Secure optical transport

with the 1830 Photonic

Service Switch
Providing simple, secure transport in
support of business-critical applications
Technology White Paper

The amount of sensitive data generated and streamed over the WAN by companies
has grown steadily over the years, making information privacy and security ever
more critical. Protecting data from theft requires a set of technologies to address
the security threats in a cost-effective and manageable manner. The implementation
of physical layer encryption with key management is the preferred approach to
protect against loss of confidentiality of in-flight data. Encryption at this layer
provides protocol independence and lower encryption latency than possible with
other technologies. The industry-leading Nokia 1830 Photonic Service Switch (PSS)
is a proven, cost-effective platform offering high-capacity optical DWDM
connectivity with low-latency encryption and optical intrusion detection thereby
improving the confidentiality and integrity of data and the availability of businesscritical applications.

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

Contents

The rising need for security in optical transport networks

Secure transport with the Nokia 1830 PSS

Key strength

10

Key management

12

Conclusion

16

Acronyms

17

References

19

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

The rising need for security

in optical transport networks
The amount of sensitive data generated by companies has grown steadily
over the years, making information privacy and security ever more critical.
This business-critical information, traditionally stored and processed locally,
is now being transported over shared network resources across the WAN. We
are seeing rapid growth in the need for high-capacity data transport for data
center interconnect (DCI), business continuity, high-performance computing
and business-critical applications. This has led to an increased use of virtual
and cloud networks and at the same time has created new vulnerabilities
from external attacks. It is now estimated that the annual cost of cybercrime
is US$100 billion, with data breaches varying by industry as shown in Figure 1.
Figure 1. Data breaches by industry
35.1%
Business

38.9%
Medical, healthcare

10.7%
Educational

5.3%
Banking, credit, nancial

9.9%
Government, military

Source: GO-Gulf, Cyber Crime Statistics and Trends [infographic], 17 May 2013

Todays enterprises must comply with a growing number of security mandates

that regulate the management and protection of sensitive data against
disclosure, theft and misuse. These security standards include PCI DSS, SOX,
HIPAA, GLBA, FERPA, SAS 70, and state privacy laws among others, which
introduce penalties for data leaks. Thus security initiatives must address
the protection of sensitive data being streamed over the WAN.

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

Data protection against threats

Protecting data from theft requires a set of technologies to address the
security threats in a cost-effective and manageable manner.
Controlled access
Physical protection is a straightforward approach to protecting sensitive data.
Though simple from a technology perspective, physical protection can be
difficult to implement. Infrastructure system security, managed user access
and privileged-user access controls are required to help prevent misuse of
information by legitimate network users, as well as external hackers. Network
administrators must deploy network equipment from vendors that facilitate
the implementation and management of such security practices.
Intrusion prevention and detection
Optical fiber was once considered more secure than other transport media
because of the inherent difficulty of tapping into glass media and reading light
signals. However, new technologies have proven that data hacking of fiber
can be done relatively easily using simple tools. These tools are able to tap
into the optical fiber and capture leaking light without interfering with passing
network traffic. This kind of attack is very challenging to discover and can be
performed by anyone with physical access to fiber. This has increased the
need for transport security measures over fiber networks. Simply owning
the fiber resources is not enough to guarantee security.
Embedded security monitoring technology must be deployed in network
devices to expose intrusions through detection of unexplained power
degradation. Optical intrusion detection mechanisms are effective for
detecting intrusion on fiber-optic cables and immediately alerting the
security administrator of potential security breaches.
While controlling access to physical assets and using optical intrusion
detection can help protect against unwanted data interception, they may
not prevent all such attempts and must be augmented with encryption
protection. Encryption transforms data into unreadable cryptographic text,
so stolen data is rendered useless to an intruder. Though none of the three
techniques alone, including encryption, is sufficient, encryption in now viewed
as necessary by an increasing share of applications. Encryption is no longer an
exotic mechanism whose use is limited to secret organizations or the military.
It is now a common tool used for security in normal business workflows within
banks, utilities, financial institutions, transportation, government agencies,
as well as other organizations requiring secure data transfer across sites.

Encryption implementations
Server, backup, and in-flight encryption methods
Encryption can be implemented in three primary ways:
Encryption on a server
Encryption via tape backup
In-flight encryption.

