Post on 22-Nov-2014
description
1
SENETAS
“FIBRE OPTIC CONNECTIONS ARE SECURE - RIGHT?”
Senetas Europe
High Performance Encryption Solutions
Securing Data In TransitGraham WallaceIan Greenwood
Company overview• Senetas Europe,
based in Basingstoke is a wholly owned subsidiary of Senetas Corp. Ltd. Australia
• An Australian ASX listed engineering company
• Developing high speed network encryption technology since 1997
• Currently sold to more than 35 countries globally
Senetas Security Products Portfolio
Technology Differentiators
• Layer 2 encryption for performance & simplicity
• Constant low latency (<7us) even on voice/video links
• Retains full network bandwidth
• Ideal for 1GB/10GB datacentre fibre links
Tapping Optical FibreThe Fact and the Theory
Why would someone tap an optical link?
• Live networks and back-up systems run remotely on high speed optical fibre
• Optic Fibre NOT secure• Readily available fibre tap device
bought on Net• Intrusion undetected by
information sender or receiver• 480 million km of fibre deployed• IDC estimates that only 30% of the
digital universe is subject to security applications.
How - Clip on Coupler
• We can already prove that fibre can be tapped.
• What is contentious is whether this risk can be mitigated against without the need for encryption.
How - Light Touch Techniques
• The effect of this technique is similar to splicing.• The extent to which the fibres are polished will
decide on the tap ratio. This can be as low as 1% but up to 20% would be likely to be undetectable.
How - Light Touch Techniques
The polished evanescent wave coupler is based on bringing the cores of two fibres close together by removing part of the cladding and optically contacting the polished faces. By this process, the two cores behave as if they are contained within the same cladding.
Evanescent Wave Coupler - Jigs
Patents for fusing fibres
• Once you can splice there are a number of patented techniques for fusing more than one fibre WITHOUT breaking the original.
• You can check out:– US 4989939– US 5410626– US 6862385
Main Message
‘If your data is worth millions then it’s worth spending thousands to get it’
• We do not suggest this is a trivial enterprise• Nor could it be done by novices• But we do suggest that this kind of attack is possible
for moneyed and motivated people
Senetas CN range of Encryptors summary
• Encrypts ALL the contents of Ethernet and Fibre Channel frames • Full duplex line-rate encryption up to 10Gbps < 7 microseconds
latency• All Senetas solutions centrally managed by CypherManager• Certified - FIPS 140-2 level 3, Common Criteria EAL4+, CAPS IL3
baseline• Ideal for Point to Point fibre links and MPLS Services• Flexible licensing from 10Mbps to 10Gbps
EAL4+
Securing Data in Transit
Thank you for your attention.
Any Questions?