Abstract
Implementing IP security in broadband router without sacrificing the performance is main work we focused on. To meet the need of protecting wire speed forwarding data passing through fast path of the router, security module implemented with encryption chip was adopted; to protect non real time data passing through slow path of the router, the scheme of implementing IP security inside kernel of Master control module with software was introduced. Security architecture and several testing architectures were finely designed and depicted in the paper. Testing of security architecture was undergone in SR1880s router, which was developed by National Digital Switching System Engineering & Technological R&D Center of China (NDSC). Testing results show that the two schemes work well together.
This work was supported by the National High Technology Research and Development Program of China (No. 2005AA121210).
Chapter PDF
Similar content being viewed by others
References
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. IETF RFC 2401 (November 1998)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). IETF RFC 2409 (November 1998)
Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. IETF RFC 4306 (December 2005)
Hu, X., Qu, J., Wang, B., Li, X.: CISOQ: A Practical High-Performance Packet Switch Architecture for the Support of Multicast Traffic. In: 2005 Proc. PDCAT Conf., Dalian, China, pp. 139–143 (2005)
Yue, C., Yuguo, D., Yusong, L., Julong, L.: A Packet-Order-Keeping-Demultiplexer in Parallel-Structure Router Based on Flow Classification. In: 2003 Proc. ICCNMC Conf., Shanghai, China (2003)
Yufeng, L., Peng, Y., Han, Q., Julong, L.: Sizing buffers for pipelined forwarding engine. In: 2006 Proc. ICCCAS Conf., Guilin, China (accepted, 2006)
Ditzel Kropiwiec, C., Jamhour, E., Maziero, C.: A Architecture for Protecting Web Sevices with IPsec. In: 2004 Proc. EUROMICRO Conf., Rennes, France, pp. 290–297 (2004)
Trostle, J., Gossman, B.: Techniques for improving the security and manageability of IPsec policy. International Journal of Information Security 4(3), 209–226 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiaozhuo, G., Yufeng, L., Jianzu, Y., Julong, L. (2006). Hardware-and-Software-Based Security Architecture for Broadband Router (Short Paper). In: Ning, P., Qing, S., Li, N. (eds) Information and Communications Security. ICICS 2006. Lecture Notes in Computer Science, vol 4307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935308_39
Download citation
DOI: https://doi.org/10.1007/11935308_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49496-6
Online ISBN: 978-3-540-49497-3
eBook Packages: Computer ScienceComputer Science (R0)