Professional Documents
Culture Documents
Authentication
Phishing, Spam Applications Network forensics
Social Engineering Attacks Provision, maintain, monitor User Training
Trusted Infrastructure
Security of supply, regulatory compliance, certifications
W Whitepaper
The transport layer is fertile ground for a variety of attacks. provisionable routes, allow the incorporation of new network
Normally considered safe because of the high level of elements into the network, and build and revert protection
sophistication required to successfully attack transport paths. As networks get ever more sophisticated, incorporating
equipment, the transport layer is also usually left undefended. colorless and directionless Reconfigurable Optical Add-drop
This means a sophisticated adversary can deny Multiplexers (ROADMs), intelligent packet routing, and true
communications capabilities, disrupt information operations, mesh protection, the control plane will affect more critical
and gather information from the transport layer. Transport layer parts of the network.
protocols (SONET, SDH, Optical Transport Network [OTN],
Ethernet) lie below the IP layer and are therefore potentially To a first order, the control plane consists of messages that
more secure, because the protocols are not IP-based and not are passed either in and out of band wavelength or in packet
vulnerable to IP-centric threat vectors. However, the transport headers, with logic in the network element that acts on the
layer also can be more vulnerable, since the myriad cyber contents of the message. It is important to protect both
defense technologies have been developed mostly for IP, not elements of the control plane, since disruption of either the
for the transport layer. In addition, although the data plane is messages or the logic that acts on these messages can cause
not IP-based, it still relies on the IP protocol suite for network erratic operation of the transport system, disruption in content
management and control planes. Therefore, transport layer delivery and accuracy, or expose the network architecture and
management and control planes remain highly vulnerable to operational details to unauthorized entities.
IP-centric threats.
The primary tool for protecting data in flight is encryption—
Intelligent Control Planes also the best solution for protecting the control plane. Since
the message transmit and receive functions generally are
The control plane is the heart of transport system equipment,
buried deep in the logic controllers of transport devices, it is
as it is the mechanism network elements use to communicate
important to have transport equipment vendors incorporate
with each other to control component settings, build
a Federal Information Processing Standards (FIPS)-compliant
OSS
TMF MTOSI
Multi-layer
DCN Multi-domain
Network is SCN
the Database Discovery Topology Exchange Path Installation
2
DROP Side ADD Side control lists to control network topology so unauthorized
Express to 2 Functionally network elements cannot appear on the network and be
Degree 1 Identical to
Express to 3 discovered by valid neighbors. The combination of an alien
WSS Drop
DEGREE 1 network element combined with hijacked code can be
devastating to network security, as the network element
can act against the interests of the network operator without
Express to 1
Degree 2 any visibility to the network management system.
Express to 3
WSS
DEGREE 2
ROADM Evolution: Colorless and Directionless Transport
Express
to 1 The ROADM is one of the key building blocks of a meshed
Degree 3
Express transport architecture. During normal operation, the ROADM
WSS to 2
DEGREE 3 allows network paths to be reconfigured so a wavelength can
traverse a different path to its destination. This is particularly
useful during network disruptions and network surge events.
DS-CCMD DS-CCMD
Add/Drop λ5 (Tb/s) Add/Drop
50/50
Next- coupler λ2 λ10 λ14 λ29 Next-
Generation Generation
Photonic Photonic
Switching λ5 (40 Gb/s) Switching
3
Coherent Transmission System
X-pol I
X-pol Q
Polarization
Phaze Shift Analog to Digital Clock and
Beam
Splitter X-pol I Digital Signal Data
Phaze Shift Converter Processing Recovery
X-pol Q
A critical technology that enables these new transport extensions to the IP protocol to make flow controllers
solutions is the coherent receiver, which uses a local oscillator Layer 1-aware, which could allow bandwidth expansion or
to tune to specific frequencies instead of fixed filters, enabling contraction to reduce congestion and make the routed
true wavelength agility in the optical network. While this network much more efficient.
provides tremendous flexibility and allows efficient network
architectures to be constructed, it also means that the full The most common argument for IPoDWDM is efficiency, with
range of Dense Wavelength Division Multiplexing (DWDM) fewer components and less space and power needed to run
wavelengths could be available at any port on the ROADM the network. While this may make short-term sense, it is an
node. In other words, any receiver can tune into any channel unwise architecture from a network security perspective. IP
on the path. For this reason, line rate encryption of the data architectures work as well as they do because they rely on a
should be used at all times. reliable, stable, and predicable transport infrastructure that
compensates for many small network disruptions on a much
IP over DWDM (IPoDWDM) faster time scale than the round-trip packet time of an IP
transaction. If every fiber cut, card failure, or maintenance
Another interesting transport technology evolution is IP
action were to be addressed by the routing engines, this has
directly over DWDM, with no intervening protocols like SONET
the potential to increase congestion and reduce stability in
or OTN in between. This technology has been advocated by a
the network. Furthermore, once problems do develop, there
number of vendors and is another way to collapse the network
are no underlying protocols to limit the spread of trouble
and try to make it more efficient. Active research exists on
and assist with diagnosis and repair.
Network 2
Network 1 Encryption
Encryption
Network 1
Encryption
Encryption
Encryption Network 3
Encryption
Network 2
Network 3
4
As an alternative to IPoWDM, an architecture that uses
Carrier Ethernet as a support infrastructure to optimize the
performance of the routed network has substantial advantages.
