ABSTRACT AQ:1 With the rapid development of the Internet, increasingly more attention has been paid to network security problems. A network security defense technology has become a very important research field. Currently, most network equipment transmits data in plaintext at the data link layer, which exposes important information, such as IP addresses, port numbers, and application protocols, to an attacker and provides an opportunity for network attacks. To protect a network against attacks and ensure its security, this paper proposes a mimic encryption system for network security. Based on the concepts of moving target defense and mimic security defense, using the principles of randomization, dynamism, and diversification, a data link layer mimic encryption system is constructed from the underlying network of an information system. By transforming the frame format, a reconfigurable encryption algorithm, an hash algorithm, and a pseudo-random number generator are used to design different combination encryption modes. Then, the hash value of an encrypted frame is obtained by performing the hash operation, and feedback update is performed to generate new key parameters for the hash key pool. In addition, the pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve ''one frame-one key''. Finally, an FPGA is used as the network encryption card, and a CPU is used to realize two-party key agreement and the upper layer application. Using the FPGA + CPU hardware and software collaboration, the attack surface is expanded. Taking advantage of the high anti-interference property of an FPGA, part of the attack against the software system is filtered. The experimental results and analysis show that the encryption and decryption performance of this system in a 10 G network are approximately 500 MB/s. Thus, the system can effectively prevent the leakage of user data and resist network sniffing, vulnerability attacks, exhaustive key search attacks, and ciphertext-only attacks. Moreover, this system provides high security.
I. INTRODUCTION
With the rapid development of computer networks, the number of security risks originating from networks is also increasing. Computer Security Institute (CSI) survey results show that cyberspace is currently facing a variety of attacks such as malware infection, bots/zombies within an organization, fraudulent representation of individuals or groups as senders of phishing messages, and the abuse of Internet access or e-mail by insiders [1] . The development of security precautions against these types of attacks on an existing network is very difficult. The problem of network security has become a hot topic throughout the world and in the academic community [2] , and extensive research has been performed.
In many network attacks, network sniffing [3] is a big threat to network security. It can be utilized to monitor all types of key information transmitted via an access network to steal and distort important information, including IP addresses, port numbers, and application protocols. Attackers can use such sniffing to perform many actions beyond their limits of authority. Simultaneously, there is a large number of security vulnerabilities in current network equipment and components. Attackers utilize routing equipment vulnerabilities and can directly eavesdrop on user's data in the core network [4] . The equipment suppliers themselves face difficulties in eradicating these vulnerabilities. In addition, vulnerability attacks and normal routing and switching behaviors are highly similar; thus, it is difficult to distinguish between them. The exposure of the ''PRISM'' program highlights the importance of improving the security of information transmission within a network.
Traditional network components, such as the hardware, operating systems, network protocols, IP addresses, port numbers, and routing mechanisms, are static, similar and deterministic. As a result, attackers can easily study their rules of operation, exploit security flaws, and perform detection for continuous intrusion. If we can change the state of the network system dynamically, we can block or disrupt an attacker, lower the threat of an attacker using unknown vulnerabilities, backdoors, viruses, or Trojan horses, and hinder the ability to perform internal and external network sniffing attacks.
In response to this problem, the American academic community has proposed a ''change the rules of the game'' technology, namely, moving target defense (MTD) [5] . The basic idea behind MTD is that the creation, evaluation, and deployment mechanism and strategy should be diverse, changing, and random to increase the difficulty of attack and improve the flexibility of a system. MTD involves moving the target to achieve the goal of protection technology. Examples of this process include changing IP addresses [6] - [9] , utilizing dynamic ports [10] , performing network routing and topology control [11] , conducting execution code randomization [12] , applying network address space randomization [13] , conducting instruction set randomization [14] , performing data randomization [15] and using a diversified compiler to generate different versions of the same software [16] . MTD technology attempts to reduce the static, isomorphic and determinate nature of a system to increase the complexity of attacks, making the object of an attack unpredictable and to ensure that an attacker does not have sufficient time to analyze the system, thereby increasing the difficulty and cost of attacks.
In China, Wu presented the idea of mimic security defense (MSD) [17] , with the theoretical basis being that ''the independent development of the devices or modules have common design defects, and lead to common mode fault situation is a small probability event''. By constructing the functional equivalents of various hardware and software heterogeneous redundant execution entities, under active or passive conditions, and performing the dynamic and pseudorandom selection of different execution entities, one can establish a variable execution environment and reduce system security risks. Simultaneously, the multi-mode decision mechanism was adopted to make the judgment of the output of multiple execution entities consistent. If the output result is inconsistent, an attack may occur. MSD not only greatly increases the difficulty of attack but also can detect a successful intrusion attack in real time.
Among many types of network security defense measures, the hardware structure and operating system security are the foundation, and cryptography is the key technology. Network encryption technology can guarantee the safe transmission of data and prevent network sniffing attacks. However, traditional network encryption uses the same key to encrypt all the frame data in the key life cycle. If an attacker intercepts a large number of frames encrypted using the same key, the attacker may successfully implement a ciphertext-only attack [18] .
To protect against a ciphertext-only attack and to satisfy the high-security requirements of certain situations, such as those involving confidentiality and military departments, we need to implement a dynamically variable encryption algorithm and encrypt each frame of data using different keys, that is, ''one frame -one key''.
Based on the concepts of MTD and MSD, this paper proposes a dynamic reconfigurable network mimic encryption system that uses an FPGA as the network encryption card, regards the upper layer information system as the protection target, and adopts the method of hardware and software cooperation to implement 10G Ethernet data link layer mimic encryption to prevent network sniffing, vulnerability attacks, exhaustive key search attacks and ciphertext-only attacks, thereby improving network security.
Our main contributions in this paper can be outlined as follows:
1) A network encryption system architecture with randomness, dynamics and diversity is given. By fully utilizing the uncertainty caused by the randomness, dynamism and diversity, the architecture makes it difficult for attackers to build a sustained and reliable attack chain. 2) A data link layer mimic encryption and decryption system with an FPGA is implemented. Key agreement and upper layer application to a traditional processor are realized. Taking a hardware + software approach, a diversified attack space is obtained, and the attack threshold is increased. Using the high anti-interference nature of the FPGA, part of the attack can be filtered. 3) A variety of reconfigurable encryption and decryption algorithms, hash algorithms and pseudo-random number generators are improved and optimized for the FPGA, and pseudo-random selection of different encryption algorithm combinations is conducted to encrypt each frame. 4) Combined with the idea of blockchain, using the unidirectionality and irreversibility of the hash function, hash processing is performed on the current frame, and the hash value is obtained to form the hash key (HK) pool. This value is used as the encryption key for the next round frame to achieve ''one frame -one key''. 5) The system is evaluated from several perspectives, including encryption and decryption performance, network performance, security and anti-attack performance. The experiments and analysis results show that our system has a 500 MB/s encryption and decryption performance in a 10G network and can effectively protect against various network attacks. The remainder of this paper is organized as follows. Section II introduces current cyber defense and mimic defense technology. Section III describes in detail the design of the data link layer mimic encryption system. Section IV analyzes and evaluates the system in several ways. Section V discusses the scope and limitations of the proposed method. Finally, Section VI concludes this paper.
