Overview

The Airspace Sentinel and the Router Shield research tasks represent Network Attached Assistants that can be used in combination with existing network equipment to provide more secure network environments. The research in both example applications will focus on innovative new principles and practices through which network elements (routers, switches, base stations, etc.) can extend their functions from the primary task of transmitting information between access points to the security-critical function of serving as guardians of the security and legitimacy of information flowing across the network.

Presently, much of the responsibility of securing the information itself has been passed to the network edge and attached end points, with the network emphasizing the basic task of connecting the attached end points. In large part, this reflects the limited computational power available in network elements to monitor the information passing through the network element. Instead, the network elements have monitored (and provided to the network management systems) basic "network performance data" such as throughput rates, packet loss rates due to queue overflow, connectivity to other network elements, etc. This basic information can be used to help secure the network itself, for example by identifying unusual activity caused by denial-of-service attacks or by rerouting around network elements that have failed. A central theme of the research is to provide network elements with far greater computational power to allow their monitoring to more computationally challenging capabilities, consistent with providing that added capability without changing the network element itself. The terminology "attached assistant" is used (suggesting the attachment of intelligent units to existing network elements) in contrast to "embedded intelligence," the latter requiring replacement of network elements. A practical constraint is to achieve solutions whose costs are modest relative to the network elements themselves.

The practical constraint of cost along with the objective of detailed monitoring of information restricts possible approached to attached intelligence. The research will focus on the use of specialized hardware allowing a large number of tests to be conducted concurrently on a given set of data for two important security applications of attached intelligence. The first is monitoring of the frequency channels active at a given physical location to identify potential illegitimate wireless operators in the area of that location. The second is to monitor the contents of data packets to identify potential threats embedded in the data packets. These represent very different tasks in terms of their implementation but both preserve the theme of applying a large number of tests to the same data set concurrently.

A practical consequence of cost constraints is that more expensive (and powerful) solutions can provide more complete and effective security information. The research will establish the scalability of the concurrent hardware to allow implementations whose cost varies with the completeness of the monitoring without changing the underlying architecture or principles used.

For both projects, the research will follow the standard four-stage sequence of design, verification of approach, laboratory exploration, and demonstration of the prototype in a realistic environment. In particular, each project will complete the following system design stages

Stage 1:

Investigation of existing and exploration of new innovative algorithms and analytic approaches, consistent with flexible and highly parallel execution hardware, to extract the desired information from the data sets monitored.

Stage 2:

Development of simulation system allowing easy exploration of alternative algorithms under different operating conditions. The simulation system should be developed to provide convincing results for those evaluating program and be useable for later projects.

Stage 3:

Evaluation of alternative algorithms and approaches within an experimental "lab environment" for assessment of those algorithms/approaches under more real-world like conditions.

Stage 4:

For the Router Shield, the program will assess practical cost metrics related to custom implementations of the processing required.

For the Airspace Sentinel, the program will include development and demonstration of a prototype (FPGA-based) "attached intelligence unit" exploiting and demonstrating

• • parallel architectures for efficient extraction of information from received data sets,
    
    
  • programmability and reconfigurability implement different candidate approaches,
    
    
  • appropriate "front ends" to acquire the signals/data streams that are monitored within the unit and
    
    
  • use under realistic conditions to demonstrate performance and limitations.

The two projects will be conducted as systems research projects using a team-based approach to achieve an integrated solution.