| 1 |
2 |
tonyb33 |
|
| 2 |
|
|
|
| 3 |
|
|
Crypto-PAn core
|
| 4 |
|
|
---------------
|
| 5 |
|
|
http://www.opencores.org/projects.cgi/web/cryptopan_core/
|
| 6 |
|
|
|
| 7 |
|
|
|
| 8 |
|
|
1. Introduction
|
| 9 |
|
|
---------------
|
| 10 |
|
|
This project is a hardware implementation of the Crypto-PAn technique for
|
| 11 |
|
|
cryptography based prefix preserving anonymization of IP addresses, described in
|
| 12 |
|
|
[1]. A highly pipelined implementation of the AES cipher (Rijndael) [2] is used
|
| 13 |
|
|
as the underlying pseudorandom function.
|
| 14 |
|
|
|
| 15 |
|
|
For every bit of the input IP address, a 128-bit AES block encrypt is
|
| 16 |
|
|
required. To be capable of high line rates, a fully pipelined AES engine
|
| 17 |
|
|
capable of 32Gbit/s throughput on a Xilinx Virtex-4 FPGA was implemented.
|
| 18 |
|
|
|
| 19 |
|
|
The AES engine has a few options for the implementation of the S-boxes, which
|
| 20 |
|
|
affects area and timing performance. It is possible to use a logic
|
| 21 |
|
|
implementation by setting the 'use_bram' constant in 'cryptopan_package' to
|
| 22 |
|
|
'false' and 'syn_romstyle' attribute in 'sbox' to 'logic'. If 'syn_romstyle'
|
| 23 |
|
|
isn't set then block rams may be inferred. Alternatively, if
|
| 24 |
|
|
block rams are present, as in the Xilinx Virtex FPGA's, eight dual port
|
| 25 |
|
|
18Kbit B-RAMs may be used as ROM's by setting 'use_bram' to 'true'.
|
| 26 |
|
|
|
| 27 |
|
|
2. Simulation/Synthesis results
|
| 28 |
|
|
-------------------------------
|
| 29 |
|
|
This core has been simulated using Aldec Riviera 200602, using a compiled
|
| 30 |
|
|
version of the XilinxCoreLib from Xilinx ISE 8.2.
|
| 31 |
|
|
|
| 32 |
|
|
Synthesis for the Virtex-4 FX60 FPGA was carried out using Synplicity Synplify
|
| 33 |
|
|
Pro, and Xilinx ISE 8.2 for map, floorplanning, and place & route. To meet
|
| 34 |
|
|
timing at 250MHz floorplanning constraints were required. The constraints
|
| 35 |
|
|
used for the FX60 part are included in the synth directory as an example.
|
| 36 |
|
|
|
| 37 |
|
|
3. Files
|
| 38 |
|
|
--------
|
| 39 |
|
|
README This file.
|
| 40 |
|
|
COPYING GNU General public license.
|
| 41 |
|
|
|
| 42 |
|
|
rtl/cryptopan_package.vhd A package which provides some global functions,
|
| 43 |
|
|
types and constants.
|
| 44 |
|
|
rtl/mixcolumns.vhd Performs the 'Mix Columns' step of the Rijndael
|
| 45 |
|
|
cipher.
|
| 46 |
|
|
rtl/subbytesshiftrows.vhd Performs the 'Sub bytes' and 'Shift rows' steps of
|
| 47 |
|
|
the Rijndael cipher.
|
| 48 |
|
|
rtl/round_unit.vhd Implements the transformations for a whole round
|
| 49 |
|
|
of the Rijndael cipher.
|
| 50 |
|
|
rtl/sbox.vhd The Rijndael S-box.
|
| 51 |
|
|
rtl/aes_encrypt_unit.vhd A fully pipelined implementation of AES, using
|
| 52 |
|
|
128-bit keys and blocks. Supports online loading
|
| 53 |
|
|
of keys.
|
| 54 |
|
|
rtl/cryptopan_unit.vhd Uses aes_encrypt_unit to perform the Crypto-PAn
|
| 55 |
|
|
technique on IP adresses.
|
| 56 |
|
|
rtl/sbox.coe Coefficiants file for S-Box ROM.
|
| 57 |
|
|
rtl/dual_bram_256x8.vhd Memory init file for dual block ram as in Virtex
|
| 58 |
|
|
FPGAs.
|
| 59 |
|
|
|
| 60 |
|
|
tb/sbsr_tb.vhd Testbench for the subbytesshiftrows unit.
|
| 61 |
|
|
tb/cryptopan_unit_tb.vhd Testbench for the cryptopan_unit.
|
| 62 |
|
|
tb/aes_encrypt_unit_tb.vhd Testbench for the aes_encrypt_unit.
|
| 63 |
|
|
|
| 64 |
|
|
synth/virtex4_area Area usage information for the Xilinx V4 FX60.
|
| 65 |
|
|
synth/virtex4_timing Timing report for the Xilinx V4 FX60.
|
| 66 |
|
|
synth/cryptopan_unit.ucf Timing and floorplan constraints Xilinx V4 FX60 to
|
| 67 |
|
|
run at 250MHz. This gives the AES engine a
|
| 68 |
|
|
throughput of 32Gbit/s.
|
| 69 |
|
|
sim/sample_trace_raw Test vectors from C++ implementation by Jinliang
|
| 70 |
|
|
Fan.
|
| 71 |
|
|
sim/sample_trace_anon Anonymized output from test vectors.
|
| 72 |
|
|
sim/trace_raw_bin Test vectors from C++ implementation by Jinliang
|
| 73 |
|
|
Fan in binary format for easy testbenching.
|
| 74 |
|
|
sim/trace_anon_bin Anonymized output from test vectors in binary
|
| 75 |
|
|
format for easy testbenching.
|
| 76 |
|
|
sim/waveform.vcd Waveform showing initialization and then
|
| 77 |
|
|
anonymization of a stream of IP addresses.
|
| 78 |
|
|
|
| 79 |
|
|
4. References
|
| 80 |
|
|
-------------
|
| 81 |
|
|
[1] J. Fan, J. Xu, M. H. Ammar, S. B. Moon, "Prefix-preserving IP address
|
| 82 |
|
|
anonymization: measurement-based security evaluation and a new
|
| 83 |
|
|
cryptography-based scheme", Computer Networks, Volume 46, Issue 2, 7
|
| 84 |
|
|
October 2004, Pages 253-272, Elsevier
|
| 85 |
|
|
|
| 86 |
|
|
[2] J.Daemen, V. Rijmen, "AES proposal: Rijndael", Technical report, Computer
|
| 87 |
|
|
Security Resource Center, National Institute of Standards and
|
| 88 |
|
|
Technology, February 2001
|
| 89 |
|
|
|
| 90 |
|
|
5. Contact
|
| 91 |
|
|
----------
|
| 92 |
|
|
Please contact Anthony Blake (tonyb33@opencores.org) if you have any questions
|
| 93 |
|
|
about the core. Your comments are highly appreciated.
|
