Scalable architecture for prefix preserving anonymization of IP addresses

Abstract

This paper describes a highly scalable architecture based on field-programmable gate-array (FPGA) technology for prefix-preserving anonymization of IP addresses at increasingly high network line rates. The Crypto-PAn technique, with the Advanced Encryption Standard (AES) as the underlying pseudo-random function, is fully mapped into reconfigurable hardware. A 32 Gb/s fully-pipelined AES engine was developed and used to prototype the Crypto-PAn architecture. The prototype was implemented on a Xilinx Virtex-4 device achieving a worst-case Ethernet throughput of 8 Gb/s using 141 block RAM’s and 4262 logic cells. This is considerably faster than software implementations which generally achieve much less than 100 Mb/s throughput. A technology-independent analysis is presented to explore the scalability of the architecture to higher multi-gigabit line-rates.