Communications Link Layer Security

A highly robust secure protocol is proposed to provide communications link layer security including data source authentication, data integrity, data confidentiality, and replay attack resistance. The protocol is based on shared secret data (SSD) and time codes between two communications entities. The Keyed Hash Message Authentication Code with Secure Hash Algorithm-2 (HMAC-SHA-2) is employed for data source authentication, data integrity and session key generation, while Advanced Encryption Standard (AES) provides the data confidentiality. The Crypto Sync which is already required for encryption/decryption of data in a secure link layer transfer frame operating in cipher feedback mode (CFB) as the initialization vector is also utilized as the Message Authentication Code (MAC) and session key generator and distributor. No additional overhead is required and the link channel bandwidth remains the same. A link layer Consultative Committee on Space Data System (CCSDS) data frame structure is given as the example to illustrate the protocol. The proposed protocol can be applied to any encrypted link layer transfer frame between any two communications entities.