Optical control and management security standards for the GIG-BE

This paper presents an overview of requirements and standards development activities for securing the control and management infrastructure protocols for optical networking protocols used in the Global Information Grid-Bandwidth Expansion (GIG-BE). Our approaches to hardening these protocols are: (1...

Full description

Saved in:
Bibliographic Details
Main Authors: Esposito, R., Frankel, S., Graveman, R., McNown, S.
Format: Conference Proceeding
Language:English
Subjects:
Access methods and protocols, osi model
Applied sciences
Communication system security
Exact sciences and technology
High speed optical techniques
Information security
National security
Optical control
Optical fiber communications
Optical fiber networks
Optical interconnections
Optical telecommunications
Protocols
Routing
Standards development
Switching and signalling
Systems, networks and services of telecommunications
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Transmission and modulation (techniques and equipments)
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper presents an overview of requirements and standards development activities for securing the control and management infrastructure protocols for optical networking protocols used in the Global Information Grid-Bandwidth Expansion (GIG-BE). Our approaches to hardening these protocols are: (1) to develop open standards that encompass the Department of Defense's needs; and (2) to encourage vendors to supply products that support these standards and other appropriate security functionality for GIG-BE signaling, routing, discovery, and management. At MILCOM 2001, Buda et al. reported on commercial-off-the-shelf security standards being developed for the GIG; they covered asynchronous transfer mode, multi-protocol label switching, and newly emerging optical networking. We have now completed control plane security and management plane security implementation agreements at the Optical Internetworking Forum (OIF), coordinated and aligned these with ATIS-T1M1 and the IETF, and begun efforts to implement and demonstrate these agreements. This paper briefly describes the OIF's work on control plane functionality in optical networks and the security requirements for these control protocols. It then explains why additional security was required for signaling, routing, and discovery; shows what alternatives were considered; and describes the choices made in the OIF's Security Extension for UNI and NNI. Securing an optical switch depends on much more than secure control protocols, so the paper next covers the OIF's Security for Management Interfaces to Transport Network Elements, which describes security objectives and choices for securing operations, administration, maintenance, and provisioning (OAM and P) interfaces to these network elements. Specifications and recommendations are given along with a mapping of how following the specifications satisfies the initial objectives. The relationship of this work to the security standards developed by T1M1 is also described. Beyond these two implementation agreements, on-going efforts are focused on demonstrating the practicality of this approach, addressing end-to-end security, adding an audit log capability, continuing cooperation with T1M1 on OAM and P security, and keeping these implementation agreements aligned with new drafts and RFC on signaling, routing, discovery, and security at the IETF.
DOI:10.1109/MILCOM.2004.1494967