Encryption over 10G DWDM Wavelength

Einsof ES-1000TE-Crypto is a multi-rate, multi-service high density wavelength division multiplexing (DWDM) transponder, supporting innovative cryptographic capability for GbE, 10GbE, and 40GbE data storage services. The ES-1000TE-Crypto provides added security benefit to any DWDM link by encrypting the data transmitting between the sites.

Up to 80G Layer-1 encryption

Einsof comprehensive encryption solution assures three major concerns in optical link security:

  • Confidentiality – preventing disclosure of information to unauthorized parties
  • Data integrity – ensuring that the message has not been altered
  • Authentication – validating that both parties involved are who they claim to be
PL 1000TE Front View

Built-in Layer-1 encryption

Supports GCM-AES-256 hardware-based encryption capability per transponder, providing full throughput without degradation to the service performance.

Flexible Design

On the data level, the ES-1000TE-Crypto performs Layer-1 GCM-AES-256 encryption on the full bandwidth. The encryption provides end-to-end transparency of data and clock, with a low latency of less than 12usec for 10GbE.

Powerful Feature Set

On the management level, the ES-1000TE Crypto supports the secured management protocols HTTPS, SSH, SNMPv3 and RADIUS, based on user password and firewall. The ES-1000TE Crypto also detects degradation in the fiber link performance for automatically detecting possible tapping attempts.

ES-1000TE Crypto Diagram

PL-1000TE Crypto Layer-1 DWDM Encryption Diagram
  • 8 encrypted transponders in a 1U chassis
  • Supports GbE, 10GbE, and 40GbE client services
  • High-end encryption core:
    • GCM-AES-256 Layer-1 data encryption
    • Periodic Diffie-Hellman key exchange, configurable to a minimum of 1 minute
    • NIST FIPS-140-2 Level 2 compliant
    • Common Criteria EAL2 certified
    • Complies with CNSA Top Secret Suite B 2015
  • Uses pluggable SFP/SFP+ optics for both service and uplinks
  • Supports full C-band tunable DWDM on the line side (SFP/SFP+)
  • Optional integrated EDFAs, mux/demux and optical switch modules
  • Bi-directional performance monitoring
  • Supports single and dual fiber
  • Dual AC/DC pluggable power supply and pluggable fan unit