27 May 2015
Unless you have a private network AND you guard every inch or centimeter of it, fiber-optic networks are still vulnerable to wiretapping and eavesdropping.
Even though there is no electromagnetic radiation or crosstalk from a fiber-optic line and, wiretapping is not as simple as clipping on copper wires, eavesdropping on a fiber-optic network can be achieved with splitter/regenerator devices or with micro-bending clamps, which can capture light off the fiber.
The biggest vulnerability exists at the switching and repeater points where signals are split-out and regenerated. At these points, off-the-shelf (OTS) splitter/regenerator devices can be used to gain access to all the information. This type of tapping can also be done by splicing the line at any other point, and inserting an OTS splitter/regenerator device. This requires no sophistication, but it results in a one-time interruption which may be noticed and investigated by an alert technician.
A more subtle approach is to use a micro-bending clamp. This bends the fiber and clamps down on it, so that some of the light leaks through the strand which can be detected by an optical photo detector. The result is that the signal passes through unimpeded, while a copy of it is shunted off.
The techniques above are commercially available, and fairly inexpensive. Once the light is captured, an optical to electrical converter, a laptop and a packet sniffer can then be used to gather valuable information. And since this is not an electrical tap, signal reflection methods for measuring wire length to an impedance inflexion (tap) point cannot be used. Once a tap on a fiber-optic line is in place, it is virtually undetectable.
These and other more sophisticated tapping techniques can be found in the public domain. Also in the public domain, there are well known instances of Fiber Optic Network breaches, including:
In 2000, when three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport
In 2003, when a tap was discovered hooked into Verizon's network. It was believed to be financial reporting espionage.
Taps have also been found on police networks in Germany and the Netherlands, and in the networks of pharmaceutical giants in the UK and France. More information can be found on the Web by searching "fiber optic network security."
TCC Optical Network Encryption Solutions:
To encrypt fiber optic communications, TCC offers an Ethernet solution, the Cipher X 7211 for speeds up to 1 Gb/s, and the DSD 72B-SP SONET/SDH encryption family for up to 622 Mb/s. The SONET/SDH DSD 72B-SP interoperable encryption family seamlessly overlays on existing networks and has product variations to support military, rugged industrial and industrial environments. Key management is also automated and easily managed with KEYNET Optical Manager. It supports AES 256-bit encryption or a custom algorithm. The Cipher X 7211 is a 1 Gb/s Ethernet optical encryptor has its own fiber optic ports, which can be used instead of electrical interfacing, is especially suited for distance. The Cipher X 7211 has been deployed with single mode optics in the WAN port enabling a reach on the order of 10 km. Electrical Ethernet supports about 100 m, multi-mode optics 200 m to 500 m, and Ethernet single mode optics 10 km. Non-standard optics can reach approximately 40 to 70 km. The Cipher X 7211 seamlessly overlays onto existing networks and is easily managed with KEYNET.
Cipher X 7211 Ethernet optical encryption system
DSD 72A-SP (STM) Military SONET/SDH Encryption System
DSD 72B-SP (RI) SONET/SDH Encryption System
KEYNET Optical Manager
Number of views (8943) Comments (0)
Our solutions meet TCC's CipherONE Optimized Network Encryption best-in-class criteria for maximum cryptographic strength, and are optimized for performance and ease of use for our customers.