Secure optical transport

with the 1830 Photonic

Service Switch
Providing simple, secure transport in
support of business-critical applications

White paper

The amount of sensitive data generated and streamed over the WAN by
companies has grown steadily over the years, making information privacy
and security ever more critical. Protecting data from theft requires a set
of technologies to address the security threats in a cost-effective and
manageable manner. The implementation of physical layer encryption with
key management is the preferred approach to protect against loss of
confidentiality of in-flight data. Encryption at this layer provides protocol
independence and lower encryption latency than possible with other
technologies. The industry-leading Nokia 1830 Photonic Service Switch (PSS)
is a proven, cost-effective platform offering high-capacity optical DWDM
connectivity with low-latency encryption and optical intrusion detection
thereby improving the confidentiality and integrity of data and the
availability of business-critical applications.

1 White paper
Secure optical transport with the 1830 Photonic Service Switch
 Contents

The rising need for security in optical transport networks 3

Secure transport with the Nokia 1830 PSS 6
Key strength 10
Key management 12
Conclusion 15
Acronyms 16
References 17

2 White paper
Secure optical transport with the 1830 Photonic Service Switch
The rising need for security
in optical transport networks
The amount of sensitive data generated by companies has grown steadily
over the years, making information privacy and security ever more critical.
This business-critical information, traditionally stored and processed locally,
is now being transported over shared network resources across the WAN. We
are seeing rapid growth in the need for high-capacity data transport for data
center interconnect (DCI), business continuity, high-performance computing
and business-critical applications. This has led to an increased use of virtual
and cloud networks and at the same time has created new vulnerabilities
from external attacks. It is now estimated that the annual cost of cybercrime
is US$400 billion, with data breaches varying by industry as shown in Figure 1.

Figure 1. Data breaches by industry

35.1%
Business

38.9% 10.7%
Medical, healthcare Eucational

5.3% 9.9%
Banking, credit, financial Government, military

Source: GO-Gulf, “Cyber Crime Statistics and Trends [infographic]”, 17 May 2013

Today’s enterprises must comply with a growing number of security mandates

that regulate the management and protection of sensitive data against
disclosure, theft and misuse. These security standards include PCI DSS, SOX,
HIPAA, GLBA, FERPA, SAS 70, and state privacy laws among others, which
introduce penalties for data leaks. Thus security initiatives must address
the protection of sensitive data being streamed over the WAN.

3 White paper
Secure optical transport with the 1830 Photonic Service Switch
Data protection against threats
Protecting data from theft requires a set of technologies to address the
security threats in a cost-effective and manageable manner.
Controlled access
Physical protection is a straightforward approach to protecting sensitive data.
Though simple from a technology perspective, physical protection can be
difficult to implement. Infrastructure system security, managed user access
and privileged-user access controls are required to help prevent misuse of
information by legitimate network users, as well as external hackers. Network
administrators must deploy network equipment from vendors that facilitate
the implementation and management of such security practices.
Intrusion prevention and detection
Optical fiber was once considered more secure than other transport media
because of the inherent difficulty of tapping into glass media and reading light
signals. However, new technologies have proven that data hacking of fiber
can be done relatively easily using simple tools. These tools are able to tap
into the optical fiber and capture leaking light without interfering with passing
network traffic. This kind of attack is very challenging to discover and can be
performed by anyone with physical access to fiber. This has increased the
need for transport security measures over fiber networks. Simply owning
the fiber resources is not enough to guarantee security.
Embedded security monitoring technology must be deployed in network
devices to expose intrusions through detection of unexplained power
degradation. Optical intrusion detection mechanisms are effective for
detecting intrusion on fiber-optic cables and immediately alerting the
security administrator of potential security breaches.
While controlling access to physical assets and using optical intrusion
detection can help protect against unwanted data interception, they may
not prevent all such attempts and must be augmented with encryption
protection. Encryption transforms data into unreadable cryptographic text,
so stolen data is rendered useless to an intruder. Though none of the three
techniques alone, including encryption, is sufficient, encryption in now viewed
as necessary by an increasing share of applications. Encryption is no longer an
exotic mechanism whose use is limited to secret organizations or the military.
It is now a common tool used for security in normal business workflows within
banks, utilities, financial institutions, transportation, government agencies,
as well as other organizations requiring secure data transfer across sites.

