The 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming.

Slides:



Advertisements
Similar presentations
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Advertisements

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
IS Network and Telecommunications Risks
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Module 1 – MIS Careers & Intro to Systems Architecture MIS5122: Enterprise Architecture for IT Auditors.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Aug 20 th, 2002 Sigcomm Education Workshop 1 Teaching tools for a network infrastructure teaching lab The Virtual Router and NetFPGA Sigcomm Education.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.
Cyber crime & Security Prepared by : Rughani Zarana.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
BUSINESS B1 Information Security.
Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Chapter 7 Networks and the Internet Networks Sharing resources among multiple computers (workstations) Local Area Networks Wide Area Networks.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Types of Electronic Infection
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Module 11: Designing Security for Network Perimeters.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Information Security in Distributed Systems Distributed Systems1.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
Computer Security By Duncan Hall.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
Top 5 Open Source Firewall Software for Linux User
(A CORPORATE NETWORK APPROACH)
High Performance Computing Lab.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Security Issues.
Introduction to Networking
Firewalls.
HW and SW Solution for Black-box attacks
Firewalls Purpose of a Firewall Characteristic of a firewall
IP Control Gateway (IPCG)
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
NetFPGA - an open network development platform
Protection Mechanisms in Security Management
EAST MDSplus Log Data Management System
Presentation transcript:

the 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming Ding, Ke Xiong, Shuo Dai, Baolong Yu a new kind of high-efficiency and more secure strategy in network security protection

the 1st European NetFPGA Developers Workshop Author Introduction(1) Kai Zhang Master of Engineering in Signal and Information processing, Institute of Information Science, Beijing Jiaotong University (formerly knows as Northern Jiaotong University), Beijing, China. His research interests include Security Architecture, Reusable Methodology and Design & Implementation of LTE advanced. E- mail: Xiaoming Ding Associate Professor, Institute of Information Science, School of Computer & Information Technology, Beijing Jiaotong University, Beijing, China. His research interests include Information Theory, Information Security, EDA/SOPC Development and Reusable Methodology.

the 1st European NetFPGA Developers Workshop Author Introduction(2) Ke Xiong Ke Xiong received his B.Sc. degree and Ph.D. degree in Beijing Jiaotong University, Beijing, China. He is now working as a postdoctor at Department of Electronic Engineering, Tsinghua University, China. His research interests include Next Generation Network, QoS Guarantee in IP Networks, Multimedia Communication, Network Information Theory and Network Coding.

the 1st European NetFPGA Developers Workshop Main Content 4. Conclusion 3. Implementation 2. Architecture 1. Introduction

the 1st European NetFPGA Developers Workshop 1. Introduction -background network security and terminal security issues -network attacks, including denial of service attacks, unauthorized access, distributed attacks and so on. -terminal attacks, viruses and Trojan horse attacks on USB storage devices cannot be completely resolved. -other problems, such as user information disclosure. ★ One of the urgent & key problems that needs to be solved in information security. ★ Underlines the importance of security measures

the 1st European NetFPGA Developers Workshop 1. Introduction -Solutions How to effectively improve network security and terminal security? 1. Traditional security protection systems? -Traditional network protection systems. △ Traditional software firewall △ Traditional hardware firewall -Traditional terminal protection systems. 2. Reconfigurable security protection systems ? -Reconfigurable network protection systems. △ Reconfigurable hardware firewall -Reconfigurable terminal protection systems.

the 1st European NetFPGA Developers Workshop 1. Introduction Reconfigurable hardware firewall HW firewall with remote reconfiguration supported Reconfigurable HW firewall Traditional HW firewall Software Firewall Remote Reconfiguration -Ensure the efficiency and security Update the HW circuits and SW system ASIC & Dedicated chips Reconfigurable hardware firewall

the 1st European NetFPGA Developers Workshop 1. Introduction NIDS A firewall is not the ultimate solution for network security. ※ Total reliance on the firewall tool may provide a false sense of security. The firewall will not work alone (no matter how it is designed or implemented) as it is not a panacea. ※ It is inconvenient for the firewall because most information about attacks of the firewall depends on the administrators.

the 1st European NetFPGA Developers Workshop Main Content 4. Conclusion 3. Implementation 2. Architecture 1. Introduction 2. Architecture 1. Introduction

the 1st European NetFPGA Developers Workshop 2. Architecture

the 1st European NetFPGA Developers Workshop 2. Architecture NIDS PetaLinux+libPcap SQL injection 、 CGI attacks Reconfigurable Firewall Servers 1.Sample Web server 2.Web Camera App(RTP) Control Panel of The Hardware Firewall Filtering Table Two Register Tables

the 1st European NetFPGA Developers Workshop 2. Architecture Most parts of this protection system are designed and implemented in hardware to be faster and more secure. For instance, on the one hand, packet filtering in hardware, immunity from ARP attacks in hardware, monitoring and transmitting with hardware acceleration are designed and implemented on the NetFPGA to protect the subnet from network attacks. On the other hand, AES and DES encryption modules in hardware, immunity from the USB virus and Trojan horse by physical isolation are designed and implemented on the DE2 board to protect terminal security effectively.

the 1st European NetFPGA Developers Workshop Main Content 4. Conclusion 3. Implementation 2. Architecture 1. Introduction 3. Implementation 2. Architecture 1. Introduction

the 1st European NetFPGA Developers Workshop 3.1 Reconfigurable Hardware Firewall –packet filtering NetFPGA User Data Path (in_data) Register Bits Words63:4847:3231:1615:0 1eth dst addeth sa hi 2eth sa lotypever,ihl,tos 3total lengthidflags,foftll,proto 4checksumsrc ipdst ip hi 5dsp ip losrc_portdst portTCP/UDP len 6 TCP/UDP cksum DATA 7 …

the 1st European NetFPGA Developers Workshop Main Content 4. Conclusion 3. Implementation 2. Architecture 1. Introduction 3. Implementation 2. Architecture 1. Introduction 4. Conclusion

the 1st European NetFPGA Developers Workshop 4 Innovation -Reconfigurable Hardware Firewall 1.Reconfigurable HW firewall packet filtering in hardware, immunity from ARP attacks in hardware 2.Reconfigurable design Improve performance, Reduce the cost 3.Remote reconfiguration Updating the system via any devices Hardware firewall with remote reconfiguration supported Traditional hardware firewall Traditional software firewall Updating hardware means a lot of time and money will be wasted 1.Low-performance 2.Its speed and throughput is not high enough

the 1st European NetFPGA Developers Workshop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.