Safeguards for the Internal Communication of IP-Based Transmission and Cross-Connect Systems

Abstract:
Optical transmission and cross-connect systems form the backbone of today’s telecommunication infrastructure. Offering transport capacities of up to 100 Gbit/s per port and several Terabits of switching capacity per network node, they are critical components interconnecting the aggregation points and routers of the Internet and are thus attractive targets for attackers. Compared to legacy designs, the use of standard technologies for system controllers and for the exchange of control, surveillance, and diagnostics data makes network nodes more susceptible to the "common" threats and attacks of the Internet. In this paper, we briefly consider the threat model, resulting security requirements, and a security architecture for high-capacity telecommunication systems. We present several measures for safeguarding the network node’s internal data communication for a variety of system configurations, in particular single-shelf and multi-shelf setups. After characterization of potential safeguards on the data-link, network, and application layer, we discuss the approach that best promises versatility, flexibility, and crypto-agility.