Title :
Maximizing Ethernet Security by Switch-Based Single Secure Domain
Author :
Wahid, Khan Ferdous
Author_Institution :
Dept. of Inf. & Commun. Technol., Univ. Pompeu Fabra, Barcelona, Spain
Abstract :
Media Access Control Security (MACsec) is a new segment based link layer security, which is standardized on 2006. It leaves data in clear inside switches and facilitates packet inspection at those connection points. The support for traffic analysis is crucial for Enterprises or Service Providers in secure premises, but when the networking devices are placed in populated areas (e.g., hospitals, airports), this facility can break security of total infrastructure. Also inside attackers can take advantage of this unsecured zone. In this paper, we identify the security requirements that need to be followed for better Ethernet security, and propose MACsec-enable switch-based single secure domain to address the above critical problem. Our design requires no additional cryptographic algorithms and adds the new feature only in switches. The evaluation of our proposal highlights the increased security and maximized performance. Finally, we guide further research in this area.
Keywords :
authorisation; computer network security; local area networks; Ethernet security; media access control security; networking devices; packet inspection; segment based link layer security; switch-based single secure domain; Air traffic control; Airports; Communication system traffic control; Data security; Ethernet networks; Hospitals; Inspection; Media Access Protocol; Packet switching; Switches; LAN security; MACsec; global confidentiality; global integrity; secure device identity;
Conference_Titel :
Information Technology: New Generations (ITNG), 2010 Seventh International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4244-6270-4
DOI :
10.1109/ITNG.2010.143