Encryption implementations
Server, backup, and in-flight encryption methods
Encryption can be implemented in three primary ways:
• Encryption on a server
• Encryption via tape backup
• In-flight encryption.

4 White paper
Secure optical transport with the 1830 Photonic Service Switch
While encryption of data on a server is easy to implement, it imposes a heavy
computing power requirement on the server performing the encryption. And
this approach is difficult to manage as it lacks the possibility of centralized
management since every server is managed individually.
Likewise, implementing encryption via a local tape backup is relatively easy to
implement. However, here too, additional processing power would be required
on the backup server that now also has to perform the encryption, taking
valuable CPU processing power from other tasks. And this method also does not
protect the data traversing the WAN because the encryption is processed locally.
Encryption of in-flight data is the most effective method of mitigating
security breaches. Like the other methods, it is relatively simple to implement.
However, unlike the other methods, it protects the data traversing the WAN
by implementing encryption “on the fly.” This is done via dedicated transport
equipment performing encryption at wire speed between the remote sites,
which means that the servers are not taxed in terms of processing power and
bottlenecks are reduced. It is also the only method supporting centralized
management; essential in controlling management complexity.

Table 1. Encryption scorecard by layer (for small packet size)

Latency Wasted bandwidth Overhead

IPSec (Layer 3) 125 ms >40% 76 bytes

MACsec (Layer 2) 6 ms >25% 32 bytes

OTN (Layer 1) <0.15 ms 0% 0 bytes

Layer 1 encryption
The encryption of in-flight data can be done on different layers of the OSI
protocol stack (see Table 1). The lower layers are preferred because they are
simpler to implement, have lower latency, and are more bandwidth efficient with
less encryption overhead. Encryption at the lowest possible layer safeguards
the information on the layers above as well. While current implementations
provide security at Layer 3 via IP Security (IPSec) and Layer 2 via Media Access
Control Security (MACsec), Layer 1 Optical Transport Network (OTN) encryption
assures that all traffic traversing the network is encrypted. This includes legacy
applications with no inherent encryption capability and very stringent latency
requirements. Thus, assuring regulatory requirements can be met even if the
legacy applications are not due to be retired for years from now.
As noted in a recent Heavy Reading report [2], Layer 1 encryption has
advantages over encryption at higher layers:
• Expense – The prevalent model of encrypting at the higher network layers is
costly in terms of the number of security appliances needed to protect each
sensitive stream, service protocol and client, whose costs quickly add up.
Providing Layer 1 encryption lowers the total cost of ownership by integrating
the encryption function in the transport system. And using bulk aggregate
rates at 10G and 100G enables economies of scale needed for transport
services.

5 White paper
Secure optical transport with the 1830 Photonic Service Switch
• Bandwidth – Encryption at Layer 3 can negatively affect the overall available
throughput because encrypting adds more bits to the service payload. As an
example, IPSec can add over 60 percent more data to the information flow,
which places a burden on the network and compute resources. With Layer 1
encryption, there is no wasted bandwidth to accommodate traditional packet
security protocols such as MACsec or IPSec.
• Low latency – Encryption at higher layers can have adverse effects on latency.
But Layer 1 encryption adds almost no additional latency (less than 150
nanoseconds) because it does not suffer from the latency penalties that
higher-layer encryption technologies incur, which add significant overhead
and multiply the latency of the data stream. Thus Layer 1 encryption provides
the lowest possible latency at bulk rates, making it very suitable for low-
latency, business-critical applications.
• Transparency – Layer 1 provides protocol-independent encryption that is
fully capable of supporting various types of clients usually being transported
(Ethernet, Fibre Channel, InfiniBand, OTN, SONET/SDH). Encrypting each
client separately is awkward and costly as each service type requires its own
encryption appliance.
• Management complexity – Key management, exchange, and authentication
can be cumbersome and labor-intensive when there are many separate
encryption devices and encryption streams to manage. Encryption at
Layer 1 provides operation simplification as there is only one encrypted
circuit to manage as opposed to many IPSec tunnels. Centrally managed
key management tools are critical to achieve reduction of management
complexity.
Multi-layer encryption can be used as part of a “defense-in-depth” strategy
where Layer 1 encryption is used to complement encryption at the higher
layers. Having security at multiple levels is good security practice and is
especially important for entities whose encryption solutions are based
on keys that are no longer considered strong enough because they can
be compromised by higher performance classical or quantum computers.
These entities can augment their Layer 2 and Layer 3 encryption with
Layer 1 encryption to protect against these attacks.

