August 1, 2006, Ipswich and London, England--European Union (EU) funding of 2 million Euros has been announced for a major new three-year project to develop a reconfigurable photonic "firewall on a chip." Called WISDOM, (WIrespeed Security Domains Using Optical Monitoring), the new system will plug a major gap in the global data network security armory--the lack of tools to implement security checks and algorithms directly at high optical data-communications rates.
WISDOM will complement current electronic security techniques with optical information filtering operating at wirespeed, and is being developed by a consortium led by the UK's Centre for Integrated Photonics (CIP).
"Optical technology lies at the heart of the global electronic and computer-based communications systems on which we are all increasingly reliant," says Graeme Maxwell of CIP. "It's the key to very high data speeds and very large information-handling capacity. But we are still reliant on conventional electronic tools for key functions such as legal intercept, flow classification, and performance monitoring. WISDOM technology will provide a scalable and robust solution to key issues of next-generation network security by allowing close inspection of optical data directly in the optical domain."
The WISDOM project brings together a consortium that spans the optical-network supply chain, ensuring that the technology under development can be realized commercially and will satisfy a real application need. Consortium partners are research institutions the Tyndall Institute (Cork, Ireland), the Foundation for Research and Technology (FORTH; Hellas, Greece); optical component and sub-system fabricator CIP (Ipswich, England), OEM system supplier Avanex (Nozay, France), and network operator BT (London, England).
The optical subsystems that are being developed under WISDOM will take state-of-the-art hybrid integrated photonic technology and extend it to meet the performance requirements of a photonic firewall. The subsystems will be based on research on high-speed (greater than 40 Gbit/s) optical logic gates and optical-processing circuits provided by Avanex, CIP, and Tyndall. In addition, FORTH and BT are pioneering the techniques used to provide network security and resilience.
Technical background
The approach to developing photonic firewall techniques will comprise two linked elements. New algorithms suitable for security analysis will be developed based on knowledge of the limited wirespeed optical processing currently available new photonic sub-modules that expand the functionality available at wirespeed, based on greater than 40Gb/s optical logic gates and processing circuits. Optical processing submodules will perform bit-pattern recognition as input to a range of security algorithms, based on existing research in network intrusion-detection systems. In broad terms, these algorithms use combinations of rule bases and statistical models to identify potentially interesting network events. The bit patterns that form the signature of a typical network security event might range from single bits in a packet header through to relatively long sequences of bytes in the message payload. The optical processing will be based on all-optical logic gates using semiconductor optical amplifiers as nonlinear elements. WISDOM anticipates that the necessary firmware and protocols to operate the network devices will be developed as part of this proposal and evaluated on network operator test beds.
Further research will target effective algorithms for identifying security events. Within this platform, silica-on-silicon circuits will be used as the optical equivalent of the electronic printed-circuit board, providing the passive optical functionality, time delays, and closed loop optical circuits. This optical circuit board will be populated using both discrete and monolithically integrated active semiconductor devices. The specific choice of component will be determined by the function required and the level of maturity of the technology delivering that function. A range of optoelectronic components can be integrated, including laser sources, optical amplifiers, optical modulators, and optical detectors. Passive assembly and precision alignment designs will be used throughout to establish the platform as low cost, since packaging is the dominant cost in these complex, high-performance sub-systems.
