SENETAS“FIBRE OPTIC CONNECTIONS ARE SECURE - RIGHT?”                                                1
Senetas EuropeHigh Performance Encryption Solutions   Securing Data In       Transit          Graham Wallace          Ian ...
Company overview• Senetas Europe,  based in Basingstoke  is a wholly owned  subsidiary of  Senetas Corp. Ltd.  Australia• ...
Senetas Security Products Portfolio
Technology Differentiators• Layer 2 encryption for  performance & simplicity• Constant low latency (<7us)  even on voice/v...
Tapping Optical Fibre    The Fact and the Theory
Why would someone tap an optical                   link?• Live networks and back-up systems  run remotely on high speed op...
How - Clip on Coupler• We can already prove  that fibre can be tapped.• What is contentious is  whether this risk can be  ...
How - Light Touch Techniques• The effect of this technique is similar to splicing.• The extent to which the fibres are pol...
How - Light Touch Techniques             The polished evanescent wave coupler is             based on bringing the cores o...
Evanescent Wave Coupler - Jigs
Patents for fusing fibres• Once you can splice there are a number of patented  techniques for fusing more than one fibre W...
Main Message‘If your data is worth millions then it’s worth spendingthousands to get it’•   We do not suggest this is a tr...
Senetas CN range of Encryptors summary• Encrypts ALL the contents of Ethernet and Fibre Channel frames• Full duplex line-r...
Securing Data in     TransitThank you for your    attention.  Any Questions?
Upcoming SlideShare
Loading in …5
×

Senetas fibre optic connections are secure - right

974 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
974
On SlideShare
0
From Embeds
0
Number of Embeds
237
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Senetas Europe are a wholly owned subsidiary of Senetas Australia.Senetas in Australia have been very successful in designing and supplying encryptors into the Asian markets for over 15 years, 18 months ago Senetas Europe was established to engage with partners to address both the private and public requirements for encryption solutions.And it is with great pleasure that we have with use today SelexElsag our partner to supply CAPS approved into Government space and Tellemachus who specialise in addressing the security needs of organisations such as police forces.
  • What we do.The range of certified encryptors cover speeds from 2Mbps through to 10 Gbps and a range of protocols from E1/T1 to SONIT/SDH.Our CAPS program is focused on the CN1000 1 and 10 gig Ethernet plus the Fibre Channel encryptors.Hopefully that gives you an idea of who we are and what we do, now we would like to show you why we do it.Introduce Graham Wallace.
  • It is demonstrable that with a cheap clip-on tapping device we can extract sufficient light to accurately reconstruct the transmitted data packet.However, this device introduces a loss of anything from 3-6dB depending on the wavelength being tapped.It is therefore detectable using simple Optical Time-Domain Reflectometer(OTDR) devicesIt has never been our contention that this device is an appropriate tool for a serious cyber-thief.We believe only that it opens up the question of what is possible.Nevertheless there are scenarios we will consider which could use even this simple device.
  • Guided Waves occur when light propagates along or is constrained by the physical boundaries of a waveguide. This is the case for a singlemode fiber where the denser core has refractive index n1 and the cladding is less dense with refractive index n2. When the core diameter is small enough that the number of possible totally internally reflected rays is reduced to one, thus allowing only a single mode of guided light, the concept of rays changes to modes which bend with or are guided by the core.
  • Indeed from the patent if you have a jig design which is specific to the fibre and the percentage of tap you wish to use then the whole process seems straightforward enough regardless of location. It’s really just about preparation.
  • I think that’s probably sufficient. I’d like to just revisit the main message slide I showed earlier and reiterate. We believe that serious cyber actors can tap fibre optic links without being detected or without being stopped in a timely fashion. Justification for encryption remains a function of data value and risk assessment but we would contend that the you cannot make that judgement based on the idea that optical fibres are secure.
  • Senetas are the only vendor that offers a whole range of layer 2 appliance based solutions including Ethernet, fibre-channel, SONET/SDH and ATM from 10MB to 10GB throughput. 100Gb in development.Because the solutions running at layer 2 rather than layer 3 there is little or no overhead added to the data packets. The CN 10000 ethernet solution has ~ 7uS latency and 99.9% bandwidth availability. (Layer 3 solutions from vendors such as Check Point/Cisco use IPSEC and VPN’s which encapsulate the whole packet adding significant overhead, especially on small frame such as those required for voice and video traffic). The Senetas layer 2 technology utilises a ‘cut through’ implementation rather than the layer three ‘store and forward’ characteristics.In the same way a switch has less impact on data delay than does a router.We currently are “in evaluation” stage with CESG (CAPS) which is due to be approved in during 2012 and will be the only 1 and 10Gigabit layer 2 encryptors approved for HM Government. We already have FIPS140-2 and Common Criteria. The commercial and CAPS products are based an exactly the same hardware platform.
  • Senetas fibre optic connections are secure - right

    1. 1. SENETAS“FIBRE OPTIC CONNECTIONS ARE SECURE - RIGHT?” 1
    2. 2. Senetas EuropeHigh Performance Encryption Solutions Securing Data In Transit Graham Wallace Ian Greenwood
    3. 3. Company overview• Senetas Europe, based in Basingstoke is a wholly owned subsidiary of Senetas Corp. Ltd. Australia• An Australian ASX listed engineering company• Developing high speed network encryption technology since 1997• Currently sold to more than 35 countries globally
    4. 4. Senetas Security Products Portfolio
    5. 5. Technology Differentiators• Layer 2 encryption for performance & simplicity• Constant low latency (<7us) even on voice/video links• Retains full network bandwidth• Ideal for 1GB/10GB datacentre fibre links
    6. 6. Tapping Optical Fibre The Fact and the Theory
    7. 7. Why would someone tap an optical link?• Live networks and back-up systems run remotely on high speed optical fibre• Optic Fibre NOT secure• Readily available fibre tap device bought on Net• Intrusion undetected by information sender or receiver• 480 million km of fibre deployed• IDC estimates that only 30% of the digital universe is subject to security applications.
    8. 8. How - Clip on Coupler• We can already prove that fibre can be tapped.• What is contentious is whether this risk can be mitigated against without the need for encryption.
    9. 9. How - Light Touch Techniques• The effect of this technique is similar to splicing.• The extent to which the fibres are polished will decide on the tap ratio. This can be as low as 1% but up to 20% would be likely to be undetectable.
    10. 10. How - Light Touch Techniques The polished evanescent wave coupler is based on bringing the cores of two fibres close together by removing part of the cladding and optically contacting the polished faces. By this process, the two cores behave as if they are contained within the same cladding.
    11. 11. Evanescent Wave Coupler - Jigs
    12. 12. Patents for fusing fibres• Once you can splice there are a number of patented techniques for fusing more than one fibre WITHOUT breaking the original.• You can check out: – US 4989939 – US 5410626 – US 6862385
    13. 13. Main Message‘If your data is worth millions then it’s worth spendingthousands to get it’• We do not suggest this is a trivial enterprise• Nor could it be done by novices• But we do suggest that this kind of attack is possible for moneyed and motivated people
    14. 14. Senetas CN range of Encryptors summary• Encrypts ALL the contents of Ethernet and Fibre Channel frames• Full duplex line-rate encryption up to 10Gbps < 7 microseconds latency• All Senetas solutions centrally managed by CypherManager• Certified - FIPS 140-2 level 3, Common Criteria EAL4+, CAPS IL3 baseline• Ideal for Point to Point fibre links and MPLS Services• Flexible licensing from 10Mbps to 10Gbps EAL4 +
    15. 15. Securing Data in TransitThank you for your attention. Any Questions?

    ×