As the worlds telecom & datacom equipment providers converge on the ITUT G.709 OTN standard as the logical choice for optical transportation; data security & integrity of the ODU payload is becoming more and more critical.
While the standard itself delivers a degree of inherent security through the scrambling and relatively complex mapping of client signals in to the payload; its open-policy nature allows anyone with a working telecom or datacom knowledge to reverse engineer these features and capture the raw data. This is precisely what products in the Test & Measurement and Network Analytics /
Assurance markets do today.
While the existing approach is adequate for the bulk of commercial metro & long-haul applications; some operators service client applications that require a higher degree of security than is currently provided by the ITU-T G.709 standard.
Aliathon in partnership with Helion Technology can offer a flexible & powerful payload encryption solution to solve this problem. Applications include military / high security commercial networks and datacom network virtualization.
FEC Core
OTN Link
(OTUk carrying Ethernet,
Fibrechannel, SONET/
SDH, Video over OTN etc).
OTUk Framer Core
ODU Crypto Function
Crypto IP Core




Aliathon OTN OTN Cont.
Single chip FPGA designs.
Targets slowest speed grade silicon.
2.5G, 10G, 40G and 100G options available (support for OTU1, OTU2, OTU3 and
OTU4 rates).
Multi-channel applications supported (up to 120Gb aggregate bandwidth).


Helion Crypto
Support for G.709 standard GFEC, G.975.1 eFEC and Vitesse
CI-BCH-3™ eFEC.

100% Payload & overhead manipulation supported to allow full customization of the encryption scheme.


Supports NIST FIPS-197
Advanced Encryption
Standard (AES-CTR and
AES-GCM modes).
128-bit and 256-bit key size options.
RTL source code available (Helion core only) to facilitate security review.
R EVISION 1 : N OVEMBER 2012

n x 10GE-over-OTU2 Crypto: In the example shown below, a number of 10GE links are terminated by
Aliathon’s 10GE-ODU2 mapper which passes the client signals in ODU2 form to the Helion encryption engine.
From here the optional cross-connect allows routing of these secure ODU2’s to any of the OTU2 Framers where each ODU2 is encapsulated with OTU2 overhead and FEC before being transmitted in to the network.
FEC n x 10GE
10GE to
ODU2
Mapper n x 10GE-over-OTU2 Crypto
Helion Crypto Core
ODU2
Cross
Connect
OTU2
Framer n x OTU2 n x OTU2 Crypto: Similar to the application above, this time ODU2’s are extracted from the incoming OTU2 frames before being encrypted then re-framed to OTU2 for transmission.
FEC FEC n x OTU2 Crypto n x OTU2 OTU2 Framer
Helion Crypto Core
ODU2
Cross
Connect
OTU2
Framer n x OTU2
info@aliathon.com
+44 (0)1383 737 736
www.aliathon.com
Aliathon Ltd
Evans Business Center
Pitreavie Court
Dunfermline, Fife, KY11 8UU
Scotland, UK