Network Security Technology

Our customer, a leading networking component provider, asked us to make design modifications to support OpenSSL DTLS (Datagram Transport Layer Security), so that UDP traffic processed by their hardware is as secure as TCP traffic. The project would be validated against their baseline test suite, including the performance benchmark tests, and one of their goals was to at least match the measured performance of the previous product baseline.

The project had a host of challenges, but I applied my expertise and knowledge in network security to fully meet the project requirements. Using my Ph.D. in Computer Science and 20 years of telecom experience in network security and cryptography as a foundation, I applied my deep understanding in Public-Key Infrastructure (PKI) — a key factor in the OpenSSL design principle, and developed several hundred test cases to verify security features.

To solve the challenges, we added new features to provide the state-of-the art OpenSSL DTLS services to enable secured UDP traffic handling for their multi-core network processors; enabled TCP and UDP dual-stack functionalities with backward support of full TLS services; enhanced their PKI system for extended timeline coverage and increased security strength and cipher algorithms; and completed the performance sampling on all metrics, improved TCP/IP traffic throughput performance as compared with the previous product baselines. Average DTLS throughput for this project increased nearly 100 Mbps.

I was determined to exceed the customer’s expectations in all categories — software feature scope, software quality (zero-defect), and time-to-delivery— and we exceeded them all.

— J.S., Senior Software Engineer

Show Buttons
Hide Buttons