By,Pritam K. Kathar 55

Rahul B. Kavale 56Ajit M. Kshirsagar 57Prashant P. Mundhe 59

Bhushan G. Nadekar 60

  Guided By,Prof. Dr. P. J. Kulkarni

What is Firewall?A firewall is a device or set of

devices designed to permit or deny network transmissions based upon a set of rules

is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

It has set of rules to check the packet.

Packet matching involves matching on many fields from the TCP and IP packet header.

Why Efficient Matching ?

•Network traffic is increasing tremendously

•Linear packet filtering requires much time to filter this huge traffic

•firewall should be able to sustain a very highthroughput, or risk becoming a bottleneck

•An efficient matching algorithm filters more packets per sec.i.e. 30,000 packets per second with 10000 rules

Approach

• Each packet is considered to be made up of 5 fields-1.Protocol2. source IP address 3. Destination IP address4. source port number5. Destination port number

• GEM Data structure is created•Packet is checked against these 5 fields and a winning rule is found out• The packets are then filtered using only winning rule rather than all the rules

GEM Data structure

Algorithm

• The firewall packet matching problem finds the first rule that matches a given packet on one or more fields from its header

• Every rule consists of set of ranges [li, ri] for i = 1, . . . , d, where each range corresponds to the i-th field in a packet header. The field values are in 0 ≤ li , ri ≤ Ui ,

where Ui =232 −1 for IP addresses, Ui = 65535 for port numbers, and Ui = 255 for ICMP message type or code

Search Algorithm:The packet header contains the protocol number, source and

destination address and port numbers fields First, we check the protocol field and go to the protocol array of the

search data structure, to select the corresponding protocol database headerFrom this point, we traverse data structure with the corresponding

field value on every level We find the matching simple range and continue to the next level. The last level gives us the winning rule

Working:-

SYSTEM REQUIRMENT

Software Requirement: - Operating System : Windows VISTA ,Windows 7 - Development Platform RequirementDevelopment Platform for GEM : Visual Studio 2010Development Platform for GUI : Net Beans IDE

- Development languagesDevelopment language for GEM: VC++Development Language for GUI : JAVA

Minimum Hardware Requirement: -System : Pentium IV 2.4 GHz -Hard Disk : 40 GB -RAM : 512 MB

Simulation StudyFor the simulation or performance analysis we implemented

and tested it in isolation. The GEM build and search implemented in Visual C++ language, using Microsoft Visual Studio 2010. The simulation were performed at 2.13 GHz Intel Pentium P6 200 PC with RAM of 2 GB DDR3 having Hard Disk Drive of 500GB running Windows 7 Ultimate (32 bit) operating system.

We have performed this simulation on two different type of firewall 1) Linear 2) GEM. In GEM implemented firewall we again classified it as a state-full and a stateless. For comparing we selected the random rules and we recorded the different time for matching the rules and from that we calculated the average time for linear, state-full GEM and stateless GEM. From that recorded data we have drawn the graph.

Simulation Statistics (Comparing the Build Time)No Of Rules Time (microseconds) Avg. Time (microseconds)

100

0.47390.48010.53630.52360.5420

0.5084

350

0.52480.51320.59300.64190.5003

0.5546

700

0.53930.65480.66400.76430.5711

0.6387

1400

0.63190.76370.61440.65370.6641

0.6656

2500

0.65320.63390.66490.63690.6845

0.6807

Comparing ExecutionNO of Rules Linear Matching

(Time in µs)State-full Matching

(Time in µs)Stateless

(Time in µs)

500

0.0047500.0033500.002780

Avg.: 0.003627

0.0018150.0013950.001070

Avg.: 0.001232

0.0074300.0079000.007320

Avg.: 0.007550

1000

0.0066150.0075000.007845

Avg.: 0.007781

0.0009500.0009000.000900

Avg.: 0.000900

0.0207000.014730.01445

Avg.: 0.01732

2500

0.017960.013540.01680

Avg.: 0.01610

0.0015400.0015150.001380.

Avg.: 0.001448

0.24520.23670.2383

Avg.: 0.240660

5000

0.028320.027960.02707

Avg.: 0.02754

0.0009050.0008900.000895

Avg.: 0.000893

0.521520.527480.52634

Avg.: 0.52514

Advantages:GEM’s matching speed is far better than the naive linear

search, and it is able to increase the throughput GEM can filter over 30,000 packets-per-second on a

standard PC, even with 10,000 rules On rule-bases generated according to realistic statistics,

GEM’s space complexity is well within the capabilities of modern hardware

Disadvantages:

Space complexity is high.(worst-case complexity is O(n4) for a rule-base with n rules)

Building GEM data structure requires computational

overhead

References

[1] Dmitry Rovniagin and Avishai Wool, Senior Member, IEEE “THE GEOMETRIC EFFICIENT MATCHING ALGORITHM FOR FIREWALLS” IEEE Transactions On Dependable And Secure Computing ,Vol. 8, No. 1, Jan-Feb 2011

[2] Andronescu Alexandra “LIBFW: GENERIC FIREWALL LIBRARY FOR MULTIPLE OPERATING SYSTEMS”

[3] Alex X. Liu, Member, IEEE, and Mohamed G. Gouda, Member, IEEE “Firewall Policy Queries” IEEE Transactions On Parallel And Distributed Systems, Vol. 20, No. X, Xxx 2009

[4] Alex X. Liu Eric Torng Chad R. Meiners, Department of Computer Science and Engg,

Michigan State University, East Lansing, MI 48824, U.S.A. “Firewall Compressor: An Algorithm for Minimizing Firewall Policies”

 

ConclusionGEM’s matching speed is far better than the

naive linear search. GEM’s space complexity is well within the

capabilities of modern hardware.The GEM algorithm enjoys a logarithmic

matching time performance

Thank You .. !!