II. RELATED WORK
The security of information transmission in a network is an important research topic of global network security; it is also the focus of the entire information security field. Network sniffing is currently a major threat to network security. It can be used to eavesdrop on a user's data, steal a user's identity, achieve unauthorized access and disguise attackers as legitimate users to obtain confidential data. To prevent such attacks, much research work has been performed.
A. CURRENT DEFENSE TECHNOLOGY
Dunlop et al. [6] proposed moving target IPv6 defense (MT6D) to dynamically rotate the IP addresses of both parties so that attackers cannot lock targets. The continuously changing addresses also force attackers to repeatedly sniff the target node. MT6D also provides encrypted tunnels to protect against targeted network attacks. When the original packet is encrypted, an attacker is unable to glean any useful information from the packet. Jafarian et al. [7] proposed the OpenFlow random host mutation (OFRHM) defense architecture based on software defined networking (SDN), which uses IP addresses and routing mutation to defend against network attacks. Jafarian et al. [8] proposed random host address mutation (RHM), which uses hierarchical fast transitions based on the address space and IP address to distort attacker reconnaissance and deter attacks. On this basis, Jafarian et al. [9] proposed the proactive-adaptive defense technique, which monitors an attacker's behavior in real time and performs active address hopping, thus significantly raising the bar against stealthy scanning. Luo et al. [10] proposed a port-hopping proactive defense technology, which constantly changes the service port number to thwart reconnaissance attacks. Kewley et al. [19] proposed dynamic network address translation (DYNAT) to defend against network sniffing attacks by changing the host identification information in the header. Okhravi et al. [20] proposed a trusted dynamic logical heterogeneity system (TALENT), which is a framework for live-migrating critical applications across heterogeneous platforms, providing cyber survivability via platform diversity.
In terms of network encryption, Lakhtaria [21] introduced a variety of network encryption methods and analyzed their strengths and standards. Chao et al. [22] described the architecture of a cyber-security processor (CYSEP). The CYSEP supports four major functions: firewall/intrusion detection, encryption/decryption, message authentication, and distributed denial of service (DDoS) attack protection. The CYSEP can support encryption and message authentication deployed at the application layer, the transport layer or the network layer to enhance cyber security. Niu et al. [23] presented a high-performance IPSec accelerator used in a 10 Gbps in-line network security processor (NSP). The NSP integrates the protocol processing and cryptographic processing using an IPSec protocol to ensure information security. Ahmad and Hawashin [24] proposed a novel secure network communication protocol based on the transformation from text data to a barcode image. Zhang et al. [25] proposed a lightweight encryption scheme for network-coded mobile ad hoc networks to improve the security of network transmission. To defend against web bots, Vikram et al. used an encryption and decryption mechanism to randomize HTML elements and parameters to prevent web crawlers from gathering web information [26] .
Many security applications have been transitioned into FPGA implementations that allow these security applications to run at real-time speeds [27] , [28] such as firewall and packet scanning in high-speed networks. Sourdis et al. [29] presented a hardware-based scanner and analyzed the packet payload method to detect hazardous content. They used a single Virtex2 FPGA device, which can match approximately 2200 intrusion detection patterns. Wicaksana and Sasongko [30] presented an architecture for a fast and reconfigurable packet classification engine (PCE). The PCE can be used in an FPGA-based firewall to ensure network security. Pontarelli et al. [31] , [32] promoted a highspeed FPGA network intrusion detection system (NIDS). The NIDS inspects the traffic flowing in a network to detect malicious content such as spam and viruses. In addition, Andel et al. [33] proposed a method that uses an FPGA to resist the exploitation of software vulnerabilities, with the flawless part running on a traditional processor and the defective part running on the FPGA so that an attack against the defective part cannot be expanded, thereby enhancing the security of the entire program.
B. MIMIC SECURITY DEFENSE
For information systems, mimic computing can be implemented by a variety of software and hardware variants with equivalent functions but different computing efficiencies. To improve the overall computational efficiency, mimic computing can reconstruct the corresponding system operation structure or execution environment in a timely and dynamical manner. The inherent dynamics, heterogeneity, and non-determinism of mimic computing naturally disrupt the integrity of attack chains that current attack technologies rely on. Thus, mimic computing enables information systems to have inherent active defense capabilities. Mimic security defense is based on the theory of mimic computing. By actively changing the basic elements of the information system components, it realizes the transition or migration of network, platform, environment, software, data and other structures. In addition, these dynamic changes are made to be controllable by the defender to realize a mimic environment. For the attacker, the target changes are difficult to observe and predict, thereby greatly increasing the difficulty and cost of an attack and greatly reducing the system security risk.
Hu et al. [34] introduced the mimic defense (MD) framework and 'dynamic, heterogeneity, redundancy (DHR)' core mechanism in detail. The basic components of DHR consist of heterogeneous variants, a dispatcher, a mimic scheduler and a policy-based arbiter. Their research mainly focuses on the evaluation issue of DHR and analyzes its performance with a theoretical model. In addition, their results show that MD can significantly increase the difficulty faced by attackers and enhance the security of cyber systems; an up to tentimes enhancement of security can be achieved. Ma et al. described the mimic defense system formally and analyzed the security effects of redundancy in mimic defense systems through results from Monte Carlo simulations [35] . Tong et al. [36] proposed a mimic defense web server with a dynamic heterogeneous redundancy structure to establish the software layer, data layer, operating system layer and other multilayer mimic defense. The web server can effectively resist many types of intrusion detection and attacks. After attack implantation, the system structure can be transformed so that the original attack will fail. Qi et al. [37] proposed Mcad-SA, an aware decision-making security architecture with multiple controllers, which exploits heterogeneity and redundancy from different controllers to prevent an attack proactively. The architecture utilizes the heterogeneity and redundancy of controllers to enable the control plane to operate in a dynamic, reliable and unsteady state, which significantly hampers the probing of systems and executing attacks. Hu et al. [38] designed and implemented a mimic network operating system (MNOS), an active defense architecture based on mimic security defense to ensure SDN control plane security. The architecture adopts a heterogeneous redundant network operating system (NOS), and a mimic plane is added between the traditional SDN data plane and the control plane to implement dynamic scheduling. This can effectively reduce the probability of successful attack and has good fault tolerance. Based on the mimic defense theory and technology, Liu et al. [39] proposed a framework against zero-day attacks. To protect the security of distributed storage systems, Li et al. [40] presented a storage architecture for mimic defense (SAMD). This architecture adopts heterogeneous a multi-random coding defense mechanism to actively and dynamically defend against indeterminate attacks.
However, there are also problems with mimic security defense. First, the system design is highly complex, and it is necessary to solve the problem of heterogeneous migration of hardware and software variants and task environments. These are extremely complex engineering problems. In addition, how to obtain security without degrading the performance of the system is also an urgent problem to be solved.
In summary, the use of dynamic, random IP addresses, port numbers, and platforms increases the difficulty of attack to some extent. However, if plaintext transmission is performed, an attacker, by collecting a large number of network frames and analyzing the relevance of different frame content, can still launch a successful attack. Moreover, if only simple network data encryption is conducted, exhaustive key search attacks and ciphertext-only attacks cannot be resisted. Third, an FPGA is a suitable and popular hardware platform for many network security applications, except for the application of firewall and packet detection, and can be used in MTD and MSD to expand the attack surface, increasing the difficulty of attack. Finally, for the problem of MSD, the combination of software and hardware can be used to reduce the system design complexity, and hardware acceleration can be implemented by the FPGA to ensure the high performance of the system. Therefore, this paper proposes a dynamic reconfigurable network mimic encryption system that combines MTD, MSD, network encryption and hardware protection to solve the above problems.
