DocumentCode
2895438
Title
Maximizing Ethernet Security by Switch-Based Single Secure Domain
Author
Wahid, Khan Ferdous
Author_Institution
Dept. of Inf. & Commun. Technol., Univ. Pompeu Fabra, Barcelona, Spain
fYear
2010
fDate
12-14 April 2010
Firstpage
774
Lastpage
778
Abstract
Media Access Control Security (MACsec) is a new segment based link layer security, which is standardized on 2006. It leaves data in clear inside switches and facilitates packet inspection at those connection points. The support for traffic analysis is crucial for Enterprises or Service Providers in secure premises, but when the networking devices are placed in populated areas (e.g., hospitals, airports), this facility can break security of total infrastructure. Also inside attackers can take advantage of this unsecured zone. In this paper, we identify the security requirements that need to be followed for better Ethernet security, and propose MACsec-enable switch-based single secure domain to address the above critical problem. Our design requires no additional cryptographic algorithms and adds the new feature only in switches. The evaluation of our proposal highlights the increased security and maximized performance. Finally, we guide further research in this area.
Keywords
authorisation; computer network security; local area networks; Ethernet security; media access control security; networking devices; packet inspection; segment based link layer security; switch-based single secure domain; Air traffic control; Airports; Communication system traffic control; Data security; Ethernet networks; Hospitals; Inspection; Media Access Protocol; Packet switching; Switches; LAN security; MACsec; global confidentiality; global integrity; secure device identity;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Technology: New Generations (ITNG), 2010 Seventh International Conference on
Conference_Location
Las Vegas, NV
Print_ISBN
978-1-4244-6270-4
Type
conf
DOI
10.1109/ITNG.2010.143
Filename
5501687
Link To Document