![Page 1: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/1.jpg)
WISDOMWISDOMWorkpackage 3
New security algorithm design
ICS-FORTH
Ipswich 19th December 2007
![Page 2: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/2.jpg)
WISDOMWISDOMWISDOM WP3: New security
algorithm designObjectives • Identify critical security application components which can
be efficiently implemented in the optical domain. • Characterise constraints to algorithmic components and
develop novel analytical techniques for simplified pattern matching.
• Design a Security Application Programming Interface (SAPI) which will be the interface between high-level security applications and low-level optical implementation
Tasks - Deliverables• WP 3.1: Security Applications Partitioning (M12)• WP 3.2: Identification of simplified Security Algorithm
Components (M24)• WP 3.3: Definition of a Security Application Programming
Interface: SAPI (M27)
![Page 3: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/3.jpg)
WISDOMWISDOMWP3.1 Security Applications
Partitioning
• Identify components which can be effectively and efficiently implemented in the optical domain
• Partitioning of security-related applications (Firewalls, DoS attacks detection, IDS/IPS) into - high-level part (electronic) - low-level part (optical)
D3.1 report M12
![Page 4: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/4.jpg)
WISDOMWISDOMWP3.1 Security
Applications Partitioning
Basic firewall functionality in the optical domain• Look at port numbersBlock traffic for specific portsOptical filtering, optical pattern matching
• Look at IP addressesBlock traffic for specific IP addressesOptical filtering, optical/electronic pattern matching
• Look at IP protocolBlock traffic for certain protocols
Headers onlyLess than 10% of rules, more than 90% of alerts
![Page 5: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/5.jpg)
WISDOMWISDOMWP3.1 Security Applications
Partitioning
Firewall rule example Inspection• Deny all incoming traffic with IP matching internal IP source IP address• Deny incoming from black-listed IP addresses source IP address• Deny all incoming ICMP traffic IP protocol• Deny incoming TCP/UDP 135/445 (RPC, Windows Sharing) destination port• Deny incoming/outgoing TCP 6666/6667 destination port
• Allow incoming TCP 80, 443 (http, https) destination port
to internal web server (destination IP address)• Deny incoming TCP 25 to SMTP server destination port
from external IP addresses (destination)/source IP address
• Allow UDP 53 to internal destination portDNS server (destination IP address)
typical port assignments for some other services/applicationsftp TCP 21, ssh TCP 22, telnet TCP 23, POP3 TCP 110, IMAP 143
![Page 6: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/6.jpg)
WISDOMWISDOMWP3.1 Security Applications
Partitioning
Filtering out e-mail traffic
![Page 7: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/7.jpg)
WISDOMWISDOMWP3.1 Security Applications
Partitioning
DoS attacks
SYN bit optical counter
proposed optical DoS attack detection
![Page 8: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/8.jpg)
WISDOMWISDOMWP3.1 Security Applications
Partitioning
Security Operation Inspection Application Example
Match network packet targeting a specific service
Destination Port Number
Filtering out e-mail traffic
Match network packet originating from a specific service
Source Port Number
Filtering out a Web server’s response
Match network packet targeting specific computer(s)
Destination IP Address
Preventing contact with a computer
Match network packet originating from specific computer(s)
SourceIP Address
Preventing access from a computer
Match network packet with specificproperties
IP protocol header fieldFiltering out ICMP
traffic
Match network packet targeting a specific service and originating
from specific computers
Destination Port Number and Source
IP AddressSPAM filter
Denial of Service attack detection SYN flagPreventing TCP SYN
flood attacks
![Page 9: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/9.jpg)
WISDOMWISDOM
WP3.2 Identification of Simplified Security Algorithms
Components
• Optical pre-processing for more complex pattern recognition Restrictions in optical domain (buffering, level of integration, etc)Scalability of security pattern matching algorithms, optimum balance between optical and electronic processing (WP6)
Develop algorithms that will allow optical bit-serial processing subsystems to operate as a pre-processor to more complex pattern recognition techniques.
D3.2 Identification of simplified Security Algorithms Components
(M24)
![Page 10: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/10.jpg)
WISDOMWISDOM
WP3.2 Identification of Simplified Security Algorithms
Components
• Tree-like structures• Hash functions• Bloom filters• Heuristics • Parallel use of optical devices
up to a dozen “on a chip”
• Parallel/Distributed Architectures
![Page 11: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/11.jpg)
WISDOMWISDOM
WP3.2 Identification of Simplified Security Algorithms
Components
Combine optical and electronic signature-based detection• Optical traffic splitter
optical header processing for load balancing
e.g., group packets according to port number, IP, etc
• Multiple “specialized” (electronic) processors
parallel operation
possibly more efficient payload inspection by performing same
operations to same type of packets
Many issues, such as even distribution of load to sensors, anomaly-based detection, etc.
![Page 12: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/12.jpg)
WISDOMWISDOM
WP3.2 Identification of Simplified Security Algorithms
Components
Specifications for optical hardware:
•Optical Bit Filter Coarse “sift” of packet header
•Optical Routing Switch
•Optical Pattern Matching Circuit
•Optical Buffer Memory Embedded in Bit Filter and Pattern Matching?
•Optical PRBS generator
•XOR, AND gates
![Page 13: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/13.jpg)
WISDOMWISDOM
WP3.2 Identification of Simplified Security Algorithms
Components
Functional models of optical devices and simulator
1) Very simple, basic building blocks are logic gatesUseful for testing efficiency of more complex algorithms, hybrid optical/electronic detection, etc.
2) Include physical models for actual optical componentsUseful in device development.Much more demanding…
Build simulator starting with (1) and expand to (2), when necessary.Commercial solutions (Virtual Photonics, etc).
![Page 14: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/14.jpg)
WISDOMWISDOM
WP 3.3 Definition of a Security Application Programming
Interface (SAPI)
• SAPI will bridge the gap between optical execution ofkey components and programming of securityapplications
• High-level programming, abstract all low-level details
Monitoring ApplicationProgramming Interface(MAPI)
D3.3 Definition of SAPI (M27)
![Page 15: Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007](https://reader035.vdocuments.site/reader035/viewer/2022062315/5697bf701a28abf838c7d8d0/html5/thumbnails/15.jpg)
WISDOMWISDOMWP 3.3 Definition of a Security
Application Programming Interface (SAPI)
Hardware - Software InterfaceFrequency of user interventions small compared to frequency of optical
recognitions
Electronics – Optics InterfaceLabview, Agilent Vee (HPV)
Start with
Software – Electronics - Optics