Browse Prior Art Database

OPTICAL TRANSPORT NETWORK ENCRYPTION AND AUTHENTICATION

IP.com Disclosure Number: IPCOM000214241D
Publication Date: 2012-Jan-19
Document File: 7 page(s) / 130K

Publishing Venue

The IP.com Prior Art Database

Related People

Gilberto Loprieno: AUTHOR [+3]

Abstract

Techniques for encapsulating optical transport network (OTN) frames into virtual packets are described. The encapsulation allows for the use of Media Access Control (MAC) techniques (commonly used for packet based protocols) for the OTN layer. The encapsulation also allows for encryption and authentication of the optical transport, such as for a dense wavelength-division multiplexing (DWDM) link. The encrypted traffic is transparent to installed equipment and ensures clock transparency. Secured OTN frames are created by aggregating consecutive OTN frames.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 45% of the total text.

Page 01 of 7

OPTICAL TRANSPORT NETWORK ENCRYPTION AND AUTHENTICATION

   AUTHORS: Gilberto Loprieno Davide Codella Federico Scandroglio

CISCO SYSTEMS, INC.

                  ABSTRACT
Techniques for encapsulating optical transport network (OTN) frames into virtual

packets are described. The encapsulation allows for the use of Media Access Control (MAC) techniques (commonly used for packet based protocols) for the OTN layer. The encapsulation also allows for encryption and authentication of the optical transport, such as for a dense wavelength-division multiplexing (DWDM) link. The encrypted traffic is transparent to installed equipment and ensures clock transparency. Secured OTN frames are created by aggregating consecutive OTN frames.

DETAILED DESCRIPTION


Encapsulation techniques of optical transport network (OTN) frames into a virtual

packet allow for the "re-use" of Media Access Control (MAC) mechanisms (commonly used for packet based protocols) to the OTN layer. Encryption and authentication is defined for packet based traffic. The basic idea is to remove the inter frames gap (e.g., idle ordered_sets) and to add additional fields to the packets (e.g., tagging fields) to support encryption and authentication. The OTN frames are arranged as four frame blocks which allow for the use of algorithms developed for secure packet transport. FIG. 1 shows an example of transparent mapping techniques and the addition of tagging fields to support encryption and authentication.

    Optical transport enables connectivity over very long distances (100 km and more). However, in traditional transport environments, there is no standard way to

Copyright 2012 Cisco Systems, Inc. 1


Page 02 of 7

protect payload traffic from "intrusion" or any type of unauthorized access. For example, if a fiber link is deployed outside of a building, the link may be potentially exposed to tampering. Currently, Ethernet or Fibre Channel protocols may be encrypted e.g., using advanced encryption standards (AES) in the Galois/Counter Mode (GCM) and then mapped for transport over the OTN.

    Encryption and authentication are currently designed to support packet oriented traffic. For example, Fibre Channel frames are padded with a specific overhead. This tagging requires many bytes for each packet. An OTN layer is a time division multiplexing (TDM) stream and does not allow any tagging. Currently, there is no template for TDM traffic. The encapsulation techniques described herein present an efficient way to aggregate OTN frames into a packet based format and enables the security algorithms (commonly used for data packets) on the OTN stream. The techniques create an "AES-secured frame" by aggregating four OTN consecutive frames. These techniques can be expanded to multiples of four (e.g., odd multiples of four). One "AES-secured frame" contains the tagging bytes required for encryption/authentication of the next multi-AES frames and the integrity check value (ICV) required for authentication.

    FIG. 2 shows the enca...