An architectural framework is proposed to secure the data link layer (Layer 2) in Internet protocol (IP) over Ethernet networks. In this architecture, a new security inter-layering concept, incorporating cryptographic Layer 2 identities, is introduced. Instead of traditional media access control (MAC) addresses, secure and flexible data link layer identifiers are utilized to securely bind Layer 2 and upper layers. In addition, to create security parameters and negotiate identifiers at the data link layer, a key establishment protocol is presented. Moreover, this architecture incorporates the IEEE 802.1AE standard (MACsec) and uses a key hierarchy similar to the IEEE 802.11i standard for future compatibility of wired and wireless networks. Finally, we provide a security analysis of the new data link layer security architecture.
| Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/13974 |
| Date | 20 November 2006 |
| Creators | Altunbasak, Hayriye Celebi |
| Publisher | Georgia Institute of Technology |
| Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
| Language | en_US |
| Detected Language | English |
| Type | Dissertation |
| Format | 553522 bytes, application/pdf |
Page generated in 0.0024 seconds