SONET/SDH Encryption Seamlessly Overlays on Networks
With full compliance to the SDH/SONET standards, the DSD 72B-SP (RI) SONET/SDH encryptor integrates as a network overlay on existing or new networks—no network modification is required and network performance is not affected. With protocol-agnostic path encryption, DSD 72B-SP (RI) SONET/SDH encryption is only required at network end points. Individual path virtual container data payloads are encrypted, leaving path overhead in the clear for unrestricted network switching of each virtual container with no plaintext exposure of the path-encrypted payload.
Networked fiber optic lines are vulnerable to interception. Leasing commercial fiber optic circuits as part of an organization's network infrastructure potentially exposes data at repeaters, adjunct multiplexors, switches and digital cross connects. Even where network elements are under the control of the user, fiber optic lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data on these links, making fiber optic networks a target for an adversary to attack.
Cryptographic Strength of SONET/SDH Encryption
DSD 72B-SP (RI) SONET/SDH encryption is FIPS 140-2 Level 3 designed, hardware-based encryption solution with full line-rate performance. All peer-to-peer communications are secured with no data bandwidth impact. The DSD 72B-SP (RI) comes in a rugged, anti-tamper enclosure and is 19" rack-mountable. Three-tier symmetric key management with lossless automated key changes and multiple independent path-dedicated data encryption engines using the AES 256-bit algorithm maximize protection. Optionally, national algorithms can be integrated without hardware modification.
KEYNET Optical Manager for DSD 72B-SP SONET/SDH Encryption
DSD 72B-SP (RI) SONET/SDH encryption and its interoperable industrial and military variants are centrally deployed, configured and managed by TCC's advanced KEYNET Optical Manager. KEYNET is a Windows 7 rack mount server with tamper-proof security vault. Multiple layers of protection secure keys at every point in their life cycle with limited human intervention.
KEYNET Optical Manager also provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network.
SONET/SDH Encryption Specifications
Supports both SONET and SDH protocols
Transparent handling of SONET/SDH section & path headers
Adaptable payload configurations
- 1 x VC-4-4c (concatenated payload)
- 4 x VC-4s
- 3 x VC-4 and 3 x VC-3s
- 2 x VC-4 and 6 x VC-3s
- 1 x VC-4 and 9 VC-3s
- 0 x VC4s and 12 x VC-3s
Seamlessly works with network elements anywhere in the network path without exposure of unencrypted data payloads
Transceivers for each line I/O interface
- STM-4 (OC-12) @ 622.08Mbps - optical
- STM-1 (OC-3) @ 155.52Mbps - optical
- ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mb/s - electrical
Remotely via KEYNET Optical Manager (or at device via CLI)
Messages encrypted and authenticated with SNMP and TCC secure subset
Key changes handled without traffic interruption
Dedicated device management key used for each device
Cryptographically authenticated access controls
Interoperable with DSD 72B-SP (RI), and DSD 72A-SP (STM)
AES-256 - standard
Symmetric key with three-level secure key management
Remote, online management with KEYNET Optical Manager
SHA-256 integrity and authentication
Anti-tamper package design
Highly reliable under adverse environmental conditions
Standard 19" rack mountable
Operational temperature: -20°C to +55°C
- 100V to 240VAC / 50Hz, 60Hz, 400 Hz
- -48VDC (-18VDC to -60VDC)