Protection of LAN-wide P2P Interactions: a Holistic Approach
Intrnl. Journal of Communication Networks and Distributed Systems - Inderscience Vol. 3, Nº 4, pp. 408 - 426, August, 2009.
Journal Impact Factor: (in 0)
Digital Object Identifier: 10.1007/11836810_23
This article advocates the need of a holistic approach to protect LAN interactions and presents a solution for implementing it, based on SLAN (Secure LAN), a novel security architecture. SLAN uses the 802.1X access control mechanisms and is supported by a Key Distribution Centre (KDC) built upon an 802.1X Authentication Server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. The KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up arbitrary, LAN-wide peer-to-peer security associations using such session keys. We show how PPPoE and IPSec security associations may be instanciated and present a prototype implementation for IPSec.