High-profile data breaches are back in the headlines, and it is almost certain that the world has not seen the last of these massive hauls of personal information.
But so far, at least, most of these attacks have involved exploiting weakness in local network security systems to swipe information lodged in corporate and cloud-based storage systems, otherwise known as data at rest. Increasingly, however, security experts are starting to examine vulnerabilities of data in motion, most commonly as it transits the fiber connections that link processing centers and storage repositories around the globe.
At Level 3, the focus is on encrypting the optical wavelength using a new protocol-agnostic solution to implement AES-256 encryption over links ranging from 10Gbit/s to 100Gbit/s. Fierce Telecom reports that the company has begun outfitting customer premises with specialized transmission units that provide both encryption and decryption, giving the system a physically secure location at each end. As with any encrypted network, of course, hackers can still intercept the signal, but without a way to decode the data all they receive is gibberish. The company also offers a customer portal for access and control, which itself utilizes dynamic key exchange and hitless key rotation for added security.
Meanwhile, Israel's ECI has introduced what it says is the first Layer 1 optical encryption as a service solution, capable of scrambling up to 100Gbit/s per service, as well as line rates up to 200Gbit/s, without hampering network interoperability, scalability or flexibility. The system employs a certified FIPS 140-2 Security Level 2 method and provides the means to operate as alien lambda over third-party networks. As a Layer 1 solution, the system provides no information about underlying services to potential hackers and adds virtually zero latency to Ethernet or other protocols.
But perhaps the biggest development on the optical encryption horizon is the advent of quantum computing, which has both positive and negative consequences for data security. On the downside, says Motherboard’s Daniel Oberhaus, quantum-level processing will decimate the public-key cryptography algorithms that have served so admirably for so long. With the ability to crunch numbers at mind-boggling speed, quantum machines can run through keys of all sizes faster than current technology can create them.
This is kicking security research into high gear in order to create a quantum-resistant solution before the bad guys get ahold of quantum-level resources, some of which are already available in the cloud. One promising solution is MIT's “quantum enigma machine” that is able to encode messages by altering the amplitude and/or wavelength of the photon wave. This has the effect of creating a photon channel that will degrade upon any attempt to interfere with its operation, effectively destroying the message it contains. In this way, hackers will be unable to bombard a stream with multiple quantum-generated codes because even just one attempt will degrade the signal to an unusable state.
While MIT's solution is still in the lab, Chinese researchers are putting theirs into action. The government announced recently that it successfully transmitted pairs of quantum-entangled photons over a distance of 700 miles via satellite. While this is a significant development given that the distance far exceeds previous attempts, physorg.com says it also demonstrates how much work remains before a true quantum network can be made viable. The Chinese team used a specially engineered crystal and laser to create entangled photons, but of the six million pairs of photons generated only one was detected on the receive end.
Most likely, this was due to signal loss through the atmosphere, which is not likely to be as prevalent in fiber optic environments that may one day be outfitted with photon generators built from carbon nanotubes. Since its satellite test, China has announced the creation of a working fiber-based quantum network in the northern province of Shandong, but has not released details on its design or operation.
Data security has long been a game of tit for tat. Every time a new security protocol is created, nefarious actors begin an immediate quest to break it. And since both the creators and the hackers have access to the same basic technology, the entire dynamic has evolved into an ongoing stand-off.
But the work to secure communications networks, including the optical waveform, must go on, since the consequences of standing still are so severe.