Transport Layer Encryption for the Evolved

Brent Taylor - CCIE Consulting Systems Engineer Mar 2015

Transport Layer Encryption for the Evolved Programmable Network Secure Transport

The Challenge Securing Data Center Interconnects

Data Center A

Data Center B

Data Center C Major concerns on data confidentiality and integrity

Lack of Encryption between DCI due to infrastructure complexity

False level of trust in private & leased fiber & circuits over MAN or WAN

Belief that encryption incurs unacceptable latency

Difficulties associated with cost effective & scalable security solutions

Common Challenges

• Customers are looking to secure all data leaving on-premises services including Data Centers and/or Points-of-Presences due to the growing awareness of Network and/or Fiber Optic hacks

• Both Active and Passive attacks are becoming prevalent

• Protecting data at multiple layers of the OSI stack increases network resiliency and reliability while providing a secure transport medium

• Protecting data at high speeds/line rate is a requirement for todays Data Center environments

Network Security Issues

Layer 1 Encryption OTN Transport

Certifications

OTN Transport Encryption 10G and 100G Multi-Rate OTN/DWDM Encryption Cards

Authentication Hardware Features

Single slot card

Compatible with ONS 15454 and NCS 2000

Integrated Transponder/Muxponder Functionalities

FIPS 140-2 level 2 Certified

Common Criteria Certified

Key Exchange Mechanism over G.709 GCC2 using TLS and ECDH

AES-256 Data Payload Encryption

Card Authentication

GMAC Frame Authentication

NCS 2006 • 30 streams of 10Gbps encrypted

services in a 6RU package • 6 streams of 100Gbps encrypted

services in a 6RU package

WSE – Industry Leading Crypto Density

NCS 2015 75 streams of 10Gbps encrypted

services in a 13RU package 15 streams of 100Gbps encrypted


NCS 2002 10 streams of 10Gbps encrypted

services in a 2RU package 2 streams of 100Gbps encrypted


NCS 2000 Crypto Appliance Fully integrated Transport platform

Why OTN Encryption?

Data Center A

Data Center B

Data Center C

Data Center C

Data Center A

OTN Overhead PAYLOAD

OC-192/STM-64 Fibre Channel Ethernet OTU-2

Encapsulation with OTN Ensures Transparency, Interoperability, and Line Rate Performance

Transport Encryption Architecture

Data Center A Data Center C

Any 10G Transport Cisco Private DWDM

3rd Party Private DWDM Leased 10G Wave Services

Dark Fiber

256 Bit Encryption

Ethernet

Fibre Channel

SONET/SDH OTN

Ethernet

Fibre Channel

SONET/SDH OTN

Layer 1 Encryption & Securing the Network

• Bulk Encryption at the OTN layer provides agnostic, line rate, client payload encapsulation security across the transport network

• Current encryption devices are not protocol agnostic and will only encrypt a single type of traffic i.e. Ethernet, IP, SONET often requiring upper-layer protocol work-a-rounds i.e. GRE.

• When used with MACsec/IPsec as part of CSFC with Suite-B compliance, allows for two layer encryption solutions comparable with Type I encryption

Encryption stacking - CSfC

Ethernet

Fibre Channel

SONET/SDH OTN

Ethernet

Fibre Channel

SONET/SDH OTN

3rd Party Private DWDM

OTN Layer 1 AES-256

MACSec Layer 2 AES-256

IPSec Layer 3 AES-256

OTN - Advanced Encryption • Role Based Access Control (RBAC) for separation between a Transport user profile

and a Security user profile • Complete User Management and Cryptographic Lifecycle Management through

Cisco Transport Controller (CTC) and/or PRIME Optical • Card to Card Authentication • Passive Attack protection – Monitors optical loss, with threshold alarms • Active Attack Protection – GMAC frame authentication detects modified OTN traffic • Secure boot – Anti-counterfeiting, anti-tampering, and key storage via ACT2Lite ASIC • Key generation – based on Secure Unique Device Identifier (SUDI) – Supports X.509

certificates • Key exchange - Elliptic Curve (ECDH) Cryptography over a secured TLS channel

(GCC2) • XTS-AES 256 algorithm for encryption of payload • GMAC for authentication of payload • Key zeroization in case of card reboot / removal from the chassis • FIPS 140-2 Level 2 and Common Criteria compliant design

