How to ensure the security of transmission in urban fiber networks? Part 2.
Physical transmission security is the foundation of any well-designed network and protects us from accidental damage. But even full redundancy is insufficient if we do not apply the appropriate encryption mechanisms.
At the beginning, it is worth considering the risks associated with the risk of eavesdropping on data transmission. What are the eavesdropping methods? We are dealing with several ways that differ in both efficiency and detectability.
Methods of wiretapping data transmission
The simplest form of eavesdropping is based on the use of an additional element that acts as a signal splitter. Thanks to it, the optical signal is directed to two independent paths. Sounds easy? Maybe so, but any interference of this type requires a physical interruption of the transmission. This means that the systems monitoring the network will respond almost immediately, signaling a problem.
Another, more advanced way is to try to gain direct access to the fiber optic core. This involves removing the outer shell and sticking an additional core, to the one in which the proper signal runs. This approach, although theoretically possible, is extremely difficult to implement in practice. This is an option reserved more for laboratories than real threat scenarios. Similarly, practically impracticable in conditions outside the laboratory, is eavesdropping by cutting the sheath of the fiber and inserting an additional core.
The eavesdropping method, which takes advantage of the natural properties of the fibers, is also extremely intriguing. Each optical fiber has its own specific bending radius. If this radius is exceeded accordingly, part of the signal will enter the fiber mantle, from where we are able to capture and analyze it. Just 1 percent of the optical power is enough to read the signal from the fiber.
Optical fiber and signal quality monitoring
Despite the fact that eavesdropping methods are not easy, attention to high standards of security and monitoring in fiber optic networks is absolutely crucial. Diagnostic devices such as optical reflectometers (OTDR) help with this. They allow 24-hour surveillance of optical fiber parameters and signal quality.
Importantly, these devices can be integrated into the active transmission infrastructure without disrupting its operation. Thanks to this, any unauthorized access attempts or manipulations on the fiber are immediately detected.
If someone tries to hijack the signal through a physical violation of the fiber, we notice a sudden deterioration in parameters such as attenuation. This allows immediate intervention and prevents potential attacks.
Layer One Data Encryption
Monitoring is one side of the coin; the other is security mechanisms. The most common practice is to encrypt data on the second or third layer of the OSI model. Switches and routers can secure transmission, but there are also layer-one encryption methods. The algorithms are similar to those used in higher layers and allow the protection of various protocols and client services. Encryption on this layer further enhances transmission security, and
thanks to the configuration on devices such as muksponders, we have control over which transmissions are encrypted.
Quantum cryptography: a revolution in the exchange of bit keys
In the context of encryption, the key issue is key exchange. Although AES algorithms with 256-bit keys are virtually unbreakable, their most critical element is key exchange. The Diffiego-Hellman algorithm is used for this, which, despite its effectiveness, is not free from flaws. Man-in-the-middle attacks are possible if an attacker acts as the receiving host and takes over the key. This challenge underlines the importance of both continuous monitoring and the use of multi-layered security mechanisms.
The critical issue of exchanging encryption keys can be solved using quantum cryptography. In this case, the key is generated separately by an external device using the so-called quantum stream (Q-channel), which makes it much more difficult for potential attackers to intercept it. It is a very fresh technology that has already been included in the Salumanus portfolio.
summary
When it comes to the security of data transmission in fiber optic networks, you cannot rely solely on physical safeguards such as redundancy. It is also necessary to use advanced encryption mechanisms that will secure our data at the stage of its transfer. And with new technologies like quantum cryptography, we can take this level of security to an even higher technological level. Learn how to apply these methods in your institution or business. Write: sales@salumanus.com
Also read: How to ensure the security of transmission in urban fiber networks? Part 1.