A protocol for building a Network Access Controller (NAC) for "IP over ATM."

Loading...
Thumbnail Image
Authors
Kondoulis, Ioannis
Subjects
NA
Advisors
Xie, Geoffrey
Date of Issue
1998-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
en_US
Abstract
The implementation of label swapping packet forwarding technology increases the vulnerability to insider attacks. These attacks refer to unauthorized access from within an enclave to the outside network. In this thesis we propose a protocol to counter this category of attacks. The proposed protocol provides a means for fast packet authentication. High speed is achieved by the use of a trailer, which allows packet filtering at Layer 2, and the use of cheap and fast message digest algorithms. To overcome the weaknesses of a 128 bit message digest algorithm, each key is designed to have a very short cryptoperiod. Such fast rekeying is implemented by key caching (the host has a table of keys). Initial performance measurements indicated that it is possible to use our protocol while maintaining very high data throughput. Specifically, our protocol implements an authentication module, called Network Access Controller (NAC). The NAC's modular nature allows it to be easily integrated with a variety of routing technologies and other security mechanisms while remaining totally independent of them.
Type
Thesis
Description
Series/Report No
Department
Department of Computer Science
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xii, 218 p.;28 cm.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections