WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

4 Principle of L1 Service Encryption

4.1 Components of the L1 Service Encryption System

The L1 service encryption system consists of the OSN equipment with encryption
boards, security management tool (for example, SMT), and network management
system (for example, NCE).
4.2 Security of the L1 Service Encryption System
After a user's encryption administrator account is authorized by the network
management system, the encryption function can be configured on the security
management tool. To protect the privacy of end users, the security management
tool (SMT) cannot communicate with the network management system. They are
isolated from each other and work independently.
4.3 Encryption Process for Bidirectional Services
The procedure for encrypting bidirectional services is as follows: The source end
and sink end use the SHA-256 algorithm to check whether each other is a
legitimate device. The two ends negotiate with each other using the Diffie
+Hellman algorithm to obtain a session key. Based on the AES-256 algorithm, the
negotiated session key is used for encryption and decryption.
4.4 Encryption Process for Unidirectional Services

4.1 Components of the L1 Service Encryption System

The L1 service encryption system consists of the OSN equipment with encryption
boards, security management tool (for example, SMT), and network management
system (for example, NCE).
The signals transmitted by the OSN equipment use the Optical Transport Network
(OTN) frame structure specified in ITU-T Recommendation G.709/Y.1331. The OSN
equipment in the encryption system adds an encryption algorithm to signal
processing to encrypt the OPUk payload (excluding the overhead and FEC area). In
this way, the customer data is encrypted. The security management information
that the encryption function uses is transmitted using OPUk overheads, without
affecting client services.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 9

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Figure 4-1 Frame structure after client signal encapsulation

As shown in Figure 4-1, client-side signals are mapped to the payload area in an
OPUk frame, and then OPUk overheads are added to form a lower-order ODUk
frame. Then, multiple ODUk frames are multiplexed into a higher-order ODUj (j =
k + 1 or higher) frame, and then OTU overheads are added to form the final
signal transmitted over an optical fiber.
Figure 4-2 shows the block diagram of an encryption system. Table 4-1 describes
the functions of each system component.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 10

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Figure 4-2 Block diagram of an encryption system

Table 4-1 System components and functions

System Deployment Function
Component Location

OSN Customer's Implements service access at the port level

equipment building and encrypts and decrypts services.
with
encryption
boards

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 11

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

System Deployment Function

Component Location

Security Customer's ● The security management system (SMS)

management building running on the NE implements
tool (for encryption configuration and
example, SMT) management.
● The SMT uses the SSL/TLSv1.2 protocol
to access the SMS on the NE to issue
encryption management commands.

Network Central ● Manages and controls encryption user

management equipment room rights and encryption port resources,
system (for such as adding encryption
example, NCE) administrators and allocating encryption
port resources for encryption
administrators.
● Supports service configuration and
network O&M.
NOTE
Both the NMS and SMT communicate with gateway NEs through Ethernet and with non-
gateway NEs through embedded control channels (ECCs).

4.2 Security of the L1 Service Encryption System

After a user's encryption administrator account is authorized by the network
management system, the encryption function can be configured on the security
management tool. To protect the privacy of end users, the security management
tool (SMT) cannot communicate with the network management system. They are
isolated from each other and work independently.

Isolation Capability
Before configuring service encryption, you must complete the following tasks on
the network management system (for example, NCE):

● Create a service. The service to be encrypted must have been created on the
NCE.
● Authorize an encryption administrator account. You must create an encryption
administrator account for each user, allocate encryption port resources, and
inform each user of the account, password, and device IP address.

Users use the SMT to issue encryption management commands. The SMT uses the
SSL/TLSv1.2 protocol to access the SMS on the NE.

Privacy Protection
On the security management tool, a user can set the Encryption Management Key
(EMK) after the NE login using the account and password. Encryption
management key (EMK) is a character string consisting of 8 to 32 bytes. After the

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 12

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

EMK is authenticated, the user can perform encryption management on NE ports.

EMK, equivalent to an encrypted private password of a user, is visible only to the
user. In this way, network department cannot perform operations on user services
even if they have encryption administrator accounts.
Users can access only the allocated ports, but not other user ports. If services of
different departments need to be encrypted and managed separately, encryption
sub-accounts can be set by port based on an encryption administrator account.
The same port can be allocated to different sub-accounts.

