System architectural design of a hardware engine for moving target IPv6 defense over IEEE 802.3 Ethernet
| Title | System architectural design of a hardware engine for moving target IPv6 defense over IEEE 802.3 Ethernet |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Sagisi, J., Tront, J., Marchany, R. |
| Conference Name | MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM) |
| Date Published | oct |
| Keywords | application specific integrated circuit variant, application specific integrated circuits, ASIC, CISC architecture, Clocks, Collaboration, complex instruction set computer architecture, composability, computer network security, cryptographic dynamic addressing, Encapsulation, Engines, federal networks, FPGA, Hardware, hardware engine, HE-MT6D, Homeland Security Cyber Security Division, IEEE 802.3 Ethernet, Instruction sets, Internet, IP networks, IPv6, ipv6 security, keyed access, Logic gates, Metrics, moving target defense, moving target IPv6 defense, MT6D processor, network address, network infrastructure, network level, network packet processor, network processor, network time protocol listener, obscuration technique, operating system kernel, operating system kernels, personal area networks, Protocols, pubcrawl, Register Transfer Level network security processor implementation, Resiliency, Routing protocols, RTL development, system architectural design, system level functions |
| Abstract | The Department of Homeland Security Cyber Security Division (CSD) chose Moving Target Defense as one of the fourteen primary Technical Topic Areas pertinent to securing federal networks and the larger Internet. Moving Target Defense over IPv6 (MT6D) employs an obscuration technique offering keyed access to hosts at a network level without altering existing network infrastructure. This is accomplished through cryptographic dynamic addressing, whereby a new network address is bound to an interface every few seconds in a coordinated manner. The goal of this research is to produce a Register Transfer Level (RTL) network security processor implementation to enable the production of an Application Specific Integrated Circuit (ASIC) variant of MT6D processor for wide deployment. RTL development is challenging in that it must provide system level functions that are normally provided by the Operating System's kernel and supported libraries. This paper presents the architectural design of a hardware engine for MT6D (HE-MT6D) and is complete in simulation. Unique contributions are an inline stream-based network packet processor with a Complex Instruction Set Computer (CISC) architecture, Network Time Protocol listener, and theoretical increased performance over previous software implementations. |
| URL | http://ieeexplore.ieee.org/document/8170846/ |
| DOI | 10.1109/MILCOM.2017.8170846 |
| Citation Key | sagisi_system_2017 |
- obscuration technique
- Logic gates
- Metrics
- moving target defense
- moving target IPv6 defense
- MT6D processor
- network address
- network infrastructure
- network level
- network packet processor
- network processor
- network time protocol listener
- keyed access
- operating system kernel
- operating system kernels
- personal area networks
- Protocols
- pubcrawl
- Register Transfer Level network security processor implementation
- Resiliency
- Routing protocols
- RTL development
- system architectural design
- system level functions
- federal networks
- application specific integrated circuits
- ASIC
- CISC architecture
- Clocks
- collaboration
- complex instruction set computer architecture
- composability
- computer network security
- cryptographic dynamic addressing
- Encapsulation
- Engines
- application specific integrated circuit variant
- FPGA
- Hardware
- hardware engine
- HE-MT6D
- Homeland Security Cyber Security Division
- IEEE 802.3 Ethernet
- Instruction sets
- internet
- IP networks
- IPv6
- ipv6 security