AU2015100002A4 - Next generation firewalls using physical layer firewall solution and bit filter - Google Patents

Abstract

Abstract A system for blocking network traffic at physical layer based on the bit pattern matching comprising and implementation of Access Control lists at the bit or physical layer level; and blocking the transmission of malicious files by analysis at bit or physical layer level is presented to provide access control at the bit level instead of the traditional firewalls.

Description

EDITORIAL NOTE 2015100001 There are four pages of description only NEXT GENERATION FIREWALLS USING PHYSICAL LAYER FIREWALL SOLUTION AND BIT FILTER FIELD OF THE INVENTION [0001] The firewalls in the current scenario of the infrastructure management are those that predominantly work on transport layer and network layer that perform packet filtering but with increasing size of organizations and networks there will always be demand for increased size of firewalls suites. This system uses the algorithms for dropping the malicious code which can range from simple batch file virus or an executable file to ddos attacks at the physical layer or bit transmission itself. BACKGROUND OF THE INVENTION [0002] All the data communication that takes place over the network, occurs finally at physical layer i.e. in binary form which is in the form of l's and O's now the communication at the physical layer which is a bit level can either be synchronous or asynchronous. This transmission can be seen through Cathode Ray Oscilloscope (CRO). We can transmit data between two computers connected over Ethernet and can see it over storage oscilloscope. We can monitor the patterns and make the decision based on what patterns are to be blocked and what patterns are to be transmitted. If we don't want any executable file (.exe) transmission should occur between two connected computers then we would first observe the pattern that occurs while transmitting .exe file by transmitting multiple .exe files through CRO, once we are sure of the pattern, then we will be able to identify the pattern that occurs in .exe file we will block it. Say the pattern associated with .exe file is 1111000101010100010010. We can develop an assembly program to block all the contents that are of the same pattern. Bit Examination through Oscilloscope [0003] If we look at the waveform for either an asynchronous or a synchronous stream of bytes (characters) using an oscilloscope, then one notices that things are not quite as one expects. There are two things which may be unexpected: * Since line drivers invert the signal prior to transmission (and line receivers do an inversion on reception), the signal that appears on the wires is usually upside down. That is a "1" or "idle" period is represented by a low voltage and a "0" or "start bit" is represented as a high voltage. * Ever since the start of asynchronous communications, the bits have been sent down the wire with the least significant data bit first and the most significant bit last. All that this really implies is a change in order of the lines connected from the computer's data bus to transmit and receive shift registers. * For an asynchronous transmission, this means that the line usually is at the low voltage (OV or -12V) and that a logic 0 is sent as a high voltage (+5V or +12V). The least significant bit of the character follows the start bit (rather than the most significant as one may have expected), followed by the rest of the bits in the byte, the parity bit (if present) and the stop bit. * However there's an exception to inversion rule i.e. in case where we have cyclic redundancy check (CRC). DETAILED DESCRIPTION OF THE INVENTION Analysis Phase [0004] The approach is to analyze the sequence of bits between start bit and stop bit, removing the parity bit when data is transferred from one PC to other with storage CRO in between. If I want no executable files must be shared across the connection for this first of all I have to analyze or know the bit pattern i.e. associated with executable file. This can be observed by transmitting executable files of variable sizes of few kb and finding out the associated pattern. Similarly for anything that we have to block, we first have to analyse the pattern. If we consider another scenario where we don't want computer to access a particular website say www.google.com in this case we will find the bit pattern associated with www.google.com Design Phase [0005] The second challenge after analysis phase is that we have to develop a device with Application Specific Integrated Circuit (ASIC). In such a way that all the traffic passes through this device before reaching the host or after leaving the host all the traffic should pass through it before reaching the other connected device. [0006] The filtering and the development of Access Control Lists (ACLs) would entirely be at binary level the ASIC should function in such a way that all the traffic with bit pattern that matches the pattern that has been analyzed earlier will be dropped off. [0007] Following algorithm can be followed: 1) Frame is received. 2) Determine the start bit. 3) Determine the length of the bit segment i.e. to be compared (depends upon the segment length in the ACL for e.g. if I give deny 10001 then the segment that will be compared will be of 5 bits). 4) If there be 10 entries in ACL then all 10 will be examined from top to bottom level. 5) If first entry in ACL is of 3 bits then the segment that will be compared after start bit of incoming traffic will be of 3 bits length. Similarly if the second entry would be of 10 bits length then the scanning will again start at the start bit and the length of segment compared will be 10 bits. 6) The scanning is done from start bit to stop bit, number of times the scanning will be done depends upon the number of entries in ACL. 7) Once the complete ACL is matched and scanned, if there would be match then that frame is dropped and error message must be broadcasted to the connected Data Communication Equipment's (DCEs) attached 8) On the other hand if there is no match in ACL then the packet should be forwarded to the respective device. [0008] The requirements for developing such a device are as follows: 1) The device must be able to connect two devices i.e. the device must be able to set up a connection between two devices even if there is no processing or ACLs. 2) The device must function at a faster speed in order to avoid any delays in the communication. 3) The device must be able to act as a repeater so that to repeat the stream of bytes and forward it to the destination. 4) The device must be able to generate appropriate messages at appropriate times for e.g. Condition Message broadcasted to DCE Match Found in Service ACL Denied Weak Strength Connection of Signal Error Scenario Analysis [0009] Let us see some of the scenarios in which this device (Bit Filter) would be of much use as compared to traditional firewalls. 1) Accessing the blocked network through proxy The blocking of network or some of the sites on the internet works through Access Control Lists in the firewall but sometimes one can use the proxy site and can get access to the blocked content. So in this case network administrator has to add this proxy site also in the blocked list or black listed list but in as the bit filter (new device) works on bit comparison so even if a person tries to access some website say www.proxy.com in the ACL we can give deny (bit pattern related to proxy keyword) in this way by making only one entry we can block all the proxy sites. 2) Blocking transfer of files with some attributes There are scenarios in which files that are suspected to be potentially malicious are blocked by the firewall for e.g. executable file and batch files but in some of the scenarios such files can still be send across the network with some binding tools, binding tools that are commonly available on internet can easily bind an executable file in .jpeg picture format file or some other file. So in this case there are high chances that the base executable file bound in .jpeg file can easily go through the firewall without being blocked but in case of the bit filter once we are matching the bit sequence with the bit sequence of the executable file, till the time the base file of the bound object is an executable file the object cannot pass through the bit filter device. 3) Protection at microscopic level Bit Filter (The new device proposed here) will be able to provide security at the bit level i.e. the lowest level of the data transmission which is the most efficient way to deal with the security issues. Conclusions: [0010] The firewalls in the present scenario are effective but 100% security cannot be realized with implementation of these firewalls, so the need is to come up with the solution which provides complete security solution. Bit Filter can be helpful for the same as it provides filtering at the bit level i.e. at physical layer. Summary: [0011] Working at physical layer may not be that efficient and it may require a lot of time in the preparation of the algorithms in order to filter the complete traffic but the advantage would be that it would cost nothing and also this procedure will insure that there would not be any damage to the upper layers and unwanted traffic can be blocked just at the NIC or even before that.

Claims (2)

1. A system for blocking network traffic at physical layer based on the bit pattern matching.

2. A system for blocking network traffic at physical layer based on the bit pattern matching, further comprising: Implementation of Access Control lists at the bit or physical layer level; and blocking the transmission of malicious files by analysis at bit or physical layer level.