Secure transport with the Nokia 1830 PSS

The Nokia 1830 Photonic Services Switch (PSS) is a scalable optical platform
that supports aggregation for Ethernet, Fibre Channel (FC) and other
protocols. The 1830 PSS provided the first commercially available support
for 100G next-generation coherent technology building on the Zero-Touch
Photonics approach, which enables easier operations for reduced costs and
accelerated provisioning of wavelength services. In contrast to traditional
DWDM technologies, Zero-Touch Photonics eliminates the need for frequent
on-site interventions and provides a network that is more flexible to design and
install, and easier to operate, manage, and monitor. Wavelength services can be
deployed faster and reconfigured according to more dynamic traffic demands.
These are important capabilities for business-critical network environments.

6 White paper
Secure optical transport with the 1830 Photonic Service Switch
As networks continue to evolve, high-speed optical interconnection
technology will be essential, not only for data mirroring but also for other
types of business-critical applications. Complex topologies with bandwidth
allocation on demand will be needed for scenarios requiring the transparent
and hitless migration of large virtual machines and provisioning of cloud
services over geographically distributed storage points or hosts. And high
performance and security must be maintained across facilities. Therefore,
agile optical networks will be needed.
To help ensure security is maintained across sites, the 1830 PSS can function
in “secure mode,” which provides a hardened device configuration with the
following configuration settings:
• Only the essential logical and physical ports needed to manage
the system are open.
• Software debug functions are disabled.
• Services of the embedded operating system are disabled,
as well as any interactive operating system access.
• Only secure network element management protocols, such as
Secure Sockets Layer (SSL) and Simple Network Management Protocol,
version 3 (SNMPv3), are supported.

User authentication and authorization

Role-Based Access Control authorization mechanisms provide a
FIPS-compliant separation of duties for both element management and
the encryption services. With a standard RADIUS interface, the Nokia 1830
PSS can support third-party integration of corporate identity management
systems and multifactor authentication systems, providing for centralized
authentication and authorization profiles. The cryptographic functions
implemented by the encryption card and SNMPv3 are certified to satisfy
the FIPS 140-2 level 2 requirements. The 1830 PSS also supports Common
Criteria Evaluation Assurance Level 2+ (EAL2+), also known as ISO 15408,
which defines procedures and technical aspects to be respected during the
product life cycle. EAL2+ provides documentation processes, methodologies
for secured software development and product validation.
Validation for support of Common Criteria EAL3+/QS and ANSSI Qualification
Standard is also in progress. The increasing assurance levels reflect added
assurance requirements that must be met to achieve Common Criteria
certification. The intent of the higher level is to provide higher confidence
that the system’s principal security features are reliably implemented.

Maintaining data confidentiality with Layer 1 encryption

Data confidentiality is a key security requirement for network operators, in
particular for entities operating under certain legal frameworks and in specific
business sectors. It is difficult to guarantee confidentiality for a leased fiber
traversing the many kilometers between secured data center facilities or over
a shared network. Layer 1 encryption provides end-to-end protection against
loss of confidentiality along the fiber. Encryption at this layer also provides
independence in the selection of protocols or applications used at higher layers,
as well as lower encryption latency than possible with other technologies.

7 White paper
Secure optical transport with the 1830 Photonic Service Switch
As illustrated in Figure 2, the 1830 PSS product family supports Layer 1 Figure 2. Layer 1 encryption
encryption and SNMPv3. It does this via encryption cards operating on 1830 PSS portfolio
at either 10G or 100G. A 10G, quad-port, any-rate transponder
provides up to four independent multi-rate 10G channels, with per-
port encryption provided via software license. Likewise, a universal
1830 PSS-4
100G card supports per channel encryption of up to ten independent
multi-rate 10G channels or encryption of a 100G channel. These cards
provide Advanced Encryption Standard (AES) 256 encryption and add
this functionality in the same footprint used for optical transponder 1830 PSS-8
functions without reducing shelf or system capacity.
These modules support diverse types of data interfaces including
8G/10G/16G Fibre Channel, 10GE/40GE/100GE Gigabit Ethernet
interfaces, Optical Transport Unit 2 (OTU2), Optical Transport Unit 4
(OTU4), and 5G DDR InfiniBand. The solution also provides intrusion 1830 PSS-16
prevention and detection to guard against an intruder tapping power
from an optical fiber. A hacker who may gain physical access to a fiber
could bend it so that some light leaks out of the fiber. The intruder
could then use a commercial photo detector to attempt to recover the
data carried in the optical signal.
For complex security scenarios demanded by government
organizations, healthcare and financial institutions, the 1830 PSS
also allows secure interworking with off-the-shelf key management 1830 PSS-32

systems that cover the life cycle of cryptographic services in the

network, namely the key generation, distribution, activation, rotation
and destruction. It also interfaces with the Nokia 1830 Security
Management Server (SMS), as shown in Figure 3.

Figure 3. 1830 PSS interfaces

Data interface Encrypted OTU2/OTU4 link Data interface

Optical fiber Optical fiber
interface interface

AES-256 Optical fiber AES-256

1830 PSS FPGA FPGA 1830 PSS
EC EC

Encryption card Encryption card

Neighbouring
equipment

EC-uBCM EC-uBCM
Key repository Key repository
SNMP SNMP
Management interface Management interface

NE-NMS NE-SMS NE-SMS NE-NMS

interface interface interface interface
1830 SMS

NMS

Optical protection switching

The Nokia 1830 PSS equipped with an encryption card provides
certified cryptographic algorithms at Layer 1 optical line-rate speeds
with little additional latency and jitter. This design secures data at the
rates required for handling the typical traffic volumes by data center

8 White paper
Secure optical transport with the 1830 Photonic Service Switch
applications. The 1830 PSS also allows the aggregation of client signals over a
single fiber strand and splitting the signal via two geographically diverse paths.
Each of the signals is monitored at the far end so that if there is a loss of the
working signal, a switch is made to the protection path in order to ensure
continuous service.

Secure management
Equipped with an encryption card, the Nokia 1830 PSS provides encrypted
interfaces for SNMPv3 management functions accessed via the physical
management interface. The access to management and encryption functions
is only possible after successful user authentication and authorization. Users
are identified, authenticated and authorized according to their assigned role.
An important part of the configuration is the transformation of the
system to FIPS Mode, which enables the secure management interfaces
(SNMPv3), authentication parameters and other security settings. The initial
configuration of the keys for the management interface is done offline using
pre-shared keys.
After the transformation to FIPS Mode, and in order to reduce the attack
surface of the target of evaluation (TOE), other management interfaces
available by default will be disabled. FIPS Mode also disables software debug
functions and several underlying services of the embedded operating system.
In-band management interfaces and DWDM control plane functions are
blocked as part of the TOE.
The TOE supports different user roles. Roles can be assigned to users
during system commissioning and are consistently applied for access via
the management interfaces.

Optical intrusion detection

The Nokia Wavelength Tracker™ is a unique technology that measures power
levels and reads identifiers for all wavelengths travelling through an 1830 PSS
network at multiple measurement points (see Figure 4). The main application
of Wavelength Tracker is the automation of network/service commissioning
and supervision.
The number of measurement points form the basis for automatic optical
network intrusion detection. When the power level between two measurement
points is abnormally attenuated, an alarm is raised to warn operators of the
risk of potential intrusion.
Without this kind of detection functionality, optical intrusion (typically
accounting for a couple of dBs of attenuation) might go unnoticed by
operators and/or users, since the network and the services might continue
to function without any quality issues.
The 1830 PSS also supports an optical time-domain reflectometer (OTDR)
capability that characterizes the optical fiber by injecting a series of optical
pulses into the fiber and using the reflections back from points along the fiber.
The scattered or reflected light that is gathered back is used to characterize
the optical fiber, similar to the manner in which radar works. This forms a
sort of “fingerprint” of the fiber, which can be checked from time to time for

9 White paper
Secure optical transport with the 1830 Photonic Service Switch
variations to identify fiber cuts, taps or tampering and to precisely identify
locations based on the time delay of the reflections. OTDR forms intelligent
physical layer security when combined with optical intrusion detection and
monitoring software.

Figure 4. Wavelength Tracker

E E”
TH OUT S
ER IC
Wavelength Tracker uniquely offers:
R AC OTON
• Optical intrusion detection “T PH
OF
• Remote and automatic power control
• High reliability and resilience via proactive
and faster misconnection and fault isolation.

