Transcript
REDEFINING SECURITY
CERBERIS
THE BEST OF CLASSICAL AND QUANTUM WORLDS
LAYER 2 LINK ENCRYPTION WITH QUANTUM KEY DISTRIBUTION IDQ offers a radically new approach to network security, by combining the sheer power of Centauris high-speed layer 2 encryption appliances with the unconditional security of Cerberis Quantum Key Distribution (QKD) technology to secure point-to-point backbone and storage networks. The exchange of secret encryption keys, upon which the encryption security is based, is performed in a dedicated appliance - the Cerberis QKD server. A fundamental principle of quantum physics observation causes perturbation - is exploited to exchange secret keys between two remote parties over an optical fiber with unprecedented security. The Cerberis QKD server autonomously produces, manages and distributes secret keys to up to twelve encryption appliances. The Cerberis QKD server works in conjunction with Centauris encryptors for high-speed encryption based on the proven Advanced Encryption Standard (AES). Point-to-point wire-speed encryption with minimum latency and no packet expansion is made possible by operating at the layer 2 of the OSI model. Standard network protocols up to a bandwidth of 10 Gbps are supported. These encryptors have received stringent security accreditation (Common Criteria EAL4+ and FIPS 140-2). In order to guarantee the highest level of security, a dual key agreement process is used. Separate encryption keys are exchanged using Quantum Key Distribution and conventional techniques before being combined to produce a resulting key, as strong as the strongest of the two keys. The Cerberis solution is highly secure, scalable, versatile and cost effective. WHY QUANTUM CRYPTOGRAPHY? High secrecy of cryptographic keys Intrinsically guaranteed by quantum physics Dual key agreement Reveals eavesdropper’s presence Observation causes perturbation Future-proof data confidentiality and integrity High key-refresh rate
CERBERIS ID Quantique SA Chemin de la Marbrerie 3
1227 Carouge/Geneva Switzerland
T +41 22 301 83 71 F +41 22 301 83 79
[email protected] www.idquantique.com
REDEFINING SECURITY
CERBERIS NETWORK DIAGRAM Network Plane
Location A Encryptor na
Layer 2 Link Encryption Up to 12 encryptors
Encryptor nb Encrypted Network
... Encryptor 1a
Key Management Plane
Location B
QKD Server
Dark fiber or xWDM channel
Quantum Channel Dark fiber or DWDM channel
... Encryptor 1b
Secure Key Channel QKD Server
TECHNICAL SPECIFICATIONS Network Protocols
Ethernet: Fibre Channel: SONET/SDH: ATM:
10 Mbps, 100 Mbps, 1 Gbps and 10 Gbps FC-1G, FC-2G and FC-4G OC-3, OC-12, OC-48 and OC-192 OC-3, OC-12
Network Performance
Throughput: Latency:
100 % bandwidth available <15 microseconds
EncryptionAlgorithm
AES 256-bit, CFB mode (up to 1 Gbps), CTR mode (up to 10 Gbps)
Security Accreditation
Common Criteria EAL4+ and FIPS 140-2
Key Management
Seamless and automated key management Dual key agreement: conventional and quantum cryptography Key refresh rate: 1 key/minute up to 12 encryptors Quantum Key Distribution: BB84 and SARG, up to 50 km (100 km upon request) Conventional Key Agreement: RSA-2048, master key
Local and Network Interfaces
Cerberis QKD Server: Centauris Encryptors:
SC optical connector, WDM compatible SFP transceivers (up to 4 Gbps), XFP transceivers (10 Gbps)
Random Number Generator
Cerberis QKD Server: Centauris Encryptors:
Quantis Quantum Random Number Generator Hardware Random Number Generator
Access Control
Role-based identification for separation of duties
Audit Trail
Event log, audit log, date and time of secure connection Configuration changes Interface Status Alarms
Secure Management
QKD Server: Encryptors:
SNMPv3, Ethernet 10/100 RJ45, touch panel SNMPv1, v2 and v3, Ethernet 10/100 RJ45, browser TLS or IPSec trusted path In-band on local and network interfaces
Indicators
QKD Server: Encryptors:
Touch panel, 240 x 180 pixels Two line 20 characters LCD display, LED indicating status of local interface, network interface, temperature, battery status, system operation and secure status, power
Physical Security
Tamper proof storage of encryption keys and users passwords Tamper resistant metal case
Environmental
Operating temperature Non-operating temperature Operating humidity Non-operating humidity
5 to 40°C –10 to 60 °C 0 to 80 % RH @ 40°C 95 % RH @ 40°C
Disclaimer The information and specification set forth in this document are subject to change at any time by ID Quantique without prior notice. Copyright © 2007-2012 ID Quantique SA - All rights reserved - Cerberis v4.0 - Specifications as of January 2012
ID Quantique SA Chemin de la Marbrerie 3
1227 Carouge/Geneva Switzerland
T +41 22 301 83 71 F +41 22 301 83 79
[email protected] www.idquantique.com
