Securing virtual private LAN service by efficient key management

摘要

Virtual private local area network service (VPLS) is a layer 2 service provider-provisioned virtual private network service. Security is one of the key system requirements of a VPLS because it delivers the frames via an untrusted network. Several VPLS architectures are proposed during the recent years. However, many of them do not provide a sufficient level of security. On the other hand, the existing secure VPLS architectures are also suffering from the scalability issues, and they are infeasible to implement in large scale networks. Hence, we present a scalable secure VPLS architecture based on host identity protocol (HIP). It includes a new session key-based security mechanism that provides the scalability both in forwarding and security planes. The initial simulations verify that our proposal comparatively reduces the complexity of the key storage at a node, the total key storage of the network, and the number of encryption per a broadcast frame. Additionally, it offers an efficient broadcast mechanism and comparably higher degree of security features than other existing VPLS proposals. The simulation results further confirm that our proposal is able to protect the control protocol of the VPLS from the Internet Protocol (IP)/transmission control protocol-(TCP) based attacks. Copyright © 2013 John Wiley & Sons, Ltd.