A Protocol for Building a Network Access Controller (NAC) for "IP over ATM"

Abstract

The implementation of label swapping packet forwarding technology increases the vulnerability to insider attacks. These attacks refer to unauthorized access from within an enclave to the outside network. In this thesis we propose a protocol to counter this category of attacks. The proposed protocol provides a means for fast packet authentication. High speed is achieved by the use of a trailer, which allows packet filtering at Layer 2, and the use of cheap and fast message digest algorithms. To overcome the weaknesses of a 128 bit message digest algorithm, each key is designed to have a very short cryptoperiod. Such fast rekeying is implemented by key caching (the host has a table of keys). Initial performance measurements indicated that it is possible to use our protocol while maintaining very high data throughput. Specifically, our protocol implements an authentication module, called Network Access Controller (NAC). The NAC's modular nature allows it to be easily integrated with a variety of routing technologies and other security mechanisms while remaining totally independent of them.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1998
Accession Number
ADA355771

Entities

People

  • Ioannis Kondoulis

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Protocols
  • Authentication
  • Communication Channels
  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Computer Programs
  • Computers
  • Cryptography
  • Data Links
  • Information Security
  • Local Area Networks
  • Multiple Access
  • Network Protocols
  • Network Science
  • Operating Systems
  • Security Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.