DSD 72B-SP(RI) SONET/SDH Encryption

 
DSD 72B-SP SONET/SDH encryption

Strategic-Level SONET/SDH Encryption (Ruggedized) for Governments and Enterprises

DSD 72B-SP (RI) ruggedized industrial SONET/SDH encryption provides strategic-level path encryption and secure communications of voice, data and video transmitted over fiber optic networks. Protocol agnostic and with automated KEYNET key and device management, DSD 72B-SP (RI) SONET/SDH encryption is a cost-effective, secure communications solution for global mission-critical networks.


Product Benefits

  • Strategic-level data protection
  • Interoperable with industrial and military SONET/SDH encryption variants
  • Wirespeed 155.52 Mb/s and 622.08 Mb/s performance
  • Flexible configurations
  • AES 256-bit
  • National algorithm easily integrated
  • Layers of protection
  • No network modification or performance impact
  • Cost-effective investment
  • Easy to deploy, monitor and manage

Optical Data Encryption


SONET/SDH Encryption Seamlessly Overlays on Networks

With full compliance to the SDH/SONET standards, the DSD 72B-SP (RI) SONET/SDH encryptor integrates as a network overlay on existing or new networks—no network modification is required and network performance is not affected. With protocol-agnostic path encryption, DSD 72B-SP (RI) SONET/SDH encryption is only required at network end points. Individual path virtual container data payloads are encrypted, leaving path overhead in the clear for unrestricted network switching of each virtual container with no plaintext exposure of the path-encrypted payload.


Data Protection

Networked fiber optic lines are vulnerable to interception. Leasing commercial fiber optic circuits as part of an organization's network infrastructure potentially exposes data at repeaters, adjunct multiplexors, switches and digital cross connects. Even where network elements are under the control of the user, fiber optic lines themselves can be tapped anywhere along the path. The risk is magnified by the high volume of data on these links, making fiber optic networks a target for an adversary to attack.


Cryptographic Strength of SONET/SDH Encryption

DSD 72B-SP (RI) SONET/SDH encryption is FIPS 140-2 Level 3 designed, hardware-based encryption solution with full line-rate performance. All peer-to-peer communications are secured with no data bandwidth impact. The DSD 72B-SP (RI) comes in a rugged, anti-tamper enclosure and is 19" rack-mountable. Three-tier symmetric key management with lossless automated key changes and multiple independent path-dedicated data encryption engines using the AES 256-bit algorithm maximize protection. Optionally, national algorithms can be integrated without hardware modification.


KEYNET Optical Manager for DSD 72B-SP SONET/SDH Encryption

DSD 72B-SP (RI) SONET/SDH encryption and its interoperable industrial and military variants are centrally deployed, configured and managed by TCC's advanced KEYNET Optical Manager. KEYNET is a Windows 7 rack mount server with tamper-proof security vault. Multiple layers of protection secure keys at every point in their life cycle with limited human intervention.

KEYNET Optical Manager also provides user-authenticated, role-based secure device management, as well as path configuration and monitoring that supports network policies (blocked, plain, secure). With an intuitive user interface and automated polls, alarms and logs, a network expert is not needed for trusted key and device management of a large network.


DSD 72B-SP frame-sensitive SONET/SDH encryption network


SONET/SDH Encryption Specifications

Network

 Supports both SONET and SDH protocols

 Transparent handling of SONET/SDH section & path headers

 Adaptable payload configurations

 OC-12/STM-4:

  • 1 x VC-4-4c (concatenated payload)
  • 4 x VC-4s
  • 3 x VC-4 and 3 x VC-3s
  • 2 x VC-4 and 6 x VC-3s
  • 1 x VC-4 and 9 VC-3s
  • 0 x VC4s and 12 x VC-3s

 OC-3/STM-1:

  • 1 x VC-4
  • 3 x VC-3s

 Seamlessly works with network elements anywhere in the network path without exposure of unencrypted data payloads


Interfaces

 Transceivers for each line I/O interface

  • STM-4 (OC-12) @ 622.08Mbps - optical
  • STM-1 (OC-3) @ 155.52Mbps - optical
  • ITU-T G.703 STM-1/ES1 (§15) @ 155.52Mb/s - electrical

Device Management

 Remotely via KEYNET Optical Manager (or at device via CLI)

 Messages encrypted and authenticated with SNMP and TCC secure subset

 Key changes handled without traffic interruption

 Dedicated device management key used for each device

 Cryptographically authenticated access controls

 Interoperable with DSD 72B-SP (RI), and DSD 72A-SP (STM)


Encryption Algorithm

 AES-256 - standard

 National algorithm


Key Management

 Symmetric key with three-level secure key management

 Remote, online management with KEYNET Optical Manager

 SHA-256 integrity and authentication


Functional Design

 Ruggedized enclosure

 Anti-tamper package design

 MIL-SPEC components

 Highly reliable under adverse environmental conditions

 Standard 19" rack mountable

 Operational temperature: -20°C to +55°C

 Power Options:

  • 100V to 240VAC / 50Hz, 60Hz, 400 Hz
  • -48VDC (-18VDC to -60VDC)

Quality

TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing.


Cipher One

CipherONE® Optimized Network Encryption

Our solutions meet TCC's CipherONE Optimized Network Encryption best-in-class criteria for maximum cryptographic strength, and are optimized for performance and ease of use for our customers.

Read More