A thriving digital ecosystem demands advanced network security that doesn’t falter in the face of challenges. Mission-critical networks, particularly those involved in public safety, necessitate a secure and reliable environment to ensure critical services function seamlessly, and without impediments resulting from security mechanisms.

However, encryption solutions like IPSec and MacSec, designed in a different era, often introduce compromises when they operate beyond their intended environments. These legacy solutions can fail to encrypt all types of traffic without impacting performance, and may break the end-to-end integrity of encryption by introducing hop-by-hop encryption to the network.

This is where Senetas’ high speed CypherNET encryptors come in. They provide an efficient, scalable encryption framework compatible with any network. Transport Layer Independent Encryption represents a major innovation, with the ability to work across any network while ensuring comprehensive, end-to-end security and confidentiality. The ability to encrypt traffic across multiple network layers is in direct response to the multi-layer nature of modern, converged network infrastructure.

 

The Challenge

 When tasked with creating a national communications network to replace an obsolete system, our client, a provider of vital transport infrastructure, grappled with a complex challenge. They needed to ensure  the new network was secure and reliable, and capable of delivering the necessary services for safe transport operations across the country. With a range of private, military, and commercial operators depending on this national transport infrastructure, at multiple physical sites throughout the country, building this system on a private MPLS WAN was a necessity. But MPLS, despite being a reliable and proven technology, does not provide inherent encryption, a fundamental requirement due to the critical nature of the traffic being carried.

The implementation of encryption had three central requirements:

  1. The solution must maintain network performance.
  2. The solution must not necessitate changes to the existing network architecture.
  3. The solution must meet government certifications for protecting critical services.

Our client examined multiple potential solutions, including IPSec VPNs in firewalls and routers, as they embarked on their quest to find the ideal encryption solution. The evaluation process included extensive lab testing, after which they opted to implement Senetas’ FIPS and Common Criteria certified HSE devices as the security component of their critical network infrastructure.

 

The CypherNET Solution

CypherNET high-speed encryption (HSE) solutions were chosen for their performance and robust security features.  Transport Layer Independent Encryption was also a crucial consideration, as it facilitates the secure encryption of any topology, works across any network and assures seamless, end-to-end security and confidentiality for all types of network traffic. Designed for modern multi-layer networks, Transport Layer Independent Encryption provides security without the associated performance and bandwidth costs often observed with IPSec encryption solutions.

The CypherNET HSE range is versatile, capable of encrypting network data at any layer and over any underlying service. This ability to deliver an encrypted overlay that matches the security and flexibility of MPLS and IP underlying technologies brings in a new level of security for network communications.

 

Customer Benefits

  1. Adaptability across network topologies: One of the most significant benefits of the CypherNET range is its ability to operate across multiple network topologies. Unlike traditional encryption protocols like IPSec and MacSec, CypherNET solutions can be flexibly deployed to provide encryption at Layers 2, 3, or 4, making them ideal for a wide range of network topologies. CypherNET effectively caters to any organization using point-to-point, hub-spoke, or full mesh topologies.
  2. Strengthened security posture: The CypherNET range brings robust security measures to the forefront. Employing a NIST-approved Key Derivation Function (KDF), creates robust encryption keys that are impervious to brute-force attacks. Eliminating the need for key exchange between devices drastically reduces the risk of eavesdropping during the key exchange process. It also provides perfect forward and backward secrecy and is quantum safe, offering robust protection against both present and future threats.
  3. Scalability for growing networks: CypherNET solutions are designed for scalability. In comparison with traditional protocols like IPSec and MacSec, HSE reduces the number of necessary key exchanges. This reduction makes the generation of encryption keys more practical and efficient, particularly for large-scale network communications.
  4. Enhanced control over network traffic: CypherNET’s 5-tuple policy mechanism enables organizations to gain precise control over network traffic. Companies can enforce specific security policies, preventing malicious traffic from infiltrating the network and sensitive data from leaking out.
  5. Simplified key management: HSE does away with the need for public key certificates, making key management simpler and more straightforward. It uses a Key Derivation Key (KDK) that can be securely generated and installed into all devices within the network. This streamlined process is not only less prone to errors but also more time-efficient, making it a highly practical choice for businesses.

 

The Outcome

Upon deploying the CypherNET encryption solution, the customer was able to meet all their objectives. They successfully replaced their obsolete network with an advanced, secure communications network, capable of handling essential services safely and efficiently. The result was a highly secure encryption overlay for their MPLS WAN infrastructure. This allowed the provider to maintain the highest standard of security for their mission-critical transport services across the nation, without compromising network performance. It showcased the transformative power of CypherNET High Speed Encryptors in securing critical network communications and future-proofing the provider’s operations against ever-evolving security threats.

Stay up to date with the latest cybersecurity news from Senetas. Subscribe to "The View"

Go back
Senetas Logo
Senetas Logo