Layer 2 Encryption Fortifying data transport



Similar documents
ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

How To Secure My Data

LAYER 2 ENCRYPTORS METRO AND CARRIER ETHERNET METROS AND WIDE AREA NETWORKS ETHERNET ENCRYPTION FOR PRESENTS:

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Securing IP Networks with Implementation of IPv6

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES

Chapter 5. Data Communication And Internet Technology

Lecture 17 - Network Security

CSCI 362 Computer and Network Security

November Defining the Value of MPLS VPNs

The OSI and TCP/IP Models. Lesson 2

How To Understand The Layered Architecture Of A Network

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network

CCNA Security 1.1 Instructional Resource

VPN. Date: 4/15/2004 By: Heena Patel

11/22/

Chapter 2 - The TCP/IP and OSI Networking Models

Chapter 9. IP Secure

HIGH PERFORMANCE ENCRYPTION SOLUTIONS SECURING CRITICAL NATIONAL INFRASTRUCTURE

Using Carrier Ethernet to Create Cost Effective and Secure Wide Area Networks How Layer 2 Encryption Enables Better Use of Bandwidth.

Central Office Testing of Network Services

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

IP Security. Ola Flygt Växjö University, Sweden

Communication Networks. MAP-TELE 2011/12 José Ruela

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Computer Networks CS321

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

V310 Support Note Version 1.0 November, 2011

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

ECE 358: Computer Networks. Homework #3. Chapter 5 and 6 Review Questions 1

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

Channel Bonding in DOCSIS 3.0. Greg White Lead Architect Broadband Access CableLabs

Data Communication Networks and Converged Networks

Virtual Private Networks

In-Flight Encryption. Jim Theodoras. Feb 2014

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Virtual Privacy vs. Real Security

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Please purchase PDF Split-Merge on to remove this watermark.

An Experimental Study on Wireless Security Protocols over Mobile IP Networks

Ethernet. Ethernet. Network Devices

Virtual Private Networks: IPSec vs. SSL

Computer Networks Vs. Distributed Systems

Datacom Services Description and their applications

1.264 Lecture 37. Telecom: Enterprise networks, VPN

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Optimizing Networks for NASPI

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Post-Class Quiz: Telecommunication & Network Security Domain

RFC 2544 Testing of Ethernet Services in Telecom Networks

High Performance VPN Solutions Over Satellite Networks

Protocol Security Where?

Network Security Part II: Standards

SBSCET, Firozpur (Punjab), India

Security for 802 Access Networks: A Problem Statement

DATA COMMUNICATION AND NETWORKS

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Network Design. Yiannos Mylonas

How To Analyze The Security On An Ipa Wireless Sensor Network

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 D. None of the above

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Networking Test 4 Study Guide

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Local Area Networks (LANs) Blueprint (May 2012 Release)

Exhibit n.2: The layers of a hierarchical network

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Networking Devices. Lesson 6

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

COMMUNICATION NETWORKS WITH LAYERED ARCHITECTURES. Gene Robinson E.A.Robinsson Consulting

Protocol Architecture

Protocols. Packets. What's in an IP packet

Protocol Data Units and Encapsulation

WAN Technology. Heng Sovannarith

Multi Protocol Label Switching (MPLS) is a core networking technology that

Monitoring Service Delivery in an MPLS Environment

Data Communication Networks

The OSI & Internet layering models

LAYER 1 & LAYER 2 ENCRYPTION WHY: ONE SIZE DOES NOT FIT ALL

Data Communication and Computer Network

Technical papers Virtual private networks

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Security Technology: Firewalls and VPNs

Smart Solutions for Network IP Migration

Transcription:

autumn meeting 2014 Layer 2 Encryption Fortifying data transport Christian Zank n Cube Optics AG n October 2, 2014

Need for Encryption? n 50.000 network intrusions detected every day Cisco 2013 n Data in transport is not protected n Government regulations for public data transport require higher security levels n The growing mass of electronic data in sensible areas, vital to us need protection

Optical fiber tapping n Scenario 1 Exploiting carrier maintenance points Site 1 Site 2

Optical fiber tapping n Scenario 2 - Exploiting fiber bending properties n 2 n 1 α α α β α:incident angle β:incident angle n 1 &n 2 : refractive index (core and cladding, n 2 < n 1 ) θ:citical angle = arcsin ( n 2 / n 1 ) Condition for total internal re6lection: α > θ Light refracts out of the core when incident angle is smaller than critical angle, β< θ.

