This page contains a Flash digital edition of a book.
@fibresystemsmag |


Securing the cloud networking supernova

The shift to cloud computing is placing great scrutiny on the security of data as it travels through the network. Jonathan Homa explains how optical systems vendors can help businesses to protect their data


loud services have burst upon us like a supernova, simultaneously expanding and changing network traffic patterns. Te light of a

supernova is also a metaphor for freedom. Like clouds floating in the sky, the internet cloud frees users from old restraints. Business users and individuals can access cloud computing and applications on-demand, at any time, from anywhere, for as much as they want and as long as they want, and pay only for what they use. It also frees IT departments from maintaining a physical infrastructure and dealing with soſtware updates and bug fixes. Businesses can focus on managing and customising cloud- based applications for their organisation’s needs. But freedom also eases open the door to those

who would do harm – who would maliciously disrupt corporate operations and steal confidential information. So it is probably no surprise that in a Current Analysis survey of IT users, out of 14 categories, security was the biggest concern by far in moving to a cloud- based strategy. In second place were data privacy concerns. At a high level, there are two basic ways that

optical suppliers can help businesses deal with these challenges: lProtecting data in transit – Encryption of the communications channel to protect against interception of data as it is transmitted over a network.

lProtecting data while in the private network – A suite of cyber security applications that examines packets entering a system to see whther they have legitimate business, or if their aim may be system infiltration for the purposes of disruption or stealing data.

USS Jimmy Carter was said to have the ability to intercept data carried over optical fibre cables on the ocean floor, probably the most expensive method of wiretapping ever. Here the nuclear submarine is escorted out to sea

Need for multilayer encryption Encryption has a history going back thousands of years when Greek generals wrote orders along a belt of leather wrapped around a spear of known width. If the belt were intercepted, the letters would appear as garbled nonsense. Since then encoders have devised increasingly sophisticated techniques to encrypt the plain text message, all based at their core on simple letter substitution, and on means of distributing keys between the sending and receiving parties to lock and then unlock the code. A pinnacle of modern encryption is AES-256 (Advanced Encryption Standard with a 256-bit key), which would take thousands of years to crack by brute force, by which time of course the information is useless. To address the trickier problem of key sharing – and it is tricky precisely because the key cannot be encrypted – we rely today on ingenious methods such as Diffie-Hellman key sharing, which uses a combination of private keys that are never transmitted, and public keys that can be known to everyone. We need such sophisticated techniques

because hackers are continuously trying to find and exploit weaknesses in the systems used to

implement encryption. Perform an internet search on ‘cryptographic attacks’ and you will find articles containing more than one hundred entries. One popular method is called man-in- the-middle, where an application sits between the sender and receiver and impersonates both, continually forwarding messages back and forth while simultaneously reading them.

Security was the biggest concern by far in moving to a cloud-based strategy

As a result, businesses have begun relying on

multilayer encryption, as illustrated in Figure 1. If a hacker gains access to even partial information at one level, they can be stymied elsewhere. Tis uses the same approach as multiple levels of physical security with fences, door locks, alarm systems, and safes. When internet browser applications want an encrypted session with each other, such as for

Issue 11 • Spring 2016 FIBRE SYSTEMS 27

US Navy

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44