Thomas D. Tarman

Algorithm-agile encryption in ATM networks

ATM encryption allows users to select an appropriate algorithm to implement security services for a given transmission. This flexibility is especially helpful when the choices for encryption algorithms between transmission points are limited. Algorithm flexibility also helps reduce operational costs, since multiple algorithms-which are typically implemented in several encryptors-can all be implemented in one device.

The effect of algorithm-agile encryption on ATM quality of service

Asynchronous transfer mode (ATM) users often open multiple ATM virtual circuits (VCs) to multiple ATM users on multiple ATM networks. Each network and user may implement a different encryption policy. Hence ATM users may need shared, flexible hardware-based encryption that supports multiple encryption algorithms for multiple concurrent ATM users and VCs. An algorithm-agile encryption architecture, that uses multiple, parallel encryption-pipelines, is proposed. The algorithm-agile encryptors effect on the ATM quality of service (QoS) metrics, such as cell transfer delay (CTD) and cell delay variation (CDV), is analyzed. Bounds on the maximum CDV and the CDVs probability density are derived.

Intrusion detection considerations for switched networks

Many private and public networks are based on network switching technologies. However, switched networks present a number of challenges to intrusion detection equipment. These challenges include limited visibility of network flows at the edges of the network, high-speed packet processing, and highly-aggregated flows in the core. In addition, switched networks typically implement protocols specific for Layer 2 functions, such as connection establishment and connection routing, which can be attacked to deny service to higher layer protocols and applications. Since these attacks cannot be detected by Internet Protocol intrusion detection equipment. Layer 2 intrusion detection is required. This paper describes an approach for performing intrusion monitoring in switched, Layer 2 networks, specifically, Asynchronous Transfer Mode networks.

On the use of trusted objects to enforce isolation between processes and data

This paper highlights the problem of run-time execution correctness of high-consequence applications in conventional Von Neumann computer architectures. It proposes an approach, trusted objects, in which the application program and data are cryptographically encapsulated in their own environment. The remainder of the paper is organized as follows: after presenting a description of trusted objects, their creation, and their execution, their potential applications are described. Finally, issues and problems requiring further research are discussed.

Asynchronous transfer mode (ATM) intrusion detection

ATM networks are the foundation for a number of public and private networks and their correct operation is critical to the availability of higher layer protocols (such as IP) and applications. However, ATM uses a number of protocols for connection establishment and routing and if these protocols are not functioning correctly (e.g., due to misconfiguration, component failure or active attack), denial of service may result. Since ATM protocol irregularities occur below IP, they are not detectable by the IP intrusion detection systems that are prevalent in todays networks. This paper describes an implementation of an intrusion detection system that detects ATM protocol attacks. This system uses a centralized assessment engine to collect network event notifications from a distributed set of sensors. These sensors monitor ATM protocol activity and send the filtered events to the assessment engine. The assessment engine compares the incoming event traffic against a set of attack templates and, if a match is encountered, it (optionally) activates a set of responses. In addition, this paper describes results that have been obtained from the proof-of-concept implementation, along with initial experience with its use in operational networks. Future research directions that address other unique challenges presented by ATM intrusion detection and response are also described.

A novel scaleable architecture for intrusion detection and mitigation in switched networks

High-speed, switched networks present scalability challenges to a network intrusion detection system, both in terms of the volume of data that must be analyzed, and the extent to which sensors must be inserted into the switched network to achieve comprehensive visibility. An architecture that uses a single point for intrusion assessment would quickly become overwhelmed with incoming event data from intrusion sensors that are deployed on even a moderate number of high-speed links. This is particularly true if an earnest attack (generating many events in a short period of time) is underway. The authors propose a novel architecture that hierarchically distributes the assessment function into two assessment categories - tactical assessment, and strategic assessment. The tactical assessment function provides low-level event correlation and decision making for a small sub-network (e.g., a department LAN, an ATM switch peer group, etc.), and is capable of providing fast, real-time response when millisecond response times are required due to network attacks. The strategic assessment function, on the other hand, implements high-level event correlation, which is useful when a larger view of the network is required (e.g., for low intensity or distributed attacks). The tactical assessment engines interface to the strategic assessment engine by, filtering and summarizing low-level events, ensuring that the strategic assessment engines workload remains manageable. This paper describes the distributed intrusion assessment architecture in more detail, presents a few application scenarios that benefit from hierarchical attack assessment, and summarizes ongoing work in developing prototype components for this architecture.

Enforced isolation processes and data

This paper highlights the problem of run-time execution correctness of high consequence applications in conventional Von Neumann computer architectures. It proposes an approach - trusted objects - in which the application program and data are cryptographically encapsulated in their own environment. The remainder of this paper is organized as follows: after the authors present a description of trusted objects, their creation, and their execution, their potential applications are described. Finally, issues and problems requiring further research are discussed.

Final Report for the Quality of Service for Networks Laboratory Directed Research and Development Project

The recent unprecedented growth of global network (Internet) usage has created an ever-increasing amount of congestion. Telecommunication companies (Telco) and Internet Service Providers (ISPs), which provide access and distribution through the network, are increasingly more aware of the need to manage this growth. Congestion, if left unmanaged, will result in a degradation of the over-all network. These access and distribution networks currently lack formal mechanisms to select Quality of Service (QoS) attributes for data transport. Network services with a requirement for expediency or consistent amounts of bandwidth cannot function properly in a communication environment without the implementation of a QoS structure. This report describes and implements such a structure that results in the ability to identify, prioritize, and police critical application flows.

Final Report for the 10 to 100 Gigabit/Second Networking Laboratory Directed Research and Development Project

The next major performance plateau for high-speed, long-haul networks is at 10 Gbps. Data visualization, high performance network storage, and Massively Parallel Processing (MPP) demand these (and higher) communication rates. MPP-to-MPP distributed processing applications and MPP-to-Network File Store applications already require single conversation communication rates in the range of 10 to 100 Gbps. MPP-to-Visualization Station applications can already utilize communication rates in the 1 to 10 Gbps range. This LDRD project examined some of the building blocks necessary for developing a 10 to 100 Gbps computer network architecture. These included technology areas such as, OS Bypass, Dense Wavelength Division Multiplexing (DWDM), IP switching and routing, Optical Amplifiers, Inverse Multiplexing of ATM, data encryption, and data compression; standards bodies activities in the ATM Forum and the Optical Internetworking Forum (OIF); and proof-of-principle laboratory prototypes. This work has not only advanced the body of knowledge in the aforementioned areas, but has generally facilitated the rapid maturation of high-speed networking and communication technology by: (1) participating in the development of pertinent standards, and (2) by promoting informal (and formal) collaboration with industrial developers of high speed communication equipment.