Defence establishments around the world are a target to attacks and malicious surveillance all the time. Often years ago, there was even a physical attack where terrorists entered the compound, attacked the security force and tried to destroy aircrafts and other defence infrastructure.

Such attacks are becoming more frequent and more sophisticated and thus causing significant losses.

The customer approach
After one such attack, it was decided to implement perimeter security around a critical defence establishment. They establish a network with a popular brand of Industrial switches, L3 routers and firewalls to power cameras and stream video content from the walls of the establishment to a remote command center across the cloud.

This was setup at an expense in excess of US$ 500,000.

The network implemented was as follows:

Unfortunately right from the time the network was setup 2 years ago, there were such regular attacks on it from malicious agencies that less than 20% of the data reached the server on the cloud. The best minds from the reputed brand could not rid the network of these attacks.

Customer requirement
The customer aimed to find a way to rid the network of DDOS (denial of service) attacks, such that data could flow smoothly, in real-time from the cameras on the defence facility’s walls to the server, without breaks, that rendered the perimeter security useless.

The Solution
The customer decided to use Pantherun’s path breaking encryption, based on FPGAS built into Industrial Grade Ethernet switches, with a continuously changing encryption, to retrofit on top of the existing network. FPGA based approach was critical, as the best way to defeat DDOS is with an encryption approches that also keeps evolving in the field. Following is the diagram to show how the setup was made.

The existing IPSec encrypted data was allowed to flow from the Existing network into the Pantherun switch, with the unique zero format change implementation of AES 256 bit cryptography, with a comtinuously changing key, that was only possible with an FPGA based implementration. This encrypted data was then allowed to flow through the cloud to the customer’s servers in the command centre.

The technical specifications of the AES implementation on the FPGA are as follows

Encryption Algorithm: Advanced Encryption Standard (AES)-CTR mode

Key Lengths

128, 192, and 256 bits

LUTs used

< 4K

BRAM used

18

PL Clock

125 MHz

PS Clock

600 MHz

Throughput

216Mbps

Footprint

TBD

Supported Standards

NIST FIPS 197

Encryption Algorithm: Advanced Encryption Standard (AES)-GCM mode

Key Lengths

128, 192, and 256 bits

LUTs used

< 10K

BRAM used

23

PL Clock

125 MHz

PS Clock

600 MHz

Throughput

3Mbps

Footprint

TBD

Supported Standards

NIST FIPS 800-38D

The internal design of the network switch and the AES implementation are as follows

Pantherun’s encryption approach was able to eliminate the weaknesses of the Existing IPSec encryption approach, thus allowing data to start flowing smoothly to the servers. This easy retrofit saved over US$ 500,000 spent by the customer just two years ago.