1

SENETAS

“FIBRE OPTIC CONNECTIONS ARE SECURE - RIGHT?”

Senetas Europe

High Performance Encryption Solutions

Securing Data In TransitGraham WallaceIan Greenwood

Company overview• Senetas Europe,

based in Basingstoke is a wholly owned subsidiary of Senetas Corp. Ltd. Australia

• An Australian ASX listed engineering company

• Developing high speed network encryption technology since 1997

• Currently sold to more than 35 countries globally

Senetas Security Products Portfolio

Technology Differentiators

• Layer 2 encryption for performance & simplicity

• Constant low latency (<7us) even on voice/video links

• Retains full network bandwidth

• Ideal for 1GB/10GB datacentre fibre links

Tapping Optical FibreThe Fact and the Theory

Why would someone tap an optical link?

• Live networks and back-up systems run remotely on high speed optical fibre

• Optic Fibre NOT secure• Readily available fibre tap device

bought on Net• Intrusion undetected by

information sender or receiver• 480 million km of fibre deployed• IDC estimates that only 30% of the

digital universe is subject to security applications.

How - Clip on Coupler

• We can already prove that fibre can be tapped.

• What is contentious is whether this risk can be mitigated against without the need for encryption.

How - Light Touch Techniques

• The effect of this technique is similar to splicing.• The extent to which the fibres are polished will

decide on the tap ratio. This can be as low as 1% but up to 20% would be likely to be undetectable.

How - Light Touch Techniques

The polished evanescent wave coupler is based on bringing the cores of two fibres close together by removing part of the cladding and optically contacting the polished faces. By this process, the two cores behave as if they are contained within the same cladding.

Evanescent Wave Coupler - Jigs

Patents for fusing fibres

• Once you can splice there are a number of patented techniques for fusing more than one fibre WITHOUT breaking the original.

• You can check out:– US 4989939– US 5410626– US 6862385

Main Message

‘If your data is worth millions then it’s worth spending thousands to get it’

• We do not suggest this is a trivial enterprise• Nor could it be done by novices• But we do suggest that this kind of attack is possible

for moneyed and motivated people

Senetas CN range of Encryptors summary

• Encrypts ALL the contents of Ethernet and Fibre Channel frames • Full duplex line-rate encryption up to 10Gbps < 7 microseconds

latency• All Senetas solutions centrally managed by CypherManager• Certified - FIPS 140-2 level 3, Common Criteria EAL4+, CAPS IL3

baseline• Ideal for Point to Point fibre links and MPLS Services• Flexible licensing from 10Mbps to 10Gbps

EAL4+

Securing Data in Transit

Thank you for your attention.

Any Questions?