CLL: A Cryptographic Link Layer for Local Area Networks
作者: Yves Igor Jerschow , Christian Lochert , Björn Scheuermann , Martin Mauve
DOI: 10.1007/978-3-540-85855-3_3
关键词:
摘要: Ethernet and IP form the basis of vast majority LAN installations. But these protocols do not provide comprehensive security mechanisms, thus give way for a plethora attack scenarios. In this paper, we introduce layer 2/3 extension LANs, Cryptographic Link Layer (CLL). CLL provides authentication confidentiality to hosts in by safeguarding all 2 traffic including ARP DHCP handshakes. It is transparent existing protocol implementations, especially module clients servers. Beyond fending off external attackers, also protects from malicious behavior authenticated clients. We discuss protocol, motivate underlying design decisions, finally present implementations both Windows Linux. Their performance demonstrated through real-world measurement results.
springer.com
sci-hub.st 参考文章(16)
Aggelos Kiayias, Moti Yung, Self Protecting Pirates and Black-Box Traitor Tracing international cryptology conference. pp. 63- 79 ,(2001) , 10.1007/3-540-44647-8_4
Hugo Krawczyk, The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) international cryptology conference. ,vol. 2001, pp. 310- 331 ,(2001) , 10.1007/3-540-44647-8_19
David L. Mills, Network Time Protocol (Version 3) Specification, Implementation and Analysis RFC. ,vol. 1305, pp. 1- 109 ,(1992)
D. C. Plummer, Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware RFC. ,vol. 826, pp. 1- 10 ,(1982)
W. Arbaugh, R. Droms, Authentication for DHCP Messages RFC. ,vol. 3118, pp. 1- 17 ,(2001)
Mohamed G. Gouda, Chin-Tser Huang, A secure address resolution protocol Computer Networks. ,vol. 41, pp. 57- 71 ,(2003) , 10.1016/S1389-1286(02)00326-2
Ran Canetti, Dawn Song, Adrian Perrig, J. D. Tygar, The TESLA Broadcast Authentication Protocol RSA CryptoBytes. ,vol. 5, ,(2002)
Mihir Bellare, Ran Canetti, Hugo Krawczyk, Keying Hash Functions for Message Authentication international cryptology conference. pp. 1- 15 ,(1996) , 10.1007/3-540-68697-5_1
R. Atkinson, Security Architecture for the Internet Protocol Security Architecture for the Internet Protocol. ,vol. 1825, pp. 1- 101 ,(1995)
Wesam Lootah, William Enck, Patrick McDaniel, TARP: Ticket-based address resolution protocol Computer Networks. ,vol. 51, pp. 4322- 4337 ,(2007) , 10.1016/J.COMNET.2007.05.007