Key strength
Well-balanced cryptographic solutions
In the same way the locks in a house are only as good as the weakest lock,
the security of a cryptographic solution is only as good as its weakest part.
Typically, a crypto designer wants to specify the security strength of all
the major components of a system and assures they are well balanced.
This means it’s important to match the key strength to the strength of the
encryption algorithm. Experts say that organizations should go with the
strongest cryptographic tools available because bad guys can more easily
crack encryption as computers become more powerful. Plus, these strong
tools allow organizations to use the crypto solutions for longer time, and
thereby get more from their investment.
Unbalanced crypto solutions marketed as AES-256 compliant may give
the illusion of having 256-bit security strength when in reality they are not
because they use weak keys. There is a traditional trade-off between the
strength of encryption and its impact on system performance that has led to
the practice of using the minimum strength necessary to affect performance
as little as possible. Asymmetric keys that provide 256-bit security strength
are computationally intensive and most processors would take too long to
produce asymmetric keys with the appropriate strength. As a result, many
vendors have chosen asymmetric keys (typically 112-bit) that are substantially
weaker than the 256-bit symmetric keys. An RSA 2048-bit “sounds” like a
strong key, but it only provides 112-bit strength. The computational needs
for asymmetric RSA keys to match AES-128 strength is about the limit of
embedded CPUs. Elliptic Curve Diffie Hellman (ECDH), such as P-384, provides
192-bit security strength that is less processor intensive. Later in this paper
we will discuss P-384, which provides 0-bit security strength in a post-
quantum environment.

10 White paper
Secure optical transport with the 1830 Photonic Service Switch
Key strength is also directly related to the quality of the random number
generator that is available. Third-party evaluation and certifications are critical
to validate that there are no known visible non-random qualities to the random
number generator used. Many crypto solutions are touted as being “designed
to meet” certain levels of encryption strength, but unless they are “certified
to meet” the cryptographic requirements by an independent third party, the
level of protection and quality of the solution is suspect. As noted previously,
the Nokia 1830 PSS has been certified to meet the CC EAL2+ and FIPS 140-2
Level 2 with ongoing certifications in progress, including CC EAL3+ and ANSSI
Qualification Standard.

Symmetrical and asymmetrical keys

Symmetric encryption uses a single secret key that is shared across the systems
that needs to communicate, while asymmetric encryption uses a pair of public
keys and a private key to encrypt and decrypt messages when communicating.
The distribution of the private keys among the strangers trying to communicate
relies on a central certification authority to keep track of the identity of the
parties involved. Asymmetric encryption was introduced to address the inherent
problem sharing the secret key over unsecured public links.
In a secure transport service business, communications are not among strangers
but rather between well-known network elements within a private managed
communications structure. Currently, there is no need to set up an encrypted
wavelength service between network elements that are not managed by the
same infrastructure owner. Therefore, as of now, all application needs of
secure transport services are supported by the services offered by centrally
administered symmetric key distribution. The Nokia solution delivers a strong
centralized key management system that ensures key quality for the future.

Post-quantum cryptography
The need for stronger cryptography is driven by advances in both classical and
quantum computing technologies. Computers are getting so powerful that they
will eventually be able to break any encryption. This revelation came in 1994
when Peter Shor of Bell Laboratories showed that quantum computers, a new
technology at the time that could leverage the physical properties of matter and
energy to perform calculations, could efficiently solve cryptographic problems.
It is estimated that quantum computers may become available in the 2030
timeframe.

