Networking

OSI Layer-2 Encryption: Security goes one layer deeper


Encryption over Ethernet is emerging as a new solution for powering secure networks. Increasingly being adopted for military and critical networking infrastructures, Layer-2 encryption helps offload complexity and reduce maintenance charges.

Encryption has been present in the Layer-3 (IPSec) and Layer-4 (SSL, TSL) of the OSI model, the standard network protocol stack that makes networking across platforms possible. Now, networking companies are offering solutions that encrypt data right down at the packet level. 256-bit Advanced Encryption Standards (AES) and other cryptographic algorithms are being used to secure data packets traversing across sites (i.e. Metropolitan Ethernet and Wide Area Networks).

"Only encryption can protect data itself -- and while IPSec (Layer 3) is still very common due to its flexibility, the technology is an overhead burden on the network," said Safenet's Andy Solterbeck. "IPSec encryption can create significant network bottlenecks, whereas Layer 2 encryption introduces virtually no latency or overhead to the network."

Read the full article at TechNewsWorld.

The distinct advantages of Layer-2 encryption are lower overhead on data packets, reduced maintenance costs, and protection for legacy network hardware. Apart from these, there is no reduction in quality of service. The companies offering solutions include Aruba Networks (Wired and wireless networks), CipherOptics, SafeNet and ECI telecom (Aurora-G platform).

More scoops on the technology:

New high-speed encryption for fiber links (GCN)

Israeli firm boosts Ethernet Encryption (vnunet)

1 comments
andrew.younger
andrew.younger

I find it hard to believe this article firstly has no posts, and secondly doesn't recognise Senetas. Senetas is a pure Layer 2 vendor, who provides Layer 2 encryption hardware to SafeNet, nCipher and Thales. Senetas has Layer 2 encryptors for ATM, Sonet/SDH and Ethernet, ans all of their devices support multipoint modes. Most of the Ethernet encryptors are point-to-pointl, which is great for dark fibre, but if you have a service provider supplied Ethernet service then Multipoint is important.