1 |
2 |
tonyb33 |
|
2 |
|
|
|
3 |
|
|
Crypto-PAn core
|
4 |
|
|
---------------
|
5 |
|
|
http://www.opencores.org/projects.cgi/web/cryptopan_core/
|
6 |
|
|
|
7 |
|
|
|
8 |
|
|
1. Introduction
|
9 |
|
|
---------------
|
10 |
|
|
This project is a hardware implementation of the Crypto-PAn technique for
|
11 |
|
|
cryptography based prefix preserving anonymization of IP addresses, described in
|
12 |
|
|
[1]. A highly pipelined implementation of the AES cipher (Rijndael) [2] is used
|
13 |
|
|
as the underlying pseudorandom function.
|
14 |
|
|
|
15 |
|
|
For every bit of the input IP address, a 128-bit AES block encrypt is
|
16 |
|
|
required. To be capable of high line rates, a fully pipelined AES engine
|
17 |
|
|
capable of 32Gbit/s throughput on a Xilinx Virtex-4 FPGA was implemented.
|
18 |
|
|
|
19 |
|
|
The AES engine has a few options for the implementation of the S-boxes, which
|
20 |
|
|
affects area and timing performance. It is possible to use a logic
|
21 |
|
|
implementation by setting the 'use_bram' constant in 'cryptopan_package' to
|
22 |
|
|
'false' and 'syn_romstyle' attribute in 'sbox' to 'logic'. If 'syn_romstyle'
|
23 |
|
|
isn't set then block rams may be inferred. Alternatively, if
|
24 |
|
|
block rams are present, as in the Xilinx Virtex FPGA's, eight dual port
|
25 |
|
|
18Kbit B-RAMs may be used as ROM's by setting 'use_bram' to 'true'.
|
26 |
|
|
|
27 |
|
|
2. Simulation/Synthesis results
|
28 |
|
|
-------------------------------
|
29 |
|
|
This core has been simulated using Aldec Riviera 200602, using a compiled
|
30 |
|
|
version of the XilinxCoreLib from Xilinx ISE 8.2.
|
31 |
|
|
|
32 |
|
|
Synthesis for the Virtex-4 FX60 FPGA was carried out using Synplicity Synplify
|
33 |
|
|
Pro, and Xilinx ISE 8.2 for map, floorplanning, and place & route. To meet
|
34 |
|
|
timing at 250MHz floorplanning constraints were required. The constraints
|
35 |
|
|
used for the FX60 part are included in the synth directory as an example.
|
36 |
|
|
|
37 |
|
|
3. Files
|
38 |
|
|
--------
|
39 |
|
|
README This file.
|
40 |
|
|
COPYING GNU General public license.
|
41 |
|
|
|
42 |
|
|
rtl/cryptopan_package.vhd A package which provides some global functions,
|
43 |
|
|
types and constants.
|
44 |
|
|
rtl/mixcolumns.vhd Performs the 'Mix Columns' step of the Rijndael
|
45 |
|
|
cipher.
|
46 |
|
|
rtl/subbytesshiftrows.vhd Performs the 'Sub bytes' and 'Shift rows' steps of
|
47 |
|
|
the Rijndael cipher.
|
48 |
|
|
rtl/round_unit.vhd Implements the transformations for a whole round
|
49 |
|
|
of the Rijndael cipher.
|
50 |
|
|
rtl/sbox.vhd The Rijndael S-box.
|
51 |
|
|
rtl/aes_encrypt_unit.vhd A fully pipelined implementation of AES, using
|
52 |
|
|
128-bit keys and blocks. Supports online loading
|
53 |
|
|
of keys.
|
54 |
|
|
rtl/cryptopan_unit.vhd Uses aes_encrypt_unit to perform the Crypto-PAn
|
55 |
|
|
technique on IP adresses.
|
56 |
|
|
rtl/sbox.coe Coefficiants file for S-Box ROM.
|
57 |
|
|
rtl/dual_bram_256x8.vhd Memory init file for dual block ram as in Virtex
|
58 |
|
|
FPGAs.
|
59 |
|
|
|
60 |
|
|
tb/sbsr_tb.vhd Testbench for the subbytesshiftrows unit.
|
61 |
|
|
tb/cryptopan_unit_tb.vhd Testbench for the cryptopan_unit.
|
62 |
|
|
tb/aes_encrypt_unit_tb.vhd Testbench for the aes_encrypt_unit.
|
63 |
|
|
|
64 |
|
|
synth/virtex4_area Area usage information for the Xilinx V4 FX60.
|
65 |
|
|
synth/virtex4_timing Timing report for the Xilinx V4 FX60.
|
66 |
|
|
synth/cryptopan_unit.ucf Timing and floorplan constraints Xilinx V4 FX60 to
|
67 |
|
|
run at 250MHz. This gives the AES engine a
|
68 |
|
|
throughput of 32Gbit/s.
|
69 |
|
|
sim/sample_trace_raw Test vectors from C++ implementation by Jinliang
|
70 |
|
|
Fan.
|
71 |
|
|
sim/sample_trace_anon Anonymized output from test vectors.
|
72 |
|
|
sim/trace_raw_bin Test vectors from C++ implementation by Jinliang
|
73 |
|
|
Fan in binary format for easy testbenching.
|
74 |
|
|
sim/trace_anon_bin Anonymized output from test vectors in binary
|
75 |
|
|
format for easy testbenching.
|
76 |
|
|
sim/waveform.vcd Waveform showing initialization and then
|
77 |
|
|
anonymization of a stream of IP addresses.
|
78 |
|
|
|
79 |
|
|
4. References
|
80 |
|
|
-------------
|
81 |
|
|
[1] J. Fan, J. Xu, M. H. Ammar, S. B. Moon, "Prefix-preserving IP address
|
82 |
|
|
anonymization: measurement-based security evaluation and a new
|
83 |
|
|
cryptography-based scheme", Computer Networks, Volume 46, Issue 2, 7
|
84 |
|
|
October 2004, Pages 253-272, Elsevier
|
85 |
|
|
|
86 |
|
|
[2] J.Daemen, V. Rijmen, "AES proposal: Rijndael", Technical report, Computer
|
87 |
|
|
Security Resource Center, National Institute of Standards and
|
88 |
|
|
Technology, February 2001
|
89 |
|
|
|
90 |
|
|
5. Contact
|
91 |
|
|
----------
|
92 |
|
|
Please contact Anthony Blake (tonyb33@opencores.org) if you have any questions
|
93 |
|
|
about the core. Your comments are highly appreciated.
|