170 likes | 179 Views
This paper proposes a new approach for network security protection using a reconfigurable hardware firewall with remote reconfiguration support. The strategy aims to improve the efficiency and security of network security measures, addressing issues such as network attacks, terminal attacks, and user information disclosure.
E N D
Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 a new kind of high-efficiency and more secure strategy in network security protection Kai Zhang, Xiaoming Ding, Ke Xiong, Shuo Dai, Baolong Yu
Author Introduction(1) KaiZhang Master of Engineering in Signal and Information processing, Institute of Information Science, Beijing Jiaotong University (formerly knows as Northern Jiaotong University), Beijing, China. His research interests include Security Architecture, Reusable Methodology and Design & Implementation of LTE advanced. E-mail: kzhang0503@gmail.com Xiaoming Ding Associate Professor, Institute of Information Science, Schoolof Computer & Information Technology, Beijing Jiaotong University, Beijing, China. His research interests include Information Theory, Information Security, EDA/SOPC Development and Reusable Methodology. E-mail: xmding@bjtu.edu.cn
Author Introduction(2) Ke Xiong Ke Xiong received his B.Sc. degree and Ph.D. degree in Beijing Jiaotong University, Beijing, China. He is now working as a postdoctor at Department of Electronic Engineering, Tsinghua University, China. His research interests include Next Generation Network, QoS Guarantee in IP Networks, Multimedia Communication, Network Information Theory and Network Coding.
Main Content 1. Introduction 1. Introduction 2. Architecture 3. Implementation 4. Conclusion
1. Introduction -background network security and terminal security issues -network attacks, including denial of service attacks, unauthorized access, distributed attacks and so on. -terminal attacks, viruses and Trojan horse attacks on USB storage devices cannot be completely resolved. -other problems, such as user information disclosure. ★One of the urgent & key problems that needs to be solved in information security. ★Underlines the importance of security measures
1. Introduction -Solutions • How to effectively improve network security and terminal security? • 1. Traditional security protection systems? • Traditional network protection systems. • △ Traditional software firewall • △ Traditional hardware firewall • Traditional terminal protection systems. • 2. Reconfigurable security protection systems ? • Reconfigurable network protection systems. • △ Reconfigurable hardware firewall • Reconfigurable terminal protection systems.
1. Introduction Reconfigurable hardware firewall Reconfigurable hardware firewall Remote Reconfiguration -Ensure the efficiency and security HW firewall with remote reconfiguration supported Update the HW circuits and SW system Reconfigurable HW firewall ASIC & Dedicated chips Traditional HW firewall Software Firewall
1. Introduction NIDS • A firewall is not the ultimate solution for network security. • ※ Total reliance on the firewall tool may provide a false sense of security. The firewall will not work alone (no matter how it is designed or implemented) as it is not a panacea. • ※ It is inconvenient for the firewall because most information about attacks of the firewall depends on the administrators.
Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 4. Conclusion
2. Architecture Reconfigurable Firewall Filtering Table Two Register Tables Control Panel of The Hardware Firewall Servers 1.Sample Web server 2.Web Camera App(RTP) NIDS PetaLinux+libPcap SQL injection、CGI attacks
2. Architecture • Most parts of this protection system are designed and implemented in hardware to be faster and more secure. • For instance, • on the one hand, packet filtering in hardware, immunity from ARP attacks in hardware, monitoring and transmitting with hardware acceleration are designed and implemented on the NetFPGA to protect the subnet from network attacks. • On the other hand, AES and DES encryption modules in hardware, immunity from the USB virus and Trojan horse by physical isolation are designed and implemented on the DE2 board to protect terminal security effectively.
Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 3. Implementation 4. Conclusion
3.1Reconfigurable Hardware Firewall –packet filtering NetFPGA
Main Content 1. Introduction 1. Introduction 2. Architecture 2. Architecture 3. Implementation 3. Implementation 4. Conclusion 4. Conclusion
4Innovation -Reconfigurable Hardware Firewall Hardware firewall with remote reconfiguration supported Firewall • Reconfigurable HW firewall • packet filtering in hardware, immunity from ARP attacks in hardware • 2.Reconfigurable design • Improve performance, Reduce the cost • Remote reconfiguration • Updating the system via any devices Traditional hardware firewall Updating hardware means a lot of time and money will be wasted Traditional software firewall • Low-performance • Its speed and throughput is not high enough