5
Unused ports on the DWDM or OTN switching equipment are detected. In addition, there may be a number of access points
also potential vulnerabilities. for maintenance that are accessible to anyone with physical
access to the device. These ports should be locked down,
The use of coherent receiver technology in current-generation and enabled only during authorized maintenance intervals.
transport systems does not mitigate the threat of intrusions,
Baselines
but it does significantly increase the difficulty and level and
One of the most powerful tools for tracing anomalies in the
sophistication required to snoop. The real-time digital signal
network is a current baseline that network operators can use
processing capability that removes impairments from
to determine the expected behavior of the network. This
chromatic dispersion and polarization mode dispersion
concept applies to attributes of the physical fiber, power
must be replicated by the intruder. Next-generation optical
levels, wavelength plans, and traffic flow density and utilization.
transport technology—which shares the digital signal
Baselines should be established on a regular basis and after
processing load between the transmitter and the receiver,
any significant change. Baseline data should be scrutinized
with a communication channel required between transmitter
by network architects to ensure that the baseline behavior
and receiver—will make detecting useable information from
conforms to operator expectations.
within the transport system extraordinarily difficult.
Logs and monitoring
In addition to the inherent security advantage of requiring Transport equipment produces an enormous amount of
sophisticated digital signal processing algorithms to restore log-able data that is routinely monitored by network operators.
the information content of the signal inside the system, the Comparing this data to baseline data is an outstanding tool
coherent receiver also takes sensitive measurements of the for detecting anomalous behavior on the network. It is
physical fiber characteristics of the transmission path. Older, recommended that this data be archived to assist in forensic
slower networks were based on direct detection technology analysis after an event.
that measured the optical power of the incoming signal. A
Deterministic packet flow architectures
coherent receiver measures the actual electric field, so all
Modern control plane architectures are designed to be as
information about the phase, polarization, and intensity of the
flexible and efficient as possible. While this provides the most
incoming pulse is preserved. These physical attributes of the
cost-effective network, it also introduces a level of complexity
incoming light pulse can be analyzed to determine changes
for network security, as the network state normally changes in
in the transmission path. These measurements then can be
response to traffic and environmental factors. One option is to
monitored and compared against baseline data to detect
introduce as much deterministic behavior into the transport
changes to the transmission path due to tampering or other
architecture as possible. Deterministic behavior is easier to
causes. This analysis can be used to construct an intrusion
monitor and detect anomalies. One potential tradeoff is to use
detection system that is not an added component but an
deterministic paths for working paths and dynamic restoration
inherent part of the network technology.
for protection. This leaves the network static most of the time
without significantly reducing network resilience in response to
Defense Strategies
events, at the expense of a more complex provisioning process.
Physical Security
Information Security
Transport layer optical networking equipment is designed for
The use of encryption to safeguard data in flight is a well-
rapid turn-up of new services, with plug-and-play card turn-up
established technique for protecting information. The same
and a number of maintenance ports that are easily accessible.
level of confidentiality can be extended to protect network
Furthermore, this equipment allows considerable ability to
infrastructure when encryption is used on the management,
configure and adjust the physical parameters of the equipment
control, and data planes as part of a complete defensive
from the craft interfaces. For these reasons, it is important to
strategy. Other benefits include the ability to mask enclave
limit physical access to the equipment to only authorized
details from the body of the network and limit the potential
technicians.
to derive intelligence via monitoring of network usage.
Port Security
Supply Chain
As noted above, ports on transport equipment are designed
The supply chain for components, subsystems, and software
to discover new services automatically and integrate seam-
in the modern technology arena is global in nature. Malicious
lessly into the network. It is important to monitor any ports
tampering and intentional or unintentional withholding of
that are intentionally unused to ensure unauthorized activity is
critical parts are all part of supply chain vulnerabilities.
6
Transport Control Plane support to Cyber Operations
Transport
Network
Infrastructure
There are, however, some key supply chain initiatives that can Conclusion
keep the supply chain risk as low as possible. It is important that
The transport layers are key parts of the overall network and
vendors’ supply chain plans include an approved supplier list
are vulnerable to cyber attacks from sophisticated adversaries.
as well as a periodic assessment of supplier performance. For
To create a truly assured network, one must provide protection
example, a performance assessment of supply chain disruption
at all levels of the network architecture to ensure the network
can evaluate vendors’ performance during recent natural disasters
can meet demanding network requirements, is reliable in the
such as the tsunami in Japan or the flooding in Thailand.
face of a variety of failure and attack scenarios, and is secure
against both direct and indirect cyber attacks. Although
Outstanding vendors will conduct a vulnerability assessment of
transport layer attacks are much rarer than other types of
their supply chain that measures not only the surety of supply
attacks that require less sophistication, network architects must
but the country of origin of critical control-related components.
assess the potential cyber vulnerabilities of their transport
Robust testing programs with internal security controls can
equipment. In many cases, it is possible to work with transport
prove that logic chips are manufactured as designed and
vendors to add a technical mitigation to the vulnerability.
overall designs are consistent with intended performance.
Today’s transport technologies have mitigations at the physical
layer through the use of coherent receiver and ROADM
Active Defense
technologies, at the OTN layer through robust and dynamic
In addition to passive techniques for addressing threats to
control planes, and at the Ethernet layer through the use of
network infrastructure, emerging technologies enable active
virtual tunnel technology to isolate packet flows. In cases
reactions and mitigations. In response to network sensors
where a technical solution is not practically or economically
and threat information, networks will be able to reconfigure
feasible, oversight resources can be concentrated on the
dynamically to isolate problem areas and maintain mission
largest vulnerabilities that remain, further securing the network.
effectiveness.
Ciena may from time to time make changes to the products or specifications contained herein without notice.
Copyright © 2014 Ciena® Corporation. All rights reserved. WP097 5.2014