• Title/Summary/Keyword: MACsec

Search Result 7, Processing Time 0.022 seconds

MACsec Adapter for 2 Layer Security (2계층 보안을 위한 MACsec 어댑터)

  • Jeong, Nahk-Ju;Seo, Jong-Kyoun;Han, Ki-Cheon;Kim, Chang-Su;Jung, Hoe-Kyung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.654-656
    • /
    • 2016
  • MACsec is a cryptographic function that operates on Layer 2. As industries such as IoT(Internet of Things) devices are receiving attention recently are connected to the network and Internet traffic is increasing rapidly. Because of today, Becoming the increase in traffic and complex situations to protect the overall traffic, not just certain parts. The MACsec technology has received attention. In this paper, Layer 2 security technology to MACsec. Design the technology MACsec adapter that can easily and readily added to existing Layer 2 network.

  • PDF

Performance Evaluation of MACSec for Host Mobility (MACSec의 단말 이동성 성능평가)

  • Ahn, Sangjun;Shin, Dongcheon
    • The Journal of Society for e-Business Studies
    • /
    • v.24 no.2
    • /
    • pp.55-70
    • /
    • 2019
  • It is essential to consider the relationships between each component in the communication infrastructure in order to build and optimize the infrastructure. In this paper, based on the major factors to consider for the optimized communication infrastructure, we propose an enhanced MACSec-based deployment mechanism for communication infrastructure. The proposed MACSec mechanism can replace the IPSec without the additional devices and redesign of the communication infrastructure. In addition, we evaluate the performance of MACSec and IPSec in terms of the major factors such as message overhead, encryption processing, and host mobility. According to the evaluation results, we can say that MACSec is superior to IPSec with regard to mobility as well as hop delay and message overhead.

Implementation of MACsec Adapter for Layer 2 Security (레이어 2 보안을 위한 MACsec 어댑터 구현)

  • Jeong, Nahk-Ju;Park, Byung-Don;Park, Han-Su;Seo, Jong-Kyoun;Han, Ki-Cheon;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.5
    • /
    • pp.972-978
    • /
    • 2016
  • MACsec is a cryptographic function that operates on Layer 2, the international standard defined in the IEEE 802.1AE. As industries such as IoT(Internet of Things) devices are receiving attention recently are connected to the network and Internet traffic is increasing rapidly, and is exposed to the risk of a variety of Internet attacks. Traditional network security technologies were often made in Layer 3, such as IPsec. However, to be increased as rapidly as the current traffic situation is complicated, and became interested in the security function of protecting the entire traffic instead of for a specific application or protocol. It appeared as these technologies is technology MACsec technology to protect all traffic in Layer 2. In this paper, we propose a Layer 2 security technology adapter MACsec MACsec a technology that allows you to simply and easily add them to the existing Layer 2 networks.

Design of Secure VLAN on MACsec(802.1ae) (MACsec(802.1ae)기반의 보안 VLAN 설계)

  • Lee, Jun-Won;Park, Seon-Ho;Kim, Seong-Min;So, Hee-Jung;Gum, Ki-Ho;Cheong, Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2010.11a
    • /
    • pp.1271-1274
    • /
    • 2010
  • MACsec 프로토콜은 Layer2 통신에서 유용한 데이터 암호화 솔루션이다. 하지만 다른 네트워크상에 존재하는 호스트와의 암호화 통신을 위해서는 게이트웨이에서 복호화와 암호화 과정을 반복해야 하는 어려움이 있다. 본 논문은 다른 네트워크 상에 존재하는 호스트와 추가 VLAN을 구성하여 MACsec 통신이 별도 복호화와 암호화 과정을 반복하지 않고 수행될 수 있는 방안을 제시할 것이며, 이를 수행하기 위한 구체적인 시스템 설계와 부가적인 네트워크 구성에 대해 추가적으로 설명할 것이다.

Secured Network Design for Hyper Market by applying MACsec(802.1AE) Protocol (MACsec(802.1AE) 프로토콜 기반 대형마켓 보안 네트워크 설계)

  • Lee, Jun-Won;Park, Seon-Ho;Gum, Ki-Ho;Chung, Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2010.04a
    • /
    • pp.804-807
    • /
    • 2010
  • 네트워크를 통해 고객의 신용카드 및 매출정보를 전송하는 대형마켓의 경우, 데이터링크 레이어 보안은 매우 중요하다. 본 논문은 현재 WPA/WPA2 형태로 무선 네트워크에 국한되어 있는 데이터링크 레이어 보안수준을 MACsec(IEEE 802.11AE)를 이용하여 전체 데이터링크 레이어 구간으로 확대하고, 나아가 SecY(MAC Security Entity)의 Secure Frame의 처리 방식을 응용한 무선랜 인증방안을 제시하고자 한다.

Security of Ethernet in Automotive Electric/Electronic Architectures (차량 전자/전기 아키텍쳐에 이더넷 적용을 위한 보안 기술에 대한 연구)

  • Lee, Ho-Yong;Lee, Dong-Hoon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.5
    • /
    • pp.39-48
    • /
    • 2016
  • One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

Security Architecture for T4 Class Common Data Link

  • Lee, Sang-Gon;Lee, Hoon-Jae;Kim, Hyeong-Rag;Ryu, Young-Jae
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.8
    • /
    • pp.63-72
    • /
    • 2017
  • In this paper, we propose a security architecture for HDLC-based T4 class common data link. The common data links are composed of point-to-point, multi-to-point, and point-to-multi mode. For multi-to-point mode, one node has a bundle of point-to-point links with different end-point on the other side of the links. Thus multi-to-point mode can be considered as a bundle of point-to-point mode. Point-to-multi mode is broadcasting link. For point-to-point mode we adopted robust security network scheme to establish a secure data link, and for multi-to-point mode we use broadcast encryption scheme based on ID-based cryptography to distribute encryption key for broadcasting message encryption. We also included MACsec technology for point-to-point data link security. Computational and communicational complexity analysis on the broadcast encryption have been done.