A network security system model based on FPGA

This paper proposes a design and realization of a network security system based on unidirectional network data control technique and configurable Rijndael AES algorithm. The unidirectional control technique does not process the data downloaded from the server to the client side but checks the data that is uploaded to the server side according to certain security rules, which promises the client side can receive complete and real-time data flow from the server side and prevents key information in private network from being disclosed. Moreover, using the improved AES data encryption standard, messages within the private network are encrypted, which promises the information could be transmitted in security even it is eavesdropped.

[1]  Elwyn R. Berlekamp,et al.  Bit-serial Reed - Solomon encoders , 1982, IEEE Transactions on Information Theory.

[2]  Mohammed Benaissa,et al.  GF(2^m) Multiplication and Division Over the Dual Basis , 1996, IEEE Trans. Computers.

[3]  John V. McCanny,et al.  Rijndael FPGA implementation utilizing look-up tables , 2001, 2001 IEEE Workshop on Signal Processing Systems. SiPS 2001. Design and Implementation (Cat. No.01TH8578).

[4]  Pete Chown,et al.  Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) , 2002, RFC.

[5]  Philip Heng Wai Leong,et al.  Compact FPGA-based true and pseudo random number generators , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[6]  Wenbin Zheng,et al.  Intrusion prevention system design , 2004 .

[7]  Ray Stanton Securing VPNs: comparing SSL and IPsec , 2005 .

[8]  Douglas J. Hickok File Type Detection Technology , 2005 .

[9]  Zheng Yan-shu Efficient Packet Classification for Network Intrusion Detection using FPGA , 2005 .

[10]  John W. Lockwood,et al.  IPSec implementation on Xilinx Virtex-II Pro FPGA and its application , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[11]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.

[12]  Charles Kozierok,et al.  The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference , 2005 .

[13]  Thomas Berger,et al.  Analysis of current VPN technologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[14]  Chih-Peng Fan,et al.  Implementations of high throughput sequential and fully pipelined AES processors on FPGA , 2007, 2007 International Symposium on Intelligent Signal Processing and Communication Systems.

[15]  Zerene Sangma,et al.  Hardware implementation of elliptic curve Diffie-Hellman key agreement scheme in GF(p) , 2008 .

[16]  Chung-Cheng Hsieh,et al.  High throughput 32-bit AES implementation in FPGA , 2008, APCCAS 2008 - 2008 IEEE Asia Pacific Conference on Circuits and Systems.

[17]  Saudi Arabia,et al.  Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA , 2009 .

[18]  Xiangyan Fang,et al.  Hardware Implementation of Improved Montgomery Modular Multiplication Algorithm , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[19]  Hyotaek Lim,et al.  A Ping Pong Based One-Time-Passwords Authentication System , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[20]  Karen Scarfone,et al.  Intrusion Detection and Prevention Systems , 2010, Handbook of Information and Communication Security.