CN106448380A - Network security teaching system based on FPGA - Google Patents
Network security teaching system based on FPGA Download PDFInfo
- Publication number
- CN106448380A CN106448380A CN201610911675.0A CN201610911675A CN106448380A CN 106448380 A CN106448380 A CN 106448380A CN 201610911675 A CN201610911675 A CN 201610911675A CN 106448380 A CN106448380 A CN 106448380A
- Authority
- CN
- China
- Prior art keywords
- gigabit ethernet
- network
- ethernet chip
- microcontroller
- connect
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09B—EDUCATIONAL OR DEMONSTRATION APPLIANCES; APPLIANCES FOR TEACHING, OR COMMUNICATING WITH, THE BLIND, DEAF OR MUTE; MODELS; PLANETARIA; GLOBES; MAPS; DIAGRAMS
- G09B23/00—Models for scientific, medical, or mathematical purposes, e.g. full-sized devices for demonstration purposes
- G09B23/06—Models for scientific, medical, or mathematical purposes, e.g. full-sized devices for demonstration purposes for physics
- G09B23/18—Models for scientific, medical, or mathematical purposes, e.g. full-sized devices for demonstration purposes for physics for electricity or magnetism
- G09B23/183—Models for scientific, medical, or mathematical purposes, e.g. full-sized devices for demonstration purposes for physics for electricity or magnetism for circuits
- G09B23/186—Models for scientific, medical, or mathematical purposes, e.g. full-sized devices for demonstration purposes for physics for electricity or magnetism for circuits for digital electronics; for computers, e.g. microprocessors
Abstract
The invention discloses a network security teaching system based on FPGA. The network security teaching system comprises a power source, a programmable logic device, two program downloading and debugging modules, a light-emitting diode, keys, three gigabit-Ethernet chips, a microcontroller, a static random access memory, a flash memory, an electrically-erasable programmable read-only memory, a temperature sensor and a serial port module, wherein the programmable logic device is connected with the first program downloading and debugging module, the light-emitting diode, the keys, the three gigabit-Ethernet chips and the microcontroller; the microcontroller is connected with the second program downloading and debugging module, the static random access memory, the flash memory, the electrically-erasable programmable read-only memory, the temperature sensor and the serial port module. According to the system, teaching for network security can be carried out in the aspects of filtering, intercepting and encrypting network data and maintaining and monitoring a network system.
Description
Technical field
The present invention relates to embedded system, FPGA and network communication technology field, particularly one kind are based on FPGA
Network Security Teaching system.
Background technology
Computer network course is the Web-based instruction class that undergraduate education is carried out towards the specialty such as communication engineering, computer
Journey.Existing computer network course is the calculating of training student with the network architecture, agreement, algorithm scheduling theory knowledge as core
Machine Network Literacy and program capability.Its Network Security Teaching platform includes following feature:
First, the scheme with computer as teaching platform, towards basic OSI(Open
System Interconnection)Theory teaching and computer Windows Sockets.Such teaching platform can be towards meter
The elementary teaching of calculation machine network, can pass through the structure of Windows Sockets awareness network agreement simultaneously.But it is professional not strong,
Guiding can not be played to the exploitation of network safety system.
Secondly, the scheme with some switches and embedded server as teaching platform, towards to network safety system
Configuration and maintenance.By the exploitation of instruction and the writing of script, device drives, enable to realize the company of network data communication
The function such as connect, intercept, filtering, forwarding.Such teaching platform has certain practicality, is carried out with specific equipment for core
The study of network knowledge, can strengthen the practicality of teaching.But, such method be partial to upper layer software (applications) study it is impossible to
Enough recognize the hardware design of network safety system and the working environment of bottom, so hardware can not be tied with software scenario
Close, make student preferably recognize the work essence of network security.
Therefore, be leading Network Security Teaching plateform system with hardware device study, can to the physical layer of network with
And data link layer has good understanding, and there is deep understanding to the data flow con-trol of network, Windows Sockets etc..With
When, system can be in conjunction with actual application scenarios, to functions such as the data interception of network security, data filtering, data encryptions
Customize and develop the effect playing guided bone.
Content of the invention
The purpose of the present invention is a kind of network peace based on FPGA providing for the deficiency of existing network teaching platform
Full tutoring system, establishes the Network Security Teaching system with PLD and microcontroller as core architecture, provides
The Web-based instruction in all directions from physical layer to application layer, fills up the Network Security Teaching system lacking on market based on FPGA.
The concrete technical scheme realizing the object of the invention is:
A kind of Network Security Teaching system based on FPGA, feature is that this system includes:Power supply, PLD, first
Download program and debugging module, light emitting diode, button, the first gigabit Ethernet chip, the second gigabit Ethernet chip, the 3rd
Gigabit Ethernet chip, microcontroller, the second download program and debugging module, SRAM, flash memory, electric erasable and programmable
Journey read-only storage, temperature sensor and serial port module, power supply and PLD, the first gigabit Ethernet chip, the
Two gigabit Ethernet chips, the 3rd gigabit Ethernet chip, microcontroller, SRAM, flash memory, electric erazable programmable
Read-only storage, temperature sensor and serial port module connect;PLD and the first download program and debugging module, send out
Optical diode, button, the first gigabit Ethernet chip, the second gigabit Ethernet chip, the 3rd gigabit Ethernet chip and micro-control
Device processed connects;First gigabit Ethernet chip and the first gigabit Ethernet network interface connection, the second gigabit Ethernet chip and second
Gigabit Ethernet network interface connection, the 3rd gigabit Ethernet chip and the 3rd gigabit Ethernet network interface connection;Microcontroller and second
Download program and debugging module, SRAM, flash memory, EEPROM, temperature sensor and string
Mouth module connects.
Power supply is system power supply, and PLD filters, intercepts, encrypted network data, the first download program and tune
The effect of die trial block is debugging and the working condition of emulation PLD, light emitting diode detecting system running status, presses
The effect of key is to select 10/100/1000M mode of operation, and first, second, third gigabit Ethernet chip processes transceiver network number
According to microcontroller effect is configuration and scheduling system, and the second download program is debugged with debugging module and emulated the work of microcontroller
Make state, SRAM load operating instructs to microcontroller, the function of flash memory is the white name of acquiescence loading programming
Single, the function of EEPROM is to read facility information, the chip temperature of temperature sensor monitors system, string
Mouth module monitors system thread.
Beneficial effects of the present invention
(1)It is that leading net work teaching system can recognize network security scheme from bottom with hardware.
(2)Network peace can be carried out from the filtration of network data, the maintenance of interception, encryption and network system and monitoring
Full teaching.
Brief description
Fig. 1 is present configuration block diagram;
Fig. 2 is workflow diagram of the present invention.
Specific embodiment
Describe the present invention below in conjunction with drawings and Examples in detail.
Refering to Fig. 1, the present invention includes:Power supply 1, PLD 2, the first download program and debugging module 3, luminous
Diode 4, button 5, the first gigabit Ethernet chip 6, the second gigabit Ethernet chip 8, the 3rd gigabit Ethernet chip 10, micro-
Controller 12, the second download program and debugging module 13, SRAM 14, flash memory 15, electric erazable programmable is read-only deposits
Reservoir 16, temperature sensor 17 and serial port module 18, power supply 1 and PLD 2, the first gigabit Ethernet chip 6, the
Two gigabit Ethernet chips 8, the 3rd gigabit Ethernet chip 10, microcontroller 12, SRAM 14, flash memory 15, electricity
EPROM 16, temperature sensor 17 and serial port module 18 connect;PLD 2 and the first program
Download with debugging module 3, light emitting diode 4, button 5, the first gigabit Ethernet chip 6, the second gigabit Ethernet chip 8, the
Three gigabit Ethernet chips 10 and microcontroller 12 connect;First gigabit Ethernet chip 6 and the first gigabit Ethernet network interface 7 are even
Connect, the second gigabit Ethernet chip 8 is connected with the second gigabit Ethernet network interface 9, the 3rd gigabit Ethernet chip 10 and the 3000th
Mbit ethernet network interface 11 connects;Microcontroller 12 and the second download program and debugging module 13, SRAM 14, flash memory
15th, EEPROM 16, temperature sensor 17 and serial port module 18 connect.
