A Bloom Filter-Based Monitoring Station for a Lawful Interception Platform

  • Gerson Rodríguez de los Santos
  • Jose Alberto Hernández
  • Manuel Urueña
  • Alfonso Muñoz
Part of the Communications in Computer and Information Science book series (CCIS, volume 429)


Lawful Interception (LI) is a fundamental tool in today’s Police investigations.Therefore, it is important to make it as quickly and securely as possible as well as a reasonable cost per suspect. This makes traffic capture in aggregation links quite attractive, although this implies high wirespeeds which require the use of specific hardware-based architectures. This paper proposes a novel Bloom Filter-based monitoring station architecture for efficient packet capture in aggregation links. With said Bloom filter, we filter out most of the packets in the link and capture only those belonging to lawful interception wiretaps. Next, we present an FPGA-based implementation of said architecture and obtain the maximum capture rate achievable by injecting traffic through four parallel Gigabit Ethernet lines. Finally, we identify the limitations of our current design and suggest the possibility of further extending it to higher wirespeeds.


Lawful Interception FPGA Bloom filter Packet Capture 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Broder, A., Mitzenmacher, M.: Network applications of Bloom filters: A survey. Internet Mathematics 1(4), 485–509 (2004)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Mu, S., Zhang, X., Zhang, N., Lu, J., Deng, Y.S., Zhang, S.: IP routing processing with graphic processors. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 93–98 (2010)Google Scholar
  3. 3.
    Zhao, J., Zhang, X., Wang, X., Deng, Y., Fu, X.: Exploiting graphics processors for high-performance IP lookup in software routers. In: 2011 Proceedings IEEE INFOCOM, pp. 301–305 (2011)Google Scholar
  4. 4.
    Smith, R., Goyal, N., Ormont, J., Sankaralingam, K., Estan, C.: Evaluating GPUs for network packet signature matching. In: IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS 2009, pp. 175–184 (2009)Google Scholar
  5. 5.
    Wang, L., Chen, S., Tang, Y., Su, J.: Gregex: GPU based high speed regular expression matching engine. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 366–370 (2011)Google Scholar
  6. 6.
    Huang, N.-F., Hung, H.-W., Lai, S.-H., Chu, Y.-M., Tsai, W.-Y.: A GPU-based multiple-pattern matching algorithm for network intrusion detection systems. In: 22nd International Conference on Advanced Information Networking and Applications - Workshops, AINAW 2008, pp. 62–67 (2008)Google Scholar
  7. 7.
    Lin, C.-H., Liu, C.-H., Chang, S.-C.: Accelerating regular expression matching using hierarchical parallel machines on GPU. In: 2011 IEEE Global Telecommunications Conference (GLOBECOM 2011), pp. 1–5 (2011)Google Scholar
  8. 8.
    Wu, Q., Wolf, T.: Runtime task allocation in multicore packet processing systems. IEEE Transactions on Parallel and Distributed Systems 23(10), 1934–1943 (2012)CrossRefGoogle Scholar
  9. 9.
    Li, Y., Shan, L., Qiao, X.: A parallel packet processing runtime system on multi-core network processors. In: 2012 11th International Symposium on Distributed Computing and Applications to Business, Engineering Science (DCABES), pp. 67–71 (2012)Google Scholar
  10. 10.
    Yamashita, Y., Tsuru, M.: Rule pattern parallelization of packet filters on muti-core environments. In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), pp. 116–125 (2011)Google Scholar
  11. 11.
    Guo, D., Bhuyan, L.N., Liu, B.: An efficient parallelized L7-filter design for multicore servers. IEEE/ACM Transactions on Networking 20(5), 1426–1439 (2012)CrossRefGoogle Scholar
