Security Implications of Circuit-Oriented Architectures

Topic: Security Implications of Circuit-Oriented Architectures

Findings:

Circuit-oriented point-to-point wide-area optical architectures are a major focus of the government and academic advanced networking computing community, particularly for high bandwidth science applications.

Ironically, however, security concerns have limited the deployment of these facilities, with the kernel of those concerns typically relating to circuit oriented architectures bypassing traditional perimeter security appliances such as firewalls or intrusion detection systems.

This is somewhat counterintuitive: if one system, or a small subnet of systems, connects via a switched optical network connection to another small subnet, thereby forming a small closed collaborative enclave, that would appear to provide a reduced attack surface, most notably limits on the potential population of attackers who may have access to those interconnected resources.

The scenario that concerns some, however, is one which uses the circuit-based architecture to bridge sensitive networks to public networks. Imagine a scenario with two sites interconnected by a point-to-point optical network:

Internet ==> host at site one ==> optical network ==> host at site two ==> sensitive internal network

The optical network element in that diagram might explicitly avoid firewalls.

That scenario would thus potentially enable synchronous or phased undesirable access:

That is, it would not necessarily need to occur in real time. Content from the Internet could be introduced at one time, and only subsequently obtain access to sensitive internal networks. (e.g., the path does not need to exist end-to-end in order for contamination to occur)

We believe that cross-contamination can be prevented through use of a partitioned "red/black" network architecture, much as secure government networks are currently air-gapped from the Internet, but that strict partitioning comes with substantial real and intangible costs. That approach, applied in an unclassified environment, needs to be carefully studied.

These concerns generalize beyond optical networks to a variety of other point-to-point environments, including tunnels and VPNs.

Recommendation:

Fundamental research is needed to develop strategies to address these concerns as they are essential to enabling broad deployment of circuit based networking solutions.