Framework for a Link Layer Packet Filtering (LLPF) security protocol

Download
Author
Darroca, Gregorio G.
Date
1998-09Advisor
Xie, Geoffrey
Irvine, Cynthia
Buddenberg, Rex
Metadata
Show full item recordAbstract
Transport Layer (OSI Layer 3) switching and routing provides routing flexibility but not high throughput. Link layer (OSI Layer 2) switching provides high throughput but not the routing flexibility needed to manage topology change and load fluctuations in the network. Neither Layer 3 routing nor Layer 2 switching protocols were originally designed to support confidentiality and integrity of data, and authentication of participants. Proposals to integrate security may have positive results for data confidentiality, integrity and authentication, but often result in additional overhead, increased transmission latency, and decreased throughput. An added difficulty is reconciling standards and protocols when integrating heterogeneous routing networks with homogenous switching networks while minimizing impact on throughput. This thesis examined current Internet extensions and architectures as well as IP security services and Layer 2 switching in IP-based networks. Requirements for a framework for a proposed security protocol include: Link Layer switching and routing; independence of particular communication protocols and standards; IP packet filtering and routing according to predetermined security policies and with no significant impact on throughput; and continued routing flexibility of IP. This security protocol, called Link Layer (Link Layer Packet Filtering (LLPF)), filters packets at the Link Layer, and boasts two innovations: use of an authentication trailer and multiple cryptographic keys with short cryptoperiods
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
A protocol for building a Network Access Controller (NAC) for "IP over ATM."
Kondoulis, Ioannis (Monterey, California. Naval Postgraduate School, 1998-09);The implementation of label swapping packet forwarding technology increases the vulnerability to insider attacks. These attacks refer to unauthorized access from within an enclave to the outside network. In this thesis we ... -
Classifying PSTN switching stations: a national security agency application
Olson, Allen S. (Monterey, California. Naval Postgraduate School, 1998-09);The U.S. National Security Agency wishes to predict the routing of messages over various communications networks. Before routing predictions can be made in a public switch telephone network (PSTN), the hierarchical level ... -
Secure routing protocol over mobile Internet of Things wireless sensor networks
Wang, Yizhong (Monterey, California: Naval Postgraduate School, 2018-03);A wireless Internet of Things (IoT) network is used for military operations due to its low cost and ease of deployment; however, one of the primary challenges with IoT networks is their lack of cohesive security and privacy ...