Mann hält Platine in der Hand

Hybrid standard encryption

AES 256-bit and Diffie Hellmann in combination

You are here
  1. Optical Networks
  2. Solutions
  3. Encrypted Networks | dacoso
  4. Hybrid standard encryption

Protecting optical networks

Encrypt data on layer 1

By combining AES-256 encryption with Diffie-Hellman key exchange, we offer a highly secure, standardized solution for your optical data connections. Important: The encryption hardly affects the transmission performance. This allows you to protect sensitive information at layer 1 without compromising on performance.

What is AES 256?

AES-256 (Advanced Encryption Standard) is a widely used and extremely secure encryption method. It works symmetrically, i.e: The same key is used for encryption and decryption. With AES-256, the key length is 256 bits, which results in a very high number of possible keys (2^256). This enormous number makes it practically impossible to crack the key.

What is Diffie-Hellmann?

The Diffie-Hellman method, named after its developers, is an asymmetric key exchange protocol. Two parties exchange information via a public, interceptable line, which leads to a shared key. This key is a number that a potential attacker cannot calculate, even if he intercepts the exchanged data.

Combined - for your benefits:

  • High security through combination of secure key exchange with strong encryption algorithm - currently not decodable by conventional computer technology
  • Low effort for hardware implementation
  • 100% data throughput with extremely low latency
  • High interoperability between different systems and applications Internationally recognized encryption techniques used in many security standards and protocols, including TLS (Transport Layer Security), IPsec (Internet Protocol Security), SSH (Secure Shell), etc.

 

Opitonal with BSI approval

For particularly high security requirements, we offer encryption solutions that are approved by the BSI for the classification levels VS-NfD, EU restraint and NATO restricted. In a complex process, the BSI not only checks the hardware structure of the solution, but the manufacturers must also disclose the source code of the software. This prevents vulnerable vulnerabilities and backdoors. In addition, special requirements are specified for the number generator to ensure the highest possible level of randomness. Further measures in the area of component handling also minimize the risk of side-channel attacks, for example. In contrast to a software implementation, the random numbers are therefore unpredictable for attackers.