FPGA-Based End-Station Security for High-Performance Networking
Small Business Information
1395 Piccard Drive, Suite 210, Rockville, MD, 20850
AbstractTraditional enterprise cyber-security methods are inadequate to address the increasing number of threats, particularly within larger and higher-performance networks. Several government and third party organizations report consistent failures within corporate and federal, state, and local government networks. A key point of failure in securing these networks is the centralized security architecture which relies heavily on single-point-of failure network appliances such as firewalls, while insufficiently protecting the end systems. Several commercial off the shelf (COTS) solutions provide distributed security functions for standard networks operating at data rates up to 1 Gb/s. However, to date, no distributed solution has emerged that supports the requirements of high-performance networks operating at 10 Gb/s and beyond. To that end, we propose to address these problems by developing a distributed security platform designed specifically for high-performance networks. This system will consist of a Secure Network Interface Controller (sNIC) card designed for use in high performance end systems, clusters, storage area networks, etc., along with software for management and support. It will be designed to meet or exceed the security guidelines established by NIST Federal Information Processing Standards (FIPS) Publication 200. In Phase I, Acadia proved the feasibility of an FPGA-based sNIC card capable of operating at 10 Gb/s and beyond. An alpha prototype system which incorporates industry-standard security features such as SSL Encryption Engine, Firewall Engine, and Quality of Service (QoS) Engine operating at 10 Gb/s and a secure Authentication, Authorization, Accounting, and Auditing (AAAA) channel was developed. A thorough study was undertaken to examine the compatibility of widely available remote management and monitoring tools with the proposed system. Commercial Applications and Other Benefits: In Phase 2, Acadia will transition the Phase-I feasibility study and the prototype hardware demonstration into a complete system ready for commercialization. We will deliver a complete distributed security solution for high-performance systems on an FPGA-based Secure Network Interface Controller (sNIC) card. The system envisioned here is especially well suited for large-scale high performance enterprise networks such as those in use in DOE and in large corporations
* information listed above is at the time of submission.