Physical Layer Network Security
See What
Encryption
Cannot
Hide.
PhaseGuard monitors the physical behavior of fiber optic networks — passively, without touching your data.
0 FP
False Positives in PoC
0%
Bandwidth Used
7/24
Continuous Monitoring
6 reg
Regulations Covered
// What We Do
Ağınız Her Şeyi Görüyor.
Siz Sadece Dinlemiyordunuz.
Bugün her güvenlik katmanı — firewall, SIEM, şifreleme — Katman 3 ve üzerinde çalışır. Fiziksel kablo kimse tarafından izlenmez. Bir saldırgan 200 dolarlık bir klips kuplörüyle canlı fiber trafiğini kopyalayabilir, hiçbir iz bırakmaz. Bir jammer GPS sinyalini bozarken sisteminiz onu iyonosferik gürültüden ayırt edemez. PhaseGuard bu kör noktayı kapatır — aktif sinyal göndermeden, altyapıya dokunmadan. Zaten akan veriye bakar, parametreler arasındaki korelasyonu analiz eder ve fiziksel katmanda ne olduğunu söyler.
// FIBER OPTIC
Fiziksel Müdahaleyi Görün
Bir TAP takıldığında, bir kablo büküldüğünde veya topolojiye yeni bir eleman girdiğinde fiber üzerindeki latans dağılımı, jitter profili ve paket korelasyonu karakteristik biçimde değişir. Bu değişim şifrelemeyi atlar, SIEM'i atlar — ama fizikten kaçamaz.
→Mevcut trafiği pasif izle — sıfır sinyal enjeksiyonu
→7 fiziksel parametre arasındaki korelasyonu sürekli hesapla
→TAP / bükme / müdahaleyi ayırt et — 5 saniyede, sıfır bant genişliği etkisiyle
→Lokasyon tahmini + SHA-256 adli zincir
Ivy Bells operasyonu 10 yıl sürdü. Sürekli bir Δt referansı yerleştirme olayını ilk pencerede yakalar.
// SATCOM / GNSS
Sınıflandırın, Yanıltılmayın
GPS sinyali bozulduğunda mevcut sistemler tek bir soruyu yanıtlayabilir: "Bir şey mi var?" PhaseGuard farklı bir soru sorar: "Ne var?" TEC ve S4 parametreleri arasındaki korelasyon, iyonosferik fırtınanın doğal etkisini yapay bir jamming saldırısından ayıran fiziksel imzayı taşır.
→Mevcut GNSS alıcı verilerini pasif oku
→TEC–S4 korelasyonu ile gerçek zamanlı analiz
→İyonosferik fade mi, jamming mi, spoofing mu — sınıflandır
→Yeni alıcı yok — mevcut sistemin üzerine analiz katmanı
Kp=5.7 jeomanyetik fırtınasında doğrulandı — S4 yükselmesine rağmen sıfır yanlış alarm.
// HER İKİSİNDE ORTAK
Aktif sinyal yok. Bant genişliğine dokunmaz. Mevcut altyapıya entegre olur.
Pasif gözlemden elde edilen verilerle korelasyon kurar, fiziksel katmanı sınıflandırır.
Yeni bir altyapı değil — elinizdekilere yeni bir anlam katmanı.
// DEĞİŞTİRİLEMEZ KANIT
Her olay SHA-256 hash zinciriyle, RFC3161 zaman damgasıyla kaydedilir. Bu kayıt geriye dönük olarak değiştirilemez — ne PhaseGuard tarafından, ne üçüncü bir tarafça. Herhangi bir bağımsız sistem zincirin bütünlüğünü doğrulayabilir.
Bir SLA ihlali yaşandığında "ne zaman başladı, kaç saniye sürdü, fiziksel mi ağ katmanında mıydı" soruları artık tartışmalı değil — zincirde yazıyor. Sigorta sürecinde değiştirilemez teknik kanıt. Mahkemede kabul edilebilir, bağımsız olarak doğrulanabilir.
// How It Works
Zero changes to your infrastructure. Zero access to your data.
Your Network
Existing fiber optic infrastructure. Nokia, Ciena, Huawei — any vendor.
→
Passive Agent
Reads physical metrics only. OSNR, power, jitter. No traffic content.
