A solution for packet security 1 Gbps on layer 2 with technology FPGA
DOI:
https://doi.org/10.54654/isj.v8i2.29Keywords:
— FPGA, layer 2 security, network security.Tóm tắt
Abstract— The Layer 2 network security has shown many advantages compared to Layer 3. However, the structure of Layer 2 does not indicate the size of data packet, it makes the difficult to capture the data packet, especially in the case the packet is captured by hardware. Also, there are limitation of using software to capture the packet. In addition, when the size of the packet is not defined, it will be difficult to handle the packet with inserting cryptographic parameters that exceed the permissible length. In this paper, a technical solution for capturing Ethernet packet directly from FPGA is presented, organising data to ensure transparent communication capability to implement Layer 2 packet security, to overcome the limitations when capturing packet by using software.
Tóm tắt— Bảo mật mạng Layer 2 đã thể hiện được nhiều ưu điểm so với bảo mật Layer 3, tuy nhiên do cấu trúc của gói tin Layer 2 không cho biết kích thước gói tin nên gây khó khăn cho việc bắt gói tin, đặc biệt khi bắt trực tiếp bằng phần cứng, trong khi nếu sử dụng phần mềm thì có nhiều hạn chế. Hơn nữa, khi không biết kích thước sẽ gây khó khăn trong việc xử lý gói tin khi chèn các tham số mật mã vượt quá độ dài cho phép. Trong bài này trình bày một giải pháp kỹ thuật bắt gói tin Ethernet trực tiếp từ FPGA, tổ chức dữ liệu đảm bảo khả năng truyền tin trong suốt cho phép thực hiện bảo mật gói tin Layer 2, khắc phục được những hạn chế khi bắt gói tin bằng phần mềm.
Downloads
References
[1].Rohde & Schwarz (2009), “R&S SIT ETH Ethernet Encrypto”, data manual.
[2]. EEE 802.1ae, IEEE Standard for Local and metropolitan area networks, “Media Access Control Security”, 2006.
[3].S. Kent, “IP Encapsulating Security Payload (ESP”), RFC 4303, 2005.
[4]. Đề tài “Nghiên cứu thiết kế chế tạo thiết bị bảo mật gói IP tốc độ cao (IP14) trên công nghệ FPGA và ARM”. Ban Cơ yếu Chính phủ, Dương Huy Bình và cộng sự, 2014.
[5]. Glen Gibb, John W. Lockwood, Jad Naous, Paul Hartke, and Nick McKeown “NetFPGA – An Open Platform for Teaching How to Build Gigabit-rate Network Switches and Routers”, IEEE Transactions on Education, 2008.
[6]. John W. Lockwood, Nick McKeown, “NetFPGA - An Open Platform for Gigabit-rate Network Switching and Routing” IEEE Internationnal Conference on Microelectronic System Education”, June 3-4, San Diego,CA, 2007.
[7]. IEEE 802.3 IEEE Standard for Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks; “Specific requirements Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications Amendment 1: Media Access Control (MAC) Parameters, Physical Layers, and Management Parameters for 1 Gb/s Operation”, 2002.
[8]. Altera Corp, “Triple-Speed Ethernet MegaCore Function User Guide – Altera" https://www.altera.com/literature/ug/ug_ethernet.pdf, 2016.
[9]. Altera Corp, “DE4 User manual”. ftp://ftp.altera.com/up/pub/Altera_Material/Boards/DE4/DE4_User_Manual.pdf unpublished, 2016.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).