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

While encryption of data on a server is easy to implement, it imposes a heavy

computing power requirement on the server performing the encryption. And
this approach is difficult to manage as it lacks the possibility of centralized
management since every server is managed individually.
Likewise, implementing encryption via a local tape backup is relatively easy to
implement. However, here too, additional processing power would be required
on the backup server that now also has to perform the encryption, taking
valuable CPU processing power from other tasks. And this method also does not
protect the data traversing the WAN because the encryption is processed locally.
Encryption of in-flight data is the most effective method of mitigating
security breaches. Like the other methods, it is relatively simple to implement.
However, unlike the other methods, it protects the data traversing the WAN
by implementing encryption on the fly. This is done via dedicated transport
equipment performing encryption at wire speed between the remote sites,
which means that the servers are not taxed in terms of processing power and
bottlenecks are reduced. It is also the only method supporting centralized
management; essential in controlling management complexity.
Table 1. Encryption scorecard by layer (for small packet size)
Latency

Wasted bandwidth

Overhead

IPSec (Layer 3)

125 ms

>40%

76 bytes

MACsec (Layer 2)

6 ms

>25%

32 bytes

OTN (Layer 1)

<0.15 ms

0%

0 bytes

Layer 1 encryption
The encryption of in-flight data can be done on different layers of the OSI
protocol stack (see Table 1). The lower layers are preferred because they are
simpler to implement, have lower latency, and are more bandwidth efficient with
less encryption overhead. Encryption at the lowest possible layer safeguards
the information on the layers above as well. While current implementations
provide security at Layer 3 via IP Security (IPSec) and Layer 2 via Media Access
Control Security (MACsec), Layer 1 Optical Transport Network (OTN) encryption
assures that all traffic traversing the network is encrypted. This includes legacy
applications with no inherent encryption capability and very stringent latency
requirements. Thus, assuring regulatory requirements can be met even if the
legacy applications are not due to be retired for years from now.
As noted in a recent Heavy Reading report [2], Layer 1 encryption has
advantages over encryption at higher layers:
Expense The prevalent model of encrypting at the higher network layers is
costly in terms of the number of security appliances needed to protect each
sensitive stream, service protocol and client, whose costs quickly add up.
Providing Layer 1 encryption lowers the total cost of ownership by integrating
the encryption function in the transport system. And using bulk aggregate
rates (10G now, with 100G in the future) enables economies of scale needed
for transport services.

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

 Bandwidth Encryption at Layer 3 can negatively affect the overall available

throughput because encrypting adds more bits to the service payload. As an
example, IPSec can add over 60 percent more data to the information flow,
which places a burden on the network and compute resources. With Layer 1
encryption, there is no wasted bandwidth to accommodate traditional packet
security protocols such as MACsec or IPSec.
Low latency Encryption at higher layers can have adverse effects on latency.
But Layer 1 encryption adds almost no additional latency (less than 150
nanoseconds) because it does not suffer from the latency penalties that
higher-layer encryption technologies incur, which add significant overhead
and multiply the latency of the data stream. Thus Layer 1 encryption provides
the lowest possible latency at bulk rates, making it very suitable for lowlatency, business-critical applications.
Transparency Layer 1 provides protocol-independent encryption that is
fully capable of supporting various types of clients usually being transported
(Ethernet, Fibre Channel, InfiniBand, OTN, SONET/SDH). Encrypting each
client separately is awkward and costly as each service type requires its own
encryption appliance.
Management complexity Key management, exchange, and authentication
can be cumbersome and labor-intensive when there are many separate
encryption devices and encryption streams to manage. Encryption at
Layer 1 provides operation simplification as there is only one encrypted
circuit to manage as opposed to many IPSec tunnels. Centrally managed
key management tools are critical to achieve reduction of management
complexity.
Multi-layer encryption can be used as part of a defense-in-depth strategy
where Layer 1 encryption is used to complement encryption at the higher
layers. Having security at multiple levels is good security practice and is
especially important for entities whose encryption solutions are based
on keys that are no longer considered strong enough because they can
be compromised by higher performance classical or quantum computers.
These entities can augment their Layer 2 and Layer 3 encryption with
Layer 1 encryption to protect against these attacks.

Secure transport with the Nokia 1830 PSS

The Nokia 1830 Photonic Services Switch (PSS) is a scalable optical platform
that supports aggregation for Ethernet, Fibre Channel (FC) and other
protocols. The 1830 PSS provided the first commercially available support
for 100G next-generation coherent technology building on the Zero-Touch
Photonics approach, which enables easier operations for reduced costs and
accelerated provisioning of wavelength services. In contrast to traditional
DWDM technologies, Zero-Touch Photonics eliminates the need for frequent
on-site interventions and provides a network that is more flexible to design and
install, and easier to operate, manage, and monitor. Wavelength services can be
deployed faster and reconfigured according to more dynamic traffic demands.
These are important capabilities for business-critical network environments.

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

As networks continue to evolve, high-speed optical interconnection

technology will be essential, not only for data mirroring but also for other
types of business-critical applications. Complex topologies with bandwidth
allocation on demand will be needed for scenarios requiring the transparent
and hitless migration of large virtual machines and provisioning of cloud
services over geographically distributed storage points or hosts. And high
performance and security must be maintained across facilities. Therefore,
agile optical networks will be needed.
To help ensure security is maintained across sites, the 1830 PSS can function
in secure mode, which provides a hardened device configuration with the
following configuration settings:
Only the essential logical and physical ports needed to manage
the system are open.
Software debug functions are disabled.
Services of the embedded operating system are disabled,
as well as any interactive operating system access.
Only secure network element management protocols, such as
Secure Sockets Layer (SSL) and Simple Network Management Protocol,
version 3 (SNMPv3), are supported.

User authentication and authorization

Role-Based Access Control authorization mechanisms provide a
FIPS-compliant separation of duties for both element management and
the encryption services. With a standard RADIUS interface, the Nokia 1830
PSS can support third-party integration of corporate identity management
systems and multifactor authentication systems, providing for centralized
authentication and authorization profiles. The cryptographic functions
implemented by the encryption card and SNMPv3 are certified to satisfy
the FIPS 140-2 level 2 requirements. The 1830 PSS also supports Common
Criteria Evaluation Assurance Level 2+ (EAL2+), also known as ISO 15408,
which defines procedures and technical aspects to be respected during the
product life cycle. EAL2+ provides documentation processes, methodologies
for secured software development and product validation.
Validation for support of Common Criteria EAL3+/QS and ANSSI Qualification
Standard is also in progress. The increasing assurance levels reflect added
assurance requirements that must be met to achieve Common Criteria
certification. The intent of the higher level is to provide higher confidence
that the systems principal security features are reliably implemented.

Maintaining data confidentiality with Layer 1 encryption

Data confidentiality is a key security requirement for network operators, in
particular for entities operating under certain legal frameworks and in specific
business sectors. It is difficult to guarantee confidentiality for a leased fiber
traversing the many kilometers between secured data center facilities or over
a shared network. Layer 1 encryption provides end-to-end protection against
loss of confidentiality along the fiber. Encryption at this layer also provides
independence in the selection of protocols or applications used at higher layers,
as well as lower encryption latency than possible with other technologies.
7

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

As illustrated in Figure 2, the 1830 PSS product family supports

Layer1 encryption and SNMPv3. It does this via a 10G, quad-port,
any-rate transponder, having four optical fiber interfaces. This
transponder supports four independent multi-rate 10G channels,
with per-port encryption provided via software license. A 10G
pluggable line port of the encryption card supports up to 88 channels
when configured with a tunable XFP. It provides Advanced Encryption
Standard (AES) 256 encryption for up to four separate 8G/10G signals,
and adds this functionality in the same footprint used for optical
transponder functions without reducing shelf or system capacity.
The module also supports diverse types of data interfaces including
8G/10G Fibre Channel, 10 Gigabit Ethernet (10GE) interface, Optical
Transport Unit 2 (OTU2), and 5G DDR InfiniBand. The solution also
provides intrusion prevention and detection to guard against an
intruder tapping power from an optical fiber. A hacker who may gain
physical access to a fiber could bend it so that some light leaks out
of the fiber. The intruder could then use a commercial photo detector
to attempt to recover the data carried in the optical signal.
For complex security scenarios demanded by government
organizations, healthcare and financial institutions, the 1830 PSS
also allows secure interworking with off-the-shelf key management
systems that cover the life cycle of cryptographic services in the
network, namely the key generation, distribution, activation, rotation
and destruction. It also interfaces with the Nokia Key Management
Tool (KMT), as shown in Figure 3.