  12. 12.
    Application Layer Packet Classifier for Linux (2013)Google Scholar
  13. 13.
    Huang, N.-F., Hung, H.-W., Tsai, W.-Y.: A unique-pattern based pre-filtering method for rule matching of network security. In: 2012 18th Asia-Pacific Conference on Communications (APCC), pp. 744–748 (2012)Google Scholar
  14. 14.
    Song, H., Hao, F., Kodialam, M., Lakshman, T.V.: IPv6 lookups using distributed and load balanced bloom filters for 100Gbps core router line cards. In: IEEE INFOCOM 2009, pp. 2518–2526 (2009)Google Scholar
  15. 15.
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel Bloom filters. In: Proceedings of the 11th Symposium on High Performance Interconnects, pp. 44–51 (2003)Google Scholar
  16. 16.
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., Lockwood, J.W.: Deep packet inspection using parallel Bloom filters. IEEE Micro 24(1), 52–61 (2004)CrossRefGoogle Scholar
  17. 17.
    Attig, M., Dharmapurikar, S., Lockwood, J.: Implementation results of Bloom filters for string matching. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2004, pp. 322–323 (2004)Google Scholar
  18. 18.
    Attig, M., Lockwood, J.: SIFT: snort intrusion filter for TCP. In: Proceedings of the 13th Symposium on High Performance Interconnects, pp. 121–127 (2005)Google Scholar
  19. 19.
    Van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, INFOCOM 2006, pp. 1–13 (2006)Google Scholar
  20. 20.
    Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2004, vol. 4, pp. 2628–2639 (2004)Google Scholar
  21. 21.
    Ho, J., Lemieux, G.G.F.: PERG: A scalable FPGA-based pattern-matching engine with consolidated bloomier filters. In: International Conference on ICECE Technology, FPT 2008, pp. 73–80 (2008)Google Scholar
  22. 22.
    Bando, M., Artan, N.S., Wei, R., Guo, X., Chao, H.J.: Range hash for regular expression pre-filtering. In: 2010 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 1–12 (2010)Google Scholar
  23. 23.
    Cho, Y.H., Mangione-Smith, W.H.: Fast reconfiguring deep packet filter for 1+ gigabit network. In: 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2005, pp. 215–224 (2005)Google Scholar
  24. 24.
    Ajami, R., Dinh, A.: Design a hardware network firewall on FPGA. In: 2011 24th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 000674–000678 (2011)Google Scholar
  25. 25.
    Kayssi, A., Harik, L., Ferzli, R., Fawaz, M.: FPGA-based internet protocol firewall chip. In: The 7th IEEE International Conference on Electronics, Circuits and Systems, ICECS 2000., vol. 1, pp. 316–319 (2000)Google Scholar
  26. 26.
    Park, S.-K., Oh, J.-T., Jang, J.-S.: High-speed attack mitigation engine by packet filtering and rate-limiting using fpga. In: The 8th International Conference on Advanced Communication Technology, ICACT 2006, vol. 1, pp. 6 pp.–685 (2006)Google Scholar
  27. 27.
    Aparicio, R., Urueña, M., Muñoz, A., Rodríguez, G., Morcuende, S.: INDECT Lawful Interception platform: Overview of ILIP decoding and analysis station. Jornadas de Ingeniería Telemática (JITEL) (2013) (accepted for publication)Google Scholar
  28. 28.
    Urueña, M., Muñoz, A., Aparicio, R., Rodríguez, G.: Digital Wiretap Warrant: Protecting civil liberties in ETSI Lawful Interception (review ongoing). Computer and SecurityGoogle Scholar
  29. 29.
    Knuth, D.: The Art of Computer Programming, 2nd edn., vol. 3. Addison-Wesley (1998)Google Scholar
  30. 30.
    NetFPGA home page (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Gerson Rodríguez de los Santos
    • 1
  • Jose Alberto Hernández
    • 1
  • Manuel Urueña
    • 1
  • Alfonso Muñoz
    • 1
  1. 1.Universidad Carlos III de MadridLeganés, MadridSpain

Personalised recommendations