WSE – Wire Speed Encryption 10G Multi-Rate OTN/DWDM Encryption Card

• Single slot card for 2, 6, and 15 slot chassis – ONS-MSTP/NCS 2000 • 10x SFP+ ports supporting 5x completely independent Encrypted 10Gbps

streams • Real-time Encryption and Authentication of Multiple Client types • CTC & CPO controlled • Integrated Transponder Functionalities

• Trunk SFP+’s can be grey (SR, LR, ER, ZR) or WDM (Full C-band Tunable) • FEC or E-FEC can be SW Provisioned on Trunk • OTN Ports can be interconnected with 40G or 100G MXP for wavelength

aggregation

Flexible options depending on Traffic Types

Unencrypted, Grey Client Encrypted, DWDM Trunk

Unencrypted / Encrypted DWDM Trunk

Per Port Flexibility

OTU2 output from AnyRate Xponder

Encrypted, DWDM Trunk

Unencrypted, Grey Client Unencrypted, DWDM Trunk

Unencrypted, Grey Client Encrypted, Gray output to 40G or 100G Muxponder

Unencrypted / Encrypted DWDM Trunk

WSE - Top Level Hardware Architecture

WSE - FPGA Crypto Details

Overhead Processing

SFI (SFP+)

Overhead Bus

Encryption

OTU-2 Framer

10G GFEC

GTX GTH

OTU-2 Framer

10GE 10G

GFEC

GTX GTH

Mapper

Encryption

OTU-2 Framer

10G GFEC

GTX GTH

OTU-2 Framer

10GE 10G

GFEC

GTX GTH

Mapper

Encryption

OTU-2 Framer

10G GFEC

GTX GTH

OTU-2 Framer

10GE 10G

GFEC

GTX GTH

Mapper

Encryption

OTU-2 Framer

10G GFEC

GTX GTH

OTU-2 Framer

10GE 10G

GFEC

GTX GTH

Mapper

Encryption

OTU-2 Framer

10G GFEC

GTX GTH

OTU-2 Framer

10GE 10G

GFEC

GTX GTH

Mapper

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

SFI (SFP+)

Client Signals

10GE LAN PHY 10GE WAN PHY

OC-192 STM64 10G FC

8G FC OTU2

OTU2e OTU1e

OTU2

OTU2e

OTU1e Encrypted

Encrypted

Grey/ITU Trunk Signals

MODES of Operation Encryption + Authentication Encryption only Authentication only

* All the above modes can work simultaneously on the same card

Transponder with FEC / E-FEC Ultra Low Latency Transponder (latency in sub 10 ns) (O-E-O) Regenerator

Client Payload Input Date Rate Trunk Mapping Output Data Rate Mapping Type Clock

10GE LAN PHY 10Gbps OTU2 10.709Gbps GFP-F Asynchronous Mapping—Clock derived from Controller

10GE LAN PHY 10Gbps OTU2e 11.095Gbps GFP-F Asynchronous Mapping—Clock derived from Controller

OTU2 10.709Gbps OTU2 10.709Gbps BMP Synchronous Mapping—Clock derived from incoming signal

OTU2e 11.095Gbps OTU2e 11.095Gbps BMP Synchronous Mapping—Clock derived from incoming signal

OTU1e 11.049Gbps OTU1e 11.049Gbps BMP Synchronous Mapping—Clock derived from incoming signal

OC192/STM64/10GE WAN

9.953 Gbps OTU2 10.709Gbps AMP

Asynchronous Mapping—Clock derived from Controller

8G FC 8.5Gbps OTU2 10.709Gbps BMP Asynchronous Mapping—Clock derived from Controller

10G FC 10.0591Gbps OTU2e 11.095Gbps GFP-T Synchronous Mapping—Clock derived from incoming signal

WSE – Supported Payloads

100G Transport Encryption Multi-Rate 10G/40G Aggregation Line Card Single Slot Client card for 10G, 40G, and 100G clients 2 x 10G SFP+, 2 x 40G QSFP+, and 1 x 100G CPAK ports 10G / 40G clients aggregated to backplane or CPAK port Clients aggregated to 100G or 200G DWDM trunk (TXP) Aggregated client signal can be encrypted

100G TXP

MR 100G

100G client Grey (unencrypted)

100G IT (encrypted)

MR 100G

MR 100G

100G client Grey (unencrypted)

100G client Grey (encrypted)

100G TXP

MR 100G

Nx40G/Nx10G client Grey (unencrypted)

