European researchers have developed an integrated photonic device that they call a "firewall on a chip" — the fruits of a EU-funded project called WISDOM (Wirespeed Security Domains Using Optical Monitoring).

Their work promises to save the internet from the looming threat of network security bottlenecks. Already 40 Gbit/s backbone routes are being widely deployed, with 100 Gbit/s on the horizon, and the electronics used to process the information they contain is struggling to keep up.

"There's a legal requirement for packet inspection when data crosses borders between different operators," explained Grahame Maxwell, of the UK's Centre for Integrated Photonics (CIP), and co-ordinator of the WISDOM project.

"If we continue to do processing in electronics, then we are going to put increasing pressure on the security systems. There is a need for a more scalable architecture for future networks."

The WISDOM device is designed to be placed at the front end of the node firewall to provide a primary information filtering at wirespeed (40 Gbit/s per channel), by carrying out processes such as operations such as optical packet recognition, interrogation and manipulating data streams incorporating features of parity checking, flag status, and header recognition. Secondary packet processing would then be done electronically as it is today, but the workload on the electronics would be significantly less.

The chip, which was designed by CIP, is a hybrid integrated component built using the HyBoard integration platform that the company unveiled earlier this year. The chip contains semiconductor optical amplifiers (SOAs) that can be configured as optical logic gates, as well as delay-line interferometer circuitry.

The device operates by copying and sending the optical data several times around an optical loop. Each time the data circles around the loop, a logic function is applied to the data until the pattern match is achieved (or not). When the processing is complete, the circuit contains an optical pulse (or no pulse) to indicate that a match has been found (or not). If a pattern match is found then the pulse in the frame is located in the position of the matching pattern.

As the next step, the researchers are hoping to demonstrate a device operating at 100 Gbit/s, and have already shown that the logic element (the SOA) can work at 80 Gbit/s. "In order to be credible we felt we had to work at the highest speed possible," says Maxwell.

Commercialisation is also on the agenda. The project partners plan to spend the next six months putting together the optics and electronics for a working demonstrator that they can showcase to interested parties — vendors who are manufacturing security boxes for router applications.

Partners in the WISDOM project are drawn from the whole optical supply chain, and include research institutions — Tyndall National Institute in Ireland, and the Foundation for Research and Technology (FORTH) in Greece — optical subsystem supplier Avanex, France, and UK network operator BT, as well as CIP.