Towards a Security Architecture of IP-Based Optical Transmission and Cross-Connect Systems

Abstract:
Optical transmission and cross-connect systems form the backbone of today’s telecommunication infrastructure. While such systems were based upon proprietary technology in the past, embedded Linux and the Internet Protocol are widely used today. Because of their central role within the telecommunication infrastructure and their extensive remote management capabilities, such high-capacity network nodes are likely targets of attacks. In this paper, we first look at adversaries and their motivation as well as their capabilities for running an attack, thereby establishing a threat model for transmission network nodes. Based upon functional models, we present security requirements for components and their interconnections with respect to the threat model, thereby forming a security architecture for optical transmission systems. As integral part of the security architecture, we propose security zones to strictly separate sensitive internal com-munication from traffic originating from, or destined to, external endpoints.