Figure 2. Layer 1 encryption

on 1830 PSS portfolio
1830 PSS-4

1830 PSS-8

1830 PSS-16

1830 PSS-32

Figure 3. 1830 PSS interfaces

Data interface

Optical ber
interface
AES-256
FPGA

1830 PSS
EC

Encrypted OTU2 link

Optical ber

Key repository
SNMP

Management interface
NE-NMS
interface

AES-256
FPGA
Neighbouring
equipment

Encryption card

EC-uBCM

1830 PSS
EC

Encryption card

EC-uBCM

Key repository
SNMP

Management interface
NE-KMT
interface

NE-KMT
interface

Data interface

Optical ber
interface

NE-NMS
interface

KMT
NMS

Optical protection switching

The Nokia 1830 PSS equipped with an encryption card provides
certified cryptographic algorithms at Layer 1 optical line-rate speeds
with little additional latency and jitter. This design secures data at the
rates required for handling the typical traffic volumes by data center
applications. The 1830 PSS also allows the aggregation of client

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

signals over a single fiber strand and splitting the signal via two geographically
diverse paths. Each of the signals is monitored at the far end so that if there is
a loss of the working signal, a switch is made to the protection path in order to
ensure continuous service.

Secure management
Equipped with an encryption card, the Nokia 1830 PSS provides encrypted
interfaces for SNMPv3 management functions accessed via the physical
management interface. The access to management and encryption functions
is only possible after successful user authentication and authorization. Users
are identified, authenticated and authorized according to their assigned role.
An important part of the configuration is the transformation of the
system to FIPS Mode, which enables the secure management interfaces
(SNMPv3), authentication parameters and other security settings. The initial
configuration of the keys for the management interface is done offline using
pre-shared keys.
After the transformation to FIPS Mode, and in order to reduce the attack
surface of the target of evaluation (TOE), other management interfaces
available by default will be disabled. FIPS Mode also disables software debug
functions and several underlying services of the embedded operating system.
In-band management interfaces and DWDM control plane functions are
blocked as part of the TOE.
The TOE supports different user roles. Roles can be assigned to users
during system commissioning and are consistently applied for access via
the management interfaces.

Optical intrusion detection

The Nokia Wavelength Tracker is a unique technology that measures power
levels and reads identifiers for all wavelengths travelling through an 1830 PSS
network at multiple measurement points (see Figure 4). The main application
of Wavelength Tracker is the automation of network/service commissioning
and supervision.
The number of measurement points form the basis for automatic optical
network intrusion detection. When the power level between two measurement
points is abnormally attenuated, an alarm is raised to warn operators of the
risk of potential intrusion.
Without this kind of detection functionality, optical intrusion (typically
accounting for a couple of dBs of attenuation) might go unnoticed by
operators and/or users, since the network and the services might continue
to function without any quality issues.
The 1830 PSS also supports an optical time-domain reflectometer (OTDR)
capability that characterizes the optical fiber by injecting a series of optical
pulses into the fiber and using the reflections back from points along the fiber.
The scattered or reflected light that is gathered back is used to characterize
the optical fiber, similar to the manner in which radar works. This forms a
sort of fingerprint of the fiber, which can be checked from time to time for

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

variations to identify fiber cuts, taps or tampering and to precisely identify

locations based on the time delay of the reflections. OTDR forms intelligent
physical layer security when combined with optical intrusion detection and
monitoring software.
Figure 4. Wavelength Tracker

Wavelength Tracker uniquely oers:

Optical intrusion detection
Remote and automatic power control

E
E
TH OUT S
IC
ER
AC OTON
R
T PH
OF

High reliability and resilience via proactive

and faster misconnection and fault isolation.