7 Layers of the OSI Model Host Layers 7 Application Layer - Data Presenation Layer - Data Session Layer - Data Transport Layer - Segments Network Layer - Packets Media Layers Data Link Layer - Frames Physical Layer - Bits To the fiber

Encryption Layers Host Layers 7 Application Layer - Data Presenation Layer - Data Session Layer - Data Transport Layer - Segments TLS Encryption Network Layer - Packets IP Sec Encryption Media Layers Data Link Layer - Frames Physical Layer - Bits Layer 2 Encryption To the fiber

Overheads 7 Application Layer AH Application Layer Host Layers Presenation Layer Session Layer PH SH AH PH AH Presenation Layer Session Layer Transport Layer TH SH PH AH Transport Layer Network Layer NH TH SH PH AH Network Layer Media Layers Data Link Layer DH NH TH SH PH AH Data Link Layer Physical Layer DH NH TH SH PH AH Physical Layer Fiber or other medium

Layer 2 vs. Layer 3 Encryption 100% Layer 2 Throughput Layer 3 0% Big Packet Size Small Layer 2 encryption Hardware processing. Bump in the wire technology -> simple to implement, requiring little or no configuration and maintenance, with minimal network disruption. Operates at almost full wire speed. Adaptable to L2 network topology (point-tomultipoint, multi-mode links). Layer 3 (as data transport encryption) Software processing. Mode : Transport mode -> IP header not encrypted or Tunnel mode-> IP header encrypted. Troughput is protocol (IPv4 / IPv6)dependant.

Layer 2 Encryption Mac Head Secure Data CRC

Layer 2 Encryption - MacSec Data Integrity 6 6 8 or 16 n*16 8 to 16 4 DA SA SecTag Secure Data ICV CRC MAC Addresses MPDU 2 1 1 4 0 or 8 Ethertype TCI AN SL PN SCI (optional encoding) MSDU MAC Service Data Unit MPDU MACsec Protocol Data Unit ICV Integrity Check Value# MACsec Ethertype is 0x88E5 TCI TAG Control Information (6 bits) AN Association Number (2 bits) SL Short Length (6 bits) length of User Data if < 48 octets, 0 otherwise PN Packet Number replay protection and IV for encryption SCI Secure Channel Identifier identifies Secure Association (SA). In point-to-point links the SCI consists of the Source MAC Address and the Port Identifier 00-01 and thus the SCI doesn t have to be encoded.

Layer 2 Encryption Superiority Low latency the must have for voice, video and real time communication Data center inter-connectivity Preserve integrity of confidential data (financial trading, banking sector) Enormous improvement in transaction speed (financial trading) Safe guard HR data on corporate or governmental level Disaster recovery data replication Corner stone of reliable and secure voice and video transmission Efficient with data of varying origin Complex Network Topologies (multiple leased fiber, services)

Layer 2 Encryption - Application Unsecure Network Site 1 Site 2

Layer 2 Encryption - Application Encryption Decryption Unsecure Network Site 1 Site 2

Conclusion Great demand to encrypt data in optical transmission Higher layer encryption Suffers from higher overhead when used as line encryption (IPSec) Is protocol dependent Risk of software vulnerabilities (TLS) Layer 2 encryption benefits Simple plug-and-play Lowest latency Almost at wire seed Layer 2 encryption enables Secure transmission for real-time application

Thank you! sales@cubeoptics.com www.cubeoptics.com

Layer 3 Encryption - IP Sec Encryption 100% Throughput 50% Layer 3 Packet OH OH: Overhead 0% Big Packet Size Small Packet overheads depend on: Mode : Transport mode -> IP header not encrypted or Tunnel mode-> IP header encrypted IPv4 and IPv6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information