Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

Advenica

One of today’s topics at Nato´s on-going cyber symposium in Mons, Begium, was interception possibility of fiber optic networks.

An optical fiber is a flexible and transparent fiber made by glass or plastic with a diameter comparable to that of a human hair. Optical fibers are used to transmit light between the two ends of the fiber and are used in fiber-optic communications over long distances and at high bandwidth.

There still seems to be an idea among different parties that fiber optics should be considered ”secure” in terms of eavesdropping. Nothing could be more wrong. For more than a decade by know, the knowledge about fiber tapping has been widely spread. For instance, a vast amount of data from undersea cables, or you could say the Internets ”backbone”, has been tapped for a long period by the powerful intelligence agencies – verified by leaked Snowden documents.

fiber optics

Basically four different fiber tapping methods applies

Fiber bending: An optical detector is put on the cable that has to be bent as much as possible. Only 1% of the signal strength is lost due to the bending, and transmission will not be disturbed, because of the high transmission margins. An alternative to bending is to use a fiber clamp attached on the straight fiber. They are commercially available and the cost is below 1000 US dollar.

Evanescent coupling: Requires access to the actual fiber optic transmitter, but the cost for the device is very low and signal loss is kept to a minimum.

V-groove cut: A physical cut in the optical fiber is performed to get access to the light in the core. However this is a risky method because of the sensitive nature of the fiber.

Scattering: The fiber´s light could be reflected in other directions as well, by affecting the fiber with a strong laser, meaning that you don´t even have to get direct contact with the fiber.

In many cases the reason for a short break in connectivity will never be investigated, meaning that there is a low risk of detection when compromising the fiber optics. ”It fixed itself” is a good enough approach for many ISP´s, instead of trying to figure out what really happened.

So, different interception techniques for fiber optic networks are a reality. The question then is how to protect the valuable data.

Cable surveillance and monitoring with different methods is a possibility. However, the accuracy of the results will depend on natural variations like bending angles of the fiber, temperature in the ground and which mode the transmitter was working on.

The only way to be sure about the integrity of the data transmitted over the fiber optic network is – as always – to use accurate end-to-end encryption. From a trusted vendor.

Advenica

In February this year, Advenica was given the opportunity to lead and drive two technical specifications for Middlebox Security Protocols which is two of the new work items in the Cyber Security committee within ETSI. This is a great opportunity which puts us directly into contact with the industry and university experts of secure communication protocols.

The Middlebox Security Protocol work also maps well onto two of our Cross Domain Solutions products, SecuriCDS ZoneGuard and SecuriCDS Data Diode that can be mapped into the criteria of a middlebox in a system implementation, and to be able to include these in the secure communication protocol without having to cut the end to end security chain.

Other areas that the Cyber Security group is working on includes NIS directive implementation, Privacy and Identity Management, Security protocols and Encryption algorithms.

For more information, visit the security section: http://www.etsi.org/images/files/WorkProgramme/etsi-work-programme-2017-2018.pdf

ETSI

Security standards are crucial to a modern connected world

Security standards, one part of which ETSI are working with as seen on the image above, are crucial to a modern connected world. ETSI Standards are produced for the security of individual technologies, as well as for specific security topics – Security Protocols, Lawful Interception, Quantum Key Distribution and security algorithms, for example.

The work in ETSI addresses the security of critical infrastructures, the privacy of users and other aspects of cybersecurity, and with all the new challenges of security in IoT and virtualization that are taking places everywhere.

Annual Security week workshop

The ETSI annual Security week workshop was held in June; this is a popular workshop with many attendees and interesting presentations and discussions. The focus areas were 5G Security, NFV Security, Standards and Legislation, eIDAS, eDelivery and the ISE project (Intelligent Transport Security System). The workshop showed that there are a lot of new challenges in many areas for example with NIS-directive implementations, securing 5G and NFV solutions.

For more information and access to presentations, visit: http://www.etsi.org/etsi-security-week-2017

Membership in ETSI gives direct contact with the industry and university experts

As a member of ETSI, Advenica can participate in workshops, technical committee meetings as well as interact and share knowledge with the other security experts in the groups. Our focus has been on the work ongoing with the Security sector and the Cyber Security group. Since this spring this group now also includes the Quantum-Safe Cryptography parts.

About ETSI

ETSI, the European Telecommunications Standards Institute, is a producer of technical standards, guides and specifications intended for global use for digital technologies, products and services. ETSI is a not-for-profit organisation created in 1988 and have over 800 member organisations worldwide, drawn from 67 countries and five continents. The diverse membership includes some of the world’s leading companies from the manufacturing and service sectors, regulatory authorities and government ministries, as well as Small and Medium-sized Enterprises and innovative start-ups, working alongside universities, R&D organisations and societal interest groups.