WaveLogic Encryption
Paulina Gomez, Product Marketing
Patrick Scully, Product Line Management
November 2017
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary.
�Securing the network and customers’ data is top of mind
Increasing Data Security Risks Critical data is in-flight…
HIGH CAPACITY
ls
Crossing cities and borders
Escalating Threats And Breaches Fiber optic cables can be a
vulnerable asset
More than
5.3 Billion
Records
Breached 52% of businesses
have suffered at least one
security incident last yr1
Sources: 1. Experian® Data Breach Resolution and Ponemon Institute LLC. (2016, September).
Is Your Company Ready for a Big Data Breach? Retrieved from Experian.
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary.
2. Breach Level Index
2
�The stakes have never been higher with severe consequences
The Cost of Data Breach Cannot Be Ignored
Losses to an organization include:
• Damaging reputation/brand
• Lost revenue
• Lost customers
New Laws and Heavy Fines
EU General Data Protection Regulation (May 2018) LAWS in the UNITED STATES
• Companies must take technical & organizational measures • 23 NYCRR Part 500: financial companies must comply with
to prevent breaches and to minimize their impact audit trails, data retention & encryption of non-public data.
• Fines up to € 20M or 4% of global • 47 states require notification of a personal data breach. 31
annual revenue states require entities to destroy or make data unreadable
Encryption of in-flight data minimizes the risk of impact to individuals affected by a data breach.
* Sources: IBM and Ponemon Institute LLC. 2016 Cost of Data Breach Study: Global Analysis.
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 3
� Any
Protocol
10G10G / 100G
/ 100G / 200G
/ 150G / 200G
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 4
�WaveLogic Encryption: Ultra-low latency, wire-speed encryption for all in-flight data
WaveLogic 3 Extreme WaveLogic Ai
4x10G OTR Line Card FOTR
10G Programmable Programmable
encryption 100G / 200G encryption 100G to 400G encryption
Dec 2015 March 2016 2H2018
Protect customer data, take measures to minimize the impact of breaches & avoid heavy fines from new regulations
Waveserver R1.4 (1Q17) Waveserver R1.5.1 (4Q17) Waveserver Ai R1.2 (2Q18)
4x 100G AES-256-CTR 4x 100G AES-256-GCM 4x 100G AES-256-GCM per sled (12x total)
(Counter Mode) (Galois Counter Mode)
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 5
�Ironclad optical encryption with highly robust security features
Authentication Keys
Use of X.509 certificates enables
ü X.509 certificate-based authentication
seamless integration into industry
standard Public Key Infrastructure (PKI)
Encryption Session Keys
ü a new key every second
ü AES-256 certified
Best-in-class encryption with the highest level of in-flight data security
Offers distinct keys for authentication & encryption functions making it more difficult to infiltrate vs a solution that
Two separate sets of keys uses only one set of keys or derives one key from the other
Provides fast, hitless key rotation each second making it much harder to crack the encryption algorithm vs a
To-the-second key rotation solution with a slow key rotation period of minutes or longer
Elliptic Curve Cryptography Deploys ECC algorithms that require smaller keys to achieve the same level of security as 1st-gen public key
(ECC) algorithms & includes support for Suite B requirements mandated by government agencies
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 6
�6500 WaveLogic Encryption: effortless 10G,100G & 200G encryption
Enables ultra-low-latency, protocol-agnostic, wire-speed encryption
Offers SW selectable modulation enabling:
100G encryption (QPSK) & 200G encryption (16QAM)
SIMPLIFIED KEY MANAGEMENT ADVANCED SECURITY FEATURES
ü FIPS-compliant Advanced Encryption
Standards (AES256) encryption
HTTPS ü Separate sets of keys for authentication
& encryption
ü Fast encryption key rotation interval of
seconds
ü Elliptic Curve Cryptography algorithms
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 7
�6500 WaveLogic Encryption: flexible deployment options
• Two variants for customized applications:
ü BASIC for metro applications ~ 300 km reach
ü PREMIUM for all applications up to ~3000 km
• Integrates with various client interfaces for customized deployments
• Leverages easy access to high capacity Packet/OTN central fabric
OR
10x10G 100GE 2x40G/2x10G, 100G Packet/OTN
Aggregation Aggregation 5x40G 2x100G
Fabric Access
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 8
�100G Encryption Process
100G OTN Frame - G.709
Alignment OTUk OH
Client signal is mapped using
OPU4 OH
standard method (e.g. GFP, CBR) Client signal is mapped in OTUk
Standard OPU4 payload FEC
into standard OPU-4 payload ODU4 OH
Encryption Process
Alignment OTUk OH
Encrypted OPU4 Payload
OPU4 OH
Only the OPU-4 payload is
encrypted, allowing transport OTUk
ODU4 OH FEC
across generic OTN networks
100% Transparent, 100% Throughput
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 9
�Secure end-user management of Encryption-as-a-Service
CSO managed
Enterprise managed
keys
keys
Service Provider Circuit
or dark fiber Enterprise provided
Enterprise provided Service Provider Managed Service
and managed and managed
Enterprise customer manages the security-related aspects of the service at both ends and has full visibility of network
performance.
Carrier owns and operates the transport aspects of the end-to-end network. Enterprise customer manages the security-
related aspects of the service at both ends.
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 10
�Full end-user control of encrypted service security parameters
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 11
�Simplified trouble-shooting and monitoring of encrypted services
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 12
� Are you doing everything you can to eliminate gaps within your security strategy?
Encryption Part of a holistic
security strategy
Any
Protocol
ü 10G
ü 100G
ü 150G
ü 200G
A comprehensive IT security approach must encompass a robust in-flight encryption solution
Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 13
�Copyright © Ciena Corporation 2016. All rights reserved. Confidential & Proprietary. 14
