?rev1line? |
?rev2line? |
|
|
|
|
|
Crypto-PAn core
|
|
---------------
|
|
http://www.opencores.org/projects.cgi/web/cryptopan_core/
|
|
|
|
|
|
1. Introduction
|
|
---------------
|
|
This project is a hardware implementation of the Crypto-PAn technique for
|
|
cryptography based prefix preserving anonymization of IP addresses, described in
|
|
[1]. A highly pipelined implementation of the AES cipher (Rijndael) [2] is used
|
|
as the underlying pseudorandom function.
|
|
|
|
For every bit of the input IP address, a 128-bit AES block encrypt is
|
|
required. To be capable of high line rates, a fully pipelined AES engine
|
|
capable of 32Gbit/s throughput on a Xilinx Virtex-4 FPGA was implemented.
|
|
|
|
The AES engine has a few options for the implementation of the S-boxes, which
|
|
affects area and timing performance. It is possible to use a logic
|
|
implementation by setting the 'use_bram' constant in 'cryptopan_package' to
|
|
'false' and 'syn_romstyle' attribute in 'sbox' to 'logic'. If 'syn_romstyle'
|
|
isn't set then block rams may be inferred. Alternatively, if
|
|
block rams are present, as in the Xilinx Virtex FPGA's, eight dual port
|
|
18Kbit B-RAMs may be used as ROM's by setting 'use_bram' to 'true'.
|
|
|
|
2. Simulation/Synthesis results
|
|
-------------------------------
|
|
This core has been simulated using Aldec Riviera 200602, using a compiled
|
|
version of the XilinxCoreLib from Xilinx ISE 8.2.
|
|
|
|
Synthesis for the Virtex-4 FX60 FPGA was carried out using Synplicity Synplify
|
|
Pro, and Xilinx ISE 8.2 for map, floorplanning, and place & route. To meet
|
|
timing at 250MHz floorplanning constraints were required. The constraints
|
|
used for the FX60 part are included in the synth directory as an example.
|
|
|
|
3. Files
|
|
--------
|
|
README This file.
|
|
COPYING GNU General public license.
|
|
|
|
rtl/cryptopan_package.vhd A package which provides some global functions,
|
|
types and constants.
|
|
rtl/mixcolumns.vhd Performs the 'Mix Columns' step of the Rijndael
|
|
cipher.
|
|
rtl/subbytesshiftrows.vhd Performs the 'Sub bytes' and 'Shift rows' steps of
|
|
the Rijndael cipher.
|
|
rtl/round_unit.vhd Implements the transformations for a whole round
|
|
of the Rijndael cipher.
|
|
rtl/sbox.vhd The Rijndael S-box.
|
|
rtl/aes_encrypt_unit.vhd A fully pipelined implementation of AES, using
|
|
128-bit keys and blocks. Supports online loading
|
|
of keys.
|
|
rtl/cryptopan_unit.vhd Uses aes_encrypt_unit to perform the Crypto-PAn
|
|
technique on IP adresses.
|
|
rtl/sbox.coe Coefficiants file for S-Box ROM.
|
|
rtl/dual_bram_256x8.vhd Memory init file for dual block ram as in Virtex
|
|
FPGAs.
|
|
|
|
tb/sbsr_tb.vhd Testbench for the subbytesshiftrows unit.
|
|
tb/cryptopan_unit_tb.vhd Testbench for the cryptopan_unit.
|
|
tb/aes_encrypt_unit_tb.vhd Testbench for the aes_encrypt_unit.
|
|
|
|
synth/virtex4_area Area usage information for the Xilinx V4 FX60.
|
|
synth/virtex4_timing Timing report for the Xilinx V4 FX60.
|
|
synth/cryptopan_unit.ucf Timing and floorplan constraints Xilinx V4 FX60 to
|
|
run at 250MHz. This gives the AES engine a
|
|
throughput of 32Gbit/s.
|
|
sim/sample_trace_raw Test vectors from C++ implementation by Jinliang
|
|
Fan.
|
|
sim/sample_trace_anon Anonymized output from test vectors.
|
|
sim/trace_raw_bin Test vectors from C++ implementation by Jinliang
|
|
Fan in binary format for easy testbenching.
|
|
sim/trace_anon_bin Anonymized output from test vectors in binary
|
|
format for easy testbenching.
|
|
sim/waveform.vcd Waveform showing initialization and then
|
|
anonymization of a stream of IP addresses.
|
|
|
|
4. References
|
|
-------------
|
|
[1] J. Fan, J. Xu, M. H. Ammar, S. B. Moon, "Prefix-preserving IP address
|
|
anonymization: measurement-based security evaluation and a new
|
|
cryptography-based scheme", Computer Networks, Volume 46, Issue 2, 7
|
|
October 2004, Pages 253-272, Elsevier
|
|
|
|
[2] J.Daemen, V. Rijmen, "AES proposal: Rijndael", Technical report, Computer
|
|
Security Resource Center, National Institute of Standards and
|
|
Technology, February 2001
|
|
|
|
5. Contact
|
|
----------
|
|
Please contact Anthony Blake (tonyb33@opencores.org) if you have any questions
|
|
about the core. Your comments are highly appreciated.
|
