Deep Packet Inspection Platform and Smart Firewall

Home
Research
Projects
Deep Packet Inspection Platform and Smart Firewall

Overview

Executive Summary

The purpose of this project is to develop a national deep packet inspection platform (DPIP) and a smart firewall. A Dedicated hardware (Optimized Processor/Co-Processor) will be designed to perform DPI in real time as a basic building block in networking and security devices. The processor can be integrated in several ways. One of those ways is to have it as an acceleration card attached to a controller in a Software Defined Network (SDN) setup. The purpose of the acceleration card is to give SDN controllers, which are commodity servers, the ability to perform DPI in real time.
In addition to the hardware, a set of algorithms and software stacks that supports the required functionality will also be provided. This processors, software, and services can be the major part of the network switches, routers, traffic shapers, filters, smart Firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), unified threats management and other security and networking devices and services. The idea is to combine a flexible reliable platform with modern trends in networking like software defined networking (SDN) and network function virtualization (NFV).

Problem Description

Computer networks are penetrating every single aspect of human lives including business, leisure, learning and households. The Internet of things just changes the physical world into a one big connected information system. Even the energy required to operate the network switches are exceeding now for example the entire energy required by aviation.

On the other hand, viruses, attacks, trojans, malwares and malicious software are spreading by the same, or even more, rate. Hackers are targeting information systems (big and small) every single seconds and many of those attacks succeed. The need for a protection layer is a must, and hence network security devices are major components of data centers, operators and provider’s networks, governmental, financial and scientific institutions and even small offices and home networks.

The advancement of networking technology especially the paradigm of Software Defined Networks (SDNs) puts an extra effort on security administrators and lend current security devices obsolete. The rate of the data exchanged over computer networks is also a huge challenge with exponential growth and so many requirements of different services starting from utilities and smart cities to sophisticated financial surveillance and complex scientific calculations. In addition to security hazards, the widespread of violence and unethical content on the internet increase families concerns about their kids who can access this harmful content easily.

There is a challenge to apply DPI/DCI techniques that are successful and effective without affecting the network throughput. Advanced techniques cannot be applied in real time in current state of the art products.

Solution Description

The presence of high performance computing hardware like GPUs and hardware accelerators give a chance to apply networking and security techniques in real time.
As more applications are migrated from desktops to the enterprise network or the cloud, network performance becomes critical to productivity.
Security requirements are also increasing as threats increases, and national security requirements enforces each country to have its own locally developed technologies in this field.

A deep packet inspection engine is a component in networking and security devices that can recognize applications as data passes over the network, and allocates resources accordingly.Deep packet inspection platform (DPI) is a solution to manage and engineer the network traffic by monitoring the data stream, identifying protocols and applications, detecting bad URLs, intrusion attempts and malwares. This is achieved by inspecting the entire data packet not just its heads. If an attack attempt is detected or an illegal action is requested, then the traffic can be blocked.

DPI is used also to control service level for different levels of access (such as type of usage, data limits or bandwidth level), It can also be used to comply with laws, regulations, and national security requirements. This project aims to fulfill those requirements by developing a beyond the state of the art system for our Egyptian needs and to help building a local national industry in networking and security.

The Target Market

The Internet has been dramatically transformed over the past five years, The Internet-using population, worldwide, is now over 3.4 billion people [1]. In Egypt, the number of users increased from 17.7 Million Users in 2010 to 31 Million Users in 2016 (Estimated) [1].

Several Governments use DPI to protect their infrastructures plus surveillance and censorship in some cases. As an early adopter to the outcomes of this project, the Egyptian Universities Network, is the main service provider for the higher education institutes in Egypt. EUN alone had spent more than 30 M L.E. on security products and licenses over the past 10 years. EUN will act as a partner and a testing platform for the project outcomes.

The Approach to Tackle the Problem

Many pattern matching algorithms can be used to implement a DPI system. It has been researched thoroughly over the last decades. However, with the recent network technologies new challenges have been presented and the algorithms failed to solve them. A DPI system design is required to be scalable and modifiable for speed and memory usage. It must be robust to attacks that targets overloading the device such as DDoS attacks. Several technologies to tackle the performance problem and enhance it have been presented such as the use of TCAM elements in the security devices and multi-core platforms. Our approach is to build a special network/security processor and a stack of standard software interfaces to provide real-time analysis and inspection engine.

Added Value/Impact

The nationalization of such technology has two major impacts:

Protection of the critical national information resources and services by a nationally developed layer.
Saving a lot of money spent on both of security devices and increasing of layers to assure security.

Outcomes/Deliverables

The project up on completion will produce:

A network Processor / Co-Processor optimized for DPI and network traffic processing.
Direct Implementation and Integration to a SDN platform.
A smart firewall that utilizes the novel hardware.
A stack of software services and integration ports to existing SDN and legacy networks.
A set of published scientific papers, white papers and standards.
An attempt for patents filing.