Scalable Architecture for Prefix Preserving Anonymization of IP Addresses

  • Anthony Blake
  • Richard Nelson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5114)


This paper describes a highly scalable architecture based on field-programmable gate-array (FPGA) technology for prefix-preserving anonymization of IP addresses at increasingly high network line rates. The Crypto-PAn technique, with the Advanced Encryption Standard (AES) as the underlying pseudo-random function, is fully mapped into reconfigurable hardware. A 32 Gb/s fully-pipelined AES engine was developed and used to prototype the Crypto-PAn architecture. The prototype was implemented on a Xilinx Virtex-4 device achieving a worst-case Ethernet throughput of 8 Gb/s using 141 block RAM’s and 4262 logic cells. This is considerably faster than software implementations which generally achieve much less than 100 Mb/s throughput. A technology-independent analysis is presented to explore the scalability of the architecture to higher multi-gigabit line-rates.


Block Cipher Advance Encryption Standard Logic Cell Scalable Architecture Advance Encryption Standard Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sicker, D., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp. 141–148 (2007)Google Scholar
  2. 2.
    University of Waikato: Waikato Internet Traffic StorageGoogle Scholar
  3. 3.
    Krishnamurthy, B., Wang, J.: On network-aware clustering of Web clients. In: Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 97–110 (2000)Google Scholar
  4. 4.
    Fan, J., Xu, J., Ammar, M., Moon, S.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. Computer Networks 46(2), 253–272 (2004)zbMATHCrossRefGoogle Scholar
  5. 5.
    WAND Network Research Group: libtraceGoogle Scholar
  6. 6.
    Ubik, S., Zejdl, P., Halak, J.: Real-time anonymization in passive network monitoring. In: Proceedings of the Third International Conference on Networking and Services (2007)Google Scholar
  7. 7.
    Cleary, J., Donnelly, S., Graham, I., McGregor, A., Pearson, M.: Design principles for accurate passive measurement. In: Proceedings of Passive and Active Measurement Workshop (2000)Google Scholar
  8. 8.
    Nelson, R., Lawson, D., Lorier, P.: Analysis of long duration traces. ACM SIGCOMM Computer Communication Review 35(1), 45–52 (2005)CrossRefGoogle Scholar
  9. 9.
    Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, S.: Packet-level traffic measurements from the Sprint IP backbone. Network, IEEE 17(6), 6–16 (2003)CrossRefGoogle Scholar
  10. 10.
    Iannaccone, G., Bhattacharyya, S., Taft, N., Diot, C.: Always-on monitoring of IP backbones: Requirements and design challenges. Sprint ATL Research Report RR03-ATL-071821, Sprint ATL (2003)Google Scholar
  11. 11.
    Schuehler, D., Lockwood, J.: TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware. In: Proceedings. 10th Symposium on High Performance Interconnects, pp. 127–131 (2002)Google Scholar
  12. 12.
    Yusuf, S., Luk, W., Sloman, M., Dulay, N., Lupu, E., Brown, G.: Reconfigurable Architecture for Network Flow Analysis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 16(1), 57–65 (2008)CrossRefGoogle Scholar
  13. 13.
    FIPS, P.: 197. Advanced Encryption Standard (AES) 26 (2001)Google Scholar
  14. 14.
    Hodjat, A., Verbauwhede, I.: A 21.54 Gbits/s fully pipelined AES processor on FPGA. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. FCCM 2004, (2004), pp. 308–309 (2004)Google Scholar
  15. 15.
    Saggese, G., Mazzeo, A., Mazzocca, N., Strollo, A.: An FPGA-based performance analysis of the unrolling, tiling, and pipelining of the AES algorithm. In: Proc. FPL 2003 (2003)Google Scholar
  16. 16.
    Standaert, F., Rouvroy, G., Quisquater, J., Legat, J.: Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)Google Scholar
  17. 17.
    McLoone, M., McCanny, J.: High Performance Single-Chip FPGA Rijndael Algorithm Implementations. In: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems, pp. 65–76 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Anthony Blake
    • 1
  • Richard Nelson
    • 1
  1. 1.School of Computing and Mathematical SciencesUniversity of WaikatoHamiltonNew Zealand

Personalised recommendations