Académique Documents
Professionnel Documents
Culture Documents
The amount of sensitive data generated and streamed over the WAN by companies
has grown steadily over the years, making information privacy and security ever
more critical. Protecting data from theft requires a set of technologies to address
the security threats in a cost-effective and manageable manner. The implementation
of physical layer encryption with key management is the preferred approach to
protect against loss of confidentiality of in-flight data. Encryption at this layer
provides protocol independence and lower encryption latency than possible with
other technologies. The industry-leading Nokia 1830 Photonic Service Switch (PSS)
is a proven, cost-effective platform offering high-capacity optical DWDM
connectivity with low-latency encryption and optical intrusion detection thereby
improving the confidentiality and integrity of data and the availability of businesscritical applications.
Contents
Key strength
10
Key management
12
Conclusion
16
Acronyms
17
References
19
38.9%
Medical, healthcare
10.7%
Educational
5.3%
Banking, credit, nancial
9.9%
Government, military
Source: GO-Gulf, Cyber Crime Statistics and Trends [infographic], 17 May 2013
Encryption implementations
Server, backup, and in-flight encryption methods
Encryption can be implemented in three primary ways:
Encryption on a server
Encryption via tape backup
In-flight encryption.
Wasted bandwidth
Overhead
IPSec (Layer 3)
125 ms
>40%
76 bytes
MACsec (Layer 2)
6 ms
>25%
32 bytes
OTN (Layer 1)
<0.15 ms
0%
0 bytes
Layer 1 encryption
The encryption of in-flight data can be done on different layers of the OSI
protocol stack (see Table 1). The lower layers are preferred because they are
simpler to implement, have lower latency, and are more bandwidth efficient with
less encryption overhead. Encryption at the lowest possible layer safeguards
the information on the layers above as well. While current implementations
provide security at Layer 3 via IP Security (IPSec) and Layer 2 via Media Access
Control Security (MACsec), Layer 1 Optical Transport Network (OTN) encryption
assures that all traffic traversing the network is encrypted. This includes legacy
applications with no inherent encryption capability and very stringent latency
requirements. Thus, assuring regulatory requirements can be met even if the
legacy applications are not due to be retired for years from now.
As noted in a recent Heavy Reading report [2], Layer 1 encryption has
advantages over encryption at higher layers:
Expense The prevalent model of encrypting at the higher network layers is
costly in terms of the number of security appliances needed to protect each
sensitive stream, service protocol and client, whose costs quickly add up.
Providing Layer 1 encryption lowers the total cost of ownership by integrating
the encryption function in the transport system. And using bulk aggregate
rates (10G now, with 100G in the future) enables economies of scale needed
for transport services.
1830 PSS-8
1830 PSS-16
1830 PSS-32
Optical ber
interface
AES-256
FPGA
1830 PSS
EC
Optical ber
Key repository
SNMP
Management interface
NE-NMS
interface
AES-256
FPGA
Neighbouring
equipment
Encryption card
EC-uBCM
1830 PSS
EC
Encryption card
EC-uBCM
Key repository
SNMP
Management interface
NE-KMT
interface
NE-KMT
interface
Data interface
Optical ber
interface
NE-NMS
interface
KMT
NMS
signals over a single fiber strand and splitting the signal via two geographically
diverse paths. Each of the signals is monitored at the far end so that if there is
a loss of the working signal, a switch is made to the protection path in order to
ensure continuous service.
Secure management
Equipped with an encryption card, the Nokia 1830 PSS provides encrypted
interfaces for SNMPv3 management functions accessed via the physical
management interface. The access to management and encryption functions
is only possible after successful user authentication and authorization. Users
are identified, authenticated and authorized according to their assigned role.
An important part of the configuration is the transformation of the
system to FIPS Mode, which enables the secure management interfaces
(SNMPv3), authentication parameters and other security settings. The initial
configuration of the keys for the management interface is done offline using
pre-shared keys.
After the transformation to FIPS Mode, and in order to reduce the attack
surface of the target of evaluation (TOE), other management interfaces
available by default will be disabled. FIPS Mode also disables software debug
functions and several underlying services of the embedded operating system.
In-band management interfaces and DWDM control plane functions are
blocked as part of the TOE.
The TOE supports different user roles. Roles can be assigned to users
during system commissioning and are consistently applied for access via
the management interfaces.
E
E
TH OUT S
IC
ER
AC OTON
R
T PH
OF
Key strength
Well-balanced cryptographic solutions
In the same way the locks in a house are only as good as the weakest lock,
the security of a cryptographic solution is only as good as its weakest part.
Typically, a crypto designer wants to specify the security strength of all
the major components of a system and assures they are well balanced.
This means its important to match the key strength to the strength of the
encryption algorithm. Experts say that organizations should go with the
strongest cryptographic tools available because bad guys can more easily
crack encryption as computers become more powerful. Plus, these strong
tools allow organizations to use the crypto solutions for longer time, and
thereby get more from their investment.
Unbalanced crypto solutions marketed as AES-256 compliant may give
the illusion of having 256-bit security strength when in reality they are not
because they use weak keys. There is a traditional trade-off between the
strength of encryption and its impact on system performance that has led to
the practice of using the minimum strength necessary to affect performance
as little as possible. Asymmetric keys that provide 256-bit security strength
are computationally intensive and most processors would take too long to
produce asymmetric keys with the appropriate strength. As a result, many
vendors have chosen asymmetric keys (typically 112-bit) that are substantially
weaker than the 256-bit encryption algorithm. An RSA 2048-bit sounds like
a strong key, but it only provides 112-bit strength. The computational needs
for asymmetric RSA keys to match AES-128 strength is about the limit of
embedded CPUs. Elliptic Curve Diffie Hellman (ECDH), such as P-384, provides
192-bit security strength that is less processor intensive. Later in this paper
10
we will discuss P-384, which provides 0-bit security strength in a postquantum environment.
Key strength is also directly related to the quality of the random number
generator that is available. Third-party evaluation and certifications are
critical to validate that there are no known visible non-random qualities to the
random number generator used. Many crypto solutions are touted as being
designed to meet certain levels of encryption strength, but unless they are
certified to meet the cryptographic requirements by an independent third
party, the level of protection and quality of the solution is suspect. As noted
previously, the Nokia 1830 PSS has been certified to meet the CC EAL2+ and
FIPS 140-2 Level 2 with ongoing certifications in progress, including CC EAL3+
and ANSSI Qualification Standard.
Post-quantum cryptography
The need for stronger cryptography is driven by advances in both classical
and quantum computing technologies. Computers are getting so powerful
that they will eventually be able to break any encryption. This revelation
came in 1994 when Peter Shor of Bell Laboratories showed that quantum
computers, a new technology at the time that could leverage the physical
11
Key length
RSA-1024
1024 bit
80 bit
0 bit
RSA-2048
2048 bit
112 bit
0 bit
ECC-256
256 bit
128 bit
0 bit
ECC-384
384 bit
256 bit
0 bit
AES-128
128 bit
128 bit
64 bit
AES-256
256 bit
256 bit
128 bit
Key management
The two fundamental approaches to key management are centralized
and distributed. In a centralized key management approach, the keys are
computed off board in a single (central) physical location. In a distributed key
management approach, the keys are computed on every node and exchanged
in-band using asymmetric key exchange methods like Diffie-Hellman. Nokia
uses centralized key management because this approach provides a single
point of trust where the key management system assumes responsibility
for the entire life cycle.
12
13
14
Enterprise IT
Security operations
Network
management
LAN
Server farm/
NAS server
Key
management
Ethernet
LAN
Ethernet
7x50 SR
Storage array
FC/FICON
switch
HPC
Server farm/
NAS server
7x50 SR
Fibre
Channel
SAN
Cyber security
admin.
Fibre
Channel
1830
PSS
InniBand
Secure L1
connection
SAN
1830
PSS
Access server
InniBand
HPC
Mainframe
Mainframe
Data center A
Storage array
Data center X
The KMT enables enterprise and service providers to centralize security and
separates network management from security management tasks. This is
done with a proxy approach and two user classes: Administrator and User.
It is based on FIPS standard operating procedures and allows the functions
to be split so that Administrators set up the environment for users to
manage the keys and then Users manage security material. Automated
scheduled encryption key and Well Known Answer Test (WKAT) rotations allow
for enhanced security while decreasing operational expenditures. Where
encryption keys are often managed by separate CLI or craft interfaces, the
KMT consolidates key management and overall network security and gives the
operator the option to manually or automatically manage key encryption as
required to meet security policies.
