DATA LINK LAYER SECURITY PROBLEMS AND SOLUTIONS

Mustafa, Ali, Siddique, Nasir, Zubair, Mubeen

January 2015

The Open Systems Interconnect Model (OSI) is a conceptual model of networking thatcategorizes network functions into seven layers. It is defined in this model that how layerscommunicate with each other. In this thesis, we address common Layer 2 attacks and theirsolutions. Layer 2 is considered a very weak link in a secure network. If the data is compromisedat Layer 2, it cannot be detected at other layers because each layer works without the knowledgeof other layers. We discuss Layer 2 weakness and vulnerability exploitation tools briefly. It isexplained how an attacker can exploit network by using different attack tools. Our results showthat these attacks are very productive if a network administrator does not implement propersecurity at Layer 2 in the OSI model. We propose solutions to secure Layer 2 devices and thesesolutions are implemented by using attack tools. Security configurations are deployed to combatagainst attacks and protect the integrity, confidentiality, and availability of the network traffic.

data link layer

Computer Engineering

Datorteknik

Data-Link Layer Traceback in Ethernet Networks

Snow, Michael Thomas

07 December 2006

The design of the most commonly-used Internet and Local Area Network protocols provide no way of verifying the sender of a packet is who it claims to be. Protocols and applications exist that provide authentication but these are generally for special use cases. A malicious host can easily launch an attack while pretending to be another host to avoid being discovered. At worst, the behavior may implicate a legitimate host causing it and the user to be kicked off the network. A malicious host may further conceal its location by sending the attack packets from one or more remotely-controlled hosts. Current research has provided techniques to support traceback, the process of determining the complete attack path from the victim back to the attack coordinator. Most of this research focuses on IP traceback, from the victim through the Internet to the edge of the network containing the attack packet source, and Stepping-Stone traceback, from source to the host controlling the attack. However, little research has been conducted on the problem of Data-Link Layer Traceback (DLT), the process of tracing frames from the network edge to the attack source, across what is usually a layer-2 network. We propose a scheme called Tagged-fRAme tracebaCK (TRACK) that provides a secure, reliable DLT technique for Ethernet networks. TRACK defines processes for Ethernet switches and a centralized storage and lookup host. As a frame enters a TRACK-enabled network, a tag is added indicating the switch and port on which the frame entered the network. This tag is collected at the network edge for later use in the traceback operation. An authentication method is defined to prevent unauthorized entities from generating or modifying tag data. Simulation results indicate that TRACK provides accurate DLT operation while causing minimal impact on network and application performance. / Master of Science

Traceback

Link Layer

Ethernet

Wired Networks

Link-layer and network-layer performance of an undersea acoustic network at Fleet Battle Experiment-India

Hartfield, Grant I.

06 1900

Approved for public release, distribution is unlimited / This thesis is an analysis of the link-layer and network-layer performance of an experimental Seaweb undersea acoustic network. The objective is to statistically determine RTS/CTS handshaking and ARQ retransmission performance during the Fleet Battle Experiment-India, executed in June 2001. Many factors constrain or impair undersea acoustic communications. Analysis of a sample portion of the data reveals insights about the overall throughput, latency, and reliability of the Seaweb network. / Lieutenant, United States Navy

Underwater acoustics

Link layer

Network layer

Undersea acoustics

Seaweb

High Performance Roaming Service in Wireless Local Area Networks

Wang, Guo-Yuan

22 June 2006

A growing number of IEEE 802.11-based wireless LANs have been set up in many public places in the recent years. These wireless LANs provide convenient network connectivity to users. Although mobile nodes allowed roaming across wireless LANs, handoff latency becomes an obstacle when mobile nodes migrate between different IP networks. Advanced, the link-layer handoff process disrupts the association when a mobile node moves from one access point to another. Even without discussing the latency of Mobility Protocols, this link-layer handoff latency already made many real time applications can not meet their requirements. In this dissertation, it is proposed three schemes to solve the problems occurred in the different network layers. These schemes not only reduce the latency of whole handoff procedure but also have no violation to the existing specifications in the IEEE 802.11 standard and compatible with existing devices. L2-Optimize and AIL used to minimize the duration of link-layer handoff. With LASP, Mobility handoff can be reduced to an acceptable situation. Therefore, even real time applications can meet their requirements when users are roaming across wireless LANs.

Handoff

Link Layer

Wireless Local Area Network

Roaming

Seamless

Layer 2 security inter-layering in networks

Altunbasak, Hayriye Celebi

20 November 2006

An architectural framework is proposed to secure the data link layer (Layer 2) in Internet protocol (IP) over Ethernet networks. In this architecture, a new security inter-layering concept, incorporating cryptographic Layer 2 identities, is introduced. Instead of traditional media access control (MAC) addresses, secure and flexible data link layer identifiers are utilized to securely bind Layer 2 and upper layers. In addition, to create security parameters and negotiate identifiers at the data link layer, a key establishment protocol is presented. Moreover, this architecture incorporates the IEEE 802.1AE standard (MACsec) and uses a key hierarchy similar to the IEEE 802.11i standard for future compatibility of wired and wireless networks. Finally, we provide a security analysis of the new data link layer security architecture.

Identities

Data link layer

Network security

Inter-layering

Computer network architectures

Reconfigurable Feedback Shift Register Cipher Design and Secure Link Layer Protocol for Wireless Sensor Network

Zeng, Guang

11 June 2014

Secure wireless communications among sensor nodes is critical to the deployment of wireless sensor networks. However, resource limited sensor nodes cannot afford complex cryptographic algorithms. In this thesis, we propose a low complexity and energy efficient reconfigurable feedback shift register (RFSR) stream cipher, link layer encryption framework RSec and authentication protocol RAuth. RFSR adds one new dimension, reconfigurable cipher structure, to the existing stream ciphers. The proposed RFSR is implemented on a field programmable gate array platform. Simulation results show that much lower power consumption, delay and transmission overhead are achieved compared to the existing microprocessor based cipher implementations. The RSec framework utilizes RFSR ciphers to guarantee message confidentiality. By comparing with other encryption frameworks in terms of energy efficiency, RSec achieves the best benchmark. The RAuth protocol is designed on top of RFSR and RSec. It provides excellent authentication speed and security level by comparing with other authentication protocols. / Graduate / 0544 / 0984 / zggyzz@gmail.com

wireless sensor network

WSN

security

RFSR

reconfigurable

cipher

link layer

protocol

Reconfigurable Feedback Shift Register Cipher Design and Secure Link Layer Protocol for Wireless Sensor Network

Zeng, Guang

11 June 2014

Secure wireless communications among sensor nodes is critical to the deployment of wireless sensor networks. However, resource limited sensor nodes cannot afford complex cryptographic algorithms. In this thesis, we propose a low complexity and energy efficient reconfigurable feedback shift register (RFSR) stream cipher, link layer encryption framework RSec and authentication protocol RAuth. RFSR adds one new dimension, reconfigurable cipher structure, to the existing stream ciphers. The proposed RFSR is implemented on a field programmable gate array platform. Simulation results show that much lower power consumption, delay and transmission overhead are achieved compared to the existing microprocessor based cipher implementations. The RSec framework utilizes RFSR ciphers to guarantee message confidentiality. By comparing with other encryption frameworks in terms of energy efficiency, RSec achieves the best benchmark. The RAuth protocol is designed on top of RFSR and RSec. It provides excellent authentication speed and security level by comparing with other authentication protocols. / Graduate / 0544 / 0984 / zggyzz@gmail.com

wireless sensor network

WSN

security

RFSR

reconfigurable

cipher

link layer

protocol

Reconfigurable Feedback Shift Register Cipher Design and Secure Link Layer Protocol for Wireless Sensor Network

Zeng, Guang

11 June 2014

Secure wireless communications among sensor nodes is critical to the deployment of wireless sensor networks. However, resource limited sensor nodes cannot afford complex cryptographic algorithms. In this thesis, we propose a low complexity and energy efficient reconfigurable feedback shift register (RFSR) stream cipher, link layer encryption framework RSec and authentication protocol RAuth. RFSR adds one new dimension, reconfigurable cipher structure, to the existing stream ciphers. The proposed RFSR is implemented on a field programmable gate array platform. Simulation results show that much lower power consumption, delay and transmission overhead are achieved compared to the existing microprocessor based cipher implementations. The RSec framework utilizes RFSR ciphers to guarantee message confidentiality. By comparing with other encryption frameworks in terms of energy efficiency, RSec achieves the best benchmark. The RAuth protocol is designed on top of RFSR and RSec. It provides excellent authentication speed and security level by comparing with other authentication protocols. / Graduate / 0544 / 0984 / zggyzz@gmail.com

wireless sensor network

WSN

security

RFSR

reconfigurable

cipher

link layer

protocol

Návrh vybrané části standardu IEEE 802.1Q / Design of selected IEEE 802.1Q standard parts

Kliment, Filip

January 2018

This thesis deals with network substandards from the TSN group (IEEE 802.1Q), which deal with prioritization of network traffic in TSN networks. These sub-standards include 802.1QBV and 802.1QBU, which have been described in more detail and compared in terms of network permeability and latency. Substandard 802.1QBU was chosen for the design implementation in FPGA. The design was described in VHDL. The designed design was verified by simulations, using self-tests. The work includes synthesis and time analysis.

Návrh vybrané části standardu IEEE 802.1Q / Design of selected IEEE 802.1Q standard parts

Kliment, Filip

January 2018

This thesis deals with network substandards from the TSN group (IEEE 802.1Q), which deal with prioritization of network traffic in TSN networks. These sub-standards include 802.1QBV and 802.1QBU, which have been described in more detail and compared in terms of network permeability and latency. Substandard 802.1QBU was chosen for the design implementation in FPGA. The design was described in VHDL. The devloped design was verified by simulations, using self-tests. The work includes synthesis and time analysis.