| Summary: | Approved for public release; distribution is unlimited === Transport Layer (OSI Layer 3) switching and routing provides routing flexibility but not high throughput. Link layer (OSI Layer 2) switching provides high throughput but not the routing flexibility needed to manage topology change and load fluctuations in the network. Neither Layer 3 routing nor Layer 2 switching protocols were originally designed to support confidentiality and integrity of data, and authentication of participants. Proposals to integrate security may have positive results for data confidentiality, integrity and authentication, but often result in additional overhead, increased transmission latency, and decreased throughput. An added difficulty is reconciling standards and protocols when integrating heterogeneous routing networks with homogenous switching networks while minimizing impact on throughput. This thesis examined current Internet extensions and architectures as well as IP security services and Layer 2 switching in IP-based networks. Requirements for a framework for a proposed security protocol include: Link Layer switching and routing; independence of particular communication protocols and standards; IP packet filtering and routing according to predetermined security policies and with no significant impact on throughput; and continued routing flexibility of IP. This security protocol, called Link Layer (Link Layer Packet Filtering (LLPF)), filters packets at the Link Layer, and boasts two innovations: use of an authentication trailer and multiple cryptographic keys with short cryptoperiods
|
|---|
