Ethernet in the First Mile
For engineers struggling with the IEEE standard 802.3, this book annotates and explains the dense language of the standard document, taking particular care how to explain how the EFM dovetails with other standards.
TABLE OF CONTENTS Ethernet in the First Mile
Chapter 9: Security in the First Mile
"Encryption is the only way to protect our privacy and guarantee the success of the digital marketplace. The art of secret communication, otherwise known as cryptography, will provide the locks and keys of the Information Age."
-SIMON SINGH [1]
NOTE TO THE READER: At the time of writing, the MAC Security and Key Security projects are ongoing. As a result, this chapter is partly based on drafts, which are subject to change. I have therefore tried to focus on concepts rather than details. Make sure to consult the most recent draft or published standard for any recent changes.
Introduction
Overview of Security Issues
In subscriber access networks, it is not acceptable that frames intended for one end station are visible to other end stations. To keep this from happening, additional measures must be taken that are not currently specified in IEEE Std. 802.1D or IEEE Std. 802.3. But eavesdropping is not the only security threat to the network; address spoofing, tampering with content, and any actions that may disrupt billing and accounting are equally serious concerns.
In the most general terms, the goal of the IEEE 802 security standards is to guarantee that the parameters received in a MA-UNIT-DATA indication are identical to the ones transmitted in the corresponding MA-UNITDATA request by an authenticated user. Additionally, the VLAN standards (IEEE Std. 802.1Q and its upcoming amendment 802.1ad, discussed in more detail in Chapter 10) provide means to confine data traffic to certain portions of a physical infrastructure, called Virtual Bridged...
Copyright The McGraw-Hill Companies, Inc. 2005 under license agreement with Books24x7
