Abstract
Lawful Interception (LI) is a fundamental tool in today’s Police investigations.Therefore, it is important to make it as quickly and securely as possible as well as a reasonable cost per suspect. This makes traffic capture in aggregation links quite attractive, although this implies high wirespeeds which require the use of specific hardware-based architectures. This paper proposes a novel Bloom Filter-based monitoring station architecture for efficient packet capture in aggregation links. With said Bloom filter, we filter out most of the packets in the link and capture only those belonging to lawful interception wiretaps. Next, we present an FPGA-based implementation of said architecture and obtain the maximum capture rate achievable by injecting traffic through four parallel Gigabit Ethernet lines. Finally, we identify the limitations of our current design and suggest the possibility of further extending it to higher wirespeeds.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Broder, A., Mitzenmacher, M.: Network applications of Bloom filters: A survey. Internet Mathematics 1(4), 485–509 (2004)
Mu, S., Zhang, X., Zhang, N., Lu, J., Deng, Y.S., Zhang, S.: IP routing processing with graphic processors. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 93–98 (2010)
Zhao, J., Zhang, X., Wang, X., Deng, Y., Fu, X.: Exploiting graphics processors for high-performance IP lookup in software routers. In: 2011 Proceedings IEEE INFOCOM, pp. 301–305 (2011)
Smith, R., Goyal, N., Ormont, J., Sankaralingam, K., Estan, C.: Evaluating GPUs for network packet signature matching. In: IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS 2009, pp. 175–184 (2009)
Wang, L., Chen, S., Tang, Y., Su, J.: Gregex: GPU based high speed regular expression matching engine. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 366–370 (2011)
Huang, N.-F., Hung, H.-W., Lai, S.-H., Chu, Y.-M., Tsai, W.-Y.: A GPU-based multiple-pattern matching algorithm for network intrusion detection systems. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops, AINAW 2008, pp. 62–67 (2008)
Lin, C.-H., Liu, C.-H., Chang, S.-C.: Accelerating regular expression matching using hierarchical parallel machines on GPU. In: 2011 IEEE Global Telecommunications Conference (GLOBECOM 2011), pp. 1–5 (2011)
Wu, Q., Wolf, T.: Runtime task allocation in multicore packet processing systems. IEEE Transactions on Parallel and Distributed Systems 23(10), 1934–1943 (2012)
Li, Y., Shan, L., Qiao, X.: A parallel packet processing runtime system on multi-core network processors. In: 2012 11th International Symposium on Distributed Computing and Applications to Business, Engineering Science (DCABES), pp. 67–71 (2012)
Yamashita, Y., Tsuru, M.: Rule pattern parallelization of packet filters on muti-core environments. In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), pp. 116–125 (2011)
Guo, D., Bhuyan, L.N., Liu, B.: An efficient parallelized L7-filter design for multicore servers. IEEE/ACM Transactions on Networking 20(5), 1426–1439 (2012)
Application Layer Packet Classifier for Linux (2013)
Huang, N.-F., Hung, H.-W., Tsai, W.-Y.: A unique-pattern based pre-filtering method for rule matching of network security. In: 2012 18th Asia-Pacific Conference on Communications (APCC), pp. 744–748 (2012)
Song, H., Hao, F., Kodialam, M., Lakshman, T.V.: IPv6 lookups using distributed and load balanced bloom filters for 100Gbps core router line cards. In: IEEE INFOCOM 2009, pp. 2518–2526 (2009)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel Bloom filters. In: Proceedings of the 11th Symposium on High Performance Interconnects, pp. 44–51 (2003)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., Lockwood, J.W.: Deep packet inspection using parallel Bloom filters. IEEE Micro 24(1), 52–61 (2004)
Attig, M., Dharmapurikar, S., Lockwood, J.: Implementation results of Bloom filters for string matching. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2004, pp. 322–323 (2004)
Attig, M., Lockwood, J.: SIFT: snort intrusion filter for TCP. In: Proceedings of the 13th Symposium on High Performance Interconnects, pp. 121–127 (2005)
Van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, INFOCOM 2006, pp. 1–13 (2006)
Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2004, vol. 4, pp. 2628–2639 (2004)
Ho, J., Lemieux, G.G.F.: PERG: A scalable FPGA-based pattern-matching engine with consolidated bloomier filters. In: International Conference on ICECE Technology, FPT 2008, pp. 73–80 (2008)
Bando, M., Artan, N.S., Wei, R., Guo, X., Chao, H.J.: Range hash for regular expression pre-filtering. In: 2010 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 1–12 (2010)
Cho, Y.H., Mangione-Smith, W.H.: Fast reconfiguring deep packet filter for 1+ gigabit network. In: 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2005, pp. 215–224 (2005)
Ajami, R., Dinh, A.: Design a hardware network firewall on FPGA. In: 2011 24th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 000674–000678 (2011)
Kayssi, A., Harik, L., Ferzli, R., Fawaz, M.: FPGA-based internet protocol firewall chip. In: The 7th IEEE International Conference on Electronics, Circuits and Systems, ICECS 2000., vol. 1, pp. 316–319 (2000)
Park, S.-K., Oh, J.-T., Jang, J.-S.: High-speed attack mitigation engine by packet filtering and rate-limiting using fpga. In: The 8th International Conference on Advanced Communication Technology, ICACT 2006, vol. 1, pp. 6 pp.–685 (2006)
Aparicio, R., Urueña, M., Muñoz, A., Rodríguez, G., Morcuende, S.: INDECT Lawful Interception platform: Overview of ILIP decoding and analysis station. Jornadas de Ingeniería Telemática (JITEL) (2013) (accepted for publication)
Urueña, M., Muñoz, A., Aparicio, R., Rodríguez, G.: Digital Wiretap Warrant: Protecting civil liberties in ETSI Lawful Interception (review ongoing). Computer and Security
Knuth, D.: The Art of Computer Programming, 2nd edn., vol. 3. Addison-Wesley (1998)
NetFPGA home page (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
de los Santos, G.R., Hernández, J.A., Urueña, M., Muñoz, A. (2014). A Bloom Filter-Based Monitoring Station for a Lawful Interception Platform. In: Dziech, A., Czyżewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2014. Communications in Computer and Information Science, vol 429. Springer, Cham. https://doi.org/10.1007/978-3-319-07569-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-07569-3_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07568-6
Online ISBN: 978-3-319-07569-3
eBook Packages: Computer ScienceComputer Science (R0)