Secure bridging in large scale deployment of Ethernet

Considering the dominance of Ethernet with upcoming 100 Gbps line rate, service providers want to reduce their transport networks to simpler Layer-2 networks. Since existing Ethernet security mechanisms protect links in hop-by-hop basis, they cannot control access for disloyal authorized users in virtual or logical shared media infrastructure LANs. Also they leave data in clear inside intermediate systems, which increase threats when these systems are placed in public places. To address these critical security issues, we propose an authenticated on-demand secure bridging solution that can provide a point-to-point secure channel between Ingress and Egress Bridges across Bridged Ethernet network. To build such secure channel, we use Identity-based authenticated key agreement and signature protocol. Experimental results using our prototype software on a small multi-segment Ethernet network suggest that our solution is feasible, and guarantees secure bridging.