1 / 17

Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5

Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5. a new kind of high-efficiency and more secure strategy in network security protection . Kai Zhang, Xiaoming Ding, Ke Xiong, Shuo Dai, Baolong Yu. Author Introduction(1). Kai Zhang

ide
Download Presentation

Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 a new kind of high-efficiency and more secure strategy in network security protection Kai Zhang, Xiaoming Ding, Ke Xiong, Shuo Dai, Baolong Yu

  2. Author Introduction(1) KaiZhang Master of Engineering in Signal and Information processing, Institute of Information Science, Beijing Jiaotong University (formerly knows as Northern Jiaotong University), Beijing, China. His research interests include Security Architecture, Reusable Methodology and Design & Implementation of LTE advanced. E-mail: kzhang0503@gmail.com Xiaoming Ding Associate Professor, Institute of Information Science, Schoolof Computer & Information Technology, Beijing Jiaotong University, Beijing, China. His research interests include Information Theory, Information Security, EDA/SOPC Development and Reusable Methodology. E-mail: xmding@bjtu.edu.cn

  3. Author Introduction(2) Ke Xiong Ke Xiong received his B.Sc. degree and Ph.D. degree in Beijing Jiaotong University, Beijing, China. He is now working as a postdoctor at Department of Electronic Engineering, Tsinghua University, China. His research interests include Next Generation Network, QoS Guarantee in IP Networks, Multimedia Communication, Network Information Theory and Network Coding.

  4. Main Content 1. Introduction 1. Introduction 2. Architecture 3. Implementation 4. Conclusion

  5. 1. Introduction -background network security and terminal security issues -network attacks, including denial of service attacks, unauthorized access, distributed attacks and so on. -terminal attacks, viruses and Trojan horse attacks on USB storage devices cannot be completely resolved. -other problems, such as user information disclosure. ★One of the urgent & key problems that needs to be solved in information security. ★Underlines the importance of security measures

  6. 1. Introduction -Solutions • How to effectively improve network security and terminal security? • 1. Traditional security protection systems? • Traditional network protection systems. • △ Traditional software firewall • △ Traditional hardware firewall • Traditional terminal protection systems. • 2. Reconfigurable security protection systems ? • Reconfigurable network protection systems. • △ Reconfigurable hardware firewall • Reconfigurable terminal protection systems.

  7. 1. Introduction Reconfigurable hardware firewall Reconfigurable hardware firewall Remote Reconfiguration -Ensure the efficiency and security HW firewall with remote reconfiguration supported Update the HW circuits and SW system Reconfigurable HW firewall ASIC & Dedicated chips Traditional HW firewall Software Firewall

  8. 1. Introduction NIDS • A firewall is not the ultimate solution for network security. • ※ Total reliance on the firewall tool may provide a false sense of security. The firewall will not work alone (no matter how it is designed or implemented) as it is not a panacea. • ※ It is inconvenient for the firewall because most information about attacks of the firewall depends on the administrators.

  9. Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 4. Conclusion

  10. 2. Architecture

  11. 2. Architecture Reconfigurable Firewall Filtering Table Two Register Tables Control Panel of The Hardware Firewall Servers 1.Sample Web server 2.Web Camera App(RTP) NIDS PetaLinux+libPcap SQL injection、CGI attacks

  12. 2. Architecture • Most parts of this protection system are designed and implemented in hardware to be faster and more secure. • For instance, • on the one hand, packet filtering in hardware, immunity from ARP attacks in hardware, monitoring and transmitting with hardware acceleration are designed and implemented on the NetFPGA to protect the subnet from network attacks. • On the other hand, AES and DES encryption modules in hardware, immunity from the USB virus and Trojan horse by physical isolation are designed and implemented on the DE2 board to protect terminal security effectively.

  13. Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 3. Implementation 4. Conclusion

  14. 3.1Reconfigurable Hardware Firewall –packet filtering NetFPGA

  15. Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 3. Implementation 4. Conclusion 4. Conclusion

  16. 4Innovation -Reconfigurable Hardware Firewall Hardware firewall with remote reconfiguration supported Firewall • Reconfigurable HW firewall • packet filtering in hardware, immunity from ARP attacks in hardware • 2.Reconfigurable design • Improve performance, Reduce the cost • Remote reconfiguration • Updating the system via any devices Traditional hardware firewall Updating hardware means a lot of time and money will be wasted Traditional software firewall • Low-performance • Its speed and throughput is not high enough

  17. Thank you!

More Related