Euro SecurityEuro Security InternationalMiddle East Security
In this issue

(titel, termin, news)

Looking for a supplier? Please enter the supplier name below:

Big data – a new approach to encryption* Print E-mail
Wednesday, 12 March 2014 09:46

Big data applications give companies and government authorities a great opportunity to increase their efficiency. If they manage to handle and process these huge amounts of data efficiently, they can gain a decisive competitive edge. However, handling big data involves far-reaching challenges, primarily with respect to IT security.  

Companies and government authorities are able to transmit data at immensely high speeds due to the use of glass fiber connections. Reports in recent months have revealed: The question today is not whether or not data needs to be encrypted. Rather, it became clear that personal and business-critical data need not only be stored in encrypted form but also transmitted in such a way that any unauthorized use is prevented. Since data encryption often considerably delays the transmission of enormous amounts of data, innovative solutions are needed that offer high security without compromising speed. 

Requirements vary widely, depending on the specific needs of the user. Whereas most private companies usually decide for themselves if and how they want to encrypt, banks, companies in the health industry and state organizations, for example, need to comply with strict data protection rules. Data security, therefore, is an issue of utmost importance. Big data involves special challenges. This is primarily due to the tremendous mass of data to be transmitted and processed in realtime. High‑speed data networks are therefore imperative. Plus, big data means an ever increasing need for huge, geo-redundant storage capacities. Nonetheless, data exchange between different systems must remain efficient while providing highly secure encryption. To achieve this, new approaches to encryption are required.  

The decisive aspect: the operational scenario

Companies and government authorities can currently choose between two approaches in order to protect their data: IPsec-based encryption on OSI layer 3 or Ethernet-based encryption on layer 2. Both alternatives are justified, so it makes sense to select the encryption layer according to the operational scenario. 

Government authorities and companies holding classified information need to comply with the most stringent security requirements. This calls for efficient and full data protection during communications over a network. Layer 3 encryption is unable to provide this. All it can encrypt is the IP payload; the remaining information, e.g. the layer 2 protocols below layer 3 – will remain untouched. This means that while the payload is fully protected, the header remains unencrypted. Information, such as who is communicating with whom, could be read out and used for attacks.

Another factor is the enormous overhead load added by IPsec-based encryption. The cryptographic overhead required for protecting the transmitted packets varies depending on the packet size, but consumes up to 60 percent of the available bandwidth. This means that more than half of the transmission bandwidth is not available for the payload. The result: Depending on the currently active applications, bandwidth losses are possible that cannot be calculated in advance. Another aspect to be considered is the extra time required for evaluating and processing the packet header in line with the IPsec protocol. This increases latency and limits performance compared with unencrypted transmission. In other words, encryption reduces efficiency for the company in terms of time and cost. The advantage: IPsec-based encryption works in all routed networks and is therefore a standardized solution. 

The alternative is Ethernet-based layer 2 encryption. Its main advantage over IPsec-based encryption is the bandwidth gain due to the minimized overhead load. There are encryption protocols also on layer 2, but these are limited to handling communications between the encryptors on either side, and therefore consume up to 40 percent less bandwidth than layer 3 encryption protocols. This means a significantly smaller delay in the data flow, resulting in possible payload throughput rates of 10 Gbit/s to 40 Gbit/s as compared to those achievable with layer 3 solutions, which in practice are limited to 3 Gbit/s to 5 Gbit/s. And there is an additional benefit: Layer 2 encryption is not only faster and more efficient but, in addition to encrypting the payload, it also encrypts the IP addresses, making them unreadable for unauthorized parties. 

New high-speed encryptors

The R&S SITLine ETH40G developed by Rohde & Schwarz SIT is the first solution that can meet today's as well as future challenges of big data and combines security with extremely high speed. Specially designed for the encrypted, realtime exchange of enormous amounts of data, it is the world's first dedicated Ethernet encryptor featuring 40 Gbit/s data throughput. This solution is the first to optimize the performance-critical characteristics of bandwidth, latency, quality of service, port density and energy consumption – in a single box of one height unit. The new encryptor class is ideal in particular for data center operators and users, for utilization in backbone networks and for use with high-speed WAN connections. It offers protection in public and private networks without compromising their efficiency.

Encryptors of the R&S SITLine ETH device family make it easy to safeguard data communications: Except for the security parameters, no other network-specific configurations need to be made. Security management and network management are separate from each other, allowing the easy integration of R&S SITLine ETH devices into existing IT systems. There is no need to adapt the network infrastructure, which can be complicated and time-consuming.

R&S SITLine ETH encryptors are ideal not only for point-to-point connections or star configurations. Their innovative group encryption feature can be used to efficiently safeguard transmissions in fully meshed switched networks. This allows companies to safely run storage systems at multiple, geographically distributed sites. In terms of security, it does not matter whether they use leased or proprietary lines for inter-site networking. The Rohde & Schwarz SIT network encryptors have been approved by the German Federal Office for Information Security (BSI) for handling data classified as RESTRICTED and NATO RESTRICTED.

High flexibility affords time advantage

The R&S SITLine ETH40G is based on a modular platform architecture developed by Rohde & Schwarz SIT. Software defined encryption allows fast product updates. This makes it easy to integrate encryptors into existing networks, and combines the advantages of high-security customized solutions and less expensive standard solutions for securing network communications. Based on a modular architecture, highly secure products are created considerably faster than in the past. 

Rohde & Schwarz SIT, a 100 % subsidiary of the family-run Rohde & Schwarz company group, develops and produces its products in Germany. This has two benefits. First, it ensures fast, long-term availability of the platform components and platform-based products. Second, customers can rely on the high German data protection standards – an important advantage, especially when using encryption equipment.

Rohde & Schwarz SIT will introduce its new R&S®SITLine ETH40G high-speed encryptor with 40 Gbit/s data throughput at this year's CeBIT in Hanover in Hall 12 / booth B73 []

Last Updated on Wednesday, 12 March 2014 11:01

User Rating:   / 2


Subscribe to our newsletter to receive the latest news/updates: