Host-based, network enabled, integrated remote interrogation system
Inventors
Collins, James C • Wall, Chet M • Kaufman, III, Robert J
Assignees
United States Department of the Air Force
Publication Number
US-9860258-B1
Publication Date
2018-01-02
Expiration Date
2035-07-01
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
An Enhanced Ethernet Network Interface Card (EENIC) interfaces with a host and a network. The EENIC includes an internal network interface controller (NIC), a field programmable array (FPGA) in electrical communication with the internal network interface controller, and a peripheral component interconnect express (PCIe) controller, in independent electrical communication with the field programmable array or the internal network interface controller. The FPGA is configured to intercept data from either the host, or from the network, or from a combination thereof. Additionally, the configured interception is undetected by the host, or by the network, or a combination thereof.
Core Innovation
The invention provides an Enhanced Ethernet Network Interface Card (EENIC) designed to interface with a host and a network. The EENIC comprises an internal network interface controller (NIC), a field programmable gate array (FPGA) electrically connected to the NIC, and a peripheral component interconnect express (PCIe) controller independently communicating with the FPGA or NIC. The FPGA is configured to intercept data originating from the host, the network, or both. Importantly, this interception operates undetected by the host and network.
This EENIC can be programmed to work in multiple modes, including a promethean host (PH) mode and an active host embedded (AHE) mode. In AHE mode, the EENIC becomes the exclusive network interface for the host, embedding a microprocessor subsystem within the FPGA that can run an independent operating system and perform security actions autonomously. This subsystem is isolated and transparent to the host, providing secure, encrypted remote access through a unique network wormhole protocol without host system knowledge or intervention.
The problem addressed by this invention is the vulnerability of traditional host-based security software, which can be modified or disabled by sophisticated exploitation code and malware. Current network architectures, even with defense-in-depth, fail to monitor or control security activities effectively at lower enclave levels because these depend on host systems that can be compromised. Thus, there exists a need for a security apparatus operating independently from the host's operating system and memory, to surveil and control data flows without detection or reliance on the host's integrity.
Claims Coverage
The patent includes two independent claims focusing on the structural and functional aspects of the Enhanced Ethernet Network Interface Card (EENIC) and its method of operation.
Integrated FPGA-based interception within EENIC
The EENIC features an FPGA configured to operate inside the host, electrically connected to an internal NIC and a PCIe controller, enabling interception of data from the host, network, or both in a manner undetected by the host and network.
Emulated microprocessor with independent operating system
The FPGA implements an emulated microprocessor running an independent operating system that is remotely accessible over the network, allowing processing and security functions to be performed autonomously within the EENIC.
Replicated host MAC address configuration
The internal network interface controller in the EENIC includes a media access control (MAC) address configured to replicate the host's MAC address, enabling seamless and covert network communication.
Method for data interception and security actions without host knowledge
The method claims involve providing the EENIC with the FPGA emulated microprocessor and independent OS, intercepting data from the host or network, and performing security actions on the data without consent or knowledge of the host.
Collectively, the claims establish an Enhanced Ethernet Network Interface Card incorporating an FPGA-based, covert data interception and control system with an emulated microprocessor running an independent OS, enabling remote secure access and security operations completely transparent to the host and network.
Stated Advantages
Separation and logical isolation of the FPGA from the host and external network enhance overall system security by protecting the FPGA from internal and external access attempts.
Ability to intercept and control network data flows autonomously and transparently provides improved security protection independent of the host operating system's vulnerabilities.
Support for multiple configurable modes allows flexible deployment to meet different security needs and environments.
The network wormhole protocol enables secure, encrypted remote command, control, and data acquisition without host intervention or detection.
Documented Applications
Use as a security enhancing platform embedded within host systems to monitor, filter, block, forward, and scan network data flows to and from host computers.
Deployment within networks requiring advanced persistent threat detection and mitigation beyond traditional host-based security controls.
Integration into enterprise networks for enhanced host and network security at enclave levels that are not effectively monitored by standard upper hierarchical security appliances.
Operation as a host firewall, intrusion detection system, packet interceptor with redirect capabilities, and man-in-the-middle applications in complex network environments.
Interested in licensing this patent?