1 ETHERNET ENCRYPTION MODES TECHNICAL-PAPER
The CN series encryption platform is designed to secure information transmitted over a number of network protocols. The CN series encryptors secure Ethernet networks at data rates up to 10 Gigabits per second (Gbps). Senetas CN encryptors operate at the data link layer (Layer 2) and provide confidentiality by encrypting the payload of received network traffic whilst leaving the protocol header in the clear so that the frame is sent through the network as intended. Information is encrypted using the AES encryption algorithm with a key size of 256 bits. The AES algorithm operates in either cipher feedback (CFB) or counter (CTR) mode, depending on the interface and network speed. Senetas encryption is implemented in firmware using field programmable gate array (FPGA) technology. Senetas uses FPGA technology to enable maximum customisation flexibility to best meet customers network operations needs. The Senetas CN series is developed and manufactured in Australia by Senetas Corporation. It is a mature product that is widely used in government and commercial networks around the world including the US Defence Department. The CN series has achieved accreditations for Common Criteria EAL4+ accreditation, FIPS140-2 level 3 and CAPS baseline certification. ETHERNET ENCRYPTION The Senetas CN series supports Ethernet encryption at speeds from 10Mbps to 10Gbps, with near-zero latency (approx 5µs at 10Gbps) due to the use of a cut-through frame processing architecture and FPGA based hardware implementation. The platform is suitable for use in point-topoint, hub and spoke and fully meshed topologies. The encryptor can encrypt unicast, multicast and broadcast frames and supports over five hundred simultaneous encrypted connections to other devices. Confidentiality of the Ethernet frame is provided by encrypting the payload using the AES algorithm with 256-bit keys in either CFB or CTR mode. The Ethernet frame header is unchanged, which enables switching of the frame through an Ethernet network, MPLS and VLAN header fields can be by-passed or encrypted as required to suit the network. Public key cryptography and X.509 certificates are used to provide a fully automated key management system with fast connection establishment and regular key changes. Flexible policy options allow for any combination of encrypted or unencrypted virtual circuits to be configured up to a maximum of 512 active connections. Each encrypted connection uses unique encryption keys. 1
ENCRYPTION MODES The Senetas CN series Ethernet encryptors operate in one of several modes the choice of mode depends on the network topology and the required functionality. In all modes secure authenticated connections are automatically established across the network between devices, thus minimising user configuration requirements. After connections have been established keys are updated automatically at a configurable rate between one and sixty minutes. Line mode Line mode is used to encrypt traffic between a pair of devices across a point-to-point connection on either a dark fibre or service provider Layer 2 link. In line mode traffic is encrypted independently of the frame s MAC address or VLAN ID. Additional policy control allows traffic to be selectively encrypted, by-passed or discarded according to the frame s Ethertype protocol and address type (ie unicast, multicast, or broadcast). Line mode is the most optimum mode to use when: > > Securing a point-to-point connection between two locations across dark fibre Multipoint MAC mode MAC mode is used to encrypt traffic among two or more devices connected in either a mesh or hub and spoke topology. In MAC mode an encryptor can support up to 512 (model dependent) concurrent encrypted connections. The remote unicast MAC address in each received frame is parsed to determine the connection (and hence the encryption key) to be used. Selective encryption policy can also be applied per Ethertype and address type, as in line mode of operation. MAC mode provides automatic discovery of and cryptographic separation of connections. MAC mode is the most appropriate mode to use when: > > Multipoint operation is required and multiple VLANs are not in use on the network 2
Multipoint VLAN mode VLAN mode is also used to encrypt traffic among two or more devices connected in either a mesh or hub and spoke topology. The principal difference between MAC mode and VLAN mode is that in VLAN mode, the encryption policy is tied to the VLAN IDs being used on the network NOT the MAC addresses of end points. For each VLAN in use, a group encryption key is created and shared between all encryptors passing traffic on that VLAN. The group key scheme allows: > > Automatic discovery of VLAN group membership > > Secure distribution of keys to all members of the group > > New members to securely join or leave the group at any time > > Fault tolerance to network outages and topology changes Additionally, each VLAN connection can be associated with a separate X.509 certificate that is used for authenticating traffic on that connection. This feature can be used to provide separate trust domains in the network (e.g. if traffic on each VLAN comes from different customers) by associating each virtual LAN connection with a different certificate authority. VLAN mode is the most appropriate mode to use when: > > Multiple VLANs are in use > > Multicast as well as unicast traffic is present > > Cryptographic separation between VLANs is required > > The network is observing QOS markings or reordering frames between encryptors In VLAN mode IDs are learnt by the encryptor and connections automatically established on demand for each virtual LAN. A separate group encryption key is used for each ID and allows unicast, multicast and broadcast traffic to be secured on the connection. To support Q in Q (or stacked) topologies it is possible to define connections based on inner and/or outer VLAN identifiers. Selective encryption policy can also be applied per Ethertype and address type as in line and MAC modes of operation. 3
The following scenarios are supported in VLAN mode: STANDARD VLAN VLAN 100 and VLAN 200 are secured using different group keys. ASYMMETRIC VLANS VLAN tag 100 is only visible at site A and B. Site C only observes untagged traffic. A connection is established between all three sites regardless of VLAN tag visibility. 4
UNTAGGED AND TAGGED VLANS VLAN 100 is encrypted at all sites. Untagged traffic is encrypted at all sites on a separate key to VLAN 100. ASYMMETRIC STACKED VLANS Sites A and B observe VLAN 100. Site C observes VLAN 1100 and VLAN 100 stacked tags. 5
VLAN MAPPING In this scenario VLAN 100 at site A is mapped by the network to VLAN 200 at site B. In this scenario VLAN 100 at site A is mapped by the network to VLAN 300 at site C. In this scenario VLAN 200 at site A is mapped by the network to VLAN 300 at site B. In this scenario VLAN 200 at site A is mapped by the network to VLAN 100 at site C. VLAN 100 is encrypted at all sites. Untagged traffic is encrypted at all sites on a separate key to VLAN 100. Copyright Senetas Corporation 2013 All rights reserved. Permission to reproduce and distribute this document is granted provided this copyright notice is included and that no modifications are made to the original. Revisions to this document may be issued, without notice, from time to time. Rev. 01 6