VTechWorks staff will be away for the winter holidays starting Tuesday, December 24, 2024, through Wednesday, January 1, 2025, and will not be replying to requests during this time. Thank you for your patience, and happy holidays!
 

HE-MT6D: A Network Security Processor with Hardware Engine for Moving Target IPv6 Defense (MT6D) over 1 Gbps IEEE 802.3 Ethernet

dc.contributor.authorSagisi, Joseph Lozanoen
dc.contributor.committeechairTront, Joseph G.en
dc.contributor.committeememberSchaumont, Patrick R.en
dc.contributor.committeememberMarchany, Randolph C.en
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2019-01-20T07:00:27Zen
dc.date.available2019-01-20T07:00:27Zen
dc.date.issued2017-07-28en
dc.description.abstractTraditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. To counter, Moving Target IPv6 Defense (MT6D) provides a network host obfuscation technique that dynamically obscures network and transport layer addresses. Software driven implementations have posed many challenges, namely, constant code maintenance to remain compliant with all library and kernel dependencies, less than optimal throughput, and the requirement for a dedicated general purpose hardware. The work of this thesis presents Network Security Processor and Hardware Engine for MT6D (HE-MT6D) to overcome these challenges. HE-MT6D is a soft core Intellectual Property (IP) block developed in full Register Transfer Level (RTL) and is the first hardware-oriented design of MT6D. Major contributions of HE-MT6D include the complete separation of the data and control planes, development of a nonlinear Complex Instruction Set Computer (CISC) Network Security Processor for in-flight packet modification, a specialized Packet Assembly language, a configurable and a parallelized memory search through tag-based Hybrid Content Addressable Memory (HCAM) L1 write-through cache, full RTL Network Time Protocol version 4 hardware module, and a modular crypto engine. HE-MT6D supports multiple nodes and provides 1,025% throughput performance increase over earlier C-based MT6D at 863 Mbps with full encapsulation and decapsulation, and it matches bare wire throughput performance for all other traffic. The HE-MT6D IP block can be configured as an independent physical gateway device, built as embedded Application Specific Integrated Circuit (ASIC), or serve as a System on Chip (SoC) integrated submodule.en
dc.description.abstractgeneralTraditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. One approach to counter this effect is dynamic addressing through Moving Target Defense, which the Department of Homeland Security Cyber Security Division (CSD) designated as one of the fourteen primary Technical Topic Areas for securing federal networks and the larger Internet. A specific application for Internet Protocol version 6 (IPv6) networks is Moving Target IPv6 Defense (MT6D). This provides tunneling and dynamic cryptographic network address translation, where new addresses are cryptographically generated every few seconds. The work of this thesis presents a Network Security Processor and Hardware Engine for MT6D (HE-MT6D). HE-MT6D is the first hardware-oriented implementation of MT6D developed in full Register Transfer Level (RTL) logic and provides 1,025% performance increase over earlier C-based MT6D at 863 Mbps full duplex throughput. It also provides support for multiple nodes. The HE-MT6D Intellectual Property (IP) block is modular for maximum flexibility towards system deployment: it can be configured as an independent physical gateway device, built as embedded Application Specific Integrated Circuit (ASIC), or serve as a System on Chip (SoC) integrated submodule.en
dc.description.degreeMaster of Scienceen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:12176en
dc.identifier.urihttp://hdl.handle.net/10919/86789en
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectIPv6 Securityen
dc.subjectMoving Target Defenseen
dc.subjectNetwork Security Processoren
dc.subjectField programmable gate arraysen
dc.subjectMoving Target IPv6 Defenseen
dc.subjectSystem on Chipen
dc.subjectPacket Processoren
dc.titleHE-MT6D: A Network Security Processor with Hardware Engine for Moving Target IPv6 Defense (MT6D) over 1 Gbps IEEE 802.3 Etherneten
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Sagisi_JL_T_2017.pdf
Size:
6.19 MB
Format:
Adobe Portable Document Format

Collections