Maximizing Ethernet Security by Switch-Based Single Secure Domain

Author

Wahid, Khan Ferdous

Author_Institution

Dept. of Inf. & Commun. Technol., Univ. Pompeu Fabra, Barcelona, Spain

fYear

2010

fDate

12-14 April 2010

Firstpage

774

Lastpage

778

Abstract

Media Access Control Security (MACsec) is a new segment based link layer security, which is standardized on 2006. It leaves data in clear inside switches and facilitates packet inspection at those connection points. The support for traffic analysis is crucial for Enterprises or Service Providers in secure premises, but when the networking devices are placed in populated areas (e.g., hospitals, airports), this facility can break security of total infrastructure. Also inside attackers can take advantage of this unsecured zone. In this paper, we identify the security requirements that need to be followed for better Ethernet security, and propose MACsec-enable switch-based single secure domain to address the above critical problem. Our design requires no additional cryptographic algorithms and adds the new feature only in switches. The evaluation of our proposal highlights the increased security and maximized performance. Finally, we guide further research in this area.

Keywords

authorisation; computer network security; local area networks; Ethernet security; media access control security; networking devices; packet inspection; segment based link layer security; switch-based single secure domain; Air traffic control; Airports; Communication system traffic control; Data security; Ethernet networks; Hospitals; Inspection; Media Access Protocol; Packet switching; Switches; LAN security; MACsec; global confidentiality; global integrity; secure device identity;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: New Generations (ITNG), 2010 Seventh International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4244-6270-4

Type

conf

DOI

10.1109/ITNG.2010.143

Filename

5501687