III. DESIGN OF DATA LINK LAYER MIMIC ENCRYPTION SYSTEM
A. SYSTEM ARCHITECTURE The data link layer is between the physical layer and the network layer and provides services to the network layer based on the service provided by the physical layer. The data link layer mimic encryption system is implemented by the CPU and the FPGA reconfigurable device. Data encryption is performed by inserting the FPGA encryption card into the PCIe slot of each computer. The key management module runs on the CPU and is mainly used for the two communication parties of a key agreement, initialization parameters, key distribution and FPGA status information statistics. Through the SPI interface, the CPU passes the parameters and keys to the FPGA. These are then parsed by the key management module of the FPGA. The FPGA is mainly used for the implementation of the mimic encryption and decryption modules. The reconfigurability of the FPGA, dynamic implementation of different encryption and decryption algorithms, and pseudo-random calls of these algorithms are used to perform data encryption and decryption. The FPGA can integrate multiple redundant 10G, 1G and 100M Ethernet network interfaces according to the changes in the network processing load and upper user configuration and dynamic switching of the network port and channel. By fully utilizing the flexibility and scalability of the FPGA, the system confuses attackers and prevents network attacks such as network sniffing.
The user sends the data to be encrypted via network layer protocol processing and then passes the data to the driver layer program to undergo further encapsulation. Next, the encapsulated data are passed by the PCIe bus in a direct memory access (DMA) manner to the FPGA. Finally, the FPGA mimic encryption module is used for frame encryption, and the appropriate network port is selected to send the encrypted data to the network. Frame decryption is the inverse process of encryption. The entire mimic encryption system architecture is shown in Fig.1 .
B. ENCRYPTION FRAME FORMAT
The basic function of the data link layer is to provide transparent and reliable data transmission to users. It is the physical layer used to transmit the original bit stream capability enhancement and transform the physical error provided by the physical layer connection into a logically error-free data link and is represented to the user as an error-free route. A frame is an important component of the data link layer and includes, for example, synchronization information, address information, data information, and checksum information. To facilitate and effectively encrypt these types of information and to prevent data leakage, it is necessary to transform the original frame structure. The encrypted frame format is compared with the general frame format, as shown in Fig.2 . The description of the encrypted frame format is given in TABLE 1.
As shown in Fig.2 and TABLE 1, the encrypted frame changes the frame checksum sequence (FCS) of the general frame from the original 4 bytes to the 2 bytes of the CRC16 frame checksum sequence and defines 1 byte of the remaining 2 bytes as the frame identification (FID), which is added to the frame format. The FID is mainly used to generate a pseudo-random number, to select the encryption algorithm and to preserve the frame order. The checksum field of the encrypted frame includes the FID, Destination, Source, Length/Type, and Data and Pad fields. The encrypted data include the Destination, Source, Length/Type, Data and Pad, and CRC16 fields. After decryption, the encrypted frame will remove the FID and CRC16 fields, revert to the general frame format, and provide undifferentiated services for the upper layer protocol. In addition, the data link layer supports up to 4096 bytes of jumbo data frames.
C. MIMIC ENCRYPTION AND DECRYPTION PROCESS 1) ENCRYPTION PROCESS
A mimic encryption system based on randomization, dynamic and diversification principles is used to complete the frame encryption. The encryption system is mainly composed of frame expansion, a pseudo-random selector, an encryption algorithm pool, a hash algorithm pool and an HK pool, which are described as follows.
• Frame expansion: mainly conducted to complete the transformation of the encrypted frame format and to add the FID and CRC16 fields.
• Pseudo-random selector: according to the input parameters, the result is generated by the pseudo-random number generator, and dynamic selection of the encryption algorithm and hash algorithm is carried out to achieve different encryption combinations.
• Encryption algorithm pool: encapsulates all types of full pipeline encryption algorithms used to form the IP core and uses centralized management for dynamic configuration to encrypt frames.
• Hash algorithm pool: encapsulates a variety of full pipeline hash algorithms used to form the IP core. The encrypted frame is computed by the hash algorithm to form the new key.
• HK pool: mainly provides the key for the encryption algorithm, which is initialized by the user, and then automatically updates based on the encrypted frame hash value.
The encryption process mainly involves frame expansion, encryption and HK pool update, as shown in Fig.3 . The specific steps are given in Algorithm 1.
Algorithm 1 Mimic Encryption Procedure
1: Negotiated by both parties of communication, configure the FPGA pseudo-random selectors Re 1 (x), Re 2 (x) and Re 3 (x), the encryption algorithm pool, the Hash algorithm pool, and the network port. Then, initialize the random seed and the HK pool parameters. 2: Expand the received data frame, fill the FID field, remove the FCS field, generate the CRC16 checksum and add it to the end of the frame. 3: Select the encryption algorithm from the encryption algorithm pool using the FID input Re 1 (x) to complete the first encryption of the frames; then, select the encryption algorithm using Re 2 (x) to complete the second encryption, that is, hybrid encryption. 4: Select the hash algorithm from the hash algorithm pool using the FID input Re 3 (x), truncate the first 64 bytes of the frame header as the input, generate the hash value, and update the key for the corresponding FID entry in the HK pool. 5: Simultaneously, send the encrypted frames from the FPGA.
2) DECRYPTION PROCESS
The decryption system mainly performs the parsing and decryption of encrypted frames. The system consists of frame parsing, a pseudo-random selector, a decryption algorithm pool, a hash algorithm pool and an HK pool. The frame parsing mainly completes the extraction of the FID field, the decryption algorithm pool encapsulates all types of full pipeline decryption algorithms, and the pseudo-random selector, hash algorithm pool and HK pool function are the same as in the encryption system. VOLUME 6, 2018 The decryption process is the inverse of encryption and mainly involves frame parsing, decryption and HK pool update, as shown in Fig.4 . To ensure the regular update of the HK pool, here, we first complete the frame decryption and then perform the CRC16 check. The process is shown in Algorithm 2.
Algorithm 2 Mimic Decryption Procedure
1: Negotiated by both parties of communication, configure the FPGA pseudo-random selectors Rd 1 (x), Rd 2 (x) and Rd 3 (x), the decryption algorithm pool, the hash algorithm pool and the network port. Then, initialize the random seed and the HK pool parameters. 2: Extract the FID field from the frame parsing and select the decryption key from the HK pool according to the FID. Meanwhile, select the hash algorithm from the hash algorithm pool using Rd 3 (x), truncate the first 64 bytes of the encrypted frame header as the input and generate the hash value. Then, update the key for the corresponding FID in the HK pool. 3: Use the FID input Rd 1 (x) from the decryption algorithm pool to select the decryption algorithm to complete the first decryption of the encrypted frame. Then, using Rd 2 (x), select the decryption algorithm to complete the second decryption, thereby reverting to plaintext. 4: Complete the CRC16 checksum on the frame after decryption. If the checksum yields an error, then discard this frame; otherwise, continue the execution. 5: Send the plaintext frame to the upper layer application.
D. IMPROVEMENT AND OPTIMIZATION OF MAIN ALGORITHMS
The pipeline structure can decompose a repetitive process into several subprocesses. Each subprocess can be performed simultaneously with other subprocesses to improve the efficiency of the system and achieve better parallelism. To improve the efficiency of the frame encryption and decryption, the encryption and decryption algorithm and the hash algorithm are implemented using the pipeline structure. The pseudo-random number generator and CRC16 are implemented in the parallel structure.
1) FULL PIPELINE ENCRYPTION AND DECRYPTION ALGORITHM
Encryption technology is a weapon of network security [41] - [43] , where mainstream encryption algorithms include DES, 3DES, AES128, AES256, SMS4, IDEA, Twofish, and Serpent. An encryption scheme based on the FPGA chip level will be of high speed, high security and low cost. Using FPGA reconfigurable technology, the circuit structure of the chip can be dynamically changed via user programming, and different encryption and decryption algorithms can be achieved. In this paper, AES128 is used as an example, and based on the idea of reconfiguration, the cryptographic algorithms are modularized. The full pipeline encryption and decryption structure of the AES is thus implemented.
The AES consists of KeyExpansions, AddRoundKey, SubBytes, ShiftRows and MixColumns steps. The SubBytes operation realizes the confusion principle, and the ShiftRows and MixColumns operations mainly achieve the diffusion principle. Since each round of KeyExpansions and SubBytes needs to consume 20 S-boxes, the overall pipeline needs 200 S-boxes, and the design of the S-box represents an important position in the AES hardware implementation. Here, the storage of S-boxes is realized using FPGA embedded memory BlockRam, which can reduce the utilization of resources and improve the routing frequency compared to the lookup table (LUT) method.
For the key expansion module, the input is a 128-bit key, computed via the 4-stage pipeline operation of left shift, SubBytes, XOR, and result caching. This generates the output of the current round and is used as the input for the next round. The formula for each round of key expansion is as follows: 
where key_next represents the output of the key of the current round, RotWord represents the 1-byte left loop shift, and
The number of clock cycles for single-round key generation is 4. Each clock cycle key_next will pass its value to 10 groups of a 128-bit W _array as the key input for each round of the encryption module.
For each round of the encryption module, the SubBytes submodule uses 16 S-boxes for parallel calculation and outputs the result in one clock cycle. Its operation process is as follows: (2) where data_in represents the 128-bit input and sub2shitf represents the 128-bit output.
Then, the result of SubBytes is passed to the ShiftRows submodule, and the row shift replacement operation is completed in one clock cycle. The replacement procedure is as follows: [5] , State [10] , State [15] 
= {State [4] , State [9] , State [14] , State [3] 
= {State [8] , State [13] , State [2] , State [7] }, shift2mix
where State is the 8-bit state matrix and shitf 2mix represents the 128-bit output, 0 ≤ i ≤ 15. Next, the result of ShiftRows is passed to the MixColumns submodule, which completes the column mixed transformation operation in the domain GF(2 8 
The process of multiplying its domain by 0x02 and 0x03 is as follows:
where State_Mulx2 represents the result of the domain multiplied by 0x02 and State_Mulx3 represents the result of the domain multiplied by 0x03, 0 ≤ i ≤ 15. Thus, for the first column, the MixColumns operation is as follows: [1] ˆState [2] ˆState_Mulx2 [3] , (6) where mix2key represents the 128-bit width output. The operations of the second to fourth columns are the same. Finally, the results of the MixColumns submodule and key expansion module are obtained using the AddRoundKey submodule in 1 clock cycle, and the XOR operation is completed for the output. The AES single-round encryption process is a 4-stage pipeline. Its structure is shown in Fig.6.   Fig. 6 . AES single-round encryption structure. Both the round key expansion and encryption modules adopt parallel processing. A single round is a 4-stage pipeline, and the whole AES pipeline structure has 42 stages, as shown in Fig.7 . The 1st through 9th round of the operation are exactly the same, with each subsequent round using the results of the previous round. For the 10th round, there is a lack of intermediate MixColumns operations.
The order of key selection in AES decryption is the opposite of that of encryption, and the key expansion process is irreversible. Therefore, when decrypting, it is necessary to generate all round keys at once and save them in registers. Simultaneously, the same stage as that of the encryption pipeline must be reached to ensure the same decryption efficiency. In the decryption module, the key expansion uses a 10-stage pipeline to complete the calculation; the singleround decryption submodule is completed using a 3-stage pipeline, and the overall pipeline consists of 42 stages. To reduce the resource consumption and increase the clock frequency, the Inv_ShiftRows and Inv_SubBytes operations are merged to complete the calculation in one clock cycle. Moreover, both the AddRoundKey and Inv_MixColumns operations can be performed in one clock cycle. In addition, 41 groups of initial key values need to be cached for the 10th round of calculation. The AES decryption pipeline structure is shown in Fig.8 .
On the FPGA chip, the AES encryption algorithm takes 2285 slices after the synthesis, placement and routing; the frequency is at most 335 MHz, and the throughput is 42,880 Mbps. The decryption algorithm takes up 2516 slices, the frequency is at most 340 MHz, and the throughput is 43,520 Mbps. Clearly, both encryption and decryption have high rates. Other encryption and decryption algorithms are implemented in the same way and are added to the algorithm pool.
Furthermore, because DES, 3DES, AES, etc. are block cipher algorithms, when the data block length does not meet the given requirements, the encryption and decryption cannot be performed properly. To satisfy the encryption and decryption for any frame length, we adopt the method of data scrambling to address the last block that does not satisfy the length. Assuming that a frame is grouped as frame = (f b 1 , f b 2 , . . . , f b n ) , if the length of fb n meets the given requirement, it goes directly to the encryption algorithm flow. Otherwise, using the last unencrypted group fb n−1 , it performs XOR processing on fb n , that is, f b n = f b n ⊕f b n−1 . When decrypting, fb n−1 is decrypted first; then, the XOR operation is performed to decrypt f b n , that is,
Because the scrambling of fb n occurs before the fb n−1 encryption and after the fb n−1 encryption, it becomes f b n . The attacker is thus unable to obtain the key of fb n and cannot restore fb n .
2) FULL PIPELINE HASH ALGORITHM
The hash algorithm is widely used in cryptography and data processing [44] - [46] . The commonly used hash algorithms are MD5, SHA1, SHA256, SHA512, RIPEMD160, HMAC-MD5, and HMAC-SHA1. The following is an in-depth analysis of the MD5 algorithm, which is used to illustrate the full pipeline structure of the MD5 algorithm hardware implementation. On this basis, other hash algorithms are achieved.
The MD5 algorithm fills the initial information into 512 bits and initializes it to 16 32- 
where f is the nonlinear function of each iteration, k is the initial parameter, leftrotate is the left shift function, and r is the left shift parameter. Finally, the cascaded output with a 128-bit hash value is given by
Clearly, a, c and d can be obtained directly via value passing, while b requires complex operations, and the delay consumption is concentrated along the critical path of b. For the FPGA, the delay of addition is much larger than the bit operation. Therefore, to reduce the use of adders, we define the carry-save adders CSA and CSA4 as follows:
Then, the calculation of b can be simplified as
By adding the two functions of CSA and CSA4, the four modulo 32 additions are simplified to two. For the calculation of b, this not only shortens the critical path and reduces the delay but also reduces the hardware area. The optimized MD5 single iteration process is shown in Fig.9 .
Furthermore, to optimize the pipeline structure, the calculation of b and the pipeline must be done independently. of 32-bit width is defined in the main structure (starting from the 50th iteration, part of w_next will be optimized away because it is not involved in the calculation) to pass its value to each round of wt, and the initial parameter k[0 : 63] is defined to provide parameters for each iteration calculation. The whole calculation process for MD5 is shown in Fig.10 .
On the FPGA chip, MD5 occupies 3391 slices after synthesis, placement and routing; the frequency is at most 256 MHz, and the throughput is 131,072 Mbps, achieving high performance. Furthermore, based on the full MD5 pipeline structure, other hash algorithms are implemented in a similar manner and added to the hash algorithm pool.
3) PSEUDO-RANDOM NUMBER GENERATOR
The pseudo-random number generator [47] has a wide range of applications in spread spectrum communications, information encryption, system testing and other fields. The choice of pseudo-random numbers starts from random seeds. Thus, to ensure that the pseudo-random numbers obtained are sufficiently ''random'' each time, the selection of the random seed is very important. If the random seed is the same, then the random number generated by the same random number generator will also be the same.
The most common method for generating pseudo-random numbers is to use a feedback shift register, which consists of two parts: a shift register and a feedback function. When the feedback function is a linear function, the feedback shift register will be a linear feedback shift register (LFSR), as shown in Fig.11 . where f n is the feedback factor, 1 indicates a connection, while 0 indicates no connection.
Clearly, the output sequence of the LFSR is periodic, and an n-level LFSR provides up to 2n − 1 states (excluding all 0 states). Depending on the methods of feedback, the characteristic polynomial of the LFSR can be defined as
To further increase the quality of the LFSR-generated random number, the disturbance factor is added. For the pseudorandom selector, the FID can be used as the disturbance factor, and the XOR operation can be utilized for the feedback value and the FID. Then, the output is as follows: a 2 , a 3 , .., a n ), (12) where a i (1 ≤ i ≤ n) represents the current LFSR state.
This paper defines the 8-bit random number as randum, randnum and the 8-bit random seed as seed. For each random number generation scheme, 3 different LFSRs, which are configured by the user, are built in. In addition, their randomness and diversity are used to confuse attackers.
4) CRC16 PARALLEL ALGORITHM
CRC16 is one of the most commonly used error checking codes for frames and can be implemented on an FPGA at high speed [48] to meet the needs of 10G network transmission. In this paper, the CRC16 generator polynomial is x 16 +x 12 +x 5 +1, and the initialization parameter is 0xFFFF, therein using big-endian alignment. To satisfy the computing requirements, CRC16 calculation is implemented in a parallel manner. For the 8-bit parallel CRC16 operation, let d be the input, and let c correspond to the last round of the CRC16 checksum. Then, the new checksum newcrc has the logical relationship shown in TABLE 2.
According to the logical relationship in TABLE 2, the 8-bit parallel CRC16 hardware operation circuit can be implemented directly on an FPGA, as shown in Fig.12 .
Furthermore, the 16-bit, 24-bit, 32-bit, 40-bit, 48-bit, 56-bit and 64-bit parallel CRC16 operations are implemented on the FPGA, as shown in Fig.13 . According to the frame length, the algorithm calls the corresponding CRC16 operation module and completes the checksum calculation.
5) KEY MANAGEMENT
The mimic encryption system initialization parameters are obtained mainly using the CPU to call the interface of the SPI. The CPU writes data to the RAM via the SPI, and the FPGA reads and judges according to the RAM address to achieve the control commands, network port parameter configuration, pseudo-random number generator, HK pool and other initialization parameters. Subsequently, the FPGA writes the system status information to another RAM, including the control response, the number of frames received and sent, the frame loss rate and the checksum error. The CPU reads and completes the statistics of this information via the SPI. The FPGA key management structure is shown in Fig.14 . In Fig. 14, inRAM and outRAM are implemented using a double-port RAM. inRAM is used to store the SPI data transmitted by the CPU, while outRAM is used to store the system status data, which are passed to the CPU via the SPI. The data in outRAM can be read and processed by the CPU from the start address to the end address in turn. There is a need to distinguish data from the inRAM, which are parsed separately according to the address. The date format of inRAM and outRAM is shown in TABLE 3. The unused address fields in the table are retained and fully initialized to 0.
6) HK POOL MAINTENANCE
The ''one frame -one key'' concept is the main constraint on the key life cycle. Each key is discarded after the completion of one frame encryption. To ensure regular decryption, key synchronization between the encryption and decryption sides is required. In the mimic encryption system, the key that participates in the frame encryption comes from the hash value of the previous round of the ciphertext frame header. Thus, it is necessary to maintain an HK pool on the encryption and decryption sides. The HK pool depth must be greater than the maximum number of iterations in the hash to ensure that the key is generated before it is used in the next round. In this paper, the depth of the HK pool is 256, and the width is 128 bits.
The HK pool of the encryption and decryption sides is maintained in a dual port RAM of the FPGA, and its contents are shown in TABLE 4. The encryption and decryption directions of the HK pool need to be updated in real time. In the encryption direction, each time the system receives a frame that needs to be encrypted, the HKey of the corresponding entry is first fetched from the HK pool by FID, and then, this entry is locked and marked as ''Old''. When the encryption is completed, the hash value of the ciphertext header (64 bytes) is fed back into the HK pool, and the entry marked ''Old'' is updated. Finally, the lock is removed so that the entry is opened for subsequent frames. The process is shown in Fig.15 . Regarding the HK pool in the decryption direction, it can be updated immediately while receiving the ciphertext frame. After the corresponding number of HKeys are extracted from the HK pool, the hash value of the ciphertext header (64 bytes) is then fed back into the HK pool. The process is basically the same as that in the encryption direction.
IV. EXPERIMENTAL COMPARISON AND RESULT ANALYSIS
A. SYSTEM IMPLEMENTATION This paper sets up the system using a server, an FPGA and switches; their basic information is shown in TABLE 5. The development environment is Vivado v2015.4 (64 bit). The environment mainly implements the mimic encryption system in a 10G network. From TABLE 5, the XC7K325T FPGA uses the FFG676 development kit; supports 400 I/O pins and various memory devices, including low latency, high-speed lookup QDR II+, and performance-oriented, high-capacity DDR3; and possesses a high-speed MAC/PHY physical transceiver and a GTX transceiver with 500 Mb/s to 12.5 Gb/s data processing capabilities. High-speed data transmission is achieved using a 4-channel PCIe slot direct-connection GTX through the base address register (BAR) and DMA way. The FPGA structure is shown in Fig.16 .
The FPGA is loaded with a PCIe module, DMA module, SFP module, SPI module, frame expansion and analysis For the mimic encryption system, we configure the router to broadcast mode and configure the SFP_10GE_MAC send and receive interface parameters as follows: tx_configuration_vector = 80'h0000000000000000001A, rx_configuration_vector = 80'h00000000000000000012. We also make it no longer perform the FCS checksum.
Simultaneously, to ensure normal encryption and decryption and to prevent a system error caused by frame overflow, at the system SFP_10GE_MAC transceiver interface, we set two large cache fifo that can cache four 4096-byte frames. In addition, we set a prog_full flag bit. If the fifo is found to be full, then we trigger the SFP_10GE_MAC frame flow control function and automatically send the PAUSE frame. Then, we suspend the data transmission. Next, the asynchronous fifo of the AIX bus is placed between each function module and used to cache data between different frequency module interactions. Finally, the generated bit files are written to the FLASH and dynamically loaded via the command line.