→
Patented
PhaseGuard Engine
iCID/eCID fingerprinting + SHA-256 forensic hash chains.
→
Your Dashboard
Real-time alerts, event classification, NIS2-compliant forensic reports.
We never see your data. Only your network's behavior.
The agent transmits only physical-layer metrics: signal power levels, timing deltas, correlation coefficients. No packet content. No user data. No encryption keys.
// Benefits
More than security. An operational upgrade.
Zero Bandwidth Consumption
PhaseGuard reads existing physical-layer signals passively. No test pulses. No injected traffic. Your full network capacity stays available 24/7 — monitoring costs you nothing in throughput.
OTDR
Sends active test signals → consumes bandwidth → interrupts trafficPhaseGuard
Purely passive observation → zero signal injection → zero throughput lossGreen Energy Profile
No active signal generation hardware. No OTDR transmitters. No optical pulse sources. PhaseGuard runs on commodity compute — dramatically lower energy footprint. Measurable contribution to ESG and sustainability reporting targets.
Active OTDR
Laser transmitters + DSP hardware + cooling → high continuous power drawPhaseGuard
Passive TAP + edge compute only → fraction of the energy costContinuous Line Health — 24/7
OTDR does spot checks — it sees nothing between tests. PhaseGuard monitors every second. Gradual degradation (PMD drift, connector aging, micro-bend accumulation) is caught weeks before it becomes a service outage.
OTDR
Periodic spot-checks → blind between tests → degradation is discovered after the outagePhaseGuard
Nanosecond-resolution continuous stream → degradation trends detected weeks earlyPhysical Attack Detection OTDR Misses
A passive TAP passes the OTDR signal through — the tap is invisible to it. PhaseGuard detects the correlation fingerprint change that a tap, inline device insertion, or fiber bend causes — attacks OTDR structurally cannot see.
OTDR
TAP passes signal → invisible. Inline insertion → invisible. Bend attack → missed unless severePhaseGuard
iCID/eCID fingerprint change → TAP detected. Correlation shift → insertion flagged. δt anomaly → bend caught// PhaseGuard vs OTDR — Head to Head
| Feature | Traditional OTDR | PhaseGuard |
|---|---|---|
| Monitoring mode | Active — injects test pulses | Passive — zero signal injection |
| Bandwidth impact | Consumes bandwidth during test | 0% — no bandwidth used |
| Monitoring frequency | Periodic spot checks | Continuous — every second |
| Energy consumption | High — laser + DSP hardware | Low — passive TAP + edge compute |
| TAP detection | ❌ Passes through — invisible | ✅ iCID/eCID fingerprint change |
| Inline device insertion | ❌ Signal passes — invisible | ✅ Correlation anomaly detected |
| Forensic chain | ❌ No cryptographic audit trail | ✅ SHA-256 hash chain — court-admissible |
| Regulatory compliance | Partial — no incident reporting | NIS2 · IEC 62443 · NIST 800-82 · ISO 27001 |
// API
Connect in minutes. No hardware changes required.
POST
/api/v1/stream/metrics
Push physical layer metrics.
// Request
{
"node_id": "node-tx-04",
"osnr_db": 22.4,
"power_dbm": -3.1,
"jitter_ps": 0.83,
"timestamp_ns": 1741514400000000
}
GET
/api/v1/alerts
Retrieve classified anomaly events.
// Response
{
"event": "TAP_DETECTED",
"class": "CLASS_A_B",
"confidence": 0.97,
"hash": "sha256:a3f9...",
"nis2_ref": "INC-20260309-001"
}
GET
/api/v1/fingerprint/{node_id}
Retrieve iCID/eCID device fingerprint.
// Response
{
"icid": "fbc1a2d9e4...",
"ecid": "9a3e7f1c2b...",
"baseline_match": true,
"drift_score": 0.02
}
GET
/api/v1/report/forensic
Export NIS2-compliant forensic report.
// Response
{
"report_id": "RPT-2026-001",
"events": [ ... ],
"chain_valid": true,
"nis2_compliant": true
}
// IP
Protected by international patent. Validated by clean ISR.
All 8 patent claims passed the International Search Report with "A" category citations.
