Adding Value to TCP/IP Based Information exchange Security by Specialized Hardware

摘要

Complexity of the attack space existent within the scope TCP/IP based communications makes the security problem extremely wide. Most of the transmitted data has to be processed on a daily basis by firewalls, IDSes and/or other security enforcing technologies. It is possible, however, to divide the complex security threat space and provide fast and efficient solutions to deal with some subspaces. This would reallocate the processing into specialised devices and would take some processing burden off the stated conventional technologies. A specialised hardware architecture capable of sustaining high throughput rates of up to 40 Gbps when implemented in an FPGA platform will serve as one such example. In its current development phase the hardware solution presented processes and verifies the TCP/IP specific reassembly mechanism. The misuse of the reassembly mechanism has historically led to different types of security breaches while new instances can arise unexpectedly. The presented work can be seen as a systemic solution for the monitoring of the misuse of the reassembly mechanism for preventive perspective.