The mimic encryption system in this paper encapsulates the AES and 3DES pipeline algorithms to implement the encryption and decryption algorithm pool and encapsulates the MD5, SHA1 and SHA256 pipeline algorithms to form the hash algorithm pool. The implementation of each algorithm is shown in TABLE 7.
The above algorithm modules all work at 156.25 MHz. Due to the adoption of different pipeline encryption algorithms, the encryption cycle is different, and two consecutive frames may use different encryption algorithms. To ensure that the frame flow out is in order, that is, to ensure frame order preserving, we need to synchronize the encryption algorithm in different periods. Here, the cache output method is used to make the number of algorithm cycles equal.
When the FPGA is configured for the dual SFP network interface, using AES and 3DES as the encryption algorithm pool and SHA1 as the hash algorithm pool and with frames encrypted and decrypted at the MAC layer, the total resource occupancy is 34,573 slices, and the resource ratio is 67.86%, which fully satisfies the mimic encryption system design requirements.
B. PERFORMANCE ANALYSIS 1) SCHEME ANALYSIS AND COMPARISON
Assume that the frame takes n clock cycles during the encryption process and that the hash process requires m clock cycles. The encryption process and the hash process are executed independently. The minimum frame length is 64 bytes, and the maximum frame length is 4096 bytes. A total of 8 bytes of data are transmitted in each clock cycle. Three schemes, namely, serial, parallel and pipeline, are used to achieve the mimic encryption system. Their comparative analysis is as follows.
1. In the serial scheme, if only one encryption module is used, each clock can handle 8 bytes of data, the shortest frame needs 8 × n clock cycles to complete the entire encryption process, and the longest frame needs 512 × n clock cycles. Clearly, the next frame must wait for the last frame to finish encryption so that it can then continue to be encrypted. The larger the frame length, the longer the next frame will wait. If the hash algorithm is implemented in serial mode, the first 64 bytes of the encrypted frame are processed by the hash; then, more than m clock cycles are required, that is, the processing of each frame requires an additional m clock cycles.
2. If multiple modules are used in the parallel scheme, the number of modules is p. If p is greater than n, continuous frames of equal length can be input directly into the encryption module and the hash module without waiting; for frames of unequal length, the order-preserving function needs to be added. For example, when the frame with a larger amount of data first enters the encryption module p i , the frame with a smaller amount of data then enters the encryption module p j . Since the frame encryption cycle for a smaller frame is short, it is encrypted ahead of the larger frame. To ensure that the frame first-in first-out principle is followed, an additional order-preserving function is required. If p is less than n, the first p frames can enter the encryption module and the Hash module in turn. For the p + 1-th frame, when 8× (n−p) > m, at least 8× (n−p) clock cycles need to pass; when 8× (n−p) ≤ m, at least 8× (n−p)+m clock cycles need to pass, for a total of up to 512 × (n − p) clock cycles. Although this scheme is more efficient than the serial scheme, the maximum encryption efficiency can be increased p times. However, if n is large and n > p, the efficiency of the entire encryption process remains low. For multi-module parallel implementation, the FPGA routing resource requirements are also much higher.
3. If the pipeline scheme is adopted and its stage is n, any number of frames can be encrypted continuously. When the first frame is sent through the pipeline, the second frame can be directly entered into the pipeline without waiting for the first frame to finish undergoing encryption. The encryption efficiency is n times that of the serial scheme. When n > p, the scheme is improved by at least 8 × (n − p) /(8 + n) times compared with the parallel scheme, and when n ≤ p, the routing efficiency and resource consumption are better than those under the parallel scheme. Simultaneously, the hash algorithm is implemented using the pipeline structure, and when the encrypted frames flow out in sequence, they can immediately enter the hash pipeline to obtain the hash value. Because the HK pool depth is 256 and m < 256 and because the i-th and i + 1-th frames take different keys, the updated HK pool serial number is different and will not cause congestion.
Using AES and 3DES for the encryption algorithm and SHA1 for the hash algorithm, the serial, parallel and pipeline schemes, respectively, can be implemented. The serial scheme occupies 803 slices of resources; the number of parallel modules is 20, and the occupied resources consist of 15,873 slices. The pipeline scheme requires 9975 slices. After encrypting 100 sets of frames of different lengths, a comparison of their execution times is generated, as shown in Fig.17 .
As shown in Fig.17 , the pipeline scheme is superior to the serial and multi-module parallelism schemes, therein having a shorter execution time and higher efficiency for encryption and decryption.
2) THROUGHPUT OF ENCRYPTION AND DECRYPTION
The throughput calculation formula [49] is as follows:
where T is the throughput, B is the data block size, f max is the maximum clock frequency for each scheme, N is the pipeline stage, and d is the calculation delay. According to the implementation of the encryption algorithm and the hash algorithm, the throughput of each algorithm is calculated using formula (13), and the result is shown in Fig.18 . As shown in Fig. 18 , the throughput of the proposed algorithm is more than 10 Gbps, which can fully meet the needs of encryption and decryption in a 10G network.
3) NETWORK PERFORMANCE TESTING
When using the PCIe DMA method to transfer data, and based on the underlying driver of the server used to transmit data to the FPGA, to distinguish between different frames, the original frame needs to be further encapsulated, and 8 bytes need to be added to the data header, including 1 byte for frame identification and 2 bytes corresponding to the field length. Furthermore, to achieve the seamless transmission of data, a frame must be divided into three parts, the head, the middle and the tail, and different addresses need to be written. Then, the frame needs to be parsed by the FPGA according to the header and loaded into the mimic encryption system. The writing and reading performance of this method is approximately 500 MB/s. VOLUME 6, 2018 In the 10G network, the DMA method is used on the encryption side to send a large number of encrypted frames, and the CPU and FPGA are used on the decryption side for processing respectively. Then, the decryption side immediately returns a response information to the encryption side. For the case of processing 128-byte encrypted frames, the response delay comparison results for an increasing number of frames are shown in Fig.19 . As shown in Fig.19 , for the encrypted frame processing, the FPGA response delay is significantly lower than the CPU response delay, and as the network load increases, the CPU and FPGA response delays also increase.
For a set of 100,000 encrypted frames, as the frame length increases, the CPU and FPGA processing times change as shown in Fig.20 .
As shown in Fig.20 , the time required by the FPGA to encrypt frames is significantly better than that required by the CPU. This is mainly due to the FPGA omitting system scheduling, which speeds up the network transmission and encryption data processing. In addition, as the encrypted frame length increases, the FPGA and CPU processing times also increase.
If only two FPGAs are used, one on the encryption side and one on the decryption side, the frame is automatically generated by the encryption-side FPGA, encryption is completed, and the frame is sent out. The decryption-side FPGA receives the encrypted frame and decrypts it. The communication speed is up to 10 Gpbs. In other words, if the FPGA encryption card is placed on the switch side, it can fully meet the mimic encryption and decryption requirements of the 10G network.
C. SECURITY ANALYSIS 1) MIMIC SECURITY ANALYSIS
If the mimic encryption system is represented by the symbol , it can be described by a 3-tuple as = {Ec, Key, NI }, where Ec represents the encryption algorithm, Key represents the key, and NI represents the network interface. The multiple phases of the system have several different encryption schemes, and if represented by a state vector (t) = {Ec(t), Key(t), NI (t)} at a certain time, a finite state set can be used to represent all the different states of the system, that is,
. . .
