Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A Security Architecture for Protecting LAN Interactions

  • Conference paper
Information Security (ISC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4176))

Included in the following conference series:

  • 1623 Accesses

Abstract

This paper describes a security architecture for a LAN. The architecture uses the 802.1X access control mechanisms and is supported by a Key Distribution Centre built upon an 802.1X Authentication Server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. Finally, the KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up other peer-to-peer secure interactions using such session keys. The new, authenticated DHCP and ARP protocols are fully backward compatible with the original protocols; all security-related data is appended to standard protocol messages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. IEEE: IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control. IEEE Std 802.1X-2001 (2001)

    Google Scholar 

  2. Droms, R.: Dynamic Host Configuration Protocol. RFC 2131, IETF (1997)

    Google Scholar 

  3. Plummer, D.: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. RFC 826, IETF (1982)

    Google Scholar 

  4. Khoussainov, R., Patel, A.: LAN security: problems and solutions for Ethernet networks. Computer Standards & Interfaces 22, 191–202 (2000)

    Article  Google Scholar 

  5. Hunleth, F.: Secure Link Layer (2001), http://www.hunleth.com/fhunleth/projects/sll/sll_report.pdf

  6. Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a Secure Address Resolution Protocol. In: 19th Annual Computer Security Applications Conf. (ACSAC 2003), Las Vegas, NV, USA (2003)

    Google Scholar 

  7. Gouda, M.G., Huang, C.: A Secure Address Resolution Protocol. Computer Networks 41(1) (2003)

    Google Scholar 

  8. Lootah, W., Enck, W., McDaniel, P.: TARP: Ticket-based Address Resolution Protocol. In: 21st Annual Computer Security Applications Conf (ACSAC 2005), Tucson, AZ, USA (2005)

    Google Scholar 

  9. Dubrawsky, I.: SAFE Layer 2 Security In-depth Version 2. White Paper (2004), http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/sfblu_wp.pdf

  10. Hedrick, C.: Routing Information Protocol. RFC 1058, IETF (1988)

    Google Scholar 

  11. Postel, J.: Internet Control Message Protocol. RFC 792, IETF (1981)

    Google Scholar 

  12. Thayer, R., Doraswamy, N., Glenn, R.: IP Security Document Roadmap. RFC 2411, IETF (1998)

    Google Scholar 

  13. Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409, IETF (1998)

    Google Scholar 

  14. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (1993)

    Google Scholar 

  15. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748, IETF (2004)

    Google Scholar 

  16. Droms, R., Arbaugh, W. (eds.): Authentication for DHCP Messages. RFC 3118, IETF (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IEETA / University of Aveiro, Portugal

    André Zúquete

  2. DEE / ESTCB, Portugal

    Hugo Marques

Authors
  1. André Zúquete
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hugo Marques
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of the Aegean, University Hill, 81100, Mytilene, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

  3. MPI-SWS,  

    Michael Backes

  4. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  5. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zúquete, A., Marques, H. (2006). A Security Architecture for Protecting LAN Interactions. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_23

Download citation

  • DOI: https://doi.org/10.1007/11836810_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38341-3

  • Online ISBN: 978-3-540-38343-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation