Privacy Preserving Throughput and Packet Classification for Network Efficiency

Privacy Preserving Throughput and Packet Classification for Network Efficiency

S. Thirumurugan, D. Suchitra, S. Neelavathi, R. Mary Antoinette

Computer Science and Engineering,

Christ College of Engineering and Technology Puducherry ,India

Abstract Packet classification is one of thecorefunctions for performing efficientnetworkingfunctionalities in network infrastructure. Most ofthepacket classification algorithms are baseduponrulesets[14]. Rulesets must be independent in orderto provide high throughput and low latencyduringpacket classification. If the rulesets featuresaredependent it affects the performance of thenetwork.In order to avoid these problems we proposedapacket classification technique which isrulesetindependent, and also provides routing andsecurityfunctionalities. StrideBV algorithm is usedforefficient packet classification [15] and weincorporatea bio-inspired algorithm called ACO forfindingshortest path[13], to avoid congestion in t h e network. The transmitting packet is securedusingHMAC algorithm [7]. The main aim is tomaintainmaximum lifetime of the network by increasingthethroughput and avoid network congestionandminimized consumption ofenergy

Keywords: Packet classification, networksecurity,ACO, HMAC, packet latency,throughput.

1. INTRODUCTION

   Secure networking becomes more crucial due tovarious attacks on networks. To protectnetworksfrom attacks various software tools andequipmentswere used. Packet classification is one of theprocessused as the initial filter for classifying networktrafficinto flows based upon rulesets. Rulesets inspectsthefields in packet header which compare the sourceIPaddress with destination IP address. Themainproblem with the hardware is that,packetclassification engines require more space to store the

   rulesets. To achieve this various techniqueshavebeen proposed but most of the techniquesdontprovide efficient memory management. Forhigh-speed networking throughput and Quality ofServiceare the basic requirements. To provide bothmemoryefficiency and high throughput in the same solutionisdifficult due to many reasons. Hence in this workwemainly concentrate on improving throughput andnotmainly concern about memory efficiency. Wepresenta packet classification scheme called StrideBVwhichtend to yield high throughput which is baseduponfield split algorithm. Using hardware chip FPGAwecompare the performance of proposed withtheexisting work. We have inferred the ACOtechniqueto different network models with various numberofnodes and different structure to obtain theoptimumthroughput and to find out the shortest path.Variousexperiments have been carried out by differingtheloads of the network. Here the networkperformancefactor is taken by the reliability and throughput ofthenetwork. Even though the packets areclassifiedefficiently, security issues should also be takeninconcern. To increase the life time of the network,data has to be transmitted safely. In order toprovidesecurity to the network HMAC algorithm isused.

   To summarize, we subsidize our work asfollows:

   • Packet classification is performed usingstrideBV method, which isrulesetindependent.

   • To find the optimal path ACO algorithmisincorporated to increase the throughputofthenetwork.

   • For secure data transfer HMACalgorithmhas been used for increasing life span ofthenetwork.

2. RELATEDWORK

   Many packet classification algorithms havebeenintroducedinthepastdecadecanbefoundin[14].Modu lar bit vector architecture for efficientpacketclassification was presented by ThilanGanegedara,Viktor K. Prasanna called strideBV which isrulesetindependent. The performance analysis oftheproposed system is based on differentconfigurations.FPGA has been used for packet classificationinearlier stages which achieves 100G+ throughputonclassifying a packet. But the proposed work is thefirst classification engine which yields400G+throughput, which is comparatively moreefficientthan all existing work[5]. Throughput of thenetworkgradually decreases as the ruleset sizeincreases.Hence ruleset independent features are adoptedforbetter throughput. In this proposed work rulesarerepresented as ternary string. For moreefficiencyrange-to-prefix conversion has to befollowed.

   By experimenting various ant colonyoptimizationstechniques by Debasmita Mukherjee andSriyankarAcharyya they proposed various antcolonytechniques called ACO1, ACO2 and ACO3 hasbeenproposed and applied on various networkstandardsand models. They compared the performance ofeachalgorithm and a tabular list is maintained andiscollected to find the optimum solution. In theirworkreliability and throughput of the network isconsideras the major performancefactor.

   The security is considered as the major issueinevaluating the performance of the network.Manytechniques has been introduced in the pastdecadeand one of the most efficient technique is that HMACwhich ensure message authentication andsecurity.The technique is proposed by Marcio JuliatoandCatherine Gebotys in which FPGA basedHMACtechnique is proposed and presented in thispaper.The proposed system can attain 1.5Gbpsthroughput.The energy consumption is found to be better bythisproposed method. These methods are used toprovidehigher security levels for both mobile devicesandservers which manage memory and speedefficiently.

3. EXISTINGSYSTEM

   In existing system a novel modularBit-Vectorarchitecture is proposed using rangeto-prefixconversion which yields poormemoryefficiency[9][3]. And in this work themaindisadvantages are considered to be securityandenergy efficiency. Accuracy and security is verylowin this network. Latency rate can be highwhenapplying this technique to the larger network.Thedata that are transferred in this network is copiedorhacked by some other network because ofpoorprivacy of the network. This affects the lifetimeandenergy efficiency of thenetwork

4. PROPOSEDSYSTEM

   Themainaimofourprojectistoimprovenetworklifetime by considering one of the basicnetworkparameters called packet classification.Packetclassification is done by FPGA basedstrideBVtechnique[6] which uses pipeline architectureforclassifying the packets. Secondly the shortestandefficient path for transferring the packet isdetermined using ACO technique. Finally data inthenetwork is secured using HMACalgorithm.

   1. Packet classification using strideBVmethod:

      Algorithm1:

      Packet ClassificationProcess.

      Require: A x-bit packet header: Px-1Px-1.P0.

      Require: 2k *x/c, Nbit-vectors:

      Ai,j = Bi,j,N-1Bi,j,N-2Bi,j,0,

      i = 0,1,…;x/c-1, and j =0,

      1,…,2c-1

      Require: A N bit-vector Am toindicatematchresult

      Algorithm1:

      Packet ClassificationProcess.

      Require: A x-bit packet header: Px-1Px-1.P0.

      Require: 2k *x/c, Nbit-vectors:

      Ai,j = Bi,j,N-1Bi,j,N-2Bi,j,0,

      i = 0,1,…;x/c-1, and j =0,

      1,…,2c-1

      Require: A N bit-vector Am toindicatematchresult

      The input packet header contains cbitswhich are matched to c bits of x bit rulewhichperform matching process independently.Wecan divide the x bit rule into x/c of c bitsubfields.Inputheaderismatchedwithxbitrule,everycbi toftheinputpacketismatchedwithcorresponding memory whose depth is 2^c.theinput packet is undergo bitwise AND operationin a pipelined fashion and find the matchingwiththe entireclassifiers.

      Ensure: N bit-vector Am indicatesallmatchresults

      1: Initialize Am: Am< -11.1 Allrulesmatchinitially

      2: for i<-0 to X=X/C-1 {bit- wiseAND}3: j = [Pi*C: P(i+1)*C] 4: Am <-AmAi,j

      5: endfor

      Algorithm :Finding shortestpathProcedure ACO (source,destination)

      {

      assign initial positions to a set the packetsatthe given source; while(source

      !=destination)

      {

      callfindnextnode(source);

      set newsource = selectednode;source

      =newsource;

      }

      update the pheromone table using thepathsselected by the successful packets; send anextset of packets guided by the information leftbyall the previous visitorpackets;

      }

      Procedurefindnextnode(source)

      {

      Check the routing table entriescorrespondingto the source if a link exists with thesource

      {

      If (the node is alreadyvisited)

      {

      Cancel thenode;

      Else if (the node not already visited){

      Mark the node as eligible ofbeingselection

      }

      }

      Using the pheromone information, selectanode from the list of eligible nodes; returntheselectednode;

      }

      }

      Algorithm 2:Finding shortestpathProcedure ACO (source,destination)

