DIGI-G4’s CrypOTN architecture awarded FIPS 197 certification

NIST’s FIPS 197 is considered the global industry standard for secure data encryption in metro and datacentre interconnect optical transport infrastructure, serving the telecommunications, financial, healthcare and government markets.

With DIGI-G4’s integrated OTN encryption engine certification with NIST Advanced Encryption Standard (AES)-256, Microsemi is enabling optical layer encryption at 100G into networks worldwide. Used in conjunction with Microsemi’s SmartFusion2 System-on-Chip (SoC) field programmable gate array (FPGA) as its root of trust, DIGI-G4 delivers the necessary components of a highly secure encryption-enabled line cards needed for packet optical transport equipment.

“The mass migration of data to the cloud is driving the industry to respond with a security solution for the optical layer interconnecting datacentres and enterprises worldwide. We responded by integrating the encryption engine into our DIGI-G4 platform in order to deliver the lowest latency wire-speed encryption offering, regardless of client or traffic type,” said Babak Samimi, Vice President and Business Unit Manager of Microsemi’s communications business unit. “By taking the lead in securing FIPS 197 certification, the ecosystem can leverage our effort and focus on accelerating time to market for the class of security enabled optical platforms.”

According to market research firm IHS, security is the top concern customers raise when deciding to use off-premises cloud services. In addition, the Ponemon Institute estimates the total annualised cost of cybercrime can reach as high as $65m per organisation. Of the 252 companies surveyed, physical layers and data layers combined represent approximately 40% of information technology security budget spending.

“AES encryption is the de facto standard for securing data in enterprise, datacentre, telecom, financial, healthcare and government markets,” said Clifford Grossner, Ph.D., senior research director of data centre, cloud and SDN at IHS and author of its afore mentioned research report. “Optical layer encryption is emerging as a key requirement for network operators in the cloud era and Microsemi’s FIPS 197 achievement with DIGI-G4 will enable it to address this market requirement.”

DIGI-G4’s integrated FIPS 197 certified, low latency, multi-rate, service-agnostic OTN encryption engine allows cloud and communications service providers to ensure the security of data ‘in-flight’ without compromising network and service performance. The device supports sub-180ns end-to-end optical layer encryption and enables flexible encrypted service models, including the industry’s first sub-wavelength OTN encryption solution, which makes encrypted services compatible with the OTN switched networks that are fast becoming the backbone of optical networks worldwide.

The combination of Microsemi’s DIGI-G4 and highly secure, low power SmartFusion2 SoC FPGA provide significant security capabilities for customers. SmartFusion2’s integrated secure host central processing unit (CPU) supports Public Key Infrastructure (PKI)-based authentication architectures and provides the secure key storage required to set up and manage end-to-end encrypted optical links. SmartFusion2 also delivers secure boot functionality for existing non-secure host CPUs as well as differential power analysis (DPA) countermeasures, protecting against the threat of side-channel attacks. These capabilities are enabling new classes of low-power, high-capacity transport platforms optimised specifically for the hyperscale data centre WAN interconnect market.

Key differentiating features of DIGI-G4’s OTN encryption engine:

• Ultralow latency (sub-180nsec)
• Industry’s first sub-wavelength OTN encryption solution to secure the cloud
• Multi-service, wire-speed and rate agnostic encryption out performs protocol specific alternatives

Key differentiating features of SmartFusion2 SoC FPGA as the root of trust companion to DIGI-G4:

• Proven DPA counter measure protection
• True random number generator
• Physically unclonable function (PUF) for key storage
• PCIe Gen2 endpoints for seamless connectivity to host CPUs