FPGA based Network Security Architecture for High Speed Networks

Abstract

Cryptography and Network Security in high speed networks demands for specialized hardware in order to match up with the network speed. These hardware modules are being realized using reconfigurable FPGA technology to support heavy computation. Our work is mainly based on designing an efficient architecture for a cryptographic module and a network intrusion detection system for a high speed network. All the designs are coded using VHDL and are synthesized using Xilinx ISE for verifying their functionality. Virtex II pro FPGA is chosen as the target device for realization of the proposed design. In the cryptographic module, International Data Encryption Algorithm (IDEA), a symmetric key block cipher is chosen as the algorithm for implementation. The design goal is to increase the data conversion rate i.e the throughput to a substantial value so that the design can be used as a cryptographic coprocessor in high speed network applications. We have proposed a new n bit multiplier in the design which generates less number of partial products less than n/2 and the operands are in diminished-one representation. The multiplication is based on Radix-8 Booth's recoding with different combinations of outer round and inner round pipelining approach and a substantial high throughput to area ratio is achieved. The Network Intrusion Detection System (NIDS) module is designed for scanning suspicious patterns in data packets incoming to the network. Scanning a data packet against multiple patterns in quick time is a highly computational intensive task. A string matching module is realized using a memory efficient multi hashing data structure called Bloom Filter, in which multiple patterns can be matched in a single clock cycle. A separate parallel hash module is also designed for eliminating the packets which are treated as false positives. The string matching module is coded and functionally verified using VHDL targeting Virtex II pro FPGA and performance evaluation is made in terms of speed and resource utilization.