Improving Security in the Fiber Distributed Data Interface (FDDI) Protocol

Abstract

The arrival of high speed packet switched fiber optic LANs has allowed local area design architectures to be used for larger metropolitan area network (MAN) implementations. The current LAN security mechanisms used in larger and faster fiber optic LANs and MANs are often inappropriate or unacceptable for use with emerging applications. The protocol of the Fiber Distributed Data Interface (FDDI) standard provides a natural means for message integrity and availability verification. However, privacy in FDDI is facilitated at higher layers through a generic LAN standard. This thesis proposes a modification to the FDDI protocol implemented at the medium access control (MAC) sublayer, which integrates a confidentiality mechanism for data transfer. The modification provides a simple comprehensive security package to meet the high performance needs of current and emerging applications. In the proposed modification, the inherent properties of the ring are exploited using a unique Central Key Translator to distribute initial session keys. A symmetric bit stream cipher based on modulo2 addition is used for encryption/decryption by the transmitting and receiving stations. Part of the plaintext from transmitted message frames is used as feedback to generate new session keys.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 1992

Accession Number

ADA257546

Entities

Tags