A low power lookup technique for multi-hashing network applications

Many network security applications require large virus signature sets to be maintained, retrieved, and compared against the network streams. Software applications frequently fail to identify so many signatures through comparisons at very high network speeds. Bloom filters are one of the main multi-hashing schemes utilized in hardware to support this level of security. Nevertheless Bloom filters consume significant power to store, retrieve and lookup virus signatures owing to many hash function computations required to index to the memory. We present a novel lookup technique and architecture to decrease the power consumption of multi-hashing schemes, predominantly Bloom filters, in hardware. The theoretical analysis has shown that power gain achieved through new lookup technique can go up to 90%. Simulation results with three different classes of the hash functions embedded into the Bloom filter have indicated that power consumption of the Bloom filters can be considerably decreased by employing the low power lookup technique. © 2006 IEEE

Energy-efficient pipelined bloom filters for network intrusion detection

This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available

Increasing the power efficiency of Bloom filters for network string matching

Although software based techniques are widely accepted in computer security systems, there is a growing interest to utilize hardware opportunities in order to compensate for the network bandwidth increases. Recently, hardware based virus protection systems have started to emerge. These type of hardware systems work by identifying the malicious content and removing it from the network streams. In principle, they make use of string matching. Bit by bit, they compare the virus signatures with the bit strings in the network. The Bloom filters are ideal data structures for string matching. Nonetheless, they consume large power when many of them used in parallel to match different virus signatures. In this paper, we propose a new type of Bloom filter architecture which exploits well-known pipelining technique. © 2006 IEEE

LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201