The world's first optical firewall?
According to ICT Results, researchers for a EU-funded project named WISDOM are developing an optical firewall which aims to clear Internet security bottlenecks. WISDOM is an acronym for 'Wirespeed security domains using optical monitoring.' The project started in June 2006 and should be completed in May 2009 for a total cost of €1.91 million. This optical firewall should be able to analyze data on fiber optic networks at speeds of 40 gigabits per second. But read more...
You can see above an optical firewall block diagram which shows the elements to be developed within the optical module of the firewall and the interfaces to the Security Application Programming Interface." (Credit: WISDOM project)
You'll find more information on the WISDOM Project website. "These photonic firewalls will operate using novel algorithms and protocols, to extract and process wirespeed security information in high capacity multichannel (Tb/s) networks. The algorithms will combine the functionality of optical processing with secondary electronic security approaches to introduce new layers of security analysis. Optical processing circuits developed under WISDOM have shown that it is possible to carry out high speed optical pattern matching on data running at 40Gbits/s for target patterns up to 256 bits using only three logic gates."
Now, let's return to the ICT Results article to discover why the WISDOM project was funded. "With demand for data-intensive services only likely to intensify further in the future, bottlenecks seem inevitable unless security processes can be implemented at optical network speeds. 'The amount of data being transmitted can and will get much higher as data-intensive services become more commonplace,' says Graeme Maxwell, the vice-president for Integration Technologies at CIP Technologies in the UK. 'There is a real need for an optical security solution -- and that is what we are developing,' Maxwell says."
So how does an optical firewall work? "The WISDOM firewall acts as a kind of primary, high-speed filter that routes suspect packets to electronic processes for further analysis. It is able to carry out optical packet recognition, interrogation and manipulation of data streams incorporating features of parity checking, flag status, and header recognition. And, because there is no optical equivalent of electronic memory, the entire process has to be carried out on the fly."
The system, which has been dubbed as an 'optical firewall on a chip,' "is built on a state-of-the-art hybrid integrated photonic technology platform developed by CIP in which silica-on-silicon circuits form an optical equivalent of an electronic printed circuit board (PCB). Much like a PCB can host different electronic components depending on its intended use, different optical and optoelectronic components can be fitted to the optical circuit board, resulting in a cost-effective and scalable solution."
According to the project partners, "the hybrid boards can also be fitted with components fit for other uses, with applications in sensor systems, avionics, data transmission and optical processing, as well as network security."
For additional details, here are some recommended readings.
- The WISDOM executive summary (8 pages, 758 KB)
- The WISDOM project overview (21 pages, 3.25 MB) (These two documents contain the optical firewall block diagram shown above)
- A list of 7 technical papers about the project
Sources: ICT Results, October 29, 2008; and various websites
You'll find related stories by following the links below.