quantum key distribution (QKD) and post-quantum cryptography (PQC) Physical tamper protection, secure boot and secure software download, on-board smart cards and eFuses Certified by NIST and German BSI Hardware true random number generator Classical and PQC key exchange Suitable for L1, L2, Lx encryption Self protecting, tamper detection Crypto agility and full flexibility Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
  • 10. © 2022 ADVA. All rights reserved. 10 Secure foundation by encryption and authentication Network interface device* with MACsec hardware encryption and VNF Compute Node (VNF) Trusted Side Untrusted Side Segment A Segment B Segment C Network security (firewall, IDS, IP VPN, etc.) Network segmentation (physical and virtual) Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Port 9+10 *FSP 150-XG118Pro (CSH)
  • 11. © 2022 ADVA. All rights reserved. 11 POP POP POP Location 2 Location N Location 1 Certified multi-layer encryption for SD-WAN The big picture Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC …
  • 12. © 2022 ADVA. All rights reserved. 12 Stephan Lehmann Senior product line manager +49 151 44 01 40 42 slehmann@adva.com linkedin.com/in/stelehmann/ Encryption and authentication on multiple layers for a secure foundation for modern and software-defined networks Security-certified and carrier- grade solutions to secure optical transport (Layer 1) and metro networks (Layer 2) Further listening: „Quantum threat: How to protect your optical network” by Vincent Sleiffer on Friday Further reading: Making networks secure with multi-layer encryption Takeaways