Protection of LAN-wide, P2P interactions: a holistic approach

Andre Zuquete
2009 International Journal of Communication Networks and Distributed Systems  
This article advocates the need of a holistic approach to protect LAN interactions and presents a solution for implementing it based on secure LAN (SLAN), a novel security architecture. SLAN uses the 802.1X access control mechanisms and is supported by a key distribution centre (KDC) built upon an 802.1X authentication server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP
more » ... tion in DHCP transactions. The KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up arbitrary, LAN-wide peer-to-peer security associations using such session keys. We show how PPPoE and IPSec security associations may be instantiated and present a prototype implementation for IPSec. . His research interests include security in distributed systems. He has worked on several national and European projects concerned with security issues in distributed environments. He is author of many research studies published in national and international journals, conference proceedings and a book on network security (in Portuguese). Notes: As we can see, SLAN can transparently bridge the gap between user-LAN 802.1X authentication and the deployment and exploitation of LAN-wide, P2P SAs. The grey-filled areas represent existing standards and the white areas represent components of the proposed SLAN architecture. The arrows represent services provided by components/protocols to others.
doi:10.1504/ijcnds.2009.027602 fatcat:knetznrnzjbgzmmrj6wsbicys4