Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Embedded Computer Systems

SAMOS 2008: Embedded Computer Systems: Architectures, Modeling, and Simulation pp 33–42Cite as

Scalable Architecture for Prefix Preserving Anonymization of IP Addresses

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5114))

Abstract

This paper describes a highly scalable architecture based on field-programmable gate-array (FPGA) technology for prefix-preserving anonymization of IP addresses at increasingly high network line rates. The Crypto-PAn technique, with the Advanced Encryption Standard (AES) as the underlying pseudo-random function, is fully mapped into reconfigurable hardware. A 32 Gb/s fully-pipelined AES engine was developed and used to prototype the Crypto-PAn architecture. The prototype was implemented on a Xilinx Virtex-4 device achieving a worst-case Ethernet throughput of 8 Gb/s using 141 block RAM’s and 4262 logic cells. This is considerably faster than software implementations which generally achieve much less than 100 Mb/s throughput. A technology-independent analysis is presented to explore the scalability of the architecture to higher multi-gigabit line-rates.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sicker, D., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 141–148 (2007)

    Google Scholar 

  2. University of Waikato: Waikato Internet Traffic Storage

    Google Scholar 

  3. Krishnamurthy, B., Wang, J.: On network-aware clustering of Web clients. In: Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 97–110 (2000)

    Google Scholar 

  4. Fan, J., Xu, J., Ammar, M., Moon, S.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Computer Networks 46(2), 253–272 (2004)

    Article  MATH  Google Scholar 

  5. WAND Network Research Group: libtrace

    Google Scholar 

  6. Ubik, S., Zejdl, P., Halak, J.: Real-time anonymization in passive network monitoring. In: Proceedings of the Third International Conference on Networking and Services (2007)

    Google Scholar 

  7. Cleary, J., Donnelly, S., Graham, I., McGregor, A., Pearson, M.: Design principles for accurate passive measurement. In: Proceedings of Passive and Active Measurement Workshop (2000)

    Google Scholar 

  8. Nelson, R., Lawson, D., Lorier, P.: Analysis of long duration traces. ACM SIGCOMM Computer Communication Review 35(1), 45–52 (2005)

    Article  Google Scholar 

  9. Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, S.: Packet-level traffic measurements from the Sprint IP backbone. Network, IEEE 17(6), 6–16 (2003)

    Article  Google Scholar 

  10. Iannaccone, G., Bhattacharyya, S., Taft, N., Diot, C.: Always-on monitoring of IP backbones: Requirements and design challenges. Sprint ATL Research Report RR03-ATL-071821, Sprint ATL (2003)

    Google Scholar 

  11. Schuehler, D., Lockwood, J.: TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware. In: Proceedings. 10th Symposium on High Performance Interconnects, pp. 127–131 (2002)

    Google Scholar 

  12. Yusuf, S., Luk, W., Sloman, M., Dulay, N., Lupu, E., Brown, G.: Reconfigurable Architecture for Network Flow Analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 16(1), 57–65 (2008)

    Article  Google Scholar 

  13. FIPS, P.: 197. Advanced Encryption Standard (AES) 26 (2001)

    Google Scholar 

  14. Hodjat, A., Verbauwhede, I.: A 21.54 Gbits/s fully pipelined AES processor on FPGA. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. FCCM 2004, (2004), pp. 308–309 (2004)

    Google Scholar 

  15. Saggese, G., Mazzeo, A., Mazzocca, N., Strollo, A.: An FPGA-based performance analysis of the unrolling, tiling, and pipelining of the AES algorithm. In: Proc. FPL 2003 (2003)

    Google Scholar 

  16. Standaert, F., Rouvroy, G., Quisquater, J., Legat, J.: Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)

    Google Scholar 

  17. McLoone, M., McCanny, J.: High Performance Single-Chip FPGA Rijndael Algorithm Implementations. In: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems, pp. 65–76 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Mathematical Sciences, University of Waikato, Hamilton, New Zealand

    Anthony Blake & Richard Nelson

Authors
  1. Anthony Blake
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard Nelson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mladen Bereković Nikitas Dimopoulos Stephan Wong

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Blake, A., Nelson, R. (2008). Scalable Architecture for Prefix Preserving Anonymization of IP Addresses. In: Bereković, M., Dimopoulos, N., Wong, S. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2008. Lecture Notes in Computer Science, vol 5114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70550-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-70550-5_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-70549-9

  • Online ISBN: 978-3-540-70550-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation