Research And Implementation Of Security System For High-Speed Network

With the continuous development of Internet business and the growing user demand, "large capacity, high access bandwidth, high reliability, multi-service QoS class support capabilities," is the future direction of the network development. Meanwhile, it is need to study for high-SPeed network security system which is suitable for solving the security problems during the transmission in order to protect the security and integrity of data. In this paper, after deeply studying for the facing problems of security, this thesis proposes the encryption and authentication algorithm GCM which is suitable for high-SPeed network. This thesis presents a high-SPeed, low latency GCM hardware structure, and completes the simulation and comprehensive analysis based on the Xilinx FPGA platform. Moreover, comprehensive analysis is made for the high-SPeed Ethernet frame structure, according to the G/10Gbps Ethernet applications environment; this thesis also presents a security system for high-SPeed network to ensure security and integrity of high-SPeed data during transmission. Furthermore the system has been tested based on high-SPeed Ethernet GE.This thesis's main work and relative summing-up are as following:1. Discuss and summary the existing authenticated encryption algorithms, point out the advantage of GCM, summary the research status of GCM algorithm.2. Make the analysis of the security threats in current high-SPeed access network, and introduces the principle of encryption and authentication algorithms GCM against the security threats of high-SPeed access network, the thesis presents a hardware implementation structure, the throughput is achieve 28.476Gbps on the FPGA platform, which meets the requirements of high-SPeed network.3. AES encryption algorithm is the key technology of GCM algorithm, after deeply studying the realization of AES algorithm, this thesis proposes optimized structure of AES which achieves the throughput of 82.65Gbps based on FPGA platform. This implementation SPeed is higher than ever before and it presents high resource utilization.4. In this thesis, a high-SPeed network security system which is used to protect the security and integrity of network data is designed on Virtex-5 LX110T chip. According to the high-SPeed Ethernet, the througput of the design achieve 26.75Gbps, which can meet the security requirement of G/10Gbps high-SPeed network.5. Based on GE Ethernet, complete security system implementation and build the access network environment, accomplish the data encryption and authentication, authentication and decryption for GE Ethernet data with the IXIA network tester, H3C switcher, FPGAnic plate and fiber optic. During the testing process, the test result of security system is in accordance with the test vectors and the SPecific test data of the GE Ethernet, which is proved that this security system can provide reliable security for high-SPeed network.Base on above work, we propose a high SPeed and low latency hardware implementation architecture for GCM in order to meet the authenticated encryption requirement of 10G or higher SPeed network. And design and implement an authenticated encryption system which can authenticate and encrypt the GE Ethernet network data using GCM. The full text is as follows:The 1st chapter discusses the research background, points out the advantage of GCM, summary the research status of GCM algorithm.The 2nd chapter makes the analysis of the security threats in current high-SPeed access network and introduces the principle of encryption and authentication algorithms GCM against the security threats.The 3rd chapter makes the study of high-SPeed implementation of AES on FPGA and proposes an optimized pipelined structure which gets the shortest critical way achieves the highest throughput.The 4th chapter presents a high-SPeed network security system which is used to protect the security and integrity of network data. According to the high-SPeed Ethernet, the througput can meet the security requirement of G/lOGbps high-SPeed network.The 5th chapter completes security system implementation and builds the access network environment, verifies the correctness of the system by testing the vector and SPecific test data.The 6th chapter summary research results of this paper.