Scalable Architecture for Prefix Preserving Anonymization of IP Addresses

Authors:
Anthony Blake;Richard Nelson
Affiliations:
School of Computing and Mathematical Sciences, University of Waikato, Hamilton, New Zealand;School of Computing and Mathematical Sciences, University of Waikato, Hamilton, New Zealand
Venue:
SAMOS '08 Proceedings of the 8th international workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation
Year:
2008

Citing 10
Cited 1

On network-aware clustering of Web clients

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
High Performance Single-Chip FPGA Rijndael Algorithm Implementations

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
TCP-Splitter: A TCP/IP Flow Monitor in Reconfigurable Hardware

HOTI '02 Proceedings of the 10th Symposium on High Performance Interconnects HOT Interconnects
A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme

Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of long duration traces

ACM SIGCOMM Computer Communication Review
Real-time anonymization in passive network monitoring

ICNS '07 Proceedings of the Third International Conference on Networking and Services
Legal issues surrounding monitoring during network research

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Reconfigurable architecture for network flow analysis

IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Packet-level traffic measurements from the Sprint IP backbone

IEEE Network: The Magazine of Global Internetworking

Relationships and data sanitization: a study in scarlet

Proceedings of the 2010 workshop on New security paradigms

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes a highly scalable architecture based on field-programmable gate-array (FPGA) technology for prefix-preserving anonymization of IP addresses at increasingly high network line rates. The Crypto-PAn technique, with the Advanced Encryption Standard (AES) as the underlying pseudo-random function, is fully mapped into reconfigurable hardware. A 32 Gb/s fully-pipelined AES engine was developed and used to prototype the Crypto-PAn architecture. The prototype was implemented on a Xilinx Virtex-4 device achieving a worst-case Ethernet throughput of 8 Gb/s using 141 block RAM's and 4262 logic cells. This is considerably faster than software implementations which generally achieve much less than 100 Mb/s throughput. A technology-independent analysis is presented to explore the scalability of the architecture to higher multi-gigabit line-rates.