The components of the vector represent the changes in the system encryption algorithm, the key and the network interface channel. Regarding a traditional encryption system, its encryption algorithm, key and network interface are unchanged during the operation, and (t 1 ) = (t 2 ) = . . . = (t l ), that is, the traditional encryption system is static and deterministic. Simultaneously, for two different traditional encryption systems, the encryption algorithm may be the same, but the key will be different, though similar.
The mimic encryption system is dynamic, diverse and random. The descriptions of these characteristics are as follows.
a: DYNAMIC
The encryption and decryption algorithm of the mimic system is dynamically reconfigurable. After negotiation with the user, it can dynamically partially reconstruct the encryption algorithm and the hash algorithm and then complete the switching between different algorithms. Additionally, the frame FID is time varying, with 256 as a cycle and changing from 0 to 255 in turn. Simultaneously, the pseudo-random number generator also produces different cyclic states with different seeds. In combination with FID scrambling, different algorithms are dynamically selected from the encryption algorithm pool. Finally, the system key is constantly changing, and at a given point in time, the value is different from that at other moments, namely, Key(t 1 ) = Key(t 2 ) = . . . = Key(t l ).
b: DIVERSE
The mimic encryption system consists of a pseudo-random number generator, an encryption algorithm pool, an HK pool and other different elements, and each element has several different states. Thus, the whole system has many different states. Assuming that the system encryption algorithm pool is Ec = {ec 1 , ec 2 , ec 3 , . . . , ec n }, the number of encryption changes is n 2 .
The system has multiple redundant network interfaces, according to the user configuration, and can dynamically choose a network interface with different rates and different channels. Assuming that the system has m network interfaces, the number of combinations of encrypted frames sent is n 2 × m. For the same frame content, since the depth of the HK pool is 256, there are at most 256 different keys. Thus, there are 256n 2 types of encrypted ciphertexts for the same frame.
c: RANDOM
Using the pseudo-random number generator, the algorithm selection of the encryption algorithm pool possesses certain degrees of randomness. In addition, different random number seeds can be initialized via CPU key negotiation. In addition, the system sets up multiple sets of LFSR programs, and in the encryption process, different LFSR programs can be chosen to generate different random number sequences.
Furthermore, for one of the columns of the reachable states of the mimic encryption system, at time t j , (t j ) can be expressed as a 0,1 binary sequence. Then, the transformations at different times in the whole system state space can be regarded as binary representations of the pseudo-random sequence. With the state of the mimic system constantly changing, attackers are disrupted, thus cutting off the attack chain.
2) ENCRYPTION SECURITY ANALYSIS
The mimic encryption system encrypts all the information above the IP layer, including the IP address, port and application protocol, making it impossible for an attacker to obtain user-related information and increasing the difficulty of attack. The encryption algorithm pool composed of AES and 3DES has high security and can provide high-quality data protection. Simultaneously, the encryption algorithm has a rather high complexity, causing an attacker to require more overhead compared to the possible benefits. For example, for the AES algorithm, its decryption is more complex and time consuming than encryption, and it increases the overhead of system storage.
The mimic encryption system can effectively resist an exhaustive key search attack. The key length generated by the HK pool is more than 16 bytes. For a 16-byte-long password consisting of lowercase letters and digits, the total password space is 36 16 . Assuming that the system can break the AES at a speed of 64 Gp/s, it would take 3943242.004 years to search this space. Simultaneously, frames of arbitrary lengths can be encrypted. The scrambling method is used to specifically address the last blocks of frames so that an attacker cannot guess the specific encryption method. In addition, two encryption algorithm pools are used for cross-encryption, which further improves the security of the encrypted data. Although cracking a single encryption algorithm may require less time, the cost of cracking two encryption algorithms increases exponentially.
Moreover, the hash operation is irreversible, and the hash value of the encrypted frame is used as the key for the next round, protecting the frame data and preventing attackers from backstepping the key against the frame content. Simultaneously, the hash values obtained by the hash function for different content are different. Any change in the input information will lead to significant changes in the hash results, thus ensuring the substantial difference in key parameters in the HK pool. The hash operation also has an anti-collision property, meaning that one cannot find the same hash results for two different pieces of information, which can effectively prevent differential attacks. For example, MD5 is an operation on the order of 2 128 , SHA1 is an operation on the order of 2 160 , and SHA256 is an operation on the order of 2 256 . Finally, different keys are used for different frames, and once a key is used, it is updated immediately. Even if an attacker steals all the data, it can only crack one frame of data at a time. The cracked key cannot be used to decrypt other frames, thus ensuring the high security of the data.
3) ANTI-ATTACK ANALYSIS
The data link layer only guarantees that full effort must be made to transmit data. Thus, there may still be errors, such as frame loss, frames being out of order, and link signal hopping, during the transmission. In the above case, frame loss will cause the HK pool update to fail, making it impossible to decrypt the frame in the next round with the same FID. Regarding the out-of-order frame error, the HK pool can still be successfully updated; however, when applied to the upper layer application, data disorder will be present. Concerning link signal hopping, if the first 64 bytes of the frame data are changed, then the HK pool will fail to update, causing decryption of the current frame and that of the next round with the same FID to fail. If the frame data after 64 bytes are changed, the HK pool can still be successfully updated, and frames of the next round and beyond will not be affected, but the current frame will experience decryption failure and be discarded. However, the quality of the current communication lines has been greatly improved, and the mimic encryption system ensures that the encrypted frame follows the first-in first-out principle. Thus, the occurrence probability of such cases is extremely low.
Regarding a tampered encrypted frame, if an attacker tampers with the frame FID, the decryption will fail. However, since the decryption is performed first, followed by a CRC16 check, the CRC16 checksum will indicate an error after the decryption fails, resulting in the frame being discarded. If the first 64 bytes of the frame are tampered with, the HK pool will not be updated, and the decryption will fail, with the frame subsequently being discarded. If the data after 64 bytes of the frames are tampered with, the decryption will fail, and the frame will be discarded. Clearly, as long as the attacker tampers with any byte of the encrypted frame data, decryption failure will occur, resulting in frames being discarded. At this point, the real-time monitoring of the behavior and the number of frames discarded can be conducted via the CPU. If a large number of frames are found to be discarded, the system will be regarded as having been attacked by an attacker. As a result, communication will be terminated or the network channel will be replaced.
Using a set of 100,000 frames and simulating the behavior of an attacker tampering with an encrypted frame in any field of the frame, an analysis of the operation of the system is conducted. The results are shown in Fig.21 . As shown in Fig.21 , as the number of attacks on encrypted frames increases, the proportion of successfully decrypted frames decreases. In addition, tampering with the encrypted frame FID and with the first 64 bytes of the frame data have greater impacts on system decryption than does tampering with other bytes.
A large number of interference frames will lead to HK pool update and decryption failure, thus affecting the normal system operation. This situation is unavoidable for any network encryption system. As long as the interference frames disrupt the normal encryption and decryption order, the system will be strongly impacted. For example, DDoS attacks can cause normal network paralysis.
The mimic encryption system can effectively resist exhaustive key search attacks, ciphertext-only attacks and differential attacks. With the constantly updated keys and dynamically changing encryption algorithms, that is, by following the ''one frame -one key'' principle, attackers can effectively be prevented from using exhaustive attacks and ciphertext reverse keys, ensuring that attackers cannot decrypt all the data properly. Simultaneously, the hash value of the first 64 bytes of the encrypted frame is taken as the key for the next round. Since the hash value is essentially irregular symbolic data, it is difficult for attackers to perform reasoning analysis. This feature effectively hinders the use of differential attacks to crack ciphertexts and prevents the unauthorized disclosure of data and unknown changes.
