You are here

FPGA-Based End-Station Security for High-Performance Networking

Award Information
Agency: Department of Energy
Branch: N/A
Contract: DE-FG02-09ER85240
Agency Tracking Number: 91370
Amount: $999,914.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: 52 b
Solicitation Number: DE-FOA-0000350
Solicitation Year: 2010
Award Year: 2010
Award Start Date (Proposal Award Date): N/A
Award End Date (Contract End Date): 2012-08-14
Small Business Information
1395 Piccard Drive Suite 210
Rockville, MD 20850
United States
DUNS: 522014325
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Alex Gross
 (410) 615-3864
Business Contact
 Jesse Wen
Title: Dr.
Phone: (301) 332-2900
Research Institution

Traditional enterprise cyber-security methods are inadequate to address the increasing number of threats, particularly within larger and higher-performance networks. Several government and third party organizations report consistent failures within corporate and federal, state, and local government networks. A key point of failure in securing these networks is the centralized security architecture which relies heavily on single-point-of failure network appliances such as firewalls, while insufficiently protecting the end systems. Several commercial off the shelf (COTS) solutions provide distributed security functions for standard networks operating at data rates up to 1 Gb/s. However, to date, no distributed solution has emerged that supports the requirements of high-performance networks operating at 10 Gb/s and beyond. To that end, we propose to address these problems by developing a distributed security platform designed specifically for high-performance networks. This system will consist of a Secure Network Interface Controller (sNIC) card designed for use in high performance end systems, clusters, storage area networks, etc., along with software for management and support. It will be designed to meet or exceed the security guidelines established by NIST Federal Information Processing Standards (FIPS) Publication 200. In Phase I, Acadia proved the feasibility of an FPGA-based sNIC card capable of operating at 10 Gb/s and beyond. An alpha prototype system which incorporates industry-standard security features such as SSL Encryption Engine, Firewall Engine, and Quality of Service (QoS) Engine operating at 10 Gb/s and a secure Authentication, Authorization, Accounting, and Auditing (AAAA) channel was developed. A thorough study was undertaken to examine the compatibility of widely available remote management and monitoring tools with the proposed system. Commercial Applications and Other Benefits: In Phase 2, Acadia will transition the Phase-I feasibility study and the prototype hardware demonstration into a complete system ready for commercialization. We will deliver a complete distributed security solution for high-performance systems on an FPGA-based Secure Network Interface Controller (sNIC) card. The system envisioned here is especially well suited for large-scale high performance enterprise networks such as those in use in DOE and in large corporations

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government