Performance evaluation of MAC-layer trust zones over virtual network interfaces

摘要

In smart building scenarios there are a lot of vulnerable devices that could be exploited to run attacks against other devices within the same LAN. Even though existing solutions mostly tackle the problem by cluster-based authentication and key management schemes, none of them leverages the potential of isolating traffic by network interface virtualization. Thus, we proposed in a previous work a concept to avoid unauthorized communication by considering separating applications with virtual MAC interfaces as the consequence. The decreased attack surface, as the main advantage, is achieved by isolating communication through virtual MAC interfaces based on application-specific demands. To demonstrate the efficiency of this concept we developed an implementation based on state-of-the-art communication protocols. We applied our interface virtualization concept to the IEEE 802.11s WLAN mesh technology, combining it with a lightweight RESTful web service for security credentials deployment. The resulting proof-of-concept implementation in a real-world multi-hop scenario shows performance of the credentials deployment and the impact of the MAC-layer parallelization. The promising results, e.g., no drop of the overall throughput using multiple virtual MAC interfaces, show that our concept can be an efficient solution for future smart buildings.