August 3, 2006 Ipswich, UK -- EU funding of 2 million Euros has been announced for a three-year project to develop a reconfigurable photonic "firewall on a chip." Called WISDOM, (WIrespeed Security Domains Using Optical Monitoring), the new system will aim to provide a tool to implement security checks and algorithms directly at high-speed optical data communication rates.
WISDOM will complement current electronic security techniques with optical information filtering operating at wire speed, and is being developed by a consortium led by the UK's CIP.
"Optical technology lies at the heart of the global electronic and computer-based communications systems on which we are all increasingly reliant," says Graeme Maxwell of CIP. "It's the key to very high data speeds and very large information handling capacity. But we are still reliant on conventional electronic tools for key functions such as legal intercept, flow classification, and performance monitoring. WISDOM technology will provide a scalable and robust solution to key issues of next-generation network security by allowing close inspection of optical data directly in the optical domain."
The WISDOM project brings together a consortium that spans the optical networks supply chain, in hopes that the technology under development can be realized commercially and will satisfy a real application need. Consortium partners are research institutions the Tyndall Institute (Ireland) and the Foundation for Research and Technology, FORTH (Greece); optical component and subsystem fabricator CIP (UK), OEM system supplier Avanex (France); and network operator BT (UK).
The optical subsystems that are being developed under WISDOM will take hybrid integrated photonic technology and extend it to meet the performance requirements of a photonic firewall. The subsystems will be based on the research into high-speed (greater than 40 Gbits/sec) optical logic gates and optical processing circuits provided by project partners Avanex, CIP, and Tyndall.
The approach to developing photonic firewall techniques will comprise two linked elements: new algorithms suitable for security analysis based on knowledge of the limited wire-speed optical processing currently available, and new photonic sub-modules that expand the functionality available at wire speed, based on greater than 40-Gbit/sec optical logic gates and processing circuits
Optical processing sub-modules will perform bit pattern recognition as input to a range of security algorithms, based on existing research in network intrusion-detection systems. In broad terms, these algorithms use combinations of rule bases and statistical models to identify potentially interesting network events. The bit patterns that form the signature of a typical network security event might range from single bits in a packet header to relatively long sequences of bytes in the message payload.
The optical processing will be based on all-optical logic gates using semiconductor optical amplifiers (SOAs) as nonlinear elements. WISDOM anticipates that the necessary firmware and protocols to operate the network devices will be developed as part of this proposal and evaluated on network operator test beds.
Further research will target effective algorithms for identifying security events. Within this platform, silica-on-silicon circuits will be used as the optical equivalent of the electronic PCB, providing the passive optical functionality, time delays, and closed loop optical circuits. This optical circuit board will be populated using both discrete and monolithically integrated active semiconductor devices. The specific choice of component will be determined by the function required and the level of maturity of the technology delivering that function. A range of optoelectronic components can be integrated, including laser sources, optical amplifiers, optical modulators and optical detectors. Passive assembly and precision alignment designs will be used throughout to establish the platform as low cost, since packaging is the dominant cost in these complex, high-performance subsystems.