SONET/SDH Encryption Seamlessly Overlays on Networks
With full compliance to the SDH/SONET standards, the DSD 72B-SP (I) integrates as a network overlay on existing or new networks—no network modification is required and network performance is not affected. With protocol-agnostic path encryption, the DSD 72B-SP (I) is only required at network end points. Individual path virtual container data payloads are encrypted, leaving path overhead in the clear for unrestricted network switching of each virtual container with no plaintext exposure of the path-encrypted payload.
Network Data Protection
Networked fiber optic lines are vulnerable to interception. Leasing commercial fiber optic circuits as part of an organization's network infrastructure potentially exposes data at repeaters, adjunct multiplexors, switches and digital cross connects. Even where network elements are under the control of the user, fiber optic lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data on these links, making fiber optic networks a target for an adversary to attack.
DSD 72B-SP SONET/SDH Encryption Cryptographic Strength
DSD 72B-SP (I) SONET/SDH encryption is FIPS 140-2 Level 3 designed, hardware-based encryption with full line-rate performance. All peer-to-peer communications are secured with no data bandwidth impact. DSD 72B-SP (I) SONET/SDH encryption comes in an anti-tamper rack-mountable appliance. Three-tier symmetric key management with lossless automated key changes and multiple independent path-dedicated data encryption engines using the AES 256-bit algorithm maximize protection. Optionally, national algorithms can be integrated without hardware modification.
SONET/SDH Encryption KEYNET Optical Manager
DSD 72B-SP (I) SONET/SDH encryption and its interoperable rugged industrial and military variants are centrally deployed, configured and managed by TCC's advanced KEYNET Optical Manager. KEYNET is a Windows 7 rack mount server with tamper-proof security vault. Multiple layers of protection secure keys at every point in their life cycle with limited human intervention.
KEYNET Optical Manager also provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network secured with TCC SONET/SDH encryption.
SONET/SDH Encryption Specifications
Supports both SONET and SDH protocols
Transparent handling of SONET/SDH section & path headers
Adaptable payload configurations
OC-12/STM-4:
- 1 x VC-4-4c (concatenated payload)
- 4 x VC-4s
- 3 x VC-4 and 3 x VC-3s
- 2 x VC-4 and 6 x VC-3s
- 1 x VC-4 and 9 VC-3s
- 0 x VC4s and 12 x VC-3s
OC-3/STM-1:
Seamlessly works with network elements anywhere in the network path without exposure of unencrypted data payloads
Transceivers for each line I/O interface
- STM-4 (OC-12) @ 622.08Mbps - optical
- STM-1 (OC-3) @ 155.52Mbps - optical
- ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mb/s - electrical
Remotely via KEYNET Optical Manager (or at device via CLI)
Messages encrypted and authenticated with SNMP and TCC secure subset
Key changes handled without traffic interruption
Dedicated device management key used for each device
Cryptographically authenticated access controls
Interoperable with DSD 72B-SP (RI), and DSD 72A-SP (STM)
Device Management
AES-256 - standard
National algorithm
AES-256 - standard
National algorithm
Symmetric key with three-level secure key management
Remote, online management with KEYNET Optical Manager
SHA-256 integrity and authentication
Commercial grade, customized enclosure
Anti-tamper package design
Standard 19" rack mountable
Operational temperature: 0°C to +50°C
Power Options: (Redundant):
- 100V to 240VAC / 50Hz, 60Hz, 400 Hz
- -48VDC (-18VDC to -60VDC)