Table 2. Comparison of conventional and quantum security levels of some

popular ciphers
Algorithm Key length Effective key strength/Security level

Conventional computing Quantum computing

RSA-1024 1024 bit 80 bit 0 bit

RSA-2048 2048 bit 112 bit 0 bit

ECC-256 256 bit 128 bit 0 bit

ECC-384 384 bit 256 bit 0 bit

AES-128 128 bit 128 bit 64 bit

AES-256 256 bit 256 bit 128 bit

11 White paper
Secure optical transport with the 1830 Photonic Service Switch
To maintain security from classical attacks, NIST has already recommended
transitions from key sizes and algorithms that provide 80-bit security to key
sizes that provide 112-bit or 128-bit security (SP 800-131A). In 2015, to
provide security against quantum attacks, the National Security Agency (NSA)
announced changes to their Suite B of public cryptographic standards that
may be used to protect national security systems (NSS). NSA recommends
that 112-bit security strength is no longer sufficient for classified information
(CNSS Advisory Memorandum Information Assurance 02-15, July 2015). They
also indicated that none of the current asymmetric key algorithms that are
already certified provide protection from quantum attacks. However, if an
asymmetric key is needed ECDH with at least 192-bit strength could be used
for classified information. NIST indicates that symmetric keys at the AES-256
level are a sound method to address concerns for quantum attacks because
they provide some resistance to these attacks and can retain at least 128-
bit security strength as shown in Table 2. The Nokia 1830 PSS solution can
produce these high quality keys at the AES-256 level and can be refreshed
every hour to safeguard against a quantum computer attack that would take
a million years to brute force the key.

Key management
The two fundamental approaches to key management are centralized
and distributed. In a centralized key management approach, the keys are
computed off board in a single (central) physical location. In a distributed key
management approach, the keys are computed on every node and exchanged
in-band using asymmetric key exchange methods like Diffie-Hellman. Nokia
uses centralized key management because this approach provides a single
point of trust where the key management system assumes responsibility
for the entire life cycle.

Centralized vs. distributed key management

When implementing a public key infrastructure scheme, organizations must
choose either a centralized key management mechanism, in which a central
authority manages keys, or a decentralized model, in which each individual
user manages their own key pair.
The decentralized model does not scale well at the enterprise level: the
more users, the more individual sources of keys (and points of potential
vulnerability). And because of high-overhead, functions like key distribution
are difficult. Private key compromise can take place more quickly since,
without a central authority to verify user identity, organizations have to
investigate each provider of a public key to determine legitimacy.
The distributed key management approach where asymmetric keys are
used is computationally intensive and impacts every node, burdening the
enterprise infrastructure. That is, an asymmetric key is used to compute the
key used for data encryption negotiation (also called first phase), implying the
exchange of public keys. Thus the data encryption key is computed on the fly
upon reception of the public key. Using Diffie-Hellman each time a new key
is required on both targets heavily taxes the target CPU. Thus Diffie-Hellman
(or ECDH) requires significant processing power, as both cards, in addition to
encrypt/decypher data, must continually generate data encryption keys.

12 White paper
Secure optical transport with the 1830 Photonic Service Switch
Another issue with distributed key management is that end customers need
to trust service providers with their encryption keys. Anyone willing to put
encryption on wavelengths likely has a concern that fiber tapping is possible
by very sophisticated entities (Edward Snowden effect). To use distributed key
management techniques, customers must trust that these ground floor keys
embedded in the equipment have been kept safe from these sophisticated
entities.
Distributed key management also adds complexity in the management of
keys. In this configuration, every node in the system generates, revokes and
computes data encryption keys based on their policies. Thus it is difficult to
secure a distributed key management and the compromise of one node can
lead to disaster. In addition, since encryption in a distributed approach is done
at the card level, with line cards often residing in multi-tenant rooms, attaining
physical security is difficult and it is almost impossible to prevent a hacker
from having access to the node key generator.
Because of these issues, Nokia uses centralized versus distributed key
management. The main advantage of centralized key management is
the single point of trust where the key management system assumes
responsibility for the entire life cycle and literally becomes the “key authority.”
Keys and their associated policies are centrally generated and stored. Keys are
distributed to suitably authenticated and authorized applications or endpoints
on request where keys are ephemeral. The main advantages of a centralized
key management approach are:
• Single point of trust (single point to protect) – Key generation is enabled
from a single point of trust, helping the system operator to administer from
a single repository instead of from geographically distributed end points.
• Single point key revocation – The 1830 SMS provides a system-wide,
multi-tenant, single access point to force synchronized key rotation.
• Clear separation of tasks – A clear separation of duties exists in critical
applications, ensuring that no single administrator or privileged user can
weaken the system security or integrity of keys.
• Unified key management, encryption policies and system-wide
key revocation – Agile operation is permitted as part of system key
administration.
• Consolidated audit information – A system-wide, single point is provided
to extract and consolidate audit logs across different endpoints.
• Low-cost automation – The scripting and automation of the centralized key
management process is enabled to scale the system and reduce OPEX in
managing multiple scripts on multiple nodes.
• Simpler controlled access – Security is improved because key management
is done centrally, making it easier to physically secure the key management
infrastructure.

