Encryption Layer 1

Our data is constantly transmitted over ever greater distances, while the transmission speed increases. In sectors such as finance, medicine and large enterprises, it is crucial to ensure the security of the information transmitted.

Layer 1 (OSI: physical) optical encryption is one of the most secure mechanisms to protect data as it is transmitted over fiber optic cables. Compared to traditional Layer 1 and Layer 2 encryption methods such as MACsec and IPsec, it offers significant operational benefits. It does not generate redundant data, providing full bandwidth without latency, and guarantees comprehensive network security.

Layer One encryption is provided by:

1. Confidentiality: Protects information from unauthorized access.
2. Data integrity: ensures that messages have not been altered.
3. Authorization: confirms the identity of both parties to the communication.

This solution enables secure encryption of voice, data, video, and protocols such as Ethernet, Fibre Channel, SDI and CPRI. Eliminates redundant data, enabling encryption at full line speed and 100% data throughput.

To prevent the data from repeating, a clear marking of the data is used, for example, through a counter. In the context of encryption platforms, adopting specific requirements and policies, it is recommended to use Layer 1 encryption with a key length of at least 256 bits (GCM-AES-256).

Advanced Encryption Standard (AES) is an encryption method that uses 128-bit blocks of data and a 256-bit key. In short, it converts plain text into encrypted text, doing so in a few steps, which makes it difficult to crack.

AES-GCM is a special version of AES that not only encrypts data, but also checks its authenticity and integrity. That is, in addition to the encryption itself, it checks that the data has not been altered and that it comes from a trusted source. In this process, four elements are used: a secret key, a special start number (IV), the original text and optionally additional data for verification of authenticity. At the end, you get an encrypted text and a special tag that confirms that the data is authentic.

AES-GCM has certain rules regarding the length of the start number (IV) - it must be 12 bytes (96 bits), and the tag - 16 bytes (128 bits). There is also a version of AES-192-GCM, but it is not possible to change the length of the IV or the tag.

Learn more about Layer One encryption: How to secure the transmission on layer one? - (redirect to subpage)

QKD Quantum Encryption Key Exchange

Quantum key exchange (QKD) is an advanced technology that uses the principles of quantum mechanics to create secure encryption keys.

QKD allows two users to create a shared secret key that is known only to them and is used to encrypt and decrypt the information they transmit. This process guarantees extremely secure encryption keys that are resistant to hacking or eavesdropping thanks to the application of the principles of quantum physics.

QKD is capable of detecting any attempts by third parties to breach the encryption key, by monitoring the quantum system and identifying any interference that may be inadvertently introduced by those attempting to eavesdrop.

QKD implementation can be done using a dedicated fiber optic or existing wavelengths in DWDM networks. QKD can be used for this both C-bands and O-bands (1310 nm). The encryption bits are transmitted over a quantum channel (Q-channel), either over a dedicated fiber or over an existing wavelength.

QKD Architecture

Each data encryption and decryption (SAE) node receives new quantum keys from the local key management node (KME) using a secure REST API. The KME nodes, supplied by the manufacturer QKD, generate quantum keys using the QKD method, which allows the creation of identical keys for both sides of the communication.

QKD by dedicated fiber optic

The quantum channel is sensitive to distance and interference, which can weaken the signal, especially over long distances. The use of additional devices, such as a multiplexer, can degrade the signal.

The use of a special, unused fiber (dark fiber) only for the QKD channel improves the transmission quality. This requires the establishment of a special wavelength for the clock (in the C band) between the QKD devices.

QKD through the same fiber‍

In this method, separate wavelengths are determined for the clock (C band) and the Q channel (1310 nm), which are mixed with the waves for data transmission. This method is less expensive because it does not require additional fiber infrastructure, but using the same fiber for both purposes introduces interference, limiting QKD coverage.

Fiber Optic Diagnostics and Monitoring

Fiber optic is the backbone of modern telecommunication networks. However, to ensure the continuity and efficiency of these networks, advanced monitoring and diagnostics are necessary.

Detecting and locating faults in a fiber optic network is the first step in ensuring its reliability. Thanks to the use of optical reflectometers (OTDR), technicians can precisely identify the places of breaks or bends in the fiber. These devices, by sending light pulses and analyzing the reflected signals, allow you to quickly diagnose and fix potential problems.

However, the location of the damage itself is not everything. Regular monitoring of the quality of the optical signal is equally important. Analysis of parameters such as signal attenuation, dispersion or signal-to-noise ratio (SNR) allows you to maintain high network performance. In DWDM networks, where multiple wavelengths are used, bandwidth management becomes crucial for optimal resource utilization.

Accident prevention is another important aspect. Monitoring systems, by analysing the trend in signal quality deterioration, can predict potential problems, enabling intervention before a failure occurs. This proactive approach is invaluable in maintaining the continuity of the network.

It is also impossible to ignore the influence of environmental conditions, such as temperature, on the performance of fiber optic fibers. Monitoring these factors is essential to ensure optimal network operating conditions.

Integrating fiber monitoring data with general network management systems (NMS) allows for a holistic approach to infrastructure management. Thanks to this, it is possible not only to track the current state of the network, but also to plan future extensions or modifications.

In the age of digitalization and automation, remote network management is becoming the standard. Modern monitoring systems enable remote diagnosis and network management, which is crucial in large networks and hard-to-reach places.

The last but equally important aspect is network security. Fiber optic monitoring includes the detection of unauthorized access attempts or physical damage that may be intended to intercept data.

Fiber diagnostics and monitoring not only protects against failures, but also ensures optimal network performance and security. In a digital age where data flows at the speed of light, the importance of these processes in maintaining the health and efficiency of our telecommunications arteries cannot be underestimated.

Check out how we can help you with fiber optic diagnostics and monitoring: sales@salumanus.com

Redundancy in Transmission Systems

Redundancy in transmission systems is having additional, backup components or data transmission paths that can take over the role of the main elements in the event of their failure. It's like having a spare wheel in your car — you don't use it every day, but when the need arises, you're grateful to have one.

The main purpose of redundancy is to ensure the continuity of the network. In the event of a failure of one element, the system automatically switches to a spare element, minimizing downtime. It is also a way to increase the overall reliability of the network. The more redundancy, the lower the risk that the failure of one element will cause serious problems.

Implementing redundancy involves several aspects:

• Hardware Redundancy - is the possession of additional devices such as routers, switches, servers, which can be quickly turned on in the event of a failure.
• Redundancy of data transmission paths - creating alternative paths for the data so that in case of failure of the main path, the data can be redirected along a different route.
• Power Redundancy - Providing alternative power sources is crucial, especially in data centers.
• Geographic redundancya - the placement of key elements of the network in different geographical locations, can protect against the effects of local failures.

Redundancy is not just about adding hardware. It is important that the system is designed in a way that allows smooth switching between elements without disrupting the operation of the network. In addition, you should regularly test redundancy systems to make sure they are working properly.