100G ITU (encrypted)

MR 100G

Nx40G/Nx10G client Grey (unencrypted)

100G ITU (encrypted)

Secure Chip + Secure Boot = Hardware Anchored Trust

Secure Storage

Secure Processor, Memory & Boot ROM

Immutable Identity

Run-time Integrity Validation

Entropy source with true randomization

Signed Cisco and 3rd Party Software, Boot Loader

Hardware Anchored

Trust

Image Signing

Secure Boot

Secure Chip

Secure Development Run-time

Integrity

Trusted System Components

1. Immutable Identity

2. Secure Information Storage

3. Certifiable Entropy Source

Secure Chip – ACT2Lite

NIST (FIPS) Approved Chip provides 3 key features:

Card Authentication

Cisco OTN encryption provides TLS 1.2 based card-to-card authentication per port.

• An authentication failure on one trunk port does not affect the traffic on any other trunk port.

• The card authentication must be enabled to configure encryption on the card.

• Cisco Signed certificates are installed on the card by default. These certificates are exchanged between the cards during card authentication.

• All ports are re-authenticated upon a soft-reset of the card.

• In case of TLS or SSL authentication failure, the KEY_EX_FAIL alarm is raised on the particular trunk port.

Key Management A single key, called a master key, is exchanged for each TLS session.

• It is exchanged using an asymmetric key algorithm (Elliptic Curve

Diffie Hellman).

• The master key is used to derive a set of symmetric keys for payload encryption. The user can change the master key at anytime from CTC, which initiates another DH exchange between the sender and the receiver.

• The user can also specify the time when the master key is periodically reset.

*keys used for encryption of data are never stored in plaintext on the card. All keys are deleted when the card reboots or is removed from the chassis. The key changes do not affect the traffic.

Payload Encryption

• The payload on each port can be encrypted independent of the other streams.

• NIST approved Advanced Encryption Standard (AES) AES-256, a symmetric key cryptographic algorithm in XTS mode of operation, is used to encrypt the OTN payload.

• The payload encryption needs to be enabled at both source and destination trunk ports; otherwise, it affects traffic.

• Whenever there is change in optical loss below a threshold that is set based on normal operation, one can suspect presence of an intruder.

• By constantly monitoring the link for optical power characteristics one can detect a pattern in optical loss that would help in understanding passive attack.

• Sporadic errors of the physical layer are corrected using FEC.

• ICV mismatch after FEC are not expected during the normal behavior of the card and they are a clear indication that someone is try to actively modify the OTN traffic.

Optical Intrusion: Active or Passive

• Role Based Access Control to manage different user privileges and provide separation of transport and security domains.

• Single Management interface - the Cisco Transport Controller and PRIME Optical for: • Supporting different functional levels for transport and

security users. • Limiting user access to a subset of network elements. • Providing security users granular access to individual

encryption cards in a network element.

• Traceability of work with event logs

FIPS 140-2 level 2 validation and Common Criteria Network Device Protection Profile (NDPP) compliance

Manageability Options

• Entire cryptographic lifecycle management through GUI – the Cisco Transport Controller and PRIME Optical for: • Mode of operation (encryption and transponder) selection on a

per stream basis. • Card to card authentication. • Provisioning encryption on existing transport circuits. • Defining master key change interval • Forcing master key change. • Complete alarm management and performance monitoring

capability.

Cryptographic Lifecycle Management

Zeroization of Critical Security Parameters in case of card removal or power down of chassis.

Encryption Across Third Party Transport

Payload is encrypted between A and B. GCC2 channel secured using TLS is used for key exchange. End to end encryption is achieved using 256 bit AES even in a 3rd party OTN switched network.

OTN - Security AES Secure Packet • The concept of a packet does not exist within OTN; however, packet-based

traffic is necessary for encryption using an XTS-AES algorithm. • A single OTN frame cannot be tagged with the necessary Encapsulating

Security Payload (ESP) header, which carry the information necessary for encryption and decryption of payloads.

• The ESP header and trailer require a total of 32 bytes within the OTN overhead.

• Pseudo Random Binary Sequence (PRBS) testing is used to ensure that the selected overhead bytes can be used to transport the ESP header and trailer safely. Both the transmitting node and receiving node must be aware that PRBS testing is taking place. Each node must also know which bytes are to be tested.

