Product
SINA L2 Box

Transfer large amounts of data quickly and securely

Ever-increasing volumes of data that have to be exchanged over public line paths – a growing challenge for companies and public authorities. The SINA L2 Boxes ensure secure and efficient information exchange at network layer 2, where bandwidth can be used to advantage.

Advantages of the L2 Box at a glance

High performance

High-performance encryption with data throughput of up to 100 GBit/s.

Secure

An encrypted system platform with smart card technology.

Comfortable

The boxes can be integrated into existing network infrastructures without modification and allow virtually maintenance-free operation.

Flexible

The SINA L2 Box is approved in various configurations from VS-NfD up to and including SECRET, NATO SECRET as well as SECRET UE/EU SECRET.

Start
Start
1 of 5
1 of 5
2 of 5
2 of 5
3 of 5
3 of 5
4 of 5
4 of 5
5 of 5
5 of 5

The SINA L2 Box S can be used flexibly in the different variants. With a data throughput of up to 100 GBit/s, the solution is particularly impressive in the data center coupling scenario thanks to its strong encryption performance when sending large volumes of data while at the same time taking into account very high security requirements for VS-NfD.

The SINA L2 Box H is an Ethernet encryption device for national and international high-security networks with BSI approval up to and including SECRET.

SINA
IT security powered by SINA

SINA was developed as a holistic security system that protects entire digital infrastructures. At its core, perfectly matched network components and clients ensure effective encryption and separation of differently classified data - locally and when transferred over the internet.

SINA is used worldwide by governments, critical infrastructures and in industry and is the leading security architecture in the Federal Republic of Germany with over 170,000 installed systems.


SINA Management centrally manages and configures all users and components of the SINA product portfolio. The networks to be protected are set up, configured and administered in a structured manner. With its graphical user interface, SINA Management enables the simple configuration of security relationships and access authorizations between SINA components and networks.

This is how SINA Management works: Configuration data, such as IP address configurations or routing information of the SINA components, is written to the SINA ID Token - a trusted and protected storage medium (smartcard, security token or USB token with integrated smartcard). The configuration data is then securely stored on the SINA ID token and made available to the SINA components. In the process, SINA Management generates and manages the keys and certificates required for secure operation of the components and also writes them to the storage media. SINA Management is used to manage infrastructures with up to several thousand SINA devices.


For the future era of quantum computing, it is necessary to develop encryption methods that will still be secure (post-quantum cryptography). This is because current asymmetric methods do not provide sufficient protection against attacks by quantum computers. In contrast, the presumed impact on symmetric primitives is less severe.

The SINA L2 Box S already follows the BSI's recommendation for action on "migration to post-quantum cryptography". The SINA L2 Box S uses a pre-distributed symmetric long-term key for regular key derivation, which is made available in the device via PIN-protected smartcard. This makes it possible to symmetrically encrypt the asymmetric key exchange between two devices using a pre-distributed secret.

For cryptography on elliptic curves, the SINA L2 Box S also offers the option of secret curve parameters. This reduces the attack vector against attacks with quantum computers, since the curve parameters can be calculated when three points on the curve are known.


The high-performance SINA L2 Box S solution can also be used for the encryption of data transmitted via Wavelength Division Multiplex (WDM) connections. Here, encryption of the entire data stream between the end stations is often used (layer 1 encryption). However, only in a few exceptions is this currently certified for classified information. Another disadvantage of network layer 1 encryption is that it is not possible to separate the data transmission and cryptographic functions. However, especially in larger organizations, these are often the responsibility of different parties. If both functions are installed in one system, the responsibility for operation and configuration cannot be clearly assigned.

With the SINA L2 Box S, it is possible to encrypt complete 100Gbit/s wavelength links at network level 2 without this being noticeable in the network topology. Responsibility for cryptography and data transport can thus be separated according to requirements, and encrypted and unencrypted wavelengths can be transmitted together.

 

When networking different locations of public authorities and companies, there is a considerably increased demand for bandwidth, especially in star-shaped topologies at the main locations. Instead of using multiple parallel transitions, a high-performance SINA L2 Box S can be integrated. Duplication is then only required for redundancy reasons. As a result, both the connection infrastructure used (e.g., fiber optics) and the available space in the network node locations can be used much more efficiently.

 

A software-defined wide area network (SD-WAN) uses software and cloud-based technologies to manage networks. This allows higher bandwidths to be achieved and costs to be reduced in modern network infrastructures. The high encryption performance of the SINA L2 Box S can be used to secure data exchange in this context.

In SD-WAN approaches, additional information is processed for packet forwarding by setting up sets of rules (policies). Among other things, the requirements of the applications used and the quality of the networks used are taken into account. For example, in the case of voice or video connections, data packets can be recognized as such and efficiently transported via a corresponding rule (e.g., always via the network with the currently lowest delay).

A distinction is made between the overlay and underlay of the data transport. The policy-based forwarding decision is made in the overlay. In the underlay, the data transport takes place between the sites. Since the underlay networks are usually spanned over infrastructure that is not trustworthy in terms of security, the data content must be encrypted at the latest at the transition between overlay and underlay.

A major advantage of using the SINA L2 Box at the transition between overlay and underlay is the routing of IP connections: Instead of individual IP-based forwarding on network level 3, only the corresponding data transport between the site transitions on network level 2 is processed in each case. The SINA L2 Box S thus provides a transparent and independent encryption function without affecting the network function provided by the SD-WAN.

If essentially sites and data centers are interconnected, the number of endpoints is usually in the small to medium range - but the individual bandwidths can sometimes become very high. The SINA L2 Box S, with its various performance levels from 10 Gbit/s to 40 Gbit/s and up to 100 Gbit/s, is ideally suited for this application scenario. The SINA L2 Box S 100G can be used both in point-to-point scenarios and as a headend for aggregation solutions.

This leaves network operators free to choose an SD-WAN solution in the unencrypted network area. In addition, the SINA L2 Box S offers a transparent VS-NfD-approved solution for secure data exchange "Made in Germany" that is independent of the respective SD-WAN manufacturer.

 

The SINA portfolio for the modern workday with classified data includes
Downloads
Want to learn more?
Technical info
Factsheet SINA L2 Box S

Technical specifications

Factsheet SINA L2 Box H 1G

Technical specifications

Factsheet SINA Management

Technical specifications

Contact request
Do you have questions about a SINA L2 Box?
Do you have questions about a SINA L2 Box?

We look forward to your inquiry.

Site 1

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen

Phone: +49 (0) 201 5454-0
E-Mail: info(at)secunet.com

Twitter | LinkedIn | Xing

© 2021 secunet Security Networks AG