A Protocol for Building a Network Access Controller (NAC) for "IP over ATM"
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
The implementation of label swapping packet forwarding technology increases the vulnerability to insider attacks. These attacks refer to unauthorized access from within an enclave to the outside network. In this thesis we propose a protocol to counter this category of attacks. The proposed protocol provides a means for fast packet authentication. High speed is achieved by the use of a trailer, which allows packet filtering at Layer 2, and the use of cheap and fast message digest algorithms. To overcome the weaknesses of a 128 bit message digest algorithm, each key is designed to have a very short cryptoperiod. Such fast rekeying is implemented by key caching the host has a table of keys. Initial performance measurements indicated that it is possible to use our protocol while maintaining very high data throughput. Specifically, our protocol implements an authentication module, called Network Access Controller NAC. The NACs modular nature allows it to be easily integrated with a variety of routing technologies and other security mechanisms while remaining totally independent of them.
- Computer Systems