• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • No language data
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

HE-MT6D: A Network Security Processor with Hardware Engine for Moving Target IPv6 Defense (MT6D) over 1 Gbps IEEE 802.3 Ethernet

Sagisi, Joseph Lozano 28 July 2017 (has links)
Traditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. To counter, Moving Target IPv6 Defense (MT6D) provides a network host obfuscation technique that dynamically obscures network and transport layer addresses. Software driven implementations have posed many challenges, namely, constant code maintenance to remain compliant with all library and kernel dependencies, less than optimal throughput, and the requirement for a dedicated general purpose hardware. The work of this thesis presents Network Security Processor and Hardware Engine for MT6D (HE-MT6D) to overcome these challenges. HE-MT6D is a soft core Intellectual Property (IP) block developed in full Register Transfer Level (RTL) and is the first hardware-oriented design of MT6D. Major contributions of HE-MT6D include the complete separation of the data and control planes, development of a nonlinear Complex Instruction Set Computer (CISC) Network Security Processor for in-flight packet modification, a specialized Packet Assembly language, a configurable and a parallelized memory search through tag-based Hybrid Content Addressable Memory (HCAM) L1 write-through cache, full RTL Network Time Protocol version 4 hardware module, and a modular crypto engine. HE-MT6D supports multiple nodes and provides 1,025% throughput performance increase over earlier C-based MT6D at 863 Mbps with full encapsulation and decapsulation, and it matches bare wire throughput performance for all other traffic. The HE-MT6D IP block can be configured as an independent physical gateway device, built as embedded Application Specific Integrated Circuit (ASIC), or serve as a System on Chip (SoC) integrated submodule. / Master of Science / Traditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. One approach to counter this effect is dynamic addressing through Moving Target Defense, which the Department of Homeland Security Cyber Security Division (CSD) designated as one of the fourteen primary Technical Topic Areas for securing federal networks and the larger Internet. A specific application for Internet Protocol version 6 (IPv6) networks is Moving Target IPv6 Defense (MT6D). This provides tunneling and dynamic cryptographic network address translation, where new addresses are cryptographically generated every few seconds. The work of this thesis presents a Network Security Processor and Hardware Engine for MT6D (HE-MT6D). HE-MT6D is the first hardware-oriented implementation of MT6D developed in full Register Transfer Level (RTL) logic and provides 1,025% performance increase over earlier C-based MT6D at 863 Mbps full duplex throughput. It also provides support for multiple nodes. The HE-MT6D Intellectual Property (IP) block is modular for maximum flexibility towards system deployment: it can be configured as an independent physical gateway device, built as embedded Application Specific Integrated Circuit (ASIC), or serve as a System on Chip (SoC) integrated submodule.

Page generated in 0.0516 seconds