The PLD 2 of the present invention is FPGA, specially EPC4E115F29C7;Three gigabit Ethernet chips
Using 88E1111;Microcontroller 12 adopts MK60DN512VLQ10;SRAM 14 is SRAM;Flash memory 15 is
FLASH;EEPROM 16 is EEPROM;Temperature sensor 17 is DS18B20.
Refering to Fig. 2, the workflow of the present invention is divided into:First, the preparatory stage;2nd, white list configuration phase;3rd, network letter
The breath extraction stage;4th, Internet Filtering and the stage of interception;5th, the network data encryption stage.
I) preparatory stage:From SRAM 14, load operating instructs to microcontroller 12, adds from flash memory 15
Carry the acquiescence white list of programming, read facility information from EEPROM 16.
Ii) white list configuration:When the data of configuration passes through the first gigabit Ethernet chip 6, the first gigabit Ethernet network interface
7 when sending to PLD 2, and PLD 2 sends data to microcontroller by 100,000,000 interface protocols
12, then parse the new configuration data from PLD 2 transmission, using universal synchronous/asynchronous serial transmission association
View configures to the register of PLD 2.
Iii) network information is extracted:When data is entered by the first gigabit Ethernet network interface 7, the first gigabit Ethernet chip 6
When entering PLD 2, first, PLD 2 pre-processes to network data report, by the first gigabit ether
The network data that on 8bit under the RGMII interface modes of web-roll core piece 6, lower edge is sampled simultaneously changes into 8bit and only has rising edge to sample
Network data.Then, according to the protocol class model in IP agreement, parse ARP, Internet controls report
Cultural association view ICMP, transmission control protocol TCP, UDP UDP etc.;Meanwhile, the media extracting in agreement are visited
Ask control MAC Address, IP address, port PO RT address etc., according to the configuration of first stage, corresponding flag bit is set.Finally,
A packet is become by enabling information integration after each index above-mentioned is switched.
Iv) Internet Filtering and interception:PLD 2 is according to iii) enable information packet, first,
Data-signal and control signal enter row cache by the fifo buffer in PLD 2, adjust the flow velocity of signal, with
The frequency of 200MHz distributes the path of signal, the more illegal packet not meeting white list is abandoned;Secondly, will meet
The legal packet of white list is reconstructed according to above-mentioned configuration, the header message of modification agreement, and to content according to word
The mode of symbol String matching navigates to the information specified, and is replaced.
V) network data encryption:PLD 2 receives the datagram content from the phase III, in agreement
Real data section extract after, using triple DEA 3DES, the network data of 8bit is encrypted, obtains
The data of 64bit, extracts the data segment that 8bit therein writes agreement as new data.And if it is desired to being decrypted, only
The encryption data reduction of 64bit can be obtained original 8bit's by the enable switch to PLD 2 configuration deciphering
Real network data;Finally the network data of 8bit is re-started after CRC check, be integrated into lower edge on 8bit and sample simultaneously
Network data, sent by the second gigabit Ethernet chip 8, the second gigabit Ethernet network interface 9.
Meanwhile, when student can be carried out to the function of PLD 2 using the first download program and debugging module 3
The emulation of sequence and observation, the heartbeat of flashing state monitoring system work utilizing light emitting diode 4 and clock ruuning situation.Using
Button 5 controls PLD 2 to select the Ethernet operating rate of the 10M/100M/1000M of system.Using TEMP
Device 17 monitoring system work when chip temperature, in real time observation system temperature ensure that it can work in the reasonable scope.Profit
With serial port module 18 to the UDP client of microcontroller 12, server and TCP Client, the thread of server, packet day
Will is observed, and therefrom recognizes the maintenance of Network Security Device.
Concrete application scene of the present invention is as follows:Startup power supply 1, student is by the PLD writing 2 and micro-control
The instruction of device 12 processed is downloaded to out with debugging module 13 with debugging module 3 and the second download program by the first download program respectively
Send out plate.Connect the first gigabit Ethernet network interface 7 and a computer A using six class unshielded twisted pairs (CAT6);Connect second
Gigabit Ethernet network interface 9 and a switch(3rd gigabit Ethernet network interface 11 is as prolongable standby network interface), a friendship
Change planes and connect multiple stage student computer.The IP address of the IP address of computer A and a student computer is set to non-same net
The address of section.Then utilize the white list to system send configuration for the computer A.Student can configure inclusion in white list:Matchmaker
Body access control MAC addresses filtering function, IP address filtering function, port PO RT address filtering function, network address translation NAT
Function, ARP intercept function, Internet Control Message Protocol ICMP intercepts function, transmission control protocol TCP
Intercept function, UDP UDP intercepts function, 3DES encryption function etc..Address as computer A and student computer
And relevant configuration information is in white list, and when starting network address translation nat feature, computer A and student computer can
To be in communication with each other, transmission data.When the address of computer A and student computer and relevant configuration information not in white list or
When closing network address translation nat feature, computer A and student computer can not be in communication with each other.If student is configuring white name
When single, start transmission control protocol TCP and intercepted function, UDP UDP interception function, then student is permissible
For specified port numbers, data is intercepted and is filtered, the information such as transmission text, image, video.
Claims (2)
1. a kind of Network Security Teaching system based on FPGA is it is characterised in that this system includes power supply(1), programmable logic device
Part(2), the first download program and debugging module(3), light emitting diode(4), button(5), the first gigabit Ethernet chip(6)、
Second gigabit Ethernet chip(8), the 3rd gigabit Ethernet chip(10), microcontroller(12), the second download program and debugging
Module(13), SRAM(14), flash memory(15), EEPROM(16), temperature sensor
(17)And serial port module(18), power supply(1)With PLD(2), the first gigabit Ethernet chip(6), the second gigabit
Ethernet chip(8), the 3rd gigabit Ethernet chip(10), microcontroller(12), SRAM(14), flash memory
(15), EEPROM(16), temperature sensor(17)And serial port module(18)Connect;Programmable logic device
Part(2)With the first download program and debugging module(3), light emitting diode(4), button(5), the first gigabit Ethernet chip(6)、
Second gigabit Ethernet chip(8), the 3rd gigabit Ethernet chip(10)And microcontroller(12)Connect;First gigabit Ethernet
Chip(6)With the first gigabit Ethernet network interface(7)Connect, the second gigabit Ethernet chip(8)With the second gigabit Ethernet network interface
(9)Connect, the 3rd gigabit Ethernet chip(10)With the 3rd gigabit Ethernet network interface(11)Connect;Microcontroller(12)With second
Download program and debugging module(13), SRAM(14), flash memory(15), EEPROM
(16), temperature sensor(17)And serial port module(18)Connect.
2. system according to claim 1 is it is characterised in that described:PLD(2)For FPGA, it filters,
Interception, encrypted network data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610911675.0A CN106448380A (en) | 2016-10-20 | 2016-10-20 | Network security teaching system based on FPGA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610911675.0A CN106448380A (en) | 2016-10-20 | 2016-10-20 | Network security teaching system based on FPGA |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106448380A true CN106448380A (en) | 2017-02-22 |
Family
ID=58176404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610911675.0A Pending CN106448380A (en) | 2016-10-20 | 2016-10-20 | Network security teaching system based on FPGA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106448380A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2849872Y (en) * | 2005-04-11 | 2006-12-20 | 北京航空航天大学 | Open type experiment platform for communication principle |
| CN101042815A (en) * | 2007-01-19 | 2007-09-26 | 华南理工大学 | Single chip computer teaching experimental device based on on-line programmable logic device |
| US20090286510A1 (en) * | 2008-05-13 | 2009-11-19 | At&T Mobility Il Llc | Location-based services in a femtocell network |
