Cryptographic wiretapping at 100 megabits

This paper describes the Advanced Packet Vault, a cryptographically secured archiver of network packet data that reliably captures all packets on a 100 Mbps Ethernet network, encrypts them, and writes them to long-term magnetic tape storage for later analysis and evidentiary purposes. Based on a previous prototype, the APV provides an enhanced cryptographic organization that allows site-specific selection of the encryption format and that permits selected traffic to be made available without compromising the security of other traffic. The APV operates reliably under a continuous 100 Mbps load. We conclude with a discussion of future work necessary to scale the APV beyond 100 Mbps.

[1]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[2]  Peter Honeyman,et al.  The Packet Vault: Secure Storage of Network Data , 1999, Workshop on Intrusion Detection and Network Monitoring.

[3]  Prashant J. Shenoy,et al.  Rules of thumb in data engineering , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[4]  Cormac J. Sreenan,et al.  mmdump: a tool for monitoring internet multimedia traffic , 2000, CCRV.

[5]  Robert D. Silverman A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths RSA Labs bulletin , 2000 .

[6]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.