Key strength
Well-balanced cryptographic solutions
In the same way the locks in a house are only as good as the weakest lock,
the security of a cryptographic solution is only as good as its weakest part.
Typically, a crypto designer wants to specify the security strength of all
the major components of a system and assures they are well balanced.
This means its important to match the key strength to the strength of the
encryption algorithm. Experts say that organizations should go with the
strongest cryptographic tools available because bad guys can more easily
crack encryption as computers become more powerful. Plus, these strong
tools allow organizations to use the crypto solutions for longer time, and
thereby get more from their investment.
Unbalanced crypto solutions marketed as AES-256 compliant may give
the illusion of having 256-bit security strength when in reality they are not
because they use weak keys. There is a traditional trade-off between the
strength of encryption and its impact on system performance that has led to
the practice of using the minimum strength necessary to affect performance
as little as possible. Asymmetric keys that provide 256-bit security strength
are computationally intensive and most processors would take too long to
produce asymmetric keys with the appropriate strength. As a result, many
vendors have chosen asymmetric keys (typically 112-bit) that are substantially
weaker than the 256-bit encryption algorithm. An RSA 2048-bit sounds like
a strong key, but it only provides 112-bit strength. The computational needs
for asymmetric RSA keys to match AES-128 strength is about the limit of
embedded CPUs. Elliptic Curve Diffie Hellman (ECDH), such as P-384, provides
192-bit security strength that is less processor intensive. Later in this paper

10

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

we will discuss P-384, which provides 0-bit security strength in a postquantum environment.
Key strength is also directly related to the quality of the random number
generator that is available. Third-party evaluation and certifications are
critical to validate that there are no known visible non-random qualities to the
random number generator used. Many crypto solutions are touted as being
designed to meet certain levels of encryption strength, but unless they are
certified to meet the cryptographic requirements by an independent third
party, the level of protection and quality of the solution is suspect. As noted
previously, the Nokia 1830 PSS has been certified to meet the CC EAL2+ and
FIPS 140-2 Level 2 with ongoing certifications in progress, including CC EAL3+
and ANSSI Qualification Standard.

Symmetrical and asymmetrical keys

Symmetric encryption uses a single secret key that is shared across the
systems that needs to communicate, while asymmetric encryption uses a
pair of public keys and a private key to encrypt and decrypt messages when
communicating. The distribution of the private keys among the strangers
trying to communicate relies on a central certification authority to keep track
of the identity of the parties involved. Asymmetric encryption was introduced
to address the inherent problem sharing the secret key over unsecured public
links. However, asymmetric encryption usually takes relatively more time
and as such, most systems use a hybrid of these two encryption methods.
Here the secret key used in the symmetric encryption is encrypted using
asymmetric encryption that is to be sent over an insecure public channel,
while the rest of the data is encrypted using symmetric encryption and sent
over the insecure public channel. When the receiver gets the asymmetrically
encrypted key, the private key is used to decrypt it and once the secret key
is known, the symmetrically encrypted message can be easily decrypted.
In an OTN wavelength service business, communications are not among
strangers but rather between well-known network elements within a private
managed communications structure that likely already includes at least
some level of symmetric keys to manage SNMP links for other management
reporting needs. Currently, there is no need to set up an encrypted
wavelength service between network elements that are not managed by
the same service provider. Therefore, as of now, all application needs of
OTN wavelength service are supported by the services offered by centrally
administered symmetric key distribution. The Nokia solution delivers a strong
centralized key management system that ensures key quality for the future.

Post-quantum cryptography
The need for stronger cryptography is driven by advances in both classical
and quantum computing technologies. Computers are getting so powerful
that they will eventually be able to break any encryption. This revelation
came in 1994 when Peter Shor of Bell Laboratories showed that quantum
computers, a new technology at the time that could leverage the physical

11

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

properties of matter and energy to perform calculations, could efficiently

solve cryptographic problems. It is estimated that quantum computers may
become available in the 2030 timeframe.
Table 2. Comparison of conventional and quantum security levels of some
popular ciphers
Algorithm