Finally, the mimic encryption system adopts an FPGA alongside a CPU, namely, hardware and software collaboration. All the frame data must be ''reviewed'' by the FPGA, which can prevent unauthorized access to data and network attacks, making its security substantial higher than that of software security products. Using an FPGA to configure the parameters of the SFP_10GE_MAC transceiver interface, unidirectional transmission control, protocol filtering and content filtering of frames can be realized. This effectively prevents the exploitation of target host system vulnerabilities and weaknesses, thus stopping the target host (e.g., servers, firewalls and other network equipment) from being used to perform targeted intrusion and destruction, monitoring and control, confidential information theft and other illegal activities. Moreover, using FPGA hardware encryption, only the decrypted data can be transmitted to the upper software application, making any frames containing malicious content show only gibberish, thus rendering normal attacks on the software system useless. Even if an attacker carefully constructs a data frame, because of the use of the ''one frame -one key'' principle, only one or several frames can pass through the decryption module, preventing the attack chain from being fully implemented.
4) COMPARISON WITH OTHER SCHEMES
Defense features, such as randomization, diversity, multiinstance, hardware protection, intrusion detection, and ciphertext-only attack resistance, are compared with different defense mechanisms, as shown in TABLE 9.
As shown in TABLE 9, the mimic encryption system not only combines the randomness, dynamic and diversity defense features of MTD and MSD but also integrates hardware protection and reconfigurable encryption technology to effectively resist ciphertext-only attacks. However, this system is unable to resist viruses and other malicious programs or code embedded from operating system intrusion attacks.
V. SCOPE AND LIMITATIONS
The mimic encryption system can be deployed at various places in the network to enhance the cyber security of data transmission. The edge of the network is the first line of defense against malicious attacks. This system uses the ''one frame -one key'' encryption method to protect the transmission of sensitive data and has good reliability. Meanwhile, the system is situationally aware and thus should be able to detect network attacks. It can dynamically reconstruct the FPGA on-chip structure according to the CPU configuration parameters to realize functions such as frame filtering, frame counting and unidirectional transmission control. As a result, it can provide hardware encryption and protection for data security at the edge of the network and increase the threshold of network attack from the source. Second, the mimic encryption system can be used as an encryption card and built into a computer through the PCIe bus to perform data link encryption. The receiver is each node machine on the transmission path and decrypts the encrypted information in turn after receiving it. Therefore, it can be used as an important security device in the construction of electronic financial networks to realize the rapid and secure release of important data. Finally, the system can also be deployed as a cipher machine on the client and server in the local area network to complete end-to-end data encryption transmission. For internal communication in military and government secrecy applications, the system provides high-security services from the inside to the outside of the network.
Obviously, the mimic encryption technology can also be applied in the blockchain, cloud security, data security, and system security fields. With heterogeneous multi-chain, mimic encryption transmission can be combined with hardware firewalls, physical random number generation and other technologies to improve the overall security of the blockchain. With the heterogeneous technology and dynamic selection mechanism of mimic defense, the migration and storage of core data in the data server and the cloud data center can be completed with the mimic encryption to ensure the security of the information. Based on these features, a multi-dimensional reconfigurable defense system is established, and the mimic encryption mechanism is flexibly adapted to different application scenarios such as cloud security, data security, and system security. Simultaneously, with increasing heterogeneity on the time dimension through dynamic updates, using hardware encoding and decoding, the instructions, addresses and data are encrypted randomly, and the system uncertainty is increased without reducing the performance; this increases the difficulty of attacks.
Because the mimic encryption system has high requirements on the quality of the communication link, if packet loss or link signal hopping occurs, some data decryption will fail. However, under the premise of stable communication quality, if such errors occur, the system will resume normal encryption and decryption with updates of the HK pool key after one or two cycles of operation. The data that fail to be decrypted need to be resent by the encryption end to ensure the integrity of the data. Second, the system does not provide key backup and recovery functions. To achieve high security via the ''one frame -one key'' principle, the current key will be updated and destroyed immediately after it is used. Finally, the mimic encryption system cannot address attacks such as denial of service and DDoS attacks, as such attacks mainly focus on preventing the targets from providing services by exhausting their limited resources. Therefore, the improvement of such functions, such as processing after decryption failure, key backup and DDoS attack resistance, needs further research and implementation.
VI. CONCLUSIONS AND FUTURE WORK
In this paper, the proposed mimic encryption system, which is mainly composed of a reconfigurable encryption algorithm, a hash algorithm, a pseudo-random number generator, key management, and an HK pool, uses randomness, a dynamic nature and diversity to achieve a dynamic variable encryption algorithm combination. The combination of the hash value of the encrypted frame as the key and the pseudorandom selection of the encryption algorithm and matching key is used to achieve the ''one frame -one key'' principle. Meanwhile, via the use of an FPGA combined with CPU, hardware and software collaboration is achieved for the entire system. The experimental results and analysis show that the mimic encryption system achieves high encryption and decryption throughput as well as high security. It can effectively prevent data leakage and tampering, disrupt attackers, reduce the effectiveness of network sniffing and vulnerability attacks while resisting the exhaustive key search attacks and ciphertext-only attacks. This system is thus suitable for situations with high security requirements.
However, because of the deployment of the system at the data link layer, the encrypted frame can only be transmitted in broadcast mode, which limits the application of the system to some extent and implies that further study and solutions are needed. Simultaneously, further research on the FPGA is VOLUME 6, 2018 needed to implement the TCP/IP layer protocol. In combination with MTD, MSD technology is used to dynamically change the IP address and port number via the collaboration of an FPGA and traditional processor; thereby, TCP/IP layer mimic encryption is implemented to expand the attack surface and improve the network attack threshold. Additionally, the use of an FPGA encryption card with SDN technology must be studied with a time-varying network to achieve an effective mimic defense. By changing the network routing and composition, a combination of multi-layer changes can be formed to achieve robustness against network attacks.
BIN LI is currently pursuing the Ph.D. degree with PLA Information Engineering University, Zhengzhou, Henan, China. His current research interests are high performance computing and information security.
QINGLEI ZHOU is currently a Professor and a Doctoral Supervisor. He is also the Executive President of the Information Engineering School, Zhengzhou University, China, and the Director of the China Computer Federation. He has published over 50 papers in the field of computer science, including SCI, EI, and ISTP. His major research interests are information security, automaton theory, and computational complexity theory. He was a recipient of the Science and Technology Expert of Outstanding Youth in Henan, China.
XUEMING SI received the Ph.D. degree. He was an Associate Professor. Since 1986, he has been involved in research work in computational mathematics and high-performance computing. He is currently a Professor with PLA Information Engineering University and the Director of the Shanghai Key Laboratory of Data Science, China. He is also serving as the Head of China for the International Science Project-square kilometers array radio telescope. He has presided over and participated in a number of major national scientific research projects in china. His research interests include cryptography, network security, and highperformance computing. He received the National Scientific and Technological Progress Awards of China.
JINHUA FU is currently pursuing the Ph.D. degree with PLA Information Engineering University, Zhengzhou, Henan, China. His current research interests are blockchain technology and information security. VOLUME 6, 2018 
