Adding Value to TCP/IP Based Information exchange Security by Specialized Hardware

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007) Pub Date : 2007-10-14 DOI:10.1109/SECUREWARE.2007.4385325

V. Pejovic, S. Bojanic, C. Carreras

{"title":"Adding Value to TCP/IP Based Information exchange Security by Specialized Hardware","authors":"V. Pejovic, S. Bojanic, C. Carreras","doi":"10.1109/SECUREWARE.2007.4385325","DOIUrl":null,"url":null,"abstract":"Complexity of the attack space existent within the scope TCP/IP based communications makes the security problem extremely wide. Most of the transmitted data has to be processed on a daily basis by firewalls, IDSes and/or other security enforcing technologies. It is possible, however, to divide the complex security threat space and provide fast and efficient solutions to deal with some subspaces. This would reallocate the processing into specialised devices and would take some processing burden off the stated conventional technologies. A specialised hardware architecture capable of sustaining high throughput rates of up to 40 Gbps when implemented in an FPGA platform will serve as one such example. In its current development phase the hardware solution presented processes and verifies the TCP/IP specific reassembly mechanism. The misuse of the reassembly mechanism has historically led to different types of security breaches while new instances can arise unexpectedly. The presented work can be seen as a systemic solution for the monitoring of the misuse of the reassembly mechanism for preventive perspective.","PeriodicalId":257937,"journal":{"name":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECUREWARE.2007.4385325","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Complexity of the attack space existent within the scope TCP/IP based communications makes the security problem extremely wide. Most of the transmitted data has to be processed on a daily basis by firewalls, IDSes and/or other security enforcing technologies. It is possible, however, to divide the complex security threat space and provide fast and efficient solutions to deal with some subspaces. This would reallocate the processing into specialised devices and would take some processing burden off the stated conventional technologies. A specialised hardware architecture capable of sustaining high throughput rates of up to 40 Gbps when implemented in an FPGA platform will serve as one such example. In its current development phase the hardware solution presented processes and verifies the TCP/IP specific reassembly mechanism. The misuse of the reassembly mechanism has historically led to different types of security breaches while new instances can arise unexpectedly. The presented work can be seen as a systemic solution for the monitoring of the misuse of the reassembly mechanism for preventive perspective.

查看原文本刊更多论文

专用硬件为基于TCP/IP的信息交换安全增值

基于TCP/IP的通信范围内存在的攻击空间的复杂性使得安全问题极为广泛。大多数传输的数据必须每天由防火墙、ids和/或其他安全强制技术处理。但是，可以对复杂的安全威胁空间进行划分，并提供快速有效的解决方案来处理某些子空间。这将重新分配处理到专门的设备上，并将减轻一些传统技术的处理负担。在FPGA平台上实现时，能够维持高达40 Gbps的高吞吐率的专用硬件架构就是这样一个例子。在目前的开发阶段，硬件解决方案提出了处理和验证TCP/IP特定的重组机制。从历史上看，滥用重组机制会导致不同类型的安全漏洞，而新实例可能会意外出现。所提出的工作可被视为一种系统的解决办法，以监测滥用重组机制的预防观点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)

自引率

0.00%

发文量