13 White paper
Secure optical transport with the 1830 Photonic Service Switch
Nokia 1830 Security Management Server
For complex security scenarios, such as those within large enterprise and
service provider environments, Nokia offers centralized key management
on the links supported by the 1830 PSS (see Figure 5). The Nokia 1830
Security Management Server (SMS) is a secure, scalable module that supports
management of the cryptographic life cycle of each encrypted wavelength
service—the keys generated to perform the encryption—as well as the
management of encryption key expiration, rotation and destruction, all of
which are vital operations required to support encrypted business-critical
communications.
The Nokia 1830 SMS enables enterprise IT organizations or service providers
to offer managed infrastructure services to their customers and stakeholders
while allowing them to keep full ownership and control of their own
cryptographic keys and encryption parameters. The 1830 SMS is necessary
to support scenarios where unique encryption keys must be used between
each sender and receiver pair, and these keys are frequently rotated as part
of encryption security best practices. It is a scalable solution for managing
keys from simple to complex deployments of encryption of connections
between data centers.
Elements of the Nokia 1830 SMS include:
• Centralized key management (key creation, expiration, rotation and
destruction)
• Clear separation of network and security tasks
• Unified policies for key management and encryption
• Common, unified key management across optical and microwave
transport portfolios
• Automated and scheduled key rotations
• Graphical view of security alarms.
Figure 5. Network and key management

IT operations Security operations

Enterprise IT Network Key 1830 SMS

management management

LAN LAN
Ethernet Ethernet
Server farm/ 7x50 SR 7x50 SR Server farm/
NAS server NAS server

Fibre Fibre
Channel Channel
SAN SAN
Secure L1
connection
Storage array FC/FICON 1830 PSS 1830 PSS Access server Storage array
switch

InfiniBand InfiniBand
HPC HPC

Mainframe Mainframe

Data center A Data center X

14 White paper
Secure optical transport with the 1830 Photonic Service Switch
The 1830 SMS enables enterprise and service providers to centralize security
and separates network management from security management tasks.
This is done with a proxy approach and two user classes: Administrator
and User. It is based on FIPS standard operating procedures and allows the
functions to be split so that Administrators set up the environment for users
to manage the keys and then Users manage security material. Automated
scheduled encryption key and Well Known Answer Test (WKAT) rotations allow
for enhanced security while decreasing operational expenditures. Where
encryption keys are often managed by separate CLI or craft interfaces, the
1830 SMS consolidates key management and overall network security and
gives the operator the option to manually or automatically manage key
encryption as required to meet security policies.
The Nokia 1830 SMS provides the following benefits:
• Centralized key management with single point of trust; one point
to protect from attack
• Network level synchronized key rotation and distribution
• Enhanced security and simpler operations through unified key management
and encryption policies
• Trusted key management with flexible access control, enabling network
partitioning into security areas for multiple customers
• Customizable key security parameters on assigned circuits to allow
enhanced end-user control
• Holistic network-wide view of security alarm and encryption services
• REST APIs exposing management functionalities to external SDN controllers
• High availability via replicated backup instance of the 1830 SMS on
warm-standby
• Offload computationally intensive cryptographic processing, enabling
more sophisticated security algorithms
• Strong hardware-generated keys (to match AES-256 bit encryption) to
guard against classical and quantum computer attacks
• Fully certified hardware and software by independent parties to meet
rigorous security standards: Common Criteria Evaluation Assurance,
Federal Information Processing Standards (FIPS) and “Agence Nationale
de la Sécurité des Systèmes d’Information” (ANSSI) certifications.

Conclusion
The continued growth in business-critical data demand arising from corporate,
data center, and cloud applications that need to connect across facilities
has led to the need for increased optical transport network security against
external attack. The Nokia 1830 PSS has proven to be effective at offering
high-capacity optical DWDM connectivity with low latency encryption. The
1830 PSS portfolio addresses growing security challenges through optical
innovations that enable secure transport while ensuring confidentiality,
integrity and availability of in-flight data. These capabilities include controlled

15 White paper
Secure optical transport with the 1830 Photonic Service Switch
access to key infrastructure, protection of optical data links via encryption of
in-flight data, the use of secured network management protocols protecting
management traffic, and intrusion prevention and detection capabilities
enabled via Nokia Wavelength Tracker technology. These, coupled with
the Nokia 1830 SMS supporting the management of keys (key generation,
distribution, expiration, rotation, and destruction) throughout the entire
cryptographic life cycle of each wavelength, deliver a comprehensive and
secure solution for the transport of business-critical data.
For additional information about secure data transport via the 1830 PSS
portfolio, please visit https://networks.nokia.com/solutions/secure-optical-
transport.

