Abstract
This paper describes a security architecture for a LAN. The architecture uses the 802.1X access control mechanisms and is supported by a Key Distribution Centre built upon an 802.1X Authentication Server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. Finally, the KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up other peer-to-peer secure interactions using such session keys. The new, authenticated DHCP and ARP protocols are fully backward compatible with the original protocols; all security-related data is appended to standard protocol messages.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
IEEE: IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control. IEEE Std 802.1X-2001 (2001)
Droms, R.: Dynamic Host Configuration Protocol. RFC 2131, IETF (1997)
Plummer, D.: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. RFC 826, IETF (1982)
Khoussainov, R., Patel, A.: LAN security: problems and solutions for Ethernet networks. Computer Standards & Interfaces 22, 191–202 (2000)
Hunleth, F.: Secure Link Layer (2001), http://www.hunleth.com/fhunleth/projects/sll/sll_report.pdf
Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a Secure Address Resolution Protocol. In: 19th Annual Computer Security Applications Conf. (ACSAC 2003), Las Vegas, NV, USA (2003)
Gouda, M.G., Huang, C.: A Secure Address Resolution Protocol. Computer Networks 41(1) (2003)
Lootah, W., Enck, W., McDaniel, P.: TARP: Ticket-based Address Resolution Protocol. In: 21st Annual Computer Security Applications Conf (ACSAC 2005), Tucson, AZ, USA (2005)
Dubrawsky, I.: SAFE Layer 2 Security In-depth Version 2. White Paper (2004), http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/sfblu_wp.pdf
Hedrick, C.: Routing Information Protocol. RFC 1058, IETF (1988)
Postel, J.: Internet Control Message Protocol. RFC 792, IETF (1981)
Thayer, R., Doraswamy, N., Glenn, R.: IP Security Document Roadmap. RFC 2411, IETF (1998)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409, IETF (1998)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (1993)
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748, IETF (2004)
Droms, R., Arbaugh, W. (eds.): Authentication for DHCP Messages. RFC 3118, IETF (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zúquete, A., Marques, H. (2006). A Security Architecture for Protecting LAN Interactions. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_23
Download citation
DOI: https://doi.org/10.1007/11836810_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)