Key length

Effective key strength/Security level

Conventional computing Quantum computing

RSA-1024

1024 bit

80 bit

0 bit

RSA-2048

2048 bit

112 bit

0 bit

ECC-256

256 bit

128 bit

0 bit

ECC-384

384 bit

256 bit

0 bit

AES-128

128 bit

128 bit

64 bit

AES-256

256 bit

256 bit

128 bit

To maintain security from classical attacks, NIST has already recommended

transitions from key sizes and algorithms that provide 80-bit security to key
sizes that provide 112-bit or 128-bit security (SP 800-131A). In 2015, to
provide security against quantum attacks, the National Security Agency (NSA)
announced changes to their Suite B of public cryptographic standards that
may be used to protect national security systems (NSS). NSA recommends
that 112-bit security strength is no longer sufficient for classified information
(CNSS Advisory Memorandum Information Assurance 02-15, July 2015). They
also indicated that none of the current asymmetric key algorithms that are
already certified provide protection from quantum attacks. However, if an
asymmetric key is needed ECDH with at least 192-bit strength could be used
for classified information. NIST indicates that symmetric keys at the AES-256
level are a sound method to address concerns for quantum attacks because
they provide some resistance to these attacks and can retain at least 128bit security strength as shown in Table 2. The Nokia 1830 PSS solution can
produce these high quality keys at the AES-256 level and can be refreshed
every hour to safeguard against a quantum computer attack that would take
a million years to brute force the key.

Key management
The two fundamental approaches to key management are centralized
and distributed. In a centralized key management approach, the keys are
computed off board in a single (central) physical location. In a distributed key
management approach, the keys are computed on every node and exchanged
in-band using asymmetric key exchange methods like Diffie-Hellman. Nokia
uses centralized key management because this approach provides a single
point of trust where the key management system assumes responsibility
for the entire life cycle.

12

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

Centralized vs. distributed key management

When implementing a public key infrastructure scheme, organizations must
choose either a centralized key management mechanism, in which a central
authority manages keys, or a decentralized model, in which each individual
user manages their own key pair.
The decentralized model does not scale well at the enterprise level: the
more users, the more individual sources of keys (and points of potential
vulnerability). And because of high-overhead, functions like key distribution
are difficult. Private key compromise can take place more quickly since,
without a central authority to verify user identity, organizations have to
investigate each provider of a public key to determine legitimacy.
The distributed key management approach where asymmetric keys are
used is computationally intensive and impacts every node, burdening the
enterprise infrastructure. That is, an asymmetric key is used to compute the
key used for data encryption negotiation (also called first phase), implying the
exchange of public keys. Thus the data encryption key is computed on the fly
upon reception of the public key. Using Diffie-Hellman each time a new key
is required on both targets heavily taxes the target CPU. Thus Diffie-Hellman
(or ECDH) requires significant processing power, as both cards, in addition to
encrypt/decypher data, must continually generate data encryption keys.
Another issue with distributed key management is that end customers need
to trust service providers with their encryption keys. Anyone willing to put
encryption on wavelengths likely has a concern that fiber tapping is possible
by very sophisticated entities (Edward Snowden effect). To use distributed key
management techniques, customers must trust that these ground floor keys
embedded in the equipment have been kept safe from these sophisticated
entities.
Distributed key management also adds complexity in the management of
keys. In this configuration, every node in the system generates, revokes and
computes data encryption keys based on their policies. Thus it is difficult to
secure a distributed key management and the compromise of one node can
lead to disaster. In addition, since encryption in a distributed approach is done
at the card level, with line cards often residing in multi-tenant rooms, attaining
physical security is difficult and it is almost impossible to prevent a hacker
from having access to the node key generator.
Because of these issues, Nokia uses centralized versus distributed key
management. The main advantage of centralized key management is
the single point of trust where the key management system assumes
responsibility for the entire life cycle and literally becomes the key authority.
Keys and their associated policies are centrally generated and stored. Keys are
distributed to suitably authenticated and authorized applications or endpoints
on request where keys are ephemeral. The main advantages of a centralized
key management approach are:

13

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

 Single point of trust (single point to protect) Key generation is enabled

from a single point of trust, helping the system operator to administer from
a single repository instead of from geographically distributed end points.
Single point key revocation The KMT provides a system-wide, multitenant, single access point to force synchronized key rotation.
Clear separation of tasks A clear separation of duties exists in critical
applications, ensuring that no single administrator or privileged user can
weaken the system security or integrity of keys.
Unified key management, encryption policies and system-wide
key revocation Agile operation is permitted as part of system key
administration.
Consolidated audit information A system-wide, single point is provided
to extract and consolidate audit logs across different endpoints.
Low-cost automation The scripting and automation of the centralized key
management process is enabled to scale the system and reduce OPEX in
managing multiple scripts on multiple nodes.
Simpler controlled access Security is improved because key management
is done centrally, making it easier to physically secure the key management
infrastructure.

