Home // ICIMP 2011, The Sixth International Conference on Internet Monitoring and Protection // View article

Secure Access Node: an FPGA-based Security Architecture for Access Networks

Authors:
Jens Rohrbeck
Vlado Altmann
Stefan Pfeiffer
Dirk Timmermann
Matthias Ninnemann
Maik Rönnau

Keywords: Access Network, Hardware Firewall, Intrusion Detection, Web Filter

Abstract:
Providing network security is one of the most important tasks in today’s Internet. Unfortunately, many users are not able to protect themselves and their networks. Therefore, we present a novel security concept to protect users by providing security measures at the Internet Service Provider (ISP) level. Already now, ISP are using different security measures, e.g. Virtual Local Area Network tags, MAC limitation, or MAC address translation. Our approach extends these security measures by a packet filter firewall and a deep packet inspection engine. A firewall and a deep packet inspection system, at the ingress of the network, offers security measures to all connected users, especially to users with limited IT expert knowledge. Adjustments can be made only by the ISP administrator. Consequently, our security system itself is secured against attacks from users and from the network side. Our approach includes a powerful Packet Classification Engine, a high speed Rule Set Engine without using Content Addressable Memory and control stages in reconfigurable hardware. Our goal is to be able to control network traffic at wire speed.

Pages: 54 to 57

Copyright: Copyright (c) IARIA, 2011

Publication date: March 20, 2011

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-125-0

Location: St. Maarten, The Netherlands Antilles

Dates: from March 20, 2011 to March 25, 2011