      {

      assign initial positions to a set the packetsatthe given source; while(source

      !=destination)

      {

      callfindnextnode(source);

      set newsource = selectednode;source

      =newsource;

      }

      update the pheromone table using thepathsselected by the successful packets; send anextset of packets guided by the information leftbyall the previous visitorpackets;

      }

      Procedurefindnextnode(source)

      {

      Check the routing table entriescorrespondingto the source if a link exists with thesource

      {

      If (the node is alreadyvisited)

      {

      Cancel thenode;

      Else if (the node not already visited){

      Mark the node as eligible ofbeingselection

      }

      }

      Using the pheromone information, selectanode from the list of eligible nodes; returntheselectednode;

      }

      }

      Ensure: N bit-vector Am indicatesallmatchresults

      1: Initialize Am: Am< -11.1 Allrulesmatchinitially

      2: for i<-0 to X=X/C-1 {bit- wiseAND}3: j = [Pi*C: P(i+1)*C] 4: Am <-AmAi,j

      5: endfor

   2. Finding shortest path using ACO

      We have inferred the ant colonyoptimization technique to different networkmodelswith various numbers of node and differentstructureto obtain the optimum throughput and to find outtheshortest path. Various experiments has beencarriedout by differing the load of the network. Herethenetwork performance factor is taken by thereliabilityand the throughput of the network. Routingprotocolsare used to calcuate, choose and selecttheappropriate path in order to transfer the packetfromsource to destination more efficiently.

      Thereexistsmorenumberofroutingalgorithmsinordertofind

      the shortest path and thus to increase thenetworkthroughput. this is a routing algorithm proposedandapplied to big network structure with the heavyload.this algorithm selects the path of datapacketprobably guided by the shortest path. The aim

      ofallnetwork routing algorithms is to reducethecongestion during packet transfer from sourcetodestination thereby maximizing the performance ofnetwork. The performance could be measured by the

      throughput (i.e. the number of bits delivered perunittime) and the amount of data packets reached atthedestination i.e. the reliability of the network. theantsselects the nodes randomly at the initial statebygetting the information from the routing table.Theants which have successfully reached thedestinationupdates the pheromone secretion at the edgesvisited.

   3. Ensuring security usingHMAC:

   The main reason for choosing the HMACalgorithmis that, we can use the hash functionswithoutmodifications. The hash function for HMAC codeisfreely and widely available. The maindisadvantageof HMAC algorithm is that we can use andhandlekeys in a very simpleway.

   the XOR with opad results in flipping one-half ofthebits of

   3. The HMACalgorithm

   1. Append zeros to the left end of mtocreate a b-bit string m+ (for example, ifmis of length 160 bits and b = 512, thenmwill be appended with 44 zerobytes0x00).

   2. XOR (bitwise exclusive OR) m+with ipad to produce the b-bit blockli.

   3. Append M toli.

   4. Apply H to the stream generated inStep3.

   5. XOR m+ with opad to produce theb- bitblocklo.

   6. Append the hash result from Step 4to

      lo.

   7. Apply H to the stream generated inStep6 and output theresult.

   3. The HMACalgorithm

   1. Append zeros to the left end of mtocreate a b-bit string m+ (for example, ifmis of length 160 bits and b = 512, thenmwill be appended with 44 zerobytes0x00).

   2. XOR (bitwise exclusive OR) m+with ipad to produce the b-bit blockli.

   3. Append M toli.

   4. Apply H to the stream generated inStep3.

   5. XOR m+ with opad to produce theb- bitblocklo.

   6. Append the hash result from Step 4to

      lo.

   7. Apply H to the stream generated inStep6 and output theresult.

   m. Similarly, the XOR with opad resultsinflippingone- halfofthebitsofm,butadifferentsetof bits. In effect, by passing li and lo throughthecompression function of the hash algorithm, youhavepseudo randomly generated two keys from m.HMACshould execute in approximately the same time astheembedded hash function for long messages.HMACadds three executions of the hashcompressionfunction (for mi, mo, and the block produced fromtheinnerhash).

