Fact Sheet SEN-112

Understanding Senetas layer 2 encryption

Copyright Senetas Corporation 2012 - All rights reserved. Permission to reproduce and distribute this document is granted provided this copyright notice is included and that no modifications are made to the original. Revisions to this document may be issued, without notice, from time to time.

Understanding Senetas layer 2 encryption

Introduction
CN encryption devices are purpose built hardware appliances that have been developed in Australia by Senetas Corporation since 1997 and provide secure transport across layer 2 network services. The CN product range is mature; Federal government endorsed (it has achieved both the Common Criteria EAL4+ accreditation and the FIPS140-2 level 3 certifications); and has been deployed to protect critical infrastructure in thousands of locations in more than thirty-five countries. The CN platform is optimised to secure information transmitted over a diverse range of network protocols including: Ethernet, Synchronous Optical Network (SONET) and Fibre Channel networks at data rates up to 10 Gigabits per second (Gbps). The CN series latency and overhead are lower than competing solutions available in the marketplace. Encryption occurs at the data link layer (layer 2); the payload of the received network traffic is scrambled and the protocol header is left in the clear so that it can be switched through the network as intended. Encryption at layer 2 solves many of the underlying problems of traditional layer 3 encryption such as complexity, performance and support for multiple traffic types. CN encryptors are fully autonomous and operate independently in point to point or large meshed environments with no reliance on external servers. Supporting fully automatic key management with unique encryption keys per connection the devices offer the most secure, resilient and highest performance method of securing sensitive voice, video or data. This remainder of this document focuses on the CN series Ethernet encryptor to describe the layer 2 approach to securing information.

Product architecture
The CN encryptor is an inline device that is located on the edge of a network between a local private network, and a remote public network. CN encryptors provide access control, authentication and confidentiality of transmitted information between secured sites. The encryptors can be added to an existing network providing complete transparency to the end user and network equipment. An example installation is shown in Figure 1.

__________________________________________________________________________________ Page 1

Understanding Senetas layer 2 encryption

Figure 1 Ethernet Mesh Deployment

The encryptor receives frames on its ingress port; valid frames are classified according to the Ethernet header then processed according to the configured policy. The frame processing policy is highly configurable and supports operation in point-point, hub and spoke or fully meshed environments. In a meshed environment each encryptor supports over 500 concurrent connections to peer devices with per connection policy tied to either remote MAC address or to VLAN ID. Allowable policy actions are: Encrypt payload of frame is encrypted according to the defined policy Discard drop the frame, no portion is transmitted Bypass transmit the frame without alteration Selective policy control allows mixed traffic profiles which permits specified traffic types to be bypassed or discarded through the device (for example, bypass core switch operation or maintenance frames) with policy resolution down to the ethertype level. The Ethernet transmitter module calculates and inserts the Frame Check Sequence (FCS) at the end of the frame. The frame is then encoded and transmitted. Multicast traffic and VLANs Multicast encryption is used to encrypt traffic that is sent from a host to all members of a multicast group and operates at layer 2 with no requirement to modify core switch operation. Policy is tied to a multicast MAC address. VLAN encryption is used to encrypt all members of a VLAN community and to provide cryptographic separation between VLANs. Policy is tied to the VLAN identifier(s).

__________________________________________________________________________________ Page 2

Understanding Senetas layer 2 encryption

In both cases a group key encryption scheme is used to ensure that encrypted data from a single sender can be successfully received and decrypted by all members of the VLAN or multicast community. Group key encryption uses the AES CTR encryption mode. The Senetas group key management scheme is responsible for ensuring group keys are maintained across the visible network and is designed to be secure, dynamic and robust; with an ability to survive network outages and topology changes automatically. It does not rely on an external key server to distribute group keys as this introduces both a single point of failure and a single point of compromise. For robustness and security a group key master is automatically elected amongst the visible encryptors within a mesh based on the actual traffic. Using an elected key master from within the group allows: Automatic discovery of multicast/VLAN encryption groups Automatic ageing/deletion of inactive groups Secure distribution and updates of keys to all members of multicast groups New members to securely join or leave the group at any time Fault tolerance to network outages and topology changes

Encrypted Payload Header

Header Network Encrypted Payload Port Interface

Decryption Local Encryption Port Interface

Decrypted Payload Header

Header

Decrypted Payload

Control & Management

Figure 2 - Data flow through the Encryptor

Performance
Encryption is implemented in dedicated silicon using a cut-through encryption architecture; this has the benefit that only a portion of the frame needs to be received before encryption and retransmission of the frame can begin. This approach ensures consistently low latency (in the order of 7uS for a 1Gbps Ethernet encryptor) independent of frame size. In Cipher Feedback Mode (CFB) encrypted frames are the same size as plaintext frames and no packet expansion is performed. In Counter mode (CTR) an 8 byte shim is appended to encrypted frames to ensure counter values are synchronised at both ends. The encryptors are capable of full duplex, full line rate operation independent of packet size or higher layer protocol.

__________________________________________________________________________________ Page 3

Understanding Senetas layer 2 encryption

Figure 3 - Internal Architecture

__________________________________________________________________________________ Page 4

Understanding Senetas layer 2 encryption

An encryptor will also generate a very small amount of traffic between devices for key updates and management purposes. To distinguish it from other network frames this traffic is sent using the Senetas registered ethertype (0xFC0F).

Compatibility
The CN encryptors have proven interoperability with Ethernet switches from all the well known vendors and provide transparent support for: all Ethernet frame formats MPLS shims (multiple nested) VLAN tags (multiple nested) 802.1P class of service priority

Key Management
The encryption algorithm used is AES in cipher feedback mode (CFB) or counter mode (CTR) with a key size of 256 bits. Encryption keys are derived internally to FIPS standards from true hardware random number generators. Public key cryptography and X.509 certificates are used to provide a fully automated key management system. Master (key encrypting) keys are transferred between encryptors using authenticated RSA public key cryptography. Session (data encrypting) keys are transferred periodically between encryptors using master keys. Any combination of encrypted or unencrypted virtual circuits can be configured up to a maximum of 509 active connections for a standard Ethernet frame format. Interoperability with 3rd party Certificate Authorities and OCSP/CRL servers is permitted and a full CA capability is also provided in the companion management tool CypherManager.

Tamper Protection
The CN series is provided in a tamper proof 19 steel case suitable for rack mounting.

__________________________________________________________________________________ Page 5

Understanding Senetas layer 2 encryption

Figure 4 - CN3000 Rear View

Physical security is ensured by an active tamper protection mechanism that operates in the presence or absence of power. The tamper detection mechanism is triggered if an attempt is made to remove the interface card or remove the lid of the enclosure. A tampered encryptor will actively delete all sensitive material such as encryption keys and user passwords and will revert to a known factory default configuration. Holographic tamper evident seals are used to provide visibility of tampered units.

Management
Role based management access is used for both local (RS232 CLI) and remote (SNMPv3) management. All users must be authenticated before being granted access to the encryptor. The user role model has three privilege levels: Administrator, Supervisor and Operator and up to thirty different accounts are supported. The encryptor logs all configuration changes to a non-volatile audit log and also records all events to a non-volatile event log. Any alarm conditions are reported in the logs and in the alarm table, they are also indicated on the front panel LEDs and may optionally trigger SNMP trap messages that can be sent to 8 independent trap handlers (e.g. OpenView, NetView) as well as being received by CypherManager. The encryptor can be managed securely and remotely using SNMPv3 via a dedicated management port on the front panel, this being referred to as out-of-band management. Remote management can also be enabled over the encrypted network itself so that the encryptor is managed over the network interface port; this is called in-band management.

__________________________________________________________________________________ Page 6

Understanding Senetas layer 2 encryption

Figure 5 - CypherManager

CypherManager (CM) is a Senetas developed tool that functions as a device manager and that can also act as a root Certificate Authority for a network of encryptors. CypherManager provides private, authenticated access to encryptors to enable secure remote management. CypherManager is also used to remotely upgrade firmware in encryptors over the network when available.

__________________________________________________________________________________ Page 7