Title :
Trust-Based Security for the Spanning Tree Protocol
Author :
Yingxu Lai ; Qiuyue Pan ; Zenghui Liu ; Yinong Chen ; Zhizheng Zhou
Author_Institution :
Coll. of Comput. Sci., Beijing Univ. of Technol., Beijing, China
Abstract :
Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new credible evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.
Keywords :
computer network security; formal specification; local area networks; message authentication; routing protocols; trees (mathematics); LAN switch; authentication mechanism; link layer protocol; spanning tree protocol; specification-based state model; topology information; trust-based STP; trust-based security; Authentication; Bridges; Network topology; Protocols; Switches; Topology; STP; credible evaluation; network security; trusted network;
Conference_Titel :
Parallel & Distributed Processing Symposium Workshops (IPDPSW), 2014 IEEE International
Conference_Location :
Phoenix, AZ
Print_ISBN :
978-1-4799-4117-9
DOI :
10.1109/IPDPSW.2014.150
