Bringing Agility to Cryptography

Layer 2 encryption can offer high-assurance data protection without compromising network or application performance unlike IPSEC (Layer 3) encryption that will still add unnecessary network overhead and impact on network speed and bandwidth.

More agile than some might think, the best modern encryption solutions are not only suitable for networks of all shapes and sizes, from modest 10Mbps to ultra-fast 100Gbps speeds. they occupy a barely perceptible presence on the network, are transparent to all other devices and result in minimal latency (frequently less than 4µs at higher speeds).

Crypto-agility, however, is much more than simple performance statistics. It comes from compatibility and interoperability, from FPGA-based flexibility and from the ability to support custom cryptographic elements. It even enables a choice of encryption algorithms and standards.

Truly high-assurance encryption solutions are based on standards-based algorithms, typically AES 128 or 256bit. However, If you are able to provide your own, you may prefer to use those; there’s nothing that says you must use the manufacturer’s standard algorithm.

An encryption platform should offer support for as many of these algorithms as possible. For example, CFB (Cipher Feedback) mode, CTR (Counter) mode and GCM – an authenticated encryption mode.

That’s true agility.

Beyond encryption modes, agility should extend to support for other custom components, such as user-defined curves, external certificate authorities and sources of randomness.


Crypto-Agile Network Security

High-assurance security plus crypto-agility for core Ethernet network infrastructure.

In addition to their certified high-assurance credentials, Senetas CN Series encryptors offer Crypto-agile data security from Quantum Key Distribution (QKD) to bring-your-own (BYO) entropy.

Some data needs long-term security, encryption, and data protection, in order to future-proof it for today’s looming post-Quantum computing era.

Crypto-agility should also incorporate Quantum Key generation and distribution. The best long-term encryption investments should provide Quantum-safe data protection through provable secure key-exchange. They should also feature an anti-eavesdropping mechanism to ensure forward secrecy of the encryption keys.