Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe
In this article we address the problem of efficient and secure monitoring of computer network traffic. We proposed, implemented, and tested a hardware-accelerated implementation of a network probe, using the DE5-Net FPGA development platform. We showed that even when using a cryptographic SHA-3 hash...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-05-01
|
| Series: | Electronics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2079-9292/11/11/1688 |
| _version_ | 1797493730777759744 |
|---|---|
| author | Mateusz Korona Paweł Szumełda Mariusz Rawski Artur Janicki |
| author_facet | Mateusz Korona Paweł Szumełda Mariusz Rawski Artur Janicki |
| author_sort | Mateusz Korona |
| collection | DOAJ |
| description | In this article we address the problem of efficient and secure monitoring of computer network traffic. We proposed, implemented, and tested a hardware-accelerated implementation of a network probe, using the DE5-Net FPGA development platform. We showed that even when using a cryptographic SHA-3 hash function, the probe uses less than 17% of the available FPGA resources, offering a throughput of over 20 Gbit/s. We have also researched the problem of choosing an optimal hash function to be used in a network probe for addressing network flows in a flow cache. In our work we compared five 32-bit hash functions, including two cryptographic ones: SHA-1 and SHA-3. We ran a series of experiments with various hash functions, using traffic replayed from the CICIDS 2017 dataset. We showed that SHA-1 and SHA-3 provide flow distributions as uniform as the ones offered by the modified Vermont hash function proposed in 2008 (i.e., with low means and standard deviations of the bucket occupation), yet assuring higher security against potential attacks on a network probe. |
| first_indexed | 2024-03-10T01:24:15Z |
| format | Article |
| id | doaj.art-c6b7c2a65d264880a6379e899a09b024 |
| institution | Directory Open Access Journal |
| issn | 2079-9292 |
| language | English |
| last_indexed | 2024-03-10T01:24:15Z |
| publishDate | 2022-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Electronics |
| spelling | doaj.art-c6b7c2a65d264880a6379e899a09b0242023-11-23T13:54:15ZengMDPI AGElectronics2079-92922022-05-011111168810.3390/electronics11111688Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated ProbeMateusz Korona0Paweł Szumełda1Mariusz Rawski2Artur Janicki3Faculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, PolandFaculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, PolandFaculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, PolandFaculty of Electronics and Information Technology, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, PolandIn this article we address the problem of efficient and secure monitoring of computer network traffic. We proposed, implemented, and tested a hardware-accelerated implementation of a network probe, using the DE5-Net FPGA development platform. We showed that even when using a cryptographic SHA-3 hash function, the probe uses less than 17% of the available FPGA resources, offering a throughput of over 20 Gbit/s. We have also researched the problem of choosing an optimal hash function to be used in a network probe for addressing network flows in a flow cache. In our work we compared five 32-bit hash functions, including two cryptographic ones: SHA-1 and SHA-3. We ran a series of experiments with various hash functions, using traffic replayed from the CICIDS 2017 dataset. We showed that SHA-1 and SHA-3 provide flow distributions as uniform as the ones offered by the modified Vermont hash function proposed in 2008 (i.e., with low means and standard deviations of the bucket occupation), yet assuring higher security against potential attacks on a network probe.https://www.mdpi.com/2079-9292/11/11/1688traffic analysisnetwork probehash functionSHA-3FPGA |
| spellingShingle | Mateusz Korona Paweł Szumełda Mariusz Rawski Artur Janicki Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe Electronics traffic analysis network probe hash function SHA-3 FPGA |
| title | Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe |
| title_full | Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe |
| title_fullStr | Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe |
| title_full_unstemmed | Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe |
| title_short | Comparison of Hash Functions for Network Traffic Acquisition Using a Hardware-Accelerated Probe |
| title_sort | comparison of hash functions for network traffic acquisition using a hardware accelerated probe |
| topic | traffic analysis network probe hash function SHA-3 FPGA |
| url | https://www.mdpi.com/2079-9292/11/11/1688 |
| work_keys_str_mv | AT mateuszkorona comparisonofhashfunctionsfornetworktrafficacquisitionusingahardwareacceleratedprobe AT pawełszumełda comparisonofhashfunctionsfornetworktrafficacquisitionusingahardwareacceleratedprobe AT mariuszrawski comparisonofhashfunctionsfornetworktrafficacquisitionusingahardwareacceleratedprobe AT arturjanicki comparisonofhashfunctionsfornetworktrafficacquisitionusingahardwareacceleratedprobe |