2,776 research outputs found
A low power lookup technique for multi-hashing network applications
Many network security applications require large virus signature sets to be maintained, retrieved, and compared against the network streams. Software applications frequently fail to identify so many signatures through comparisons at very high network speeds. Bloom filters are one of the main multi-hashing schemes utilized in hardware to support this level of security. Nevertheless Bloom filters consume significant power to store, retrieve and lookup virus signatures owing to many hash function computations required to index to the memory. We present a novel lookup technique and architecture to decrease the power consumption of multi-hashing schemes, predominantly Bloom filters, in hardware. The theoretical analysis has shown that power gain achieved through new lookup technique can go up to 90%. Simulation results with three different classes of the hash functions embedded into the Bloom filter have indicated that power consumption of the Bloom filters can be considerably decreased by employing the low power lookup technique. Ā© 2006 IEEE
Energy-efficient pipelined bloom filters for network intrusion detection
This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available
Increasing the power efficiency of Bloom filters for network string matching
Although software based techniques are widely accepted in computer security systems, there is a growing interest to utilize hardware opportunities in order to compensate for the network bandwidth increases. Recently, hardware based virus protection systems have started to emerge. These type of hardware systems work by identifying the malicious content and removing it from the network streams. In principle, they make use of string matching. Bit by bit, they compare the virus signatures with the bit strings in the network. The Bloom filters are ideal data structures for string matching. Nonetheless, they consume large power when many of them used in parallel to match different virus signatures. In this paper, we propose a new type of Bloom filter architecture which exploits well-known pipelining technique. Ā© 2006 IEEE
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
- ā¦