Acronyms
10GE 10 Gigabit Ethernet NE network element
AES Advanced Encryption Standard NIST National Institute of Standards and Technology
ANSSI Agence nationale de la sécurité des systèmes NMS network management system
d’information
NSA National Security Agency
ANSSI QS Qualification Standard skill level by ANSSI
OTN Optical Transport Network
CC Common Criteria
OTU2 Optical Transport Unit 2
DCI Data Center Interconnect
PCI DSS Payment Card Industry Data Security Standard
DDR Double Data Rate
PSS Photonic Service Switch
DWDM dense wavelength division multiplexing
QPEN Quad Port Encryption Transponder
EAL3+ Evaluation Assurance Level 3+
OTDR optical time-domain reflectometer
EC Equipment Controller
RADIUS Remote Authentication Dial-In User Service
ECDH Elliptic Curve Diffie–Hellman
RSA Rivest, Shamir, and Adleman
FC Fibre Channel
SAN storage area network
FERPA Family Educational Rights and Privacy Act
SAS 70 Statement on Auditing Standards No. 70
FPGA Field Programmable Gate Array
SMS Security Management Server
FICON Fibre Connection
SNMP Simple Network Management Protocol
FIPS Federal Information Processing Standard
SNMPv3 Simple Network Management Protocol version 3
GLBA Gramm-Leach Bliley Act
SOX Sarbanes-Oxley Act
HIPAA Health Insurance Portability & Accountability Act
SSL Secure Sockets Layer
IPSec IP Security
TOE target of evaluation
MACsec Media Access Control Security
TLS Transport Layer Security
MPLS Multiprotocol Label Switching
uBCM Micro Board Control Module
NAS network attached storage
WKAT Well Known Answer Test

16 White paper
Secure optical transport with the 1830 Photonic Service Switch
References
1. GO-Gulf, “Cyber Crime Statistics and Trends [infographic]”, 17 May 2013:
http://www.go-gulf.com/blog/cyber-crime/
2. Heavy Reading, December 2015, “The Lower the Better: Encrypting the
Optical Layer”
3. National Institute of Standards and Technology. FIPS Publication 140-2:
Security Requirements for Cryptographic Modules. May 25, 2001.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
4. National Institute of Standards and Technology. FIPS Publication 197:
Advanced Encryption Standard (AES). November 26, 2001
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
5. Nokia 1830 PSS: http://networks.nokia.com/portfolio/products/1830-
photonic-service-switch
6. Nokia 1830 PSS Security Target: https://www.commoncriteriaportal.org/
files/epfiles/1830-photonic-vr70-sec-eng.pdf
7. Secure Solutions for Data Center Connect: http://resources.alcatel-
lucentcom/?cid=153738&REFFER=alu.prod.detail.en%20%7C%20
1830%20Photonic%20Service%20Switch&REFERRER=alu.prod.detail.
en%7C1830%20Photonic%20Service%20Switch
8. NIST Report of Post-Quantum Cryptography: http://csrc.nist.gov/
publications/drafts/nistir-8105/nistir_8105_draft.pdf
9. Information Security and Privacy Advisory Board (IPSAB): http://csrc.nist.
gov/groups/SMA/ispab/documents/minutes/2015-10/ispab_meeting_
minutes_october-2015.pdf
10. Q
 uantum Resistant Algorithms presentation: http://csrc.nist.gov/
groups/SMA/ispab/documents/minutes/2015-10/oct21_stanger_final_
approved_nsa.pdf
11. C
 NSS Advisory Memorandum Information Assurance 02-15 July 2015:
https://www.cnss.gov/CNSS/issuances/Memoranda.cfm

Nokia is a registered trademark of Nokia Corporation. Other product and company names
mentioned herein may be trademarks or trade names of their respective owners.

Nokia Oyj
Karaportti 3
FI-02610 Espoo
Finland
Tel. +358 (0) 10 44 88 000

Product code: SR1707013793 (July)

© 2017 Nokia nokia.com