Adaptation of IEEE 802.1X for Secure Session Establishment Between Ethernet Peers
Network connectivity has undergone a significant change since the appearance and increasing deployment of IEEE 802.11 technology. Wireless links are inherently insecure and, in order to secure them, the IEEE 802.11i amendment has defined the security mechanisms to be used. The solution described in IEEE 802.11i is applicable, in theory, to both infrastructure and ad-hoc networks. Nevertheless, the great deployment of wireless access points and the potential economical benefits derived from it impelled the standardization bodies to provide a security solution for IEEE 802.11 access links. Therefore, IEEE 802.11i has been designed as an infrastructure-oriented solution, and some of the design decisions are not the most appropriate for its use in peer-to-peer communications, showing several limitations to secure ad-hoc networks. We have found the same drawbacks when trying to adapt the IEEE 802.1X model for providing end-to-end security at the link layer between Ethernet peers. We have identified the shortcomings of the standardized solution for its application in securing peer-to-peer communications, and we propose some modifications to the IEEE 802.1X model that help to overcome those limitations. These modifications have been implemented and functionally tested for establishing secure communications between end stations in Ethernet networks.
KeywordsMedium Access Control Local Area Network Extensible Authentication Protocol Medium Access Control Address Security Association
Unable to display preview. Download preview PDF.
- 1.IEEE-SA Standards Board, IEEE 802.1XTM. IEEE Standard for Local and metropolitan area networks – Port-Based Network Access Control (2004)Google Scholar
- 2.IEEE-SA Standards Board, IEEE 802.11TM. IEEE Standards for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Network – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (1999)Google Scholar
- 3.IEEE-SA Standards Board, IEEE 802.11iTM. IEEE Standard for Information Technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 6: Medium Access Control (MAC) Security Enhancements (2004)Google Scholar
- 4.Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). IETF RFC 3748 (2004)Google Scholar
- 5.Chen, J., Wang, Y.: Extensible authentication protocol (EAP) and IEEE 802.1x: tutorial and empirical experience. IEEE Communications Magazine 43(12), 26–32 (2005)Google Scholar
- 6.Borisov, N., Goldberg, I., Wagner, D.: Intercepting Mobile Communications: The Insecurity of 802.11. In: MobiCom 2001: Proceedings of the 7th annual international conference on Mobile computing and networking, pp. 180–189 (2001)Google Scholar
- 9.Dubrawsky, I.: SAFE Enterprise Layer 2 Addendum. Cisco Systems Whitepaper (2004), http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/sfblu_wp.pdf