Virtual Secure Link over Software-Defined Bridged Networks
AUTHORS
Ju-Ho Choi,Korea University
Sung-Gi Min,Dongguk University
Pill-Won Park,Dongguk University
ABSTRACT
Ethernet can transfer massive data stream flows as well as real-time flows supported by Time-Sensitive Network (TSN). The MAC layer security, MACsec, is defined at IEEE Std 802.1AE and IEEE Std 802.1X. However, a security association established by MACsec protects the communication among devices within single LAN at bridged networks. Therefore, a packet traversing several LANs must be decrypted and re-encrypted at each bridge. We propose a new virtual secure link over the Software-Defined Bridged Networks (SDBN). In SDBN, end-devices interact with the central MACsec module, running over the Software-Defined Network (SDN) controller, using the standard MACsec procedure. The central MACsec module recognizes a group of devices at the bridged networks regardless of their attached LANs. These devices are treated as they are attached to the same virtual link. The proposed scheme supports end-to-end unicast/multicast secure communication without any modification of the current MACsec standards as well as eliminating the security operation required at bridges in bridged networks.
KEYWORDS
MACsec; IEEE 802.1AE; IEEE 802.1X; Authentication and key management (AKM); Time-Sensitive Network (TSN); In-vehicle secure communication; Automotive Ethernet; Internet of Things (IoT)
REFERENCES
[1] T. Steinbach, K. Muller, F. Korf, and R. Rollig. Demo: Real-time Ethernet in-car backbones: First insights into an automotive prototype. Vehicular Networking Conference (VNC), pp. 133-134 (2014) DOI: 10.1109/VNC.2014.7013331(CrossRef)(Google Scholar)
[2] IEEE, IEEE Standard for Ethernet, in IEEE Std 802.3-2012 (Revision of IEEE Std 802.3-2008), IEEE: New York, 2012, NY, USA, pp. 1-634 (2012)
[3] T. Kiravuo, M. Sarela, and J. Manner. A Survey of Ethernet LAN Security. IEEE Communications Surveys and Tutorials 15, pp. 1477-1491 (2013)
[4] IEEE, IEEE Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security. IEEE Std 802.1AE-2006, IEEE: New York, NY, USA, pp. 1-142 (2006)
[5] IEEE, IEEE Standard for Local and Metropolitan Area Networks: Port-based Network Access Control. IEEE Std 802.1X-2010 (Revision of IEEE Std 802.1X-2004), IEEE: New York, NY, USA, pp. 1-222 (2010)
[6] P. Berde, M. Gerola, J. Hart, and Y. Higuchi. ONOS: Towards an open, distributed SDN OS. Proc. 3rd Workshop Hot Topics Software Defined Networking (2014) DOI: 10.1145/2620728.2620744(CrossRef)(Google Scholar)
[7] J. Medved, R. Varga, and A. Tkacik. Opendaylight: Towards a Model-Driven SDN Controller Architecture. Proc. 15th IEEE WoWMoW, pp. 1–6 (2014) DOI: 10.1109/WoWMoM.2014.6918985(CrossRef)(Google Scholar)
[8] IEEE, IEEE Standard for Local and metropolitan area networks - Station and Media Access Control Connectivity Discovery. 802.1AB-2016. IEEE: New York, NY, USA, pp. 1-146 (2016)
[9] D. Kreutz, Fernando M. V. Ramos, Paulo Esteves Veríssimo, Christian Esteve Rothenberg and Siamak Azodolmolky. Software-defined networking: A comprehensive survey. Proc. IEEE, vol. 103, no. 1, pp. 14–76 (2015)
[10] Open Networking Foundation. OpenFlow Switch. Specification 1.3.2 (2013)