The Nokia KMT provides the following benefits:
FIPS 140-2 operating architecture with configuration tasks separated from
security tasks
TLS or SSL encryption for user interactions, and all software modules
communications
Database storage of user and network element data
Fault management and display of real-time and historical alarms and
performance data
A real-time dashboard display of security-related alarms and performance
metrics
Network-level automated key management and rotation
Scheduled and on-demand circuit authentication, key rotation, and WKAT
15
Conclusion
The continued growth in business-critical data demand arising from corporate,
data center, and cloud applications that need to connect across facilities
has led to the need for increased optical transport network security against
external attack. The Nokia 1830 PSS has proven to be effective at offering
high-capacity optical DWDM connectivity with low latency encryption. The
1830 PSS portfolio addresses growing security challenges through optical
innovations that enable secure transport while ensuring confidentiality,
integrity and availability of in-flight data. These capabilities include controlled
access to key infrastructure, protection of optical data links via encryption of
in-flight data, the use of secured network management protocols protecting
management traffic, and intrusion prevention and detection capabilities
enabled via Nokia Wavelength Tracker technology. These, coupled with the
Nokia KMT supporting the management of keys (key generation, distribution,
expiration, rotation, and destruction) throughout the entire cryptographic life
cycle of each wavelength, deliver a comprehensive and secure solution for
the transport of business-critical data.
For additional information about secure data transport via the 1830 PSS
portfolio, please visit http://networks.nokia.com/portfolio/products/1830photonic-service-switch.
16
Acronyms
10GE
10 Gigabit Ethernet
AES
ANSSI
Common Criteria
DCI
DDR
DWDM
EAL3+
EC
Equipment Controller
ECDH
FC
Fibre Channel
FERPA
FPGA
FICON
Fibre Connection
FIPS
GLBA
HIPAA
IPSec
IP Security
KMT
MACsec
MPLS
NAS
NE
network element
NIST
NMS
NSA
OTN
OTU2
PCI DSS
PSS
QPEN
OTDR
RADIUS
17
RSA
SAN
SAS 70
SNMP
Sarbanes-Oxley Act
SSL
TOE
target of evaluation
TLS
uBCM
WKAT
18
References
1. GO-Gulf, Cyber Crime Statistics and Trends [infographic], 17 May 2013:
http://www.go-gulf.com/blog/cyber-crime/
2. Heavy Reading, December 2015, The Lower the Better: Encrypting the Optical Layer
3. National Institute of Standards and Technology. FIPS Publication 140-2: Security Requirements for
Cryptographic Modules. May 25, 2001. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
4. National Institute of Standards and Technology. FIPS Publication 197: Advanced Encryption Standard
(AES). November 26, 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
5. Nokia 1830 PSS: http://networks.nokia.com/portfolio/products/1830-photonic-service-switch
6. Nokia 1830 PSS Security Target: https://www.commoncriteriaportal.org/files/epfiles/1830-photonic-
vr70-sec-eng.pdf
7. Secure Solutions for Data Center Connect: http://resources.alcatel-lucent.
com/?cid=153738&REFFER=alu.prod.detail.en%20%7C%201830%20Photonic%20Service%20
Switch&REFERRER=alu.prod.detail.en%7C1830%20Photonic%20Service%20Switch
8. NIST Report of Post-Quantum Cryptography: http://csrc.nist.gov/publications/drafts/nistir-8105/
nistir_8105_draft.pdf
9. Information Security and Privacy Advisory Board (IPSAB): http://csrc.nist.gov/groups/SMA/ispab/
documents/minutes/2015-10/ispab_meeting_minutes_october-2015.pdf
10. Quantum Resistant Algorithms presentation: http://csrc.nist.gov/groups/SMA/ispab/documents/
minutes/2015-10/oct21_stanger_final_approved_nsa.pdf
11. CNSS Advisory Memorandum Information Assurance 02-15 July 2015: https://www.cnss.gov/CNSS/
issuances/Memoranda.cfm
Nokia is a registered trademark of Nokia Corporation. Other product and company names
mentioned herein may be trademarks or trade names of their respective owners.
Nokia Oyj
Karaportti 3
FI-02610 Espoo
Finland
Tel. +358 (0) 10 44 88 000
Product code: PR1606020893EN (June)
Nokia 2016
nokia.com