Turkish Patent
TR 2025/014131
Granted
PCT Application
PCT/TR2025/052048
Active
ISR Result
All Claims Novel — "A" Category
Clean
EP & USPTO Rights
Open until March 2028
Protected
// Compliance
Built to satisfy six major regulatory frameworks — by design, not by checkbox.
EU · Enforced 2024
🇪🇺
NIS2 Directive
EU — Critical & Important Entities
Requires: Risk management measures, continuous monitoring of network and information systems, incident detection and 24-hour reporting to national CSIRT, cryptographic audit trails for forensic investigation.
PhaseGuard: Real-time physical-layer anomaly detection + SHA-256 forensic hash chain satisfies Article 21 monitoring and audit requirements out of the box.
Global · IEC Standard
🏭
IEC 62443
Industrial OT / IACS — Worldwide
Requires: Defense-in-depth for operational technology networks, zone/conduit monitoring, anomaly detection at the physical layer, security lifecycle management for industrial control systems.
PhaseGuard: Passive physical-layer monitoring satisfies zone integrity requirements without disrupting OT availability — the IEC 62443 priority.
US · NIST Framework
🇺🇸
NIST SP 800-82
US — Industrial Control Systems
Requires: Physical security controls, continuous network monitoring, anomaly and event detection for ICS environments, incident response capability with forensic evidence preservation.
PhaseGuard: iCID/eCID fingerprinting + nanosecond δt monitoring provides the physical security layer NIST 800-82 requires for network access points.
Global · ISO Standard
🌐
ISO/IEC 27001
Information Security Management — Global
Requires: Physical and environmental security controls (Annex A.11), network security monitoring, incident management with documented evidence, audit logging for security events.
PhaseGuard: SHA-256 forensic chain provides tamper-evident audit logs. Physical TAP/insertion detection directly addresses Annex A.11 physical security controls.
EU · Enforced 2025
🇪🇺
Cyber Resilience Act
EU — Hardware & Software Manufacturers
Requires: Secure-by-design products with minimal attack surface, no unnecessary data collection, vulnerability handling, and security lifecycle documentation for products with digital elements.
PhaseGuard: Passive-only architecture means zero attack surface added to the network. No data collected — only physical metrics. Secure-by-design at the hardware level.
EU · Telecom
📡
BEREC / ETSI EN 303 645
EU Telecom Operators — Network Integrity
Requires: Telecom network integrity monitoring, physical infrastructure security, service quality assurance, and detection of unauthorized access to network components.
PhaseGuard: Continuous line health monitoring + physical intrusion detection provides the network integrity assurance telecom operators need for regulatory reporting.
// Patent Claim → Regulation Mapping
Claim
Capability
Satisfies
Claim 1
Passive TAP · iCID/eCID fingerprinting · SHA-256 hash chain — core system, zero bandwidth impact
NIS2 Art.21IEC 62443CRA
Claim 2
Nanosecond Δt histogram · self-sync localization · optical path correction — TAP & insertion detection
IEC 62443NIST 800-82NIS2
Claim 3
SATCOM TEC/S4 correlation · ionospheric fade vs jamming discrimination
NIST 800-82NIS2
Claim 5
Ethernet / SCADA NIC counter sliding-window z-score anomaly detection
IEC 62443NIST 800-82NIS2
Claim 7
RFC3161 timestamped immutable hash chain — forensic traceability & court-admissible audit trail
NIS2IEC 62443ISO 27001BEREC
// Contact
Ready to see it live?
Request a technical demo. We'll walk you through the API, show live anomaly detection, and provide a forensic report sample.
No commitment. Technical team only.
ETHERNET PHYSICAL LAYER MONITOR v1.0 // FIBER LAYER
PhaseGuard FIBER
STANDBY
Δt NANOSECOND · iCID/eCID FINGERPRINT · SHA-256 FORENSIC CHAIN
7-parameter correlation engine + Physics Law Engine · PoC-based
PASIF GÖZLEM SİSTEMİ v1.0 // SATCOM KATMANI
PhaseGuard SATCOM
STANDBY
NOAA SWPC API + IONEX MODEL + SHA-256 ZİNCİR
Gerçek NOAA uzay havası verisi + sentez TEC/S4 analizi