MOBILITY ENGINEERING Produced by SAE Media Group
MOBILITY ENGINEERING
Magazines
Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Testbed for Reconfigurable Network Security Research and Experimentation

The testbed integrates FPGA co-processing nodes to test and analyze network-based defenses against information attacks.

A novel, reconfigurable network testbed has been developed, suitable for the implementation, testing, and analysis of new and existing network-based defenses against various information attacks. The system is based on a cluster of reconfigurable networking nodes that can be configured to emulate an arbitrary network infrastructure.

Architecture of the Reconfigurable Network Testbed.
This testbed is the first of its kind to incorporate hardware reconfigurability at multiple network layers, integrating FPGA co-processing elements in both the network interface and routing infrastructure. The system supports emulation of combined hardware/software network-based defense mechanisms. The testbed was constructed to support experimentation and testing for gigabit networks and beyond. As modern networks become faster and more feature-laden, attacks against them become increasing sophisticated and prevalent. It is widely accepted that today’s software-based defense mechanisms, which are embedded in routers and end-hosts, will be overwhelmed by the rate of traffic they will be required to process. It is also known that more sophisticated hardware-based defense mechanisms can be embedded within the network infrastructure to better secure it.

Limited reconfiguration of networking components is possible in some instances through device hacking and firmware modification, but this approach is insufficient for practical analysis. The developed reconfigurable network testbed is based on a cluster of networking components that can be quickly reconfigured to emulate a wide range of network configurations. These components are reconfigurable in both hardware and software, allowing accurate, high-speed network emulation.

At the heart of the testbed are 11 reconfigurable networking nodes. Each node is based on an augmented XD2000 Development System from XtremeData. The development system consists of a Linux PC tower with a dual Intel Xeon motherboard. One Xeon socket is populated with XtremeData’s XD2000 FPGA Co-processor module, based on an Altera’s Stratix II device. This co-processor allows FPGA co-processing at the system processor level, which supports hardware acceleration of network processing at network layers 3 and above. The processor and co-processor each have 4 GB of DDR SDRAM.

XtremeData’s development system has been augmented with a NetFPGA development board. The NetFPGA is an open-platform, reconfigurable development board that is used to build advanced network flow processing systems. On the board are a programmable Virtex II FPGA (with two PowerPC processors), SRAM, DRAM, and four 1-Gbps Ethernet ports. The FPGA can be used to do low-level packet processing acceleration functions within the NIC. Aside from the kernel reconfigurable networks, there are 8 Dell 2950 servers that are also connected through the 6248 and 551048T switches. These servers not only provide the background traffic for the network security experiments, but also play various roles in the network architecture. In addition, when necessary, these Dell servers can be used as computing resources when computationally expensive operations are conducted.

The 48 network interfaces of the reconfigurable networking nodes are interconnected by the testbed’s programmable testbed backplane, consisting of a Nortel Switch 551048T. The control network (PowerConnect 6248 Managed Switch) provides control access to monitoring the status of each test node. The remaining servers form the basic support infrastructure for the reconfigurable network testbed. These control user access, node configuration, and other administrative functions required.

This work was done by Douglas H. Summerville and Yu Chen of SUNY Binghamton University for the Air Force Office of Scientific Research. AFRL-0189

Topics:
Architecture Computer software and hardware Education and training Electrical systems Electronics & Computers Hardware Parts People and personalities Research and development Switches Vehicle acceleration
This Brief includes a Technical Support Package (TSP).
Document cover
A Testbed for Reconfigurable Network Security Research and Experimentation

(reference AFRL-0189) is currently available for download from the TSP library.

Don't have an account?

More From SAE Media Group

    Magazine cover
    Defense Tech Briefs Magazine

    This article first appeared in the April, 2011 issue of Defense Tech Briefs Magazine (Vol. 5 No. 2).

    Read more articles from this issue here.

    Read more articles from the archives here.

    Overview

    The document titled "A Testbed for Reconfigurable Network Security Research and Experimentation" presents a comprehensive overview of a research project aimed at developing a reconfigurable network testbed to enhance network security mechanisms. Funded by the Air Force Office of Scientific Research, the project was led by Principal Investigator Douglas H. Summerville and Co-Principal Investigator Yu Chen from the Research Foundation of SUNY at Binghamton University.

    As modern networks evolve to support higher speeds and more complex features, they face increasingly sophisticated attacks. Traditional software-based defense mechanisms, which are often embedded in routers and end-hosts, are becoming inadequate due to the overwhelming volume of traffic. The document emphasizes the need for advanced hardware-based security solutions that can be integrated into the network infrastructure to provide more effective protection.

    The developed testbed allows for the experimentation and evaluation of various hardware and software network security defense mechanisms. It consists of a cluster of networking components that can be rapidly reconfigured to simulate a wide range of network configurations, enabling accurate high-speed network emulation. This flexibility is crucial for testing new security solutions, particularly those that leverage reconfigurable hardware like Field Programmable Gate Arrays (FPGAs).

    The report also discusses specific research initiatives, including a proposed real-time packet-level intrusion detection system. This system utilizes unsupervised machine learning to model normal network traffic and detect anomalies, offering a promising approach to identifying attacks in high-speed environments. Additionally, the document outlines efforts to develop methods for detecting covertly embedded malicious functionality within digital circuits, addressing the growing concern of hardware-based attacks.

    The findings indicate that the testbed has significant potential for prototyping new security solutions and verifying their performance in realistic scenarios. The research highlights the importance of adapting to the rapid advancements in network technology and the increasing demands for security.

    Overall, the document serves as a valuable resource for understanding the challenges and innovations in network security research, particularly in the context of reconfigurable hardware solutions. It underscores the necessity of evolving security mechanisms to keep pace with the growing complexity and speed of modern networks.

    Top Stories

    INSIDERRF & Microwave Electronics

    Feature Image FAA to Replace Aging Network of Ground-Based Radars

    PodcastsDefense

    Feature Image A New Additive Manufacturing Accelerator for the U.S. Navy in Guam

    NewsSoftware

    Feature Image Rewriting the Engineer’s Playbook: What OEMs Must Do to Spin the AI Flywheel

    Road ReadyPower

    Feature Image 2026 Toyota RAV4 Review: All Hybrid, All the Time

    INSIDERDefense

    Feature Image F-22 Pilot Controls Drone With Tablet

    INSIDERRF & Microwave Electronics

    Feature Image L3Harris Starts Low Rate Production Of New F-16 Viper Shield

    Webcasts