Protection of LAN-wide, P2P interactions: a holistic approach

摘要

This article advocates the need of a holistic approach to protect LAN interactions and presents a solution for implementing it based on secure LAN (SLAN), a novel security architecture. SLAN uses the 802.1X access control mechanisms and is supported by a key distribution centre (KDC) built upon an 802.1X authentication server. The KDC is used, together with a new host identification policy and modified DHCP servers, to provide proper resource allocation and message authentication in DHCP transactions. The KDC is used to authenticate ARP transactions and to distribute session keys to pairs of LAN hosts, allowing them to set up arbitrary, LAN-wide peer-to-peer security associations using such session keys. We show how PPPoE and IPSec security associations may be instantiated and present a prototype implementation for IPSec.