Ethernet can transfer massive data stream flows as well as real-time flows supported by Time-Sensitive Network (TSN). The MAC layer security, MACsec, is defined at IEEE Std 802.1AE and IEEE Std 802.1X. However, a security association established by MACsec protects the communication among devices within single LAN at bridged networks. Therefore, a packet traversing several LANs must be decrypted and re-encrypted at each bridge. We propose a new virtual secure link over the Software-Defined Bridged Networks (SDBN). In SDBN, end-devices interact with the central MACsec module, running over the SoftwareDefined Network (SDN) controller, using the standard MACsec procedure. The central MACsec module recognizes a group of devices at the bridged networks regardless of their attached LANs. These devices are treated as they are attached to the same virtual link. The proposed scheme supports end-to-end unicast/multicast secure communication without any modification of the current MACsec standards as well as eliminating the security operation required at bridges in bridged networks.
[1]
Franz Korf,et al.
Demo: Real-time Ethernet in-car backbones: First insights into an automotive prototype
,
2014,
2014 IEEE Vehicular Networking Conference (VNC).
[2]
Jukka Manner,et al.
A Survey of Ethernet LAN Security
,
2013,
IEEE Communications Surveys & Tutorials.
[3]
Pavlin Radoslavov,et al.
ONOS: towards an open, distributed SDN OS
,
2014,
HotSDN.
[4]
Fernando M. V. Ramos,et al.
Software-Defined Networking: A Comprehensive Survey
,
2014,
Proceedings of the IEEE.
[5]
Jan Medved,et al.
OpenDaylight: Towards a Model-Driven SDN Controller architecture
,
2014,
Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.