Figure 4-3 Encryption right assignment

4.3 Encryption Process for Bidirectional Services

The procedure for encrypting bidirectional services is as follows: The source end
and sink end use the SHA-256 algorithm to check whether each other is a
legitimate device. The two ends negotiate with each other using the Diffie
+Hellman algorithm to obtain a session key. Based on the AES-256 algorithm, the
negotiated session key is used for encryption and decryption.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 13

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Entire Encryption Process

Figure 4-4 shows the overall block diagram of encrypting bidirectional services,
including authentication, key negotiation, and encryption and decryption. After a
bidirectional service link is created on the SMT, you only need to modify the
Authentication Info and enable the encryption function.

Figure 4-4 Overall block diagram of encrypting bidirectional services

● Authentication Info is a character string consisting of 20 to 32 bytes. It is used

by a pair of source and sink devices to check whether the peer end is valid
before key negotiation. Each pair of boards and client-side ports that use the
same session key have the same Authentication Info.
● Session key is a 256-bit key automatically generated by the system for service
data encryption. Session keys can be changed periodically. Each direction of a
bidirectional service has a session key.
● SHA-256 encryption algorithm: Secure Hash Algorithm (SHA) is an irreversible
encryption algorithm. When storing an EMK, the NE uses the SHA-256
encryption algorithm to encrypt the EMK.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 14

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

● Diffie-Hellman is a public algorithm of keys. Two communication parties can

obtain the shared key by exchanging some data instead of transmitting the
key across the link.
● Advanced Encryption Standard (AES) is a symmetric block cipher algorithm.
AES-256 encrypts data in groups of 256 bits in counter mode (CTR). To
decode data encrypted using the AES-256 algorithm, attackers must obtain
much more ciphertext and use much more resources and time, as compared
with decoding data encrypted using traditional encryption algorithms. AES is
widely applied, encrypts data quickly, is easy to hide, and provides high
throughput.

Authentication
Whether the peer end is a legitimate device can be determined based on the
comparison of the calculated values at the source end and sink end.
As shown in Figure 4-5, the source end and sink end use the SHA-256 digest
algorithm to calculate the Message Authentication Code (MAC) value based on
input parameters. If the input parameters are the same and the calculated values
are the same at the two ends, identity authentication is successful. After the
encryption function is enabled, authentication is performed only once. The
authentication is performed again only after services are interrupted.

Figure 4-5 Bidirectional service authentication process

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 15

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

● Authentication Key (AK): As shown in Figure 4-4, the key exported from
Authentication Info configured by a user is transmitted to the sink end before
key negotiation.
● ID: The ID is computed based on the NE ID, subrack ID, board slot ID, and port
number.
● MAC: The MAC is computed based on random number A, random number B,
ID, and AK using the SHA-256 digest algorithm.

Key Negotiation
Key negotiation between two ends generates a session key.
The source end and sink end generate a public/private key pair by using the Diffie-
Hellman algorithm, and the source-end public key is transmitted to the sink end.
At the sink end, the public key and the sink-end private key are used together to
generate a session key.
During key negotiation, man-in-the-middle attacks may occur. As shown in Figure
4-6, a hacker (C) pretends to be B during communication with A and pretends to
be A during communication with B. Both A and B negotiate a key with C. In this
way, C can communicate with A and B respectively to intercept data.

Figure 4-6 Man-in-the-middle attack

To prevent man-in-the-middle attacks and improve security, the public key is

encrypted using the AK. Therefore, the hacker can launch a man-in-the-middle
attack only after obtaining the AK to decrypt the public key. Figure 4-7 shows the
key negotiation process of a bidirectional service.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 16

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Figure 4-7 Key negotiation process of a bidirectional service

Encryption and Decryption

At the source end, original text is encrypted into cipher text, and the cipher text is
decrypted into the original text at the sink end.
The source end and sink end use the AES-256 algorithm to write the negotiated
session key as the encryption key into the hardware. After key switching is started,
the transmitted data can be encrypted or decrypted. Figure 4-8 shows this
process.
You can use the SMT to set the key replacement period or forcibly start the key
exchange. In this case, a new key is generated and written into the hardware, and
the key is switched.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 17

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Figure 4-8 Bidirectional service encryption and decryption process

4.4 Encryption Process for Unidirectional Services

The procedure for encrypting a unidirectional service is as follows:

1. By using the HMAC_SHA256 algorithm, the source end sends the calculated
value repeatedly, and the sink end authenticates the legitimacy of the local
end.
2. The two ends use the PBKDF2 algorithm to calculate a session key based on
the customer key configured by a user.
3. Then, based on the AES-256 algorithm, the SE2900 uses the new session key
for encryption and decryption.

