Compromised data is costly and disruptive, resulting in lost revenue, reduced market share, and damaged credibility for those affected. Lloyds reported in 2015 that cyber-attacks cost companies $400 billion per year. The cost has increased since and the threat has spread throughout society, even the democratic process, affecting public confidence.
Historically, cyber security meant use of perimeter protection -- firewalls and passwords, intended to keep bad guys from entering the enterprise domain. This is no longer sufficient. What’s needed are countermeasures that provide multiple layers of protection against a variety of threats. This defense-in-depth concept must now be applied to securing optical networks.
What is secure optical transport?
In-flight data faces two primary threats: theft and destruction. Theft is when financial value or intelligence is stolen from the data’s rightful owner. Destruction is where an enemy simply prevents data from reaching its destination, thereby paralyzing commerce, critical infrastructure, or defense forces. Protecting against both threats to in-flight data should be a primary goal for optical networks.
Secure optical transport protects cyber threats through:
- Strong data encryption and keys: Layer 1 encryption using the AES-256 (Advanced Encryption Standard- 256-bit key length) forms the foundation. The AES-256 cipher provides excellent protection against brute-force attacks, and a successful analytical attack has yet to be found. Efficient to implement in both hardware and software, AES-256 is likely to remain relevant for decades. However, use of the AES-256 cipher must be complemented with strong, quality keys. Key negotiation and management must be designed to avoid a reduction in effective strength.
- Resilient network design: Such design involves trusted equipment design, redundant systems, and fault isolation. Resiliency is a common goal in communications networks; its importance relative to security should not be overlooked.
- Independent certification: Standards bodies such as NIST, Common Criteria, and others have established methods for confirming the security of a network. Certification by an independent body gives the end user assurance that a security approach is verified and trustworthy.
Key strength is the key
Key strength should be matched to the cipher’s strength. Each network security approach will only be as strong as the weaker of those two elements, just as a home’s security is only as good as its weakest lock. NIST discourages algorithm suites that mismatch cipher and key. A security standard that requires 256-bit strength should use an AES-256 cipher with 256-bit key strength. Figure 1 shows that an asymmetric key using RSA 2048 is equivalent to a 112-bit symmetric key. A large number of total encryption bits is unbalanced and substantially weaker than the desired cipher. It’s now agreed that at least 192-bit key strength is required to assure safety from attacks in the presence of quantum computers.
Symmetric key algorithms such as AES-256 use a two-way transfer function and a random number generator for key creation. This strategy is computationally easy and leads to strong keys since accurately guessing the key is quite difficult. Asymmetric encryption computes keys through a one-way transfer function where key creation is simple yet the inverse computation -- guessing the key -- is very difficult. Integer factorization, used by the RSA public key algorithm, is one example. Two large prime numbers are multiplied, creating a key that is difficult to factorize, hence, very hard to compute in reverse. Since it’s computational intensive, asymmetric encryption requires more computing resources and complex software.
|Figure 1. Encryption key negotiation.|
Key management should be centralized across the network. This offers:
- Better encryption and scale. Keys are centrally created and sent securely for encryption and decryption. This frees CPU capacity and enables the use of stronger, more complex keys. It is especially beneficial for large data volumes.
- Single point of trust. Keys reside in limited locations, minimizing exposure.
- Consistent policy enforcement. Administrators easily enforce network-wide standards and policies.
- Streamlined administration. Updates are made once and cascaded across the network. This approach enables single-point key revocation and one point to force multi-tenant, synchronized key rotations.
- Unified auditing and remediation. Network security audits, policy compliance, and remediation are simplified through audit logs containing all key-related activities. Log analysis enables ongoing preventative improvement.
Optical networks contain relatively few link end-points, and changes to the physical network tend to be infrequent, aligning well with implementation of symmetric encryption. Assuring protection against theft and destruction requires security approaches that include not only AES-256 encryption but also strong, quality keys managed through a centralized system. The approach should also embody resilient design, fault isolation, and independent certification. With these elements in place, network operators can minimize risk in the face of increasing threats, including quantum computer attack.
Chris Janson is product marketing manager – optical at Nokia. In this role he follows trends in optical networking technology and their application to finance, healthcare, utilities, government, and educational customers. Janson also serves on the boards of directors of the Rural Telecommunications Congress and the non-profit OpenCape Corp. He holds an MBA from Boston University and Bachelor of Science in engineering from Wentworth Institute of Technology.