Author
Listed:
- Marco Grossi
(Department of Electrical Energy and Information Engineering “Guglielmo Marconi” (DEI), Alma Mater Studiorum, Università di Bologna, 40136 Bologna, Italy)
- Fabrizio Alfonsi
(Istituto Nazionale di Fisica Nucleare (INFN) Bologna, 40127 Bologna, Italy)
- Marco Prandini
(Department of Computer Science and Engineering, Alma Mater Studiorum, Università di Bologna, 40126 Bologna, Italy)
- Alessandro Gabrielli
(Istituto Nazionale di Fisica Nucleare (INFN) Bologna, 40127 Bologna, Italy
Department of Physics and Astronomy “Augusto Righi” (DIFA), Alma Mater Studiorum, Università di Bologna, 40127 Bologna, Italy)
Abstract
One of the most common mitigations against network-borne security threats is the deployment of firewalls, i.e., systems that can observe traffic and apply rules to let it through if it is benign or drop packets that are recognized as malicious. Cheap and open-source (a feature that is greatly appreciated in the security world) software solutions are available but may be too slow for high-rate channels. Hardware appliances are efficient but opaque and they are often very expensive. In this paper, an open-hardware approach is proposed for the design of a firewall, implemented on off-the-shelf components such as an FPGA (the Xilinx KC705 development board), and it is tested using controlled Ethernet traffic created with a packet generator as well as with real internet traffic. The proposed system can filter packets based on a set of rules that can use the whitelist or blacklist approach. It generates a set of statistics, such as the number of received/transmitted packets and the amount of received/transmitted data, which can be used to detect potential anomalies in the network traffic. The firewall has been experimentally validated in the case of a network data throughput of 1 Gb/s, and preliminary simulations have shown that the system can be upgraded with minor modifications to work at 10 Gb/s. Test results have shown that the proposed firewall features a latency of 627 ns and a maximum data throughput of 0.982 Gb/s.
Suggested Citation
Marco Grossi & Fabrizio Alfonsi & Marco Prandini & Alessandro Gabrielli, 2024.
"Increasing the Security of Network Data Transmission with a Configurable Hardware Firewall Based on Field Programmable Gate Arrays,"
Future Internet, MDPI, vol. 16(9), pages 1-22, August.
Handle:
RePEc:gam:jftint:v:16:y:2024:i:9:p:303-:d:1462450
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:9:p:303-:d:1462450. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i9p303-d1462450.html