   Fig: overall architecture of theprocess

5. CONCLUSION

We have conferred the modular architecture forhighspeed packet classification by using thefieldprogrammable gate array (FPGA). The throughputhas been increased with the help ofpipelinedarchitecture but the memory efficiency has notbeenconcentratedandwhichhastobeemployedinthefuture. Thedatacontrolisthemajorlyfocusedandimplemented criteria of this paper. Access controlisnot contemplated in our work. The clusteringconceptcan be utilized for achieving the access control.Inourworkwehaveprovidedthebettersecuritywiththea ssistofHMACalgorithm.Theoptimalpathisconstructed using the dynamic algorithm andtherebyincreasing the throughput of thenetwork.

REFERENCES

1. L. Bianchi, L.M. Gambardella, M. Dorigo (2010)An ant colony optimization approaches to theprobabilistic traveling salesman problem. In proceedings ofPPSN-VII, seventh International conference on parallelproblem solving from nature, Lecture notes in computerScience. Springer Verlag, Berlin, Germany, pp883-892

2. I.D. Chakeres and E.M. Beldind-Royer. The Utilityof Hello Message for Determining Link connectivityin AODV protocol. In Pro- ceedings of the 15thInternational Symposium on Wireless PersonalMultimedia Communication (WPMC), pages505- 508,Honolulu, Hawaii, October2010.

3. M. Faezipour and M. Nourani, Wire-SpeedTCAM- Based Architectures for Multi-MatchPacket Classification,IEEE Trans comput., vol.58, no.1,pp.5- 17,jan.2009.

4. T.Ganegedara and V.Prasanna,StrideBV:400G+ Single chip packet classification, inProc.IEEE conf.HPSR,2012,pp.1-6.

5. G.Jedhe, A.Ramamoorthy, and K.Varghese,A Scalable High Throughput Firewall in FPGA,inproc.16thintl Symp. FCCMApr.2008,pp.43-52.

1. S. Kelly and S. Frankel. UsingHMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPSec.RFC 4868, IETF Network Working Group, May2007.

2. T.V.Lakshman and D.Stiliadis, High-Speedpolicy- Based Packet Forwarding Using EfficientMulti- Dimensional Range Matching, SIGCOMMcomput. Commun. Rev., vol.28, no. 4, pp. 203- 214,Oct.1998.

3. C.R. Meiners, A.X. Liu, and E. Torng,Hardware Based Packet Classification for High SpeedInternet Routers. Berlin,

   Germany Springer- Verlag,2010

4. C.E. Perkins, E. M. Belding-Royer, and S. Das.Ad hoc On- Demand Distance Vector (AODV) Routing.RFC 3561, July200.

5. A. Sanny, T. Ganegedara, and V. Prasanna,A Comparison of Ruleset Feature IndependentPacket Classification Engines on FPGA, in Proc. IEEE IPDPS RAW, 2013, pp.124-133.

6. H.Song and J.W. Lockwood,EfficientPacket Classification for Network Intrusion DetectionUsing FPGA, in Proc.ACM/SIGDA 13th Intl Symp.FPGA, 2005,pp.238-245.

7. S. Singh and Meenaxi, COMPARATIVEANALYSIS OF Qos SENSOR NETWORKS USING ANTCOLONY OPTIMIZATION. Control, communication andcomputer Technology(2013).

8. D.E. Taylor, Survey and Taxonomy ofPacket Classification Techniques, ACM Comput. Surv., vol.37, no. 3,pp. 238-275, Sept.2005.

9. Thilan Ganegedara, Weirong Jiang, and ViktorK. Prasanna, A Scalable and Modular Architecture forHigh- Performance Packet Classification, in Proc.IEEE.

10. C.A.Zerbini and J.M. Finochietto,performance Evaluation of Packet Classification onFPGA-Based TCMA Emulation Architecture , inProc.IEEE GLOBECOM, 2012, pp.2766- 2771.