Authors: Andre Zuquete
Addresses: IEETA/IT, University of Aveiro, Campus Universitario de Santiago, 3810-193 Aveiro, Portugal
Abstract: This article advocates the need of a holistic approach to protect LAN interactions and presents a solution for implementing it based on secure LAN (SLAN), a novel security architecture. SLAN uses the 802.1X access control mechanisms and is supported by a key distribution centre (KDC) built upon an 802.1X authentication server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. The KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up arbitrary, LAN-wide peer-to-peer security associations using such session keys. We show how PPPoE and IPSec security associations may be instantiated and present a prototype implementation for IPSec.
Keywords: holistic LAN security; 802.1X framework; SLAN architecture; secure communication networks; P2P security associations; network security; local area networks; peer-to-peer; secure LANs; host identification; resource allocation; message authentication.
International Journal of Communication Networks and Distributed Systems, 2009 Vol.3 No.4, pp.408 - 426
Available online: 03 Aug 2009 *Full-text access for editors Access for subscribers Purchase this article Comment on this article