Mimic Encryption System for Network Security | Zendy

Bin Li | Zendy; Qinglei Zhou | Zendy; Xueming Si | Zendy; Jinhua Fu | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Mimic Encryption System for Network Security

Author(s) -

Bin Li,

Qinglei Zhou,

Xueming Si,

Jinhua Fu

Publication year - 2018

Publication title -

ieee access

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.587

H-Index - 127

ISSN - 2169-3536

DOI - 10.1109/access.2018.2869174

Subject(s) - aerospace , bioengineering , communication, networking and broadcast technologies , components, circuits, devices and systems , computing and processing , engineered materials, dielectrics and plasmas , engineering profession , fields, waves and electromagnetics , general topics for engineers , geoscience , nuclear engineering , photonics and electrooptics , power, energy and industry applications , robotics and control systems , signal processing and analysis , transportation

With the rapid development of the Internet, increasingly more attention has been paid to network security problems. A network security defense technology has become a very important research field. Currently, most network equipment transmits data in plaintext at the data link layer, which exposes important information, such as IP addresses, port numbers, and application protocols, to an attacker and provides an opportunity for network attacks. To protect a network against attacks and ensure its security, this paper proposes a mimic encryption system for network security. Based on the concepts of moving target defense and mimic security defense, using the principles of randomization, dynamism, and diversification, a data link layer mimic encryption system is constructed from the underlying network of an information system. By transforming the frame format, a reconfigurable encryption algorithm, an hash algorithm, and a pseudo-random number generator are used to design different combination encryption modes. Then, the hash value of an encrypted frame is obtained by performing the hash operation, and feedback update is performed to generate new key parameters for the hash key pool. In addition, the pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve “one frame-one key”. Finally, an FPGA is used as the network encryption card, and a CPU is used to realize two-party key agreement and the upper layer application. Using the FPGA + CPU hardware and software collaboration, the attack surface is expanded. Taking advantage of the high anti-interference property of an FPGA, part of the attack against the software system is filtered. The experimental results and analysis show that the encryption and decryption performance of this system in a 10 G network are approximately 500 MB/s. Thus, the system can effectively prevent the leakage of user data and resist network sniffing, vulnerability attacks, exhaustive key search attacks, and ciphertext-only attacks. Moreover, this system provides high security.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research