Abstract
This paper describes a highly scalable architecture based on field-programmable gate-array (FPGA) technology for prefix-preserving anonymization of IP addresses at increasingly high network line rates. The Crypto-PAn technique, with the Advanced Encryption Standard (AES) as the underlying pseudo-random function, is fully mapped into reconfigurable hardware. A 32 Gb/s fully-pipelined AES engine was developed and used to prototype the Crypto-PAn architecture. The prototype was implemented on a Xilinx Virtex-4 device achieving a worst-case Ethernet throughput of 8 Gb/s using 141 block RAM’s and 4262 logic cells. This is considerably faster than software implementations which generally achieve much less than 100 Mb/s throughput. A technology-independent analysis is presented to explore the scalability of the architecture to higher multi-gigabit line-rates.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sicker, D., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 141–148 (2007)
University of Waikato: Waikato Internet Traffic Storage
Krishnamurthy, B., Wang, J.: On network-aware clustering of Web clients. In: Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 97–110 (2000)
Fan, J., Xu, J., Ammar, M., Moon, S.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Computer Networks 46(2), 253–272 (2004)
WAND Network Research Group: libtrace
Ubik, S., Zejdl, P., Halak, J.: Real-time anonymization in passive network monitoring. In: Proceedings of the Third International Conference on Networking and Services (2007)
Cleary, J., Donnelly, S., Graham, I., McGregor, A., Pearson, M.: Design principles for accurate passive measurement. In: Proceedings of Passive and Active Measurement Workshop (2000)
Nelson, R., Lawson, D., Lorier, P.: Analysis of long duration traces. ACM SIGCOMM Computer Communication Review 35(1), 45–52 (2005)
Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, S.: Packet-level traffic measurements from the Sprint IP backbone. Network, IEEE 17(6), 6–16 (2003)
Iannaccone, G., Bhattacharyya, S., Taft, N., Diot, C.: Always-on monitoring of IP backbones: Requirements and design challenges. Sprint ATL Research Report RR03-ATL-071821, Sprint ATL (2003)
Schuehler, D., Lockwood, J.: TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware. In: Proceedings. 10th Symposium on High Performance Interconnects, pp. 127–131 (2002)
Yusuf, S., Luk, W., Sloman, M., Dulay, N., Lupu, E., Brown, G.: Reconfigurable Architecture for Network Flow Analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 16(1), 57–65 (2008)
FIPS, P.: 197. Advanced Encryption Standard (AES) 26 (2001)
Hodjat, A., Verbauwhede, I.: A 21.54 Gbits/s fully pipelined AES processor on FPGA. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. FCCM 2004, (2004), pp. 308–309 (2004)
Saggese, G., Mazzeo, A., Mazzocca, N., Strollo, A.: An FPGA-based performance analysis of the unrolling, tiling, and pipelining of the AES algorithm. In: Proc. FPL 2003 (2003)
Standaert, F., Rouvroy, G., Quisquater, J., Legat, J.: Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)
McLoone, M., McCanny, J.: High Performance Single-Chip FPGA Rijndael Algorithm Implementations. In: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems, pp. 65–76 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blake, A., Nelson, R. (2008). Scalable Architecture for Prefix Preserving Anonymization of IP Addresses. In: Bereković, M., Dimopoulos, N., Wong, S. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2008. Lecture Notes in Computer Science, vol 5114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70550-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-70550-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70549-9
Online ISBN: 978-3-540-70550-5
eBook Packages: Computer ScienceComputer Science (R0)