- Tytuł:
-
Sprzętowy detektor szyfrowanej informacji przesyłanej w sieciach TCP/IP
Hardware detector of encrypted information transmitted in the TCP/IP networks - Autorzy:
-
Gancarczyk, G.
Dąbrowska-Boruch, A.
Wiatr, K. - Powiązania:
- https://bibliotekanauki.pl/articles/154992.pdf
- Data publikacji:
- 2011
- Wydawca:
- Stowarzyszenie Inżynierów i Techników Mechaników Polskich
- Tematy:
-
analiza ruchu sieciowego
FPGA
logika reprogramowalna
sniffing
szyfrowanie
encryption
network data analysis
reconfigurable computing - Opis:
-
Artykuł prezentuje sposób realizacji, cechy charakterystyczne i zasadę działania urządzenia wykrywającego pakiety zawierające dane zaszyfrowane przesyłane w sieciach opartych o stos protokołów TCP/IP. Detektor zrealizowano w oparciu o system SPARTAN 3E Development Kit firmy Digilent [1]. Kluczowym elementem jest układ FPGA xc3s1600e firmy Xilinx [2]. W artykule przedstawiono schemat blokowy detektora, informacje o sprawności detekcji rozwiązania programowego oraz sprzętowego, zasobach logicznych zajętych przez układ.
The paper describes how to realize a device which can detect encrypted data transfer in computer networks based on the TCP/IP protocols stack. Its features and principles of operation are given. The device is based on the Digilent's SPARTAN 3E Development Kit [1] whose key element is the Xilinx's xc3s1600e [2]. The available publications about distinguishing ciphertext from plaintext tell only that methods typical for randomness check of encrypting algorithms can be used [6]. Many alternative (in field of data distinguishing), interesting publications about steganography [7], computer worms and viruses detection can be easily found [3, 4]. Exemplary implementations of those in FPGA are not difficult to find, either [8]. Lack of publications in the field of encrypted message detection was partial motivation for this paper (Section 1). The presented algorithm of encrypted data detection is based on theorems from [9, 10]. It has advantages and disadvantages, which are discussed (Section 2). The detector (of so called 2nd order) chosen for implementation has good theoretical efficiency (Tab. 1). Its block diagram is shown in Fig. 1 (Section 3). The results of synthesis and implementation are given in Tab. 2, and its efficiency in Tab. 3. The functionality of all blocks of Fig. 1 is discussed (Sections 4 and 5). The efficiency of the implemented device is almost as good as the theoretical one. There are two main limitations - lower (100 B) and upper (1460 B) length of the Ethernet frame data field, and maximum frequency of device clock, which makes it unable (as for xc3s1600) to operate in Gigabit Ethernet networks (Section 6). The presented device can be used as a network data analyzer, a ciphertext detector and a network anomaly detector. - Źródło:
-
Pomiary Automatyka Kontrola; 2011, R. 57, nr 8, 8; 923-925
0032-4140 - Pojawia się w:
- Pomiary Automatyka Kontrola
- Dostawca treści:
- Biblioteka Nauki