4 OTN frame based AES secure packet

ESP – Encapsulating Security Payload

The four OTN frame-based AES secure packet transports four ESP header and four ESP trailer bytes within each OTN frame. In the four OTN frame-based AES secure packet, eight overhead bytes are utilized in each OTN frame in order to transport all 32 bytes of ESP header and trailer within a single AES secure packet. Each location is four bytes wide, therefore two locations from each OTN frame are utilized, one for the ESP header and one for the ESP trailer.

8 OTN frame based AES secure packet

ESP – Encapsulating Security Payload

• The eight OTN frame-based AES secure packet transports two ESP header and two ESP trailer bytes within each OTN frame. In the eight OTN frame-based AES secure packet, four overhead bytes are utilized in each OTN frame in order to transport all 32 bytes of ESP header and trailer within a single AES secure packet. Each location is four bytes wide; therefore, only one location from each OTN is utilized. Within the selected location, two bytes are used for the ESP header, and two bytes for the ESP trailer.

OTN/G.709 Overhead

Byte placement of ESP header/trailer

WSE – Encryption Overhead

• Lower Rate (Sub 10G) Encryption • Higher Rate (100G) Encryption

WSE - Encryption of Multi-Protocol Client Traffic

Ethernet: FE, GE SAN: 1G, 2G, 4G, 8G FC Video: SD, HD, 3G SDI TDM: OC-3/12/48, OTU-1

Card Options and Footprint

• Unlicensed/Full version that gives 5 x 10G streams day one - ideal for networks where number of 10G services to be encrypted is large.

• Licensed version giving 1 x 10G streams day one – cost effective solution with option to encrypt more 10G services through a PAYG software license.

• 30 x 10G encrypted streams in a 6RU chassis. The most dense encryption solution available in the market.

WSE – Pricing and Bundles

Single 10G Encrypted solution ~$110-$130k List

• WSE Card • 15454-M-WSE-K9 - $75k List – Full 5 streams • 15454-M-WSE-L-K9 - $45k List – Licensed w/ one 10G stream • L-NCS2K-WSE-1 - $12k List – Additional 10G stream

• Chassis options (Appliance)

• NCS2006-SEC-DC-K9 • ~$66k (One 10G Stream)

• NCS2006-SEC-AC-K9 • ~$66k (One 10G Stream)

• NCS2002-SEC-K9 • ~$55k (One 10G Stream)

• WSE and AR-MXP card options/Bundles

• 15454-ARE-K9-SK - ~$84k • 15454-ARE-L-K9-SK - ~$48k

100G Transport Encryption 200G Muxponder Line Card

Single wavelength supporting: 50G BPSK 100G QPSK 200G 16-QAM 250G 16-QAM

Pluggable WDM CFP2 Interface CPAK client interfaces supporting:

100G LR4 100G SR10 10x10G LR / SR

100G, 10x10G

100G, 10x10G

50/100/200/250G

Transport Layer Encryption Use Cases

Layer 1 (L1) Encryption Use Case

Challenge Need to encrypt all traffic between sites Existing infrastructure requires separate encryption devices for

Ethernet & TDM and separate management platforms Reduce Capital and Operational Expenses

Solutions WSE 5 stream encryption card on NCS chassis with

Grey Optics Encrypted traffic aggregation 10GE and OC192 clients in Grey Trunk optics out

over 3rd party DWDM network

Ethernet

Fibre Channel

SONET/SDH OTN

Ethernet

Fibre Channel

SONET/SDH OTN


256 Bit Encryption


Results Secure Data Transmission across backbone Flexible, Scalable OTN Encryption with Integrated

Management Reduces Costs by Eliminating Redundant 3rd Party

Encryption Devices

Secure Transport Network

Driver - Business Continuance (DCI) Multi-Site Geographically Dispersed HA Clusters

Heartbeat

Private LAN

Public LAN VIP Cluster

Cluster A Node 2

Cluster A Node 1

OTN Encryption

OTN Transport


Global IP/MPLS Core

West Theater

Enterprise Routing Infrastructure

Private IP

Service

Metro Service

East Region

Public IP

Service

Metro Service

Tier

1

Tier

2

Tier

3

In-Theater IP/MPLS Core

West Region

East Theater

Internet Cloud

Public Voice/Video Mobility

Encryption


OTN Transport Encryption Demo

Transport Layer Encryption for the Evolved

Technology

Transcript of Transport Layer Encryption for the Evolved