Bringing Agility to Cryptography

Layer 2 encryption can offer high-assurance data protection without compromising network or application performance unlike IPSEC (Layer 3) encryption that will still add unnecessary network overhead and impact on network speed and bandwidth.

More agile than some might think, the best modern encryption solutions are not only suitable for networks of all shapes and sizes, from modest 10Mbps to ultra-fast 100Gbps speeds. they occupy a barely perceptible presence on the network, are transparent to all other devices and result in minimal latency (frequently less than 4µs at higher speeds).

Crypto-agility, however, is much more than simple performance statistics. It comes from compatibility and interoperability, from FPGA-based flexibility and from the ability to support custom cryptographic elements. It even enables a choice of encryption algorithms and standards.

Truly high-assurance encryption solutions are based on standards-based algorithms, typically AES 128 or 256bit. However, If you are able to provide your own, you may prefer to use those; there’s nothing that says you must use the manufacturer’s standard algorithm.

An encryption platform should offer support for as many of these algorithms as possible. For example, CFB (Cipher Feedback) mode, CTR (Counter) mode and GCM – an authenticated encryption mode.

That’s true agility.

Beyond encryption modes, agility should extend to support for other custom components, such as user-defined curves, external certificate authorities and sources of randomness.

 

Flexible FPGA Architecture

Senetas CN Series hardware encryptors feature advanced FPGA architecture, which enables in-field upgrades (something not possible with hybrid encryptors, or lower assurance security devices). This is a key point of differentiation for Senetas customers, as it effectively future-proofs the technology. If, for example, NIST introduces a new quantum-resistant algorithm in the future; Senetas customers simply load the new algorithm to the system without interruption. This helps to maintain a long-term return on investment and drives down the total cost of owning (TCO) Senetas hardware.

 

Crypto-Agile Network Security

High-assurance security plus crypto-agility for core Ethernet network infrastructure.

In addition to their certified high-assurance credentials, Senetas CN Series encryptors offer Crypto-agile data security from Quantum Key Distribution (QKD) to bring-your-own (BYO) entropy.

Some data needs long-term security, encryption, and data protection, in order to future-proof it for today’s looming post-Quantum computing era.

Crypto-agility should also incorporate Quantum Key generation and distribution. The best long-term encryption investments should provide Quantum-safe data protection through provable secure key-exchange. They should also feature an anti-eavesdropping mechanism to ensure forward secrecy of the encryption keys.