Nokia Key Management Tool

For complex security scenarios, such as those within large enterprise and
service provider environments, Nokia offers centralized key management
on the links supported by the 1830 PSS (see Figure 5). The Nokia Key
Management Tool (KMT) is a secure, scalable application that supports
management of the cryptographic life cycle of each encrypted wavelength
service the keys generated to perform the encryption as well as the
management of encryption key expiration, rotation and destruction, all of
which are vital operations required to support encrypted business-critical
communications.
The Nokia KMT enables enterprise IT organizations or service providers to offer
managed infrastructure services to their customers and stakeholders while
allowing them to keep full ownership and control of their own cryptographic
keys and encryption parameters. The KMT is necessary to support scenarios
where unique encryption keys must be used between each sender and receiver
pair, and these keys are frequently rotated as part of encryption security best
practices. It is a scalable solution for managing keys from simple to complex
deployments of encryption of connections between data centers.
Elements of the Nokia KMT include:
A stand-alone software tool that is independent of the management
system
Configuration of symmetric keys
Separation of network administrator and cryptographic office roles
Rotation of the keys

14

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

 Graphical display of security alarms

Network-wide view for encryption management.
Figure 5. Network and key management
IT operations

Enterprise IT

Security operations

Network
management

LAN
Server farm/
NAS server

Key
management

Ethernet

LAN

Ethernet

7x50 SR

Storage array

FC/FICON
switch
HPC

Server farm/
NAS server

7x50 SR
Fibre
Channel

SAN

Cyber security
admin.

Fibre
Channel
1830
PSS
InniBand

Secure L1
connection

SAN

1830
PSS

Access server

InniBand

HPC
Mainframe

Mainframe
Data center A

Storage array

Data center X

The KMT enables enterprise and service providers to centralize security and
separates network management from security management tasks. This is
done with a proxy approach and two user classes: Administrator and User.
It is based on FIPS standard operating procedures and allows the functions
to be split so that Administrators set up the environment for users to
manage the keys and then Users manage security material. Automated
scheduled encryption key and Well Known Answer Test (WKAT) rotations allow
for enhanced security while decreasing operational expenditures. Where
encryption keys are often managed by separate CLI or craft interfaces, the
KMT consolidates key management and overall network security and gives the
operator the option to manually or automatically manage key encryption as
required to meet security policies.
The Nokia KMT provides the following benefits:
FIPS 140-2 operating architecture with configuration tasks separated from
security tasks
TLS or SSL encryption for user interactions, and all software modules
communications
Database storage of user and network element data
Fault management and display of real-time and historical alarms and
performance data
A real-time dashboard display of security-related alarms and performance
metrics
Network-level automated key management and rotation
Scheduled and on-demand circuit authentication, key rotation, and WKAT

15

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

 Internal communications, passwords, encryption keys and authentication

material secured by AES-256
Centralized deployment architecture over public or private networks,
supporting network address translation and firewall deployments.
To enhance the security profile, the KMT can operate without the need
for internet access. And it supports a FIPS mode option to strengthen the
operations security links to match the encryption security capability of the
AES-256 transmission links on the 1830 PSS. In addition, the KMT can discover
and recognize 100G cards when used with the Nokia 11QPEN4 Encryption
Transponder in cascaded configuration for alarm processing, circuit builder
support, and display in User and Administrator mode.

Conclusion
The continued growth in business-critical data demand arising from corporate,
data center, and cloud applications that need to connect across facilities
has led to the need for increased optical transport network security against
external attack. The Nokia 1830 PSS has proven to be effective at offering
high-capacity optical DWDM connectivity with low latency encryption. The
1830 PSS portfolio addresses growing security challenges through optical
innovations that enable secure transport while ensuring confidentiality,
integrity and availability of in-flight data. These capabilities include controlled
access to key infrastructure, protection of optical data links via encryption of
in-flight data, the use of secured network management protocols protecting
management traffic, and intrusion prevention and detection capabilities
enabled via Nokia Wavelength Tracker technology. These, coupled with the
Nokia KMT supporting the management of keys (key generation, distribution,
expiration, rotation, and destruction) throughout the entire cryptographic life
cycle of each wavelength, deliver a comprehensive and secure solution for
the transport of business-critical data.
For additional information about secure data transport via the 1830 PSS
portfolio, please visit http://networks.nokia.com/portfolio/products/1830photonic-service-switch.

16

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

Acronyms
10GE

10 Gigabit Ethernet

AES

Advanced Encryption Standard

ANSSI

Agence nationale de la scurit des systmes dinformation

ANSSI QS Qualification Standard skill level by ANSSI

CC

Common Criteria

DCI

Data Center Interconnect

DDR

Double Data Rate

DWDM

dense wavelength division multiplexing

EAL3+

Evaluation Assurance Level 3+

EC

Equipment Controller

ECDH

Elliptic Curve DiffieHellman

FC

Fibre Channel

FERPA

Family Educational Rights and Privacy Act

FPGA

Field Programmable Gate Array

FICON

Fibre Connection

FIPS

Federal Information Processing Standard

GLBA

Gramm-Leach Bliley Act

HIPAA

Health Insurance Portability & Accountability Act

IPSec

IP Security

KMT

Key Management Tool

MACsec

Media Access Control Security

MPLS

Multiprotocol Label Switching

NAS

network attached storage

NE

network element

NIST

National Institute of Standards and Technology

NMS

network management system

NSA

National Security Agency

OTN

Optical Transport Network

OTU2

Optical Transport Unit 2

PCI DSS

Payment Card Industry Data Security Standard

PSS

Photonic Service Switch

QPEN

Quad Port Encryption Transponder

OTDR

optical time-domain reflectometer

RADIUS

Remote Authentication Dial-In User Service

17

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

RSA

Rivest, Shamir, and Adleman

SAN

storage area network

SAS 70

Statement on Auditing Standards No. 70

SNMP

Simple Network Management Protocol

SNMPv3 Simple Network Management Protocol version 3

SOX

Sarbanes-Oxley Act

SSL

Secure Sockets Layer

TOE

target of evaluation

TLS

Transport Layer Security

uBCM

Micro Board Control Module

WKAT

Well Known Answer Test

18

Nokia Technology White Paper

Secure optical transport with the 1830 PSS

References
1. GO-Gulf, Cyber Crime Statistics and Trends [infographic], 17 May 2013:
http://www.go-gulf.com/blog/cyber-crime/
2. Heavy Reading, December 2015, The Lower the Better: Encrypting the Optical Layer
3. National Institute of Standards and Technology. FIPS Publication 140-2: Security Requirements for
Cryptographic Modules. May 25, 2001. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
4. National Institute of Standards and Technology. FIPS Publication 197: Advanced Encryption Standard
(AES). November 26, 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
5. Nokia 1830 PSS: http://networks.nokia.com/portfolio/products/1830-photonic-service-switch
6. Nokia 1830 PSS Security Target: https://www.commoncriteriaportal.org/files/epfiles/1830-photonic-
vr70-sec-eng.pdf
7. Secure Solutions for Data Center Connect: http://resources.alcatel-lucent.
com/?cid=153738&REFFER=alu.prod.detail.en%20%7C%201830%20Photonic%20Service%20
Switch&REFERRER=alu.prod.detail.en%7C1830%20Photonic%20Service%20Switch
8. NIST Report of Post-Quantum Cryptography: http://csrc.nist.gov/publications/drafts/nistir-8105/
nistir_8105_draft.pdf
9. Information Security and Privacy Advisory Board (IPSAB): http://csrc.nist.gov/groups/SMA/ispab/
documents/minutes/2015-10/ispab_meeting_minutes_october-2015.pdf
10. Quantum Resistant Algorithms presentation: http://csrc.nist.gov/groups/SMA/ispab/documents/
minutes/2015-10/oct21_stanger_final_approved_nsa.pdf
11. CNSS Advisory Memorandum Information Assurance 02-15 July 2015: https://www.cnss.gov/CNSS/
issuances/Memoranda.cfm

Nokia is a registered trademark of Nokia Corporation. Other product and company names
mentioned herein may be trademarks or trade names of their respective owners.
Nokia Oyj
Karaportti 3
FI-02610 Espoo
Finland
Tel. +358 (0) 10 44 88 000
Product code: PR1606020893EN (June)

Nokia 2016

nokia.com