Title :
Rethinking the link security approach to manage large scale Ethernet network
Author :
Wahid, Khan Ferdous
Author_Institution :
Dept. of Inf. & Commun. Technol., Univ. Pompeu Fabra, Barcelona, Spain
Abstract :
The expansion of Ethernet in service provider domain requires modification of its service models and management issues. Works are underway inside research community, but their main focuses on Quality of Service, failure recovery, scalability, reliable connectivity, resource utilization and traffic monitoring put security in isolation. As developed initially for a shared link communication, Ethernet lacks security feature. Standardized Media Access Control security (MACsec) provides segment-based security. Its link-constrained feature is constructed mainly for scalability, key-agreement simplicity and traffic analysis, but unsupported multi-segment confidentiality and integrity make the MACsec vulnerable and disqualify it for large Ethernet deployment where switches reside outside of secure premises. In this paper we pinpoint vulnerabilities remained in existing mechanism, and further classify security requirements for unicast and multicast frames. Moreover, we present arguments to support our classification and propose new security approaches using existing Ethernet-based protocols. Finally, we evaluate the performance of our secure data transmission.
Keywords :
access protocols; local area networks; quality of service; telecommunication congestion control; telecommunication links; telecommunication security; Ethernet; data transmission security; failure recovery; link security; media access control security; multisegment confidentiality; quality of service; resource utilization; shared link communication; traffic monitoring; Communication system traffic control; Condition monitoring; Data security; Ethernet networks; Large-scale systems; Quality of service; Resource management; Scalability; Telecommunication network reliability; Traffic control;
Conference_Titel :
Local and Metropolitan Area Networks (LANMAN), 2010 17th IEEE Workshop on
Conference_Location :
Long Branch, NJ
Print_ISBN :
978-1-4244-6067-0
DOI :
10.1109/LANMAN.2010.5507143
