Accelerating Open Source Security Using OpenCL & Altera FPGAs — Altera


day d d you know security through obscurity has
been proven to be a really bad idea. I mean after all who doesn’t know about the key under the
mat, or that little magnetic thingy in the car wheel well. yeah if
you’re counting on that kinda stuff for your electronic design well best of luck to you! to get real
security we need known proven mechanisms So, what about extending that idea to
its logical conclusion yep I’m talkin open source with FPGA making a name for
themselves as high performance computing platforms particularly taking advantage of
languages like openCL, we have an opportunity to
accelerate open source security algorithms in a
whole new way hi I’m Amelia Dalton host of Chalk Talk intrigued with this idea accelerated
open source security? me too. let’s chat with Ryan Kenny of
Altera to get the details on this unfolding
trend. also before we get started remember to click that link where you
can check out a video about how Altera FPGAs can accelerate open
source security using openCL welcome Ryan thanks so
much for joining me today thank you mean a good to be here okay so
we’re going to be talking about open source security now I thought that
was an oxymoron what’s up with that Ryan well most security solutions out there
today our proprietary we at but the only way to really make a
solution work to make it scaleable 2020 entire enterprises to go nationwide to go across nation-states yeah really
is to do something where everyone knows what the elements
are what the threat descriptions are et cetera so we really need to move to
open source to get to a scaleable solution that’s really the issue sure that makes
sense so who’s interested minister who’s gonna pay for it it seems like a lot of people would be
interested but what are the players here so this
problem really is larger than one company so a lot of the
funding has been sourced federally a lot of its been coming from the
Department of Homeland Security from various research arms up the government from various military
research organizations et cetera sure that make sense so what’s the
progress for an open-source standard them who’s driving miss it’s been driven by
some funding from Homeland Security as I mentioned already but in order for it to catch on an
industry it has to come from an industry body and there has been an industry body
that’s formed to address and to develop these open source
standards and they’re developing these open source standards-based on work that’s already been done by
MITRE Corporation and other elements that the government okay so this open source foundation is
called the open information security foundation are all Assaf altera is a member and there are a
variety of other members that are listed on the website but you
can see cool so these are all players that are interested in developing it and
caned contribute to either the software the hardware elements of an open source
solution okay so rhyme with drill down and talk
about some specifics here sure open source is a great idea but is
this just the list up standards are some actual work getting done here that’s actually a common criticism
mitre corporation for example has been working on this for a long time working on common sense of threat
definitions okay but they have been just paper studies
for many many years yeah so it’s not until recently with the formation of a
lawyer self that they’ve really focused on
developing an open source product now so that open source product and you
can see this on their website is called sir a cada okay sir cada is
the first network security monitoring engine or what’s
called an industry IDS and IPS intrusion detection and intrusion
prevention okay so the sarah connor engine his multiple
kernels that provide some %uh the same security
capabilities up some very private or non open source
solutions that corporations pay for today ok but
again all open source on its all in beta and available today
on the circle website okay that’s really cool from an industry
point of view but last time I looked I was at Altera
right now an up so what’s Altair is a role in all this well
that’s a very good question one of the problems with using an
open-source engine of some kind is that it’s just not optimized for high
speed or high data throughput right its optimized for malleability and
the ability to accept changes as the threat definitions change so in order to get this thing to run
fast enough to the actually usable to accompany or to a nation-state like
the United States yeah is to accelerate this Open Source
engine to accelerate the Colonels themselves on
hardware %ah so that’s how we get to 100 gig pipes
408 pipes and to make this usable an acceptable as
a solution for very high speed networks sure that
makes sense so I think I got the idea of why using an
FPGA to accelerate sarah connor would be a good idea but
what is that really look like what what’s going on here so when we talk
about accelerating the Cirque other engine on
FPGA we are using our OpenCL programming PLO
it takes C code or open sea of standard code it
divides that code into RTL objects encode objects accelerates
portions on the FPGA and leaves some other more malleable
elements in software to run on for example the
associate product moved from Altera ther so what we’ve
done is we’ve looked at the various kernels that make up the SIR cotta IDS and IPS engine we’ve divided it into
phases of work and what we’ve done today is we’ve
demonstrated in phase 1 the first colonel up the SIR cotta
engine which is the IDS packet analysis or intrusion detection okay so this is really the first
generation up what you see is a standard firewall from a corporate product standpoint okay
we’ve implemented this completely on an FPGA and we’ve demonstrated on a
partner card that uses the Stratix 5 FPGA so you’ve
already demonstrated that ability bit what’s next so after we optimize the IDS
portion up the Circa engine will focus on the
other kernels that make up that solution this includes a deep packet analysis
colonel that we show here is a phase 2 effort that will use extensive memory
interfaces which is another reason by the way you want to focus on an FPGA solution is
to get the high speed interface is necessary to do deep packet analysis are deep
packet inspection share okay so then you move to a phase 3 and
these are the IPS manipulation colonels at the Cirque an engine IPS
again as a reminder is intrusion prevention system so this is where you actually take
action when you see malicious packets gus is where you’ll
either modify them or route them differently so that they
don’t cause any damage to the network or obviously execute any other malicious
code right sold what’s the outcome evolve their set do you mind recapping mother your main
points for me yeah the importance of this we believe is
that a group within industry needs to come forward needs to address
the needs up an open source security solution yeah
so what we need to do is form a team of
software developers hardware providers that can provide a
solution to open source security that has all the
benefits open source and that is the ability to
react quickly when we recognize new threats is to
share threat information yeah and to update the engine
automatically just overnight what we want to do was be able to take a
zero-day threatened turn into a five-minute thread we want to be able to react across a
very large enterprise immediately so what we need there is all
the benefits of a FPGA hardware acceleration it’s not
enough to have a solution that can react quickly you have to have a solution that can be
accelerated enough to match the explosive growth in Internet rates
yeah especially if you wanna be on company pipes as well as large
aggregated traffic pipes entrees Internet infrastructure mmm-hmm
and most importantly this has to be all commercial technology if the government’s going to invest in s
they cannot invest in a solution that turns over as quickly as solutions
do into Silicon Valley yeah so it has to be an open source
standard that can be fully documented can be picked up can be updated and can
be sustained over a large number appears excellent on excited to see the progress
of the earth thank you so much for joining me today
Ryan was a pleasure speaking with you yeah thank you I appreciate it and
before we get started remember to click that link there you
can check out a video that explains how Altera FPGA days can accelerate open source security using OpenCL for choc talks I’m Emily adult ent for
more choc talks check out the on-demand section the
journalstar.com or he just you channeled cities West with well the with just the wealth yeah yes just West well

Leave a Reply

Your email address will not be published. Required fields are marked *