Hi there!
This time, I will share with you the encryption features of WDM/OTN equipment.
The WDM/OTN devices of Huawei support port-level service encryption as well as various services and rates. The AES-256 algorithm is used to encrypt the OPUk payload.
All-service port-level encryption network:
Encryption features of Huawei WDM/OTN equipment:
Specification | |
Encryption type | Bidirectional P2P service encryption |
Unidirectionally static P2P/P2MP service encryption | |
Dynamic multicast service encryption | |
Typical service type | SDH/SONET, Ethernet, OTN, SAN, and video services |
Minimum encryption unit | Board port level. Users can be allocated by port and port-specific encryption can be configured. In this way, service applications are more flexible. |
Encryption algorithm | The standard AES-256 encryption algorithm in CTR mode is used, which has the highest security level. |
Key algorithm | The key is dynamically generated. |
Bidirectional P2P service encryption: key negotiation based on the Diffie-Hellman algorithm. | |
Unidirectionally static P2P/P2MP service encryption: key calculation based on the PBKDF2 algorithm. | |
Dynamic multicast service encryption: key calculation based on the PBKDF2 algorithm. | |
Key management | The public key information is stored in the OPUk overhead and can be transparently transmitted over a third-party network. |
The key change period is configurable. | |
Anti-eavesdropping | The SMT and NEs communicate with each other using the SSL/TLSv1.2 protocol, preventing management information from being eavesdropped. |
Anti-spoofing | A pair of devices checks the peer end's authentication information before starting key negotiation. |
That's all, Thank you!
