A protocol for Optical Data Unit service encryption

  • Giouroukos P.

When interconnecting data centers encryption is required since the exchange data travel via public networks. The layer performing encryption has to be considered carefully. The obvious place, encrypting the packet stream at the gateway might not be always the best solution in terms of effort and costs. Another possible place to perform the encryption is at the ODU layer of the underlying transport network. This happens usually at the point where the data packets (e.g. 10GbE) are mapped into a transport data stream (e.g. ODU2e). Since this ODU path travels end to end independently from the OTUs used in between, encrypting this ODU stream at the mapping hardware using a synchronous algorithm would be advantageous. The challenge is to securely synchronize the encryption keys between the two involved nodes. The ODU path layer allows to setup secure communication channels end-to-end even across operator's boundaries. Currently, the optical transport network standard (G.709) does not foresee any overhead bytes for key synchronization. Having a communication channel between the two involved network nodes is a precondition to perform key synchronization (e.g. using Diffie-Hellman algorithm). Therefore re-using existing overhead bytes to create an inband communication channel is preferred. Based on that, a protocol has been defined, supporting key synchronization of the ODU encryption engine and performing a frame accurate (hitless) encryption key exchange.

Recent Publications

August 09, 2017

A Cloud Native Approach to 5G Network Slicing

  • Francini A.
  • Miller R.
  • Sharma S.

5G networks will have to support a set of very diverse and often extreme requirements. Network slicing offers an effective way to unlock the full potential of 5G networks and meet those requirements on a shared network infrastructure. This paper presents a cloud native approach to network slicing. The cloud ...

August 01, 2017

Modeling and simulation of RSOA with a dual-electrode configuration

  • De Valicourt G.
  • Liu Z.
  • Violas M.
  • Wang H.
  • Wu Q.

Based on the physical model of a bulk reflective semiconductor optical amplifier (RSOA) used as a modulator in radio over fiber (RoF) links, the distributions of carrier density, signal photon density, and amplified spontaneous emission photon density are demonstrated. One of limits in the use of RSOA is the lower ...

July 12, 2017

PrivApprox: Privacy-Preserving Stream Analytics

  • Chen R.
  • Christof Fetzer
  • Le D.
  • Martin Beck
  • Pramod Bhatotia
  • Thorsten Strufe

How to preserve users' privacy while supporting high-utility analytics for low-latency stream processing? To answer this question: we describe the design, implementation and evaluation of PRIVAPPROX, a data analytics system for privacy-preserving stream processing. PRIVAPPROX provides three properties: (i) Privacy: zero-knowledge privacy (ezk) guarantees for users, a privacy bound tighter ...