Avatar

Today, many encrypted networks use insecure cryptography. Attackers exploiting weak cryptography are nearly undetectable, and the data you think is secure is less safe every day. Legacy encryption technology can’t keep up with current advances in hacking and brute force computing power. Additionally, legacy solutions are increasingly inefficient as security levels rise, and perform poorly at high data rates. In order to stay ahead of this challenge, encryption needs to evolve.

New algorithms for encryption, authentication, digital signatures and key exchange are required in order to meet growing requirements for greater data security. Network data speeds grow exponentially (though not as fast as Moore’s law), and modern networks achieve speeds that were not in consideration when the 64-bit block ciphers Triple-DES and GOST 28147-89 were conceived decades ago. At high data rates, it is easy for a network encryption device to exceed the birthday bound for 64-bit block ciphers in that length of time. At very high data rates, it is difficult to keep leakage low — even with frequent rekeying — because the total leakage is summed over all of the many rekeying periods.

Cisco Next Gen Encryption (NGE) leverages advanced algorithms, key sizes, protocols and entropy to exceed security requirements for at least 20 years into the future. NGE offers a complete algorithm suite in which each component provides a consistently high level of security and can scale well to meet high throughput and high numbers of connections. NGE is compatible with existing security architectures and government standards, including Suite B, FIPS-140 and NATO.

Check out this video from RSA – Mike Danseglio of 1105 Media and David McGrew, Cisco Fellow discuss the vulnerabilities of legacy encryption solutions and how they can be overcome.



Authors

David McGrew

Cisco Fellow

Security