Contrary to a false perception, intercepting information transmitted over an optical fibre cable – an optical fibre is a thin glass fiber which transmits light to carry information – is not only possible but also not very difficult in practice. “Tapping a fibre-optic cable without being detected, and making sense of the information you collect isn’t trivial but has certainly been done by intelligence agencies for the past seven or eight years” explains John Pescatore, VP of Security at the Gartner Group and a former US National Security Agency analyst. “These days, it is within the range of a well-funded attacker, probably even a really curious college physics major with access to a fiber-optics lab and lots of time on his hands” adds Pescatore. Bending an optical fibre is indeed sufficient to extract light from it. Optical taps are readily available from a variety of manufacturers and inexpensive.
Optical fiber cables have replaced copper cables for all high bandwidth links and they become every day more prevalent in the telecommunication networks worldwide. Organizations almost certainly rely on optical fibers to transmit some, if not all, of their information. Because of this vulnerability, optical links carrying critical information must be identified and protected with appropriate countermeasures.
As telecommunication links are intrinsically vulnerable to eavesdropping, cryptography is routinely used to protect data transmission. Cryptography is a set of techniques that can be used to guarantee confidentiality and integrity of communications. Prior to its transmission, information is encrypted using a cryptographic algorithm and a key. After the information has been received, the recipient reverses the process and decrypts the information. Even if he intercepted the encrypted information, an eavesdropper would not be able to gain knowledge about it without knowing the cryptographic key.
Current cryptographic techniques are based on mathematical theories. In spite of the fact that they are very widespread, they do not offer a foolproof security. They are in particular vulnerable to increasing computing power and theoretical advances in mathematics. These techniques are thus inappropriate in applications where long-term confidentiality is of paramount importance (financial services, banking industry, governments, etc.).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.