SBIR-STTR Award

Operating across international borders in cooperation with a multitude of domestic and foreign institutions and scientists, the DOE needs to protect its high performance science networks (such as ESnet and USnet) from destruction by outside adversaries and rogue insiders. This project will develop technology to provide security for ESnet, UNnet, and similar high speed data transfer infrastructures. The security system will (1) be transparent to the user, (2) impose no performance penalty, (3) not rely on placing trust in a single individual or institution, (4) fit into the existing complex and multi-faceted international infrastructure, and (5) be scalable to infrastructures of the future. The approach involves setting up security at the Local Edge Routers (LER), whether for Multiple Path Label Switched (MPLS) or Generalized Multiple Path Label Switched (GMPLS) systems, and controlling the establishment of the Label Switched Paths (LSPs). In addition, the approach will ensure that routing ports and routing wavelengths cannot be changed without appropriate authorization, which will involve providing a defense against trusted insiders who have root or administrative access.

Commercial Applications and Other Benefits as described by the awardee:
In addition to DOE applications, the technology should be of use to the DoD, which also operates high performance networks that support massive data stores, and also interfaces with a variety of US military and foreign coalition partners.

High performance dynamic networks, which support scientific experiments with high bandwidth requirements, consist of a control plane and a data plane, neither of which, at present, is secure against cyber attack. Careless or malicious tampering with these networks could disrupt the network, invalidate data, and otherwise ruin experiments supported by the networks. Security measures ¿ fire walls, intrusion detection, etc. ¿ used with regular networks are inadequate to protect these high-performance networks, which run at 10 Gbps to 40 Gbps. Therefore, this project will develop robust, user-friendly security measures for both the control plane and the data plane, without sacrificing network speed, performance, or availability. The approach will utilize a software security system that relies on a network of intelligent agents. Phase I demonstrated the feasibility of using this system to protect control messages on a high performance network from cyber attack, with no loss of network speed, performance, or functionality. In Phase II, the system will be implemented on the same hardware used by real-world high-performance networks. Then, the system will be evaluated by an independent laboratory that will try to defeat the system.

Commercial Applications and Other Benefits as described by the awardee:
The control and data plane security system should be applicable to the high performance networks now being used in several key government agencies. It is likely that these networks will become more widespread in the commercial environment as demand for high bandwidth increases