| CN102571494A (en) * | 2012-01-12 | 2012-07-11 | 东北大学 | Field programmable gate array-based (FPGA-based) intrusion detection system and method |
| CN103139928A (en) * | 2011-11-30 | 2013-06-05 | 英特尔移动通信有限责任公司 | Method for transmitting an opportunistic network related message |
| CN105490931A (en) * | 2016-01-12 | 2016-04-13 | 华东师范大学 | FPGA-based multifunctional Internet-of-things gateway device |
| CN205356379U (en) * | 2016-01-12 | 2016-06-29 | 华东师范大学 | Multi -functional thing networking gateway equipment based on FPGA |
| CN106027358A (en) * | 2016-07-12 | 2016-10-12 | 上海厚泽信息技术有限公司 | Network security management and control system for accessing social video networks to video private network |
| CN206194233U (en) * | 2016-10-20 | 2017-05-24 | 华东师范大学 | Network security teaching system based on FPGA |
-
2016
- 2016-10-20 CN CN201610911675.0A patent/CN106448380A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2849872Y (en) * | 2005-04-11 | 2006-12-20 | 北京航空航天大学 | Open type experiment platform for communication principle |
| CN101042815A (en) * | 2007-01-19 | 2007-09-26 | 华南理工大学 | Single chip computer teaching experimental device based on on-line programmable logic device |
| US20090286510A1 (en) * | 2008-05-13 | 2009-11-19 | At&T Mobility Il Llc | Location-based services in a femtocell network |
| CN103139928A (en) * | 2011-11-30 | 2013-06-05 | 英特尔移动通信有限责任公司 | Method for transmitting an opportunistic network related message |
| CN102571494A (en) * | 2012-01-12 | 2012-07-11 | 东北大学 | Field programmable gate array-based (FPGA-based) intrusion detection system and method |
| CN105490931A (en) * | 2016-01-12 | 2016-04-13 | 华东师范大学 | FPGA-based multifunctional Internet-of-things gateway device |
| CN205356379U (en) * | 2016-01-12 | 2016-06-29 | 华东师范大学 | Multi -functional thing networking gateway equipment based on FPGA |
| CN106027358A (en) * | 2016-07-12 | 2016-10-12 | 上海厚泽信息技术有限公司 | Network security management and control system for accessing social video networks to video private network |
| CN206194233U (en) * | 2016-10-20 | 2017-05-24 | 华东师范大学 | Network security teaching system based on FPGA |
Non-Patent Citations (2)
| Title |
|---|
| 余黄河 等: "基于FPGA的网络数据监视与统计系统设计及应用", 《数据通信》 * |
| 毛席龙等: "防窃听数据链路安全协议的设计与实现", 《现代电子技术》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ackerman | Industrial Cybersecurity: Efficiently secure critical infrastructure systems | |
| Rayes et al. | Internet of things from hype to reality | |
| CN102096405B (en) | Remote industrial network monitoring method and system based on S-Link and VLAN (Virtual Local Area Network) technique | |
| CN105765946B (en) | Support the method and system of the service chaining in data network | |
| CN108667807A (en) | A kind of protocol self-adapting method and system based on monitoring cloud platform and gateway | |
| CN107360145A (en) | A kind of multinode honey pot system and its data analysing method | |
| CN106790605A (en) | A kind of things-internet gateway system and its implementation | |
| CN202331135U (en) | System for monitoring long-distance industrial network based on S-Link and VLAN (Virtual Local Area Network) technology | |
| CN109450928A (en) | A kind of across cloud data penetration transmission method and system based on UDP and Modbus TCP | |
| CN109379375A (en) | Acquisition methods, device and the network equipment of access control rule | |
| Al-Dalky et al. | A Modbus traffic generator for evaluating the security of SCADA systems | |
| CN110244649A (en) | PLC internal data acquisition method and system | |
| CN102289368B (en) | A kind of method and system for obtaining serial printing information | |
| Thomson et al. | Cooja simulator manual | |
| CN102404220B (en) | Equipment and implementation method of safety router based on proprietary protocol | |
| CN108415857A (en) | A kind of universal process method of serial data | |
| Yau et al. | A forensic logging system for siemens programmable logic controllers | |
| CN104468519B (en) | A kind of embedded electric power security protection terminal encryption device | |
| CN104468343B (en) | Message processing method, SDN forwarding device and SDN controller | |
| CN101719991B (en) | Video matrix protocol converter | |
| CN206194233U (en) | Network security teaching system based on FPGA | |
| Coti et al. | Practical activities in network courses for MOOCs, SPOCs and eLearning with Marionnet | |
| Lucchese et al. | HoneyICS: A High-interaction Physics-aware Honeynet for Industrial Control Systems | |
| CN106448380A (en) | Network security teaching system based on FPGA | |
| Amoah et al. | Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170222 |
|
| WD01 | Invention patent application deemed withdrawn after publication |