Transcript Agenda WISDOM Project Review

WISDOM
WISDOM
Project Overview
Contract number:
Type of instrument:
Thematic Priority:
033847
Specific targeted research project
IST call 5
FP6-2005-IST-5
1
WISDOM Annual Review 9th June 08
Overview
WISDOM
• WISDOM project objectives
• WISDOM project summary
• Scene setting
– Traffic rates
– Processing bottlenecks
– All optical networks – problems of security
authentication
• Goals of WISDOM
– Photonic firewalls
– Security protocol development
• Partners & roles
• Summary
2
WISDOM Annual Review 9th June 08
Project Objectives
WISDOM
• WISDOM (Wirespeed Security Domains using
Optical Monitoring) is designed to develop novel
optical processing modules which will be placed
at the front end of a node firewall to provide the
primary optical information filtering
• These photonic firewalls will operate using novel
algorithms and protocols, to extract and process
wirespeed (40Gbit/s) security information
3
WISDOM Annual Review 9th June 08
Project Summary
WISDOM
• 3 year €1.91M project
• Start date 1st July 06
• 5 project partners
– CIP, BT, UCC, Avanex, FORTH
4
WISDOM Annual Review 9th June 08
Scene Setting
WISDOM
• Traffic rates
– Optical data rates increasing >> electronic
chip processing speed and electronic I/O
– Information carrying capacity now exceeding
1Tb/s and doubling every 20 months, with
information processing capacity in the region
of 10’s of GFLOPS (giga floating point
operations per second) and doubling every
36 months
– Result is a ‘processing gap’
5
WISDOM Annual Review 9th June 08
Scene Setting (2)
WISDOM
• Processing bottlenecks
– Significant challenges arise when trying to
implement security algorithms on huge
volumes of data using electronic processing
– Scaling of high end routers becoming
untenable as data rates increase, processing
requirements increase and power handling* of
larger and faster processors becomes more
difficult
* Heat load of high density servers is between 5kW and 8kW per square foot of equipment
Electronics Cooling, Vol.13, No.1, Feb 2007
6
WISDOM Annual Review 9th June 08
Scene Setting (3)
WISDOM
• All optical networks
– Perceived view of all-optical networks where
optical data can be routed from one end of a
network to the other without being converted
into the electronic domain
– Fails to consider requirements for close
inspection – ‘high touch’ - of data packets for
security and performance analysis at (for
example) interconnected peering points
• Legal intercept, flow classification, performance
monitoring, protection from DoS attacks
7
WISDOM Annual Review 9th June 08
Solution
WISDOM
• Development of simple level of wirespeed
optical processing to act as primary
information filtering at router front end
– Implement simple security / monitoring
algorithms in optical hardware
– Secondary information filtering using
electronics as is currently the case, but with
benefit of reduced processing load
– Provides more scaleable solution for next
generation routers
8
WISDOM Annual Review 9th June 08
Goals of WISDOM
WISDOM
Two linked elements:
• Photonic Firewalls
– develop new photonic submodules that expand the
functionality available at
wirespeed, based on high-speed
(>40Gb/s) optical logic gates and
optical processing circuits.
IP / Ethernet
core
Core routers
• Security protocol development
– develop new algorithms suitable
for security analysis based on the
knowledge of both the limited
wirespeed optical processing that
is currently available, and the
additional functionality which will
be developed in this project.
Metro ring
Optical firewall
9
WISDOM Annual Review 9th June 08
Schematic of WISDOM
Objective
Control signal
Suspect
packet
Optical Optical
routing
bit
switch
filter
Optical buffer
memory
Optical routing
switch
WISDOM
Intercept
Pattern
matching
circuit
Router
Incoming data
Optical
Domain
Firmware
Interface
Electronic
Domain
SAP
Interface
General Purpose Processor
WISDOM Annual Review 9th June 08
10
Challenges:
Optical Components
WISDOM
Main challenges for WISDOM optical components
• Scaleable platform for integration
– Integration of time delays, large amplifier arrays and faster nonlinear SOAs into a manufacturable device
• Addressing current limitations in the optical domain
(buffering, level of integration, etc) through novel optical
architecture designs
• Development of optical / electronic control plane and
simple metrics for optical hybrid configuration and
performance monitoring
11
WISDOM Annual Review 9th June 08
Challenges: Network
Security Algorithms
WISDOM
Main challenges for WISDOM security algorithms
• Identify critical security application components which can be
efficiently implemented in the optical domain (e.g., optical bit
filtering, simple optical bit pattern matching) given the restrictions
imposed by technological limitations in the optical domain (buffering,
level of integration, etc).
• Characterise constraints to algorithmic components and develop
novel analytical techniques for simplified pattern matching.
• Partitioning of security applications (Firewalls, DoS attacks
detection, IDS/IPS) into high-level part (electronic) and low-level part
(optical).
• Design a Security Application Programming Interface (SAPI) which
will be the interface between high-level security applications and
low-level optical implementation.
12
WISDOM Annual Review 9th June 08
Partners & Roles
WISDOM
Key personnel
• CIP
– Project lead
– Optical hardware design & fab
•
CIP: Graeme Maxwell, Alistair
Poustie, Sebastien Lardenois
•
BT: Martin Koyabe
•
UCC: Bob Manning, Rod Webb,
Xuelin Yang
•
Avanex: Francis Doukhan, Guy
Mesquida, Mohamed Omar
•
FORTH: George Kopidakis, Elias
Athanasopoulos
• BT
– Application steer, security
algorithm design, architectural
design
• UCC
– Optical system design, test &
measurement
• Avanex
– Electronic firmware & control
• FORTH
– Security algorithm design &
code generation
13
WISDOM Annual Review 9th June 08
Generic Deliverables
WISDOM
• Definition of initial optical processing functionality, photonic firewall
architecture and specifications for optical sub-system
• Creation of new algorithms for photonics security functions
• Algorithm testing using logical model of photonic firewall and linking
of new algorithms to existing security techniques
• Realisation of hybrid integrated optical circuits required to implement
the sub-system, Control firmware for the operation of the hybrid
integrated circuits
• Validation of individual hybrid integrated subsystems at wirespeed
(40Gbit/s)
• Demonstration of security algorithm implementation using optical
sub-systems
• Validation of optical packet security authentication on a network
testbed
14
WISDOM Annual Review 9th June 08