Entire Encryption Process

Figure 4-9 shows the overall block diagram of encrypting unidirectional services,
including authentication, key calculation, and encryption and decryption. Different
from the bidirectional service encryption process, the sink end of unidirectional
service encryption cannot return information to the source end. Therefore, the two
ends cannot authenticate each other and negotiate a session key. After a
unidirectional service link is created on the SMT, in addition to modifying
Authentication Info of services and enabling the encryption function, the user
must configure the customer key to derive a session key.

● Before the encryption function is enabled for services for the first time,
because the key is empty, the customer key must be configured for
subsequent encryption operations.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 18

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

● After the encryption function is enabled, the user can also configure the
customer key. In this case, the key calculation and encryption processes are
repeated.

Figure 4-9 Overall block diagram of encrypting unidirectional services

● Customer key, which is configured by the user and consists of 2048 bits, is
used as the basis of deriving the actual encryption key. The customer key of a
bidirectional service is automatically generated by the two ends, without
requiring manual configuration. The customer key of a unidirectional service
is configured by the user before encryption is enabled or during the
encryption enabling process.
● HMAC-SHA256 is an irreversible encryption algorithm that encrypts
Authentication Info into cipher text and uses an authentication character
string with a length of 1 to 64 bytes to defend against passive attacks.
● Password-Based Key Derivation Function 2 (PBKDF2) is a common algorithm
that uses the pseudo random function to export a key.
● Advanced Encryption Standard (AES) is a symmetric block cipher algorithm.
AES-256 encrypts data in groups of 256 bits in counter mode (CTR). To
decode data encrypted using the AES-256 algorithm, attackers must obtain
much more ciphertext and use much more resources and time, as compared
with decoding data encrypted using traditional encryption algorithms. AES is

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 19

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

widely applied, encrypts data quickly, is easy to hide, and provides high
throughput.

Authentication
The legitimacy of the source end can be authenticated based on the comparison
of the calculated values at the sink end.
As shown in Figure 4-10, the source end and sink end use the HMAC_SHA256
algorithm to calculate hash values, and the sink end compares the hash values to
determine whether the source end is a legitimate device. The subsequent process
can be started only after the authentication succeeds. After the encryption
function is enabled, authentication is performed only once. The authentication is
performed again only after services are interrupted.
During the authentication process of unidirectional service encryption, the source
end needs to repeatedly calculate and send hash values. This is different from the
authentication process of bidirectional service encryption. To defend against replay
attacks, the timestamp difference between the source and sink ends is within 10s.

Figure 4-10 Unidirectional service authentication process

● Authentication Key (AK): As shown in Figure 4-9, the AK is calculated using

the HMAC_SHA256 algorithm based on the authentication information
configured by the user. AK1 indicates the source authentication key, and AK2
indicates the sink authentication key.
● Hash value: The Hash value is calculated using the HMAC_SHA256 algorithm
based on the AK (used as the algorithm key), random number (A), timestamp
(T), and key identifier (K).
● T1 indicates the source-end timestamp, and T2 indicates the sink-end
timestamp.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 20

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Key Calculation
The source end and sink end use the PBKDF2 algorithm to calculate a session key
based on the random number generated by the source end and the key identifiers
at the two ends.

Figure 4-11 Key calculation process of a unidirectional service

Encryption and Decryption

Based on the AES-256 algorithm, the source end and sink end use the new session
key as the encryption key to encrypt or decrypt the transmitted data. Figure 4-12
shows this process.

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 21

WDM OTN L1 Service Encryption Feature Guide 4 Principle of L1 Service Encryption

Figure 4-12 Unidirectional service encryption and decryption process

Issue 7.0 (2020-09-20) Copyright © Huawei Technologies Co., Ltd. 22