Time domain multiplexing creates secure network channels

A classic technique for implementing security is simple physical isolation: running the data through a network that is physically separate from the public network, making it that much more difficult for an outsider to access the data. Doing this with classic Ethernet based solutions is expensive: running a private network and public access over one pipe either requires two separate physical connections or the use of VPN software. Having two separate physical connections is expensive, and VPN technology still presents a number of security risks.

Using synchronous optical network (SONET) virtual concatenation technology, some of these issues can be overcome. Virtual concatenation allows multiple Ethernet interfaces to be mapped onto a single SONET pipe, but maps them into different timeslots of the pipe. These SONET pipes are then connected through a time domain multiplexed (TDM) structure of the SONET network.

This TDM structure enhances security in two basic ways. The first has to do with its data-ignorant infrastructure. Ethernet and IP based infrastructures are connected through data aware equipment. Any of these routers and switches is vulnerable to attack, and can be exploited to monitor data transmission. SONET based switches, on the other hand, have no ability to monitor the packet traffic going through them. No attack can make a SONET crossconnect monitor the data inside.

The second reason has to do with geographic diversity: IP based solutions gain some security from the randomness involved in the internet. At any particular point in a network, you can gain access to some of the data, but generally not all of the data. Still, by gaining access to appropriate routers and switches, it is possible to monitor a large number of complete packets, and frequently monitor complete higher-layer transactions.

Virtual concatenation technology, on the other hand, can be implemented to insure that no transit point even gets complete packets to analyze, frustrating any attempt to compromise the security of the data.

When the Ethernet data is adapted to SONET, the bits are allocated to a SONET datastream in the order they appear in the packet streams, and the data from the packets overlaps the timeslots in the SONET stream. As data is connected though the networks, different timeslots take different routes. These routes are not dynamic, but are statically configured.

By taking care in how the two sites are connected, the service provider can ensure that no intervening node has a complete copy of any individual packet. This also ensures that no packets can be inserted from an outside source, as the data from other paths would wind up bit interleaving with the inserted packet, preventing it from being received. This makes the connection completely immune to "man in the middle" attacks. Data also cannot be inserted into the stream from any outside location, or monitored in any outside location.

Sometimes, the carrier cannot guarantee separate paths for the various components of the bundle. Even when this is the case, the connection is very difficult to intercept.

Tapping into the connection would require gaining access to the carriers SONET provisioning system, setting up cross-connects from one of the cross-connect systems to a packet-aware node, and then setting up cross-connects back from the packet-aware node to network. This would generate immediate alarms throughout the network due to path trace messages.

Path trace messages are carried in the overhead channels of SONET channels. They identify the source of every channel. Every system along the path monitors the path trace messages, and compares the received source to the expected value. Whenever the value does not match the expected value, then an alarm is raised. This mechanism is intended to expose